×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX PDM

Unanswered Question
Jul 29th, 2012
User Badges:

Hi

im sort of at my wits end, ive spent most of the after noon trying to work this out - I got hold of an old pix 501, running following:


Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB


0: ethernet0: address is 001d.4521.a06f, irq 9

1: ethernet1: address is 001d.4521.a070, irq 10

Licensed Features:

Failover:                    Disabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces:          2

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                10

Throughput:                  Unlimited

IKE peers:                   10


This PIX has a Restricted (R) license.


Serial Number: 907381129 (0x36158989)

Running Activation Key: 0x6e9eef0d 0x39fc65c5 0x12491b66 0x1be8afaf

Configuration has not been modified since last system restart.

192.168.1.1#


Everytime i try and start the PDM, i get the error that there is a hostname mismatch with certificates.


Now i've tried the following:


1) 5 differant versions of java, from 1.5 and under.

2) Tried delating the key on the router and re-createing it.

Ive been all over the internet checking out lots of other people who had this problem and it seems to relate to java or the cetificates, but i still cant get this working...has anyone got any suggestions ?


Im not a company so dont have a CCO login to maybe uprage the IOS and PDM...I'm more than happy to try and configure things via command line...i just cant stand it when i cant work out why its not working.....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ramraj Sivagnan... Sun, 07/29/2012 - 20:56
User Badges:
  • Silver, 250 points or more

Hi Bro

As long as your config looks like this, this is not a FW problem. Perhaps, it could be your PC. Have you tried with another PC, to see if this works fine? I suspect this has something to do with your browser's cookies etc.


asdm image flash:/asdm
asdm history enable


http server enable
http 10.0.0.0 255.0.0.0 inside


domain-name cisco.com


hostname FW01

      

Try this as well;


ca zeroize rsa

ca generate rsa key 768 <-- 1024 and above seems to have compatiblity issue with some browsers.

ca save all

Karsten Iwen Sun, 07/29/2012 - 23:28
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

The error-message in question comes when you connect to your pix with a different hostname then what is in the certificate. If you only have the IP-address in the certificate, then you have to use https://1.2.3.4. If you have used a hostname or FQDN, then you have to use that: https://pixfirewall or https://pixfirewall.yourdomain.local. Just change the IP or the names to what you have on your PIX. If you have a name in your certificate you also need to make sure that the name resolves to the correct IP-address.


If you don't know what's in the certificate, I think the command on this plattform was also "show crypto ca certificate". There you need to look at the field "subject".



Sent from Cisco Technical Support iPad App

Actions

This Discussion

Related Content