Unable to open Pix 515 Web Interface

Unanswered Question
Sep 25th, 2007
User Badges:

Dear Expert,

I dont know why, I cannot open our Pix Web interface eventhough I have added my IP for the access.

Below is the configuration list:

pixsbcp# sh run

: Saved


PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password xxxx

passwd xxx

hostname pixsbcp

domain-name spsb.com.my

clock timezone MYT 8

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


access-list inside_access_in permit icmp any any

access-list inside_access_in permit tcp any any

access-list outside_access_in permit icmp any any

access-list dmz_access_in permit icmp any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside

ip address inside

ip address dmz

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address dmz

pdm location inside

pdm location inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

nat (inside) 1 0 0

nat (dmz) 1 0 0

access-group dmz_access_in in interface outside

route outside 1

route inside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

http inside

http inside

http inside

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet inside

telnet inside

telnet inside

telnet inside

telnet inside

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

username Darlien password xxx encrypted privilege 15

terminal width 80


: end


PLease advice.

Best Regards,

Darlien Apolonius

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
JORGE RODRIGUEZ Tue, 09/25/2007 - 14:13
User Badges:
  • Green, 3000 points or more

Darlien, what message do you get when attempting to connect to fw through the browser? are you doing secure connection as https://fw_Inside_IPaddress , if so are you geting any browser mesagges ? issue " show version " at command line of pix, it should indictate whether you have Device manager installed and its version, please post that information .


DarlienDA Tue, 09/25/2007 - 18:34
User Badges:


After I type in password, the browser only display "The webpage cannot be found".

JORGE RODRIGUEZ Tue, 09/25/2007 - 18:45
User Badges:
  • Green, 3000 points or more

Darlien, if you got up to the password means pix have pdm installed, unless it is corrupted, have you tried accessing it from another system , or have pdm worked before on this pix?

DarlienDA Tue, 09/25/2007 - 18:56
User Badges:


Last month my collegue change the pix password, after a few days he had forgotten his own admin password. So, he downloaded from CIsco the reset pix to factory setting files via ftp.

Could this process have corrupted the PDM inside the firewall?

Before this event, the PDM can be access by us.

Is there any way we can re-install/reconfigure the PDM?



JORGE RODRIGUEZ Tue, 09/25/2007 - 19:27
User Badges:
  • Green, 3000 points or more

Daelien, anything is possible when reseting devices , but reseting to factory defaults would not cause file corruption, what I would do before posting instructions on tftp pdm for you pix code version is to telnet to pix enable mode and remove all https entries and add as follows.

no http inside

no http inside

no http inside

no http inside

no http inside

no http inside

and replace with

http inside

then try loading pdm.

DarlienDA Tue, 09/25/2007 - 20:35
User Badges:


I have done as you ask, but still it return me with the same message. "Website not found"


JORGE RODRIGUEZ Tue, 09/25/2007 - 21:11
User Badges:
  • Green, 3000 points or more


Here are the instructions for installing pdm.

First you need to download it .

You have pix version 6.3 you need pdm version



first Backup configs and write down activation keys just in case.

activation keys is found at bottom of " show version " output, right

bellow serial number of pix " running actication keys : xxxx xxxxx xxxxx xxxx,

nothing to do with pdm download but best to backup these, that's my process.

1- setup a tftp server and place pdm image in server

2.- Copy PDM image to flash from tftp

* Below is the procedure for PDM upgrde

PIXFIREWALL(config)# copy tftp flash:pdm

Address or name of remote host [] ip_of_tftp_server

Source file name [cdisk] pdm-304.bin

copying tftp://ip_of_tftp_server/ pdm-304.bin to flash:pdm

after file is successfuly copied you need to rebood pix.



cctechcco Mon, 10/01/2007 - 07:27
User Badges:


Do you have at least a VPN-DES license (or better, a VPN-3DES-AES license) enabled (use 'show version')?

I was having similar problems until I upgraded the product license. Without the VPN license SSL won't work, and many modern browsers won't be happy with just the DES license.

If you haven't upgraded, see https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?FormId=119


This Discussion