Solved

Cisco PIX 506E Firewall PDM issue

Posted on 2013-01-22
3
736 Views
Last Modified: 2013-02-18
I am unable to access the PDM via the inside IP address.  I am able to access the PIX via the consol cable and term connect.  I have tried to connect directly to the PIX.  I have an older version of the PDM, and I also have an older version of Java.  I have always been able to connect in the past to this PIX, but now I cannot.
0
Comment
Question by:jbionic2000
  • 2
3 Comments
 
LVL 8

Expert Comment

by:pgolding00
ID: 38812920
can you provide "show version", the ip addressing config of the firewall, and advise the ip of the pc you run pdm from please?

can the pc ping the pix inside address? or is it coming through a vpn from the outside?
0
 

Author Comment

by:jbionic2000
ID: 38831538
The version is 3.0.  The internal IP of the firewall is 206.94.44.252.  The IP of the PC I am trying to access from is 206.94.44.10.  The gateway of the the PC is the firewall address 206.94.44.252.  I can ping the address of the firewall from inside and it is not coming from the any VPN.  I am using IE 6.0 and java 1.4.1.  I have seen the issue with the Java version being to new in the past using another PC to connect to the PDM.  This is completely different because at least then I would connect to the PDM it just wouldn't completely load.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 400 total points
ID: 38833575
you indicated that this used to work on the same client that now does not work - so what changed?

check that the netmask on pc and pix are the same, but i assume this must be ok as you can ping the pix.

from show version, do you see PDM listed similar to below? but yours is showing ver 3.0?
pixfirewall#show version
Cisco Secure PIX Firewall Version 6.1(1)
PIX Device Manager Version 1.1(2)  
...
Licensed Features:
Failover:   Disabled
VPN-DES:    Enabled
VPN-3DES:   Disabled

also note the lines for vpn-des and 3des - what does yours show? one of them must be enabled.

in the config do you have something like-
http 206.94.44.10 255.255.255.255 inside
 or whatever is appropriate for the interface name? you might have a subnet address and mask here - thats fine too. you should also see http server enabled in the config

is the pix clock correct - "sho clock" ? was it correct when first accessed by pdm? if you browse to the pix with https, then review the certificate details, verify that the from and to dates in the certificate are within the current date in the client and the pix. if not there is a process to resolve this here -
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ac1.shtml

there is also a few other things to verify at that link. if none of that works, i would remove the pdm image from the firewall, zeroise the rsa keys, reboot it and the client, then reinstall the pdm image and re-generate the rsa keys.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Is your computer hacked? learn how to detect and delete malware in your PC
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now