PIX 515 PDM not working +

Unanswered Question
Feb 13th, 2007

Two problems.


I cannot figure out why my web interface to PDM is not working.


I am trying to connect the eth/05 to a new internet router. Without disrupting eth/02 going to a partner connection. I can ping from pix to internet router (and beyond with specific routes added to pix outside interface routing).

below is my config.

any help would be greatly appreciated.




PIX Version 7.0(4)




interface Ethernet0



interface Ethernet1

speed 100

duplex full

nameif inside

security-level 100

ip address


interface Ethernet2

nameif vendor

security-level 4

ip address


interface Ethernet3



interface Ethernet4



interface Ethernet5

nameif outside

security-level 0

ip address xx.16.139.18


boot system flash:/pix704.bin

ftp mode passive

access-list 200 extended permit ip any any

access-list in-out extended permit ip host

access-list in-out extended permit ip host 255.255


access-list in-out extended permit ip host 255.255.25


access-list in-out extended permit ip any any

access-list in-out extended permit icmp any any

access-list vendor-in extended permit ip host 192.1


access-list vendor-in extended permit ip host 192.1


access-list vendor-in extended permit ip host 192.1


access-list vendor-in extended permit icmp any any

access-list internet-in extended permit icmp any any

pager lines 24

logging enable

logging buffer-size 16000

logging buffered informational

logging asdm informational

mtu dmz 1500

mtu inside 1500

mtu Cendant 1500

mtu intf3 1500

mtu intf4 1500

mtu outside 1500


asdm history enable

arp timeout 14400


global (inside) 2

global (vendor) 1

global (outside) 1 interface

nat (inside) 1

nat (vendor) 2 outside

nat (outside) 1

static (inside,vendor) netmask

static (vendor,inside) netmask

static (inside,vendor) netmask

static (vendor,inside) netmask

static (vendor,inside) netmask

static (inside,vendor) netmask

access-group vendor-in in interface vendor

route inside 1

route inside 1

route inside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http inside

http inside

http inside

snmp-server host inside community ABC

no snmp-server location

no snmp-server contact

snmp-server community ABC

snmp-server enable traps snmp authentication linkup linkdown coldstart

no sysopt connection permit-ipsec

telnet inside

telnet timeout 5

ssh inside

ssh timeout 5

ssh version 1

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect http

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp


: end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 02/13/2007 - 12:18


What happens when you try to connect to pdm ? (actually it will be adsm for pix v7.x)

The Internet connection - what is the main issue ?. Is it having to add routes to Internet destinations. The simplest solution to this is to change your default route on the Pix to point to the Internet router. You will need to make sure that you have routes for all your internal networks on the Pix.



acsmtrubee Tue, 02/13/2007 - 12:40

Thanks for the quick response.

I think I finally got the internet routing working...

The web config page prompts for https cert (accepted), username and password (seems to take them), error is 404 page not found.



Jon Marshall Tue, 02/13/2007 - 23:58


Do you know what version of pdm/asdm you are running on your firewall.


Patrick Iseli Wed, 02/14/2007 - 07:57

1.) Be sure that you accespt COOKIES and Popups of your ADSM. Note that you should use ADSM and not PDM which is for the 6.x version.

2.) sh version shows you which version of ADSM is installed. Be sure you use a accurate version.


3.) Maybe try using the Cisco ADSM Launcher !





This Discussion