Help setting up PDM for PIX 525

Unanswered Question
Mar 31st, 2008
User Badges:

Hello all,


I'm not really experienced with the PIX firewalls, but I do have a good knowledge of the basic IOS for the routers/switches.


Anyway, I have a Pix 525 firewall that has its interfaces, etc. already set up with IPs. My one question is on how to access the PDM. I assume this is done through the web browser? I've been reading some conflicting documents. One says the PDM is already loaded into flash memory, another sort of indicates that it may have to be flashed via tftp first.


Could somebody shed some light on this? My config is as follows: IOS v.6.3

When I run 'setup' in global config, I have IP addresses for the outside/inside interfaces, however the field 'IP address of host running PIX Device Manager' is blank by default. Any help on this would be greatly appreciated, thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Mon, 03/31/2008 - 17:36
User Badges:
  • Green, 3000 points or more

Virginia,


to prepare PIX for browser access.


pix(config)#http server enable


this tells pix any host inside your network can access pix via browser from interface inside

pix(config)#http 0.0.0.0 0.0.0.0 inside


if you want to be more granular you may do it by subnet

pix(config)#http 192.168.1.0 255.255.255.0 inside


if you want to do it by source Ip instead


pix(config)#http 192.168.1.100 255.255.255.255 inside


same priciple from above applies for telnet access

pix(config)#telnet 0.0.0.0 0.0.0.0 inside


same principle for interface name by replacing

inside with proper nameif interface name.


just fyi..in pix code 6.x you cannot telnet to outside interface nor http but you can ssh from outside to pix outside interface.


in pix code 7.x and above you may telnet/ssh/and http from outside world to outside interface.



to access pix from browser, you may need to update Java pugins if you still cannot access the pix through browser, I don't have the link handy for IE java plug ins but will look for it in case you have problems just post your results.


https://Pix_inside_ip_address


for username leave blank


for password: enter enable password.




for the inside interface you will need to configure that interface with IP address of your choice, once the inside interfac is configured make sure your PC is in the same subnet as pix inside subnet and try accessing it.


configure inside interface, I have not interact with your model but 500 series follow almost same interface type names, here is example to configure inside interface, the keyword nameif followed by ethernet1 inside that name inside can be anything you want most people use name inside.



interface ethernet1 100full

nameif ethernet1 inside security100

ip address inside 192.168.1.1 255.255.255.0




HTH

rgds

Jorge

pls rate any helpful post if it helps

techanalyst Tue, 04/01/2008 - 04:28
User Badges:

Yes, Thank you, I will try it and let you know more.


best,


Virginia

Actions

This Discussion