cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1016
Views
5
Helpful
14
Replies

PIX will not accept ACL

acameron12
Level 1
Level 1

Hello,

From a console connection with the interface configuration:

name 172.16.204.198 pix_manage

name 172.16.204.200 fo_pix_manage

interface Ethernet2

speed 10

duplex full

nameif manage

security-level 80

ip address pix_manage 255.255.255.224 standby fo_pix_manage

I am attempting to add the following ACL in order connect to the switch and manage it remotely. At least from a device in the same subnet as the interface indicated

access-list uni_manage extended permit tcp 172.16.204.192 255.255.255.224 172.16.204.192 255.255.255.224 eq 22

I am receiving the following error message:

ERROR: IP address,mask <pix_manage,255.255.255.224> doesn't pair

Where in these steps have I erred?

14 Replies 14

acomiskey
Level 10
Level 10

Does it take something like this...

telnet 172.16.204.192 255.255.255.224 manage

That did, thanks for your prompt and helpful response.

Does the PIX support https or ssh access?

Yes it does. Sorry I should have put...

ssh 172.16.204.192 255.255.255.224 manage

http server enable

http 172.16.204.192 255.255.255.224 manage

Please rate helpful posts.

So much better, however, I am now getting authorization problems. Although I am able to access the PIX on my console and telnet access. The ssh and https access will not accept the credentials I setup for telnet.

Do I need to specify a different username and password conbination for ssh & https as opposed to the console & telnet access?

Thanks again.

Want to post a clean config from the pix?

Sure, see atached.

Thanks for your help so far.

I think this will do it...

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

username cisco password cisco123

Getting closer.

My ssh2 access works now.

When I try https access I get a pop-up

prompting for username and password which

I enter. I then get

HTTP 404 - File not found

I tried these commands:

http server enable

http 172.16.204.214 255.255.255.255 manage

But, I am still getting the error 404 page not found message.

Well...1 out of 2 isn't bad. Are you sure the PDM is installed on the pix?

1 out 2 is not bad at all.

I do not know that PDM is installed.

How do I determine that?

Hello,

I obtained a version of the PDM object, but, the instructions I have located do show where to tftp the object to on the VPN server. Is this a simple tftp to the flash: location?

Sorry in pix 7 it is the ASDM.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml#t8

You could look at show ver or dir flash: to see if it is installed. If not the doc above will help you get it installed.

Thanks for all your help.

My privilages do not permit downloading the ASDM object.

But, I progressed further than I was earlier today and I learned a couple of new things.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: