PIX and IP Map

Unanswered Question
Mar 23rd, 2007


I have inherited an issue. An email server that is not communicating. Seems that the addressing has not been set up in the appropriate places. The router and the firewall. Thing is I have inherited a PIX 501 with the issue and I have zero experience with this device.

What I want to accomplish is to set 3 addresses

web server

smtp out

incoming mail

I have everything set except the router and the firewall. I know how to make IP Maps at the router but I don't know how to configure the PIX. Could you please send me a link to the appropriate documentation.

PIX 501 v6.1


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
George146 Fri, 03/23/2007 - 13:16

Thanks for the links

does this system have a GUI interface and will it work with my Mac (OS 10.4.7). If not is there a way to get it to? Do you have to be on the internal network for the GUI to work or does it work over the WAN. If it is internal only does the computer have to be plugged in directly to the PIX or does it work across the network, switches hubs, etc?

I found information on the Device Manager but so far I have had no success getting access any other way than terminal. Their eMail is down, frankly I just found out that this was installed Feb of 06 and has never worked correctly. Whom ever installed it never got the eMail working they have been using hot mail for the business. Incredible....

Web access and VPN seem to be working fine from what they say.

Seems all that needs to be done is mapping outside addresses to inside addresses. Thus access-lists and static translations? I assume these translate to IPMaps? I'll dig around and see what I can find, but I could really use a GUI, I'm not all that up on the code thus terminal isn't easy.


Jon Marshall Fri, 03/23/2007 - 15:28


Yes there is a web interface to the pix so as long as you have a web browser on your mac it should work.

You can access it via the network. The software is called Pix Device Manager (PDM). Sounds like you have already come across it.

Attached is a link to a doc on troubleshooting the PDM. Start with this and see how you get on.


** Edit. If you can't get this working let me know the details and i'll send you the config. I'll need to know what IP addresses you want to use and what ports/protocols you want to allow through. **



abinjola Fri, 03/23/2007 - 19:34

make sure in the FW you have the following commands :-

http server enable

http 0 0 inside

http 0 0 outside

with these commands and with the PDM image installed in the FW you should be able to access it anywhere form outside or inside

the procedure is you open a browser explorer , etc and up in the address bar type in https:// and hit enter...here i assume that you are behind the inside interface of the FW

George146 Sat, 03/24/2007 - 07:19


I am outside looking in. I am going there this morning, on site to see if I can see anything different. I looked for the settings you referred to and found the following.

http server enable

http x.x.x.x s.s.s.s outside

http x.x.x.x s.s.s.s inside

The outside address is not one I'm familiar with (not one of the known addresses from the ISP). It isn't the same as the WAN address of the unit? My guess is that this isn't correct. That this should be the WAN address. The inside address isn't the LAN either. The last 2 octNet were transposed.

I also see ssh as follows

ssh outside

ssh x.x.x.x s.s.s.s outside (another number I'm not aware of)

ssh x.x.x.x s.s.s.s outside (again another odd number)

ssh x.x.x.x s.s.s.s inside (an inside number but not the LAN address)

ssh time out 5


telnet inside

telnet x.x.x.x s.s.s.s inside (the same number as the ssh, again not the LAN)

telnet time out 5

console time out 0

I see 4 VPN clients

I also see 2 static addresses

static (inside,outside) x.x.x.x n.n.n.n netmask s.s.s.s

static (inside,outside) x.x.x.x n.n.n.n netmask s.s.s.s

(where x is a known WAN address and n is a known LAN address. Are these reversed?)

there is more here but I have no idea what it all is at this point. The only reason I know this is because someone printed out the settings and faxed them to me. I see at the top that the PIX version is actually 6.3(5). Again different than what they told me. I can get in from the outside via terminal, ssh [email protected] where x.x.x.x is the known WAN address. I haven't yet figured out how to get it to list all the settings for me.

Thanks again

abinjola Mon, 03/26/2007 - 09:44

http x.x.x.x outside

here x.x.x.x should be the ip address of yoru host machine


This Discussion