02-13-2007 12:01 PM - edited 03-11-2019 02:33 AM
Two problems.
1.
I cannot figure out why my web interface to PDM is not working.
2.
I am trying to connect the eth/05 to a new internet router. Without disrupting eth/02 going to a partner connection. I can ping from pix to internet router (and beyond with specific routes added to pix outside interface routing).
below is my config.
any help would be greatly appreciated.
thanks,
Mike
:
PIX Version 7.0(4)
!
names
!
interface Ethernet0
shutdown
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.20.27.2 255.255.255.240
!
interface Ethernet2
nameif vendor
security-level 4
ip address 192.168.160.3 255.255.255.0
!
interface Ethernet3
shutdown
!
interface Ethernet4
shutdown
!
interface Ethernet5
nameif outside
security-level 0
ip address xx.16.139.18 255.255.255.248
!
boot system flash:/pix704.bin
ftp mode passive
access-list 200 extended permit ip any any
access-list in-out extended permit ip 192.20.0.0 255.255.0.0 host 192.20.27.3
access-list in-out extended permit ip host 192.168.70.230 192.168.160.0 255.255
.255.0
access-list in-out extended permit ip host 192.20.4.36 192.168.160.0 255.255.25
5.0
access-list in-out extended permit ip any any
access-list in-out extended permit icmp any any
access-list vendor-in extended permit ip 192.168.160.0 255.255.255.0 host 192.1
68.160.152
access-list vendor-in extended permit ip 192.168.160.0 255.255.255.0 host 192.1
68.160.153
access-list vendor-in extended permit ip 192.168.160.0 255.255.255.0 host 192.1
68.160.154
access-list vendor-in extended permit icmp any any
access-list internet-in extended permit icmp any any
pager lines 24
logging enable
logging buffer-size 16000
logging buffered informational
logging asdm informational
mtu dmz 1500
mtu inside 1500
mtu Cendant 1500
mtu intf3 1500
mtu intf4 1500
mtu outside 1500
failover
asdm history enable
arp timeout 14400
nat-control
global (inside) 2 192.20.27.6
global (vendor) 1 192.168.160.151
global (outside) 1 interface
nat (inside) 1 192.20.0.0 255.255.0.0
nat (vendor) 2 192.168.160.0 255.255.255.0 outside
nat (outside) 1 192.20.0.0 255.255.0.0
static (inside,vendor) 192.168.160.152 192.20.10.12 netmask 255.255.255.255
static (vendor,inside) 192.20.27.3 192.168.160.100 netmask 255.255.255.255
static (inside,vendor) 192.168.160.153 192.168.70.230 netmask 255.255.255.255
static (vendor,inside) 192.20.27.4 192.168.160.117 netmask 255.255.255.255
static (vendor,inside) 192.20.27.5 192.168.160.118 netmask 255.255.255.255
static (inside,vendor) 192.168.160.154 192.20.4.36 netmask 255.255.255.255
access-group vendor-in in interface vendor
route inside 0.0.0.0 0.0.0.0 192.20.27.1 1
route inside 192.20.25.0 255.255.255.0 192.20.25.43 1
route inside 192.20.27.0 255.255.255.0 192.20.25.43 1
route inside 192.20.28.0 255.255.255.0 192.20.25.43 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.20.28.0 255.255.255.0 inside
http 192.20.20.19 255.255.255.255 inside
snmp-server host inside 192.20.20.30 community ABC
no snmp-server location
no snmp-server contact
snmp-server community ABC
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-ipsec
telnet 192.20.28.0 255.255.255.0 inside
telnet timeout 5
ssh 192.20.0.0 255.255.0.0 inside
ssh timeout 5
ssh version 1
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
: end
02-13-2007 12:18 PM
Hi
What happens when you try to connect to pdm ? (actually it will be adsm for pix v7.x)
The Internet connection - what is the main issue ?. Is it having to add routes to Internet destinations. The simplest solution to this is to change your default route on the Pix to point to the Internet router. You will need to make sure that you have routes for all your internal networks on the Pix.
HTH
Jon
02-13-2007 12:40 PM
Thanks for the quick response.
I think I finally got the internet routing working...
The web config page prompts for https cert (accepted), username and password (seems to take them), error is 404 page not found.
thanks
Mike
02-13-2007 11:58 PM
Hi
Do you know what version of pdm/asdm you are running on your firewall.
Jon
02-14-2007 07:57 AM
1.) Be sure that you accespt COOKIES and Popups of your ADSM. Note that you should use ADSM and not PDM which is for the 6.x version.
2.) sh version shows you which version of ADSM is installed. Be sure you use a accurate version.
http://www.cisco.com/cgi-bin/tablebuild.pl/pix?sort=release
3.) Maybe try using the Cisco ADSM Launcher !
http://www.cisco.com/en/US/customer/products/ps6121/prod_release_note09186a0080747e81.html#wp65586
sincerely
Patrick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: