PIX will not accept ACL

Unanswered Question
Oct 12th, 2007
User Badges:

Hello,

From a console connection with the interface configuration:


name 172.16.204.198 pix_manage

name 172.16.204.200 fo_pix_manage


interface Ethernet2

speed 10

duplex full

nameif manage

security-level 80

ip address pix_manage 255.255.255.224 standby fo_pix_manage


I am attempting to add the following ACL in order connect to the switch and manage it remotely. At least from a device in the same subnet as the interface indicated


access-list uni_manage extended permit tcp 172.16.204.192 255.255.255.224 172.16.204.192 255.255.255.224 eq 22


I am receiving the following error message:

ERROR: IP address,mask <pix_manage,255.255.255.224> doesn't pair


Where in these steps have I erred?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Fri, 10/12/2007 - 09:27
User Badges:
  • Green, 3000 points or more

Does it take something like this...


telnet 172.16.204.192 255.255.255.224 manage

acameron12 Fri, 10/12/2007 - 10:09
User Badges:

That did, thanks for your prompt and helpful response.

Does the PIX support https or ssh access?

acomiskey Fri, 10/12/2007 - 10:15
User Badges:
  • Green, 3000 points or more

Yes it does. Sorry I should have put...


ssh 172.16.204.192 255.255.255.224 manage


http server enable

http 172.16.204.192 255.255.255.224 manage


Please rate helpful posts.

acameron12 Fri, 10/12/2007 - 10:54
User Badges:

So much better, however, I am now getting authorization problems. Although I am able to access the PIX on my console and telnet access. The ssh and https access will not accept the credentials I setup for telnet.

Do I need to specify a different username and password conbination for ssh & https as opposed to the console & telnet access?


Thanks again.

acomiskey Fri, 10/12/2007 - 11:04
User Badges:
  • Green, 3000 points or more

Want to post a clean config from the pix?

acomiskey Fri, 10/12/2007 - 11:19
User Badges:
  • Green, 3000 points or more

I think this will do it...


aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

username cisco password cisco123

acameron12 Fri, 10/12/2007 - 11:28
User Badges:

Getting closer.

My ssh2 access works now.

When I try https access I get a pop-up

prompting for username and password which

I enter. I then get


HTTP 404 - File not found

acameron12 Fri, 10/12/2007 - 11:40
User Badges:

I tried these commands:

http server enable

http 172.16.204.214 255.255.255.255 manage


But, I am still getting the error 404 page not found message.

acomiskey Fri, 10/12/2007 - 11:42
User Badges:
  • Green, 3000 points or more

Well...1 out of 2 isn't bad. Are you sure the PDM is installed on the pix?

acameron12 Fri, 10/12/2007 - 11:47
User Badges:

1 out 2 is not bad at all.

I do not know that PDM is installed.

How do I determine that?

acameron12 Fri, 10/12/2007 - 11:58
User Badges:

Hello,

I obtained a version of the PDM object, but, the instructions I have located do show where to tftp the object to on the VPN server. Is this a simple tftp to the flash: location?

acameron12 Fri, 10/12/2007 - 12:19
User Badges:

Thanks for all your help.

My privilages do not permit downloading the ASDM object.

But, I progressed further than I was earlier today and I learned a couple of new things.

Actions

This Discussion