Phil Williamson Mon, 03/17/2008 - 11:32
User Badges:


No those don't help. I you have policy-nat configured on the PIX (possilby for NAT before encryption due to overlapping IP space) then when you access via PDM you get a msg that since policy-nat is being used you can only use PDM for viewing/monitoring, but not to change the config.


JORGE RODRIGUEZ Mon, 03/17/2008 - 14:07
User Badges:
  • Green, 3000 points or more

Phil, I know exactly what your problem is, I had this issue with a client running 6.3.2 when I was ready to open a TAC case to be sure if upgrading pix code to latest 6.x train and PDM to see if it would solve the issue client decided to leave it as is CLI only and wait for ASA upgrade. I do not know whether upgrading to 6.3(5) along with PDM upgrade would resolve the PDM not understanding Policy NAT commands, unfortunaly the workaround seems to be NOT Use PDM and give up gui, or if use PDM remove Policy NAT or upgrade to 7.x ..

Back then four months ago I chekced all bugs on 6.3.5 and PDM on this train and found nothing mentioning this issue.

What code are you running ? 6.3.5 and lates PDM code? if you are running 6.3.5 make sure you have teh latest PDM code on that train, if you do then bad news, I would recommend opening a TAC case.




This Discussion