PIX 501 Http server disabled - re-enable from telnet CLI?

Unanswered Question
Sep 9th, 2008

I have a customer whose IT guy left, and I am trying to gain access to their PIX 501 F/W via the http web interface. I do have telnet/enable access to the device, but I seem to be unable to re-enable the http interface from the telnet command line. I have downloaded the PDF manuals and examples, but have not found a solution.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
elparis Tue, 09/09/2008 - 06:16

Hi Paul,

The minimum configuration for HTTP access is:

http server enable


You also need to set the ASDM image with "asdm image flash:xxxxxxx".

Hope this helps.

Eloy Paris.-

paul.bounds Tue, 09/09/2008 - 06:22

Thanks for your reply Eloy!

I tried that but the command was not recognized at the # cli

I had seen that in the pix docs about the http enable.

After the telnet connect to the device, and at the > prompt, I typed enable, and put in the enable password, and was at the '#' prompt. I would think that at that point I am in the PIX device CLI.

g.meerkoetter Tue, 09/09/2008 - 07:22

Not exactly, you want the "devicename(config)#" prompt.

After enabling, enter "configure terminal" to get there. Then the http commands should work.

elparis Tue, 09/09/2008 - 07:55

Yes, sorry about that! I forgot the little detail about "config t" ;-)


Eloy Paris.-

paul.bounds Wed, 09/10/2008 - 08:14

Thanks everyone for your assistance. The configure terminal did the trick! While the PIX WEB comes up now, it does error out on a PDM config error loading from nvram, which the dialog box suggests that I need to manually remove some line within the config that is preventing the PIX web from getting out of monitor mode only. I did however go into the send command window and ran a show running-config and I was able to cut and paste that out to a wri file, examine each cli line looking for possibly a bad command line set, but was unable to determine any erroneous statement. However, since I am able to access from the cli, being an old unix command line nut, I am able to add a vpngroup and rules in CLI mode. Thanks for all of your help!


This Discussion