Hi Everyone,

I'm trying to get PDM to work on a PIX 506e and it won't load in the browser. The PC/browser is the right java version as it loads the pdm successfully on another PIX506e in the office.

The PIX has the DES key active, flows traffic fine, and the pdm location of the PC added to the config. Http server is also enabled. Is there anything obviously missing in the below config that would stop the host marks accounts-gn accessing the pdm? The accounts-gn host is also referenced in the network object saus, any ideas would be great, as next step would be to reload the pdm image to the PIX and I'm trying to avoid this due to the krypto keys for the VPN tunnels. I've blanked out the public addressing and passwords,

Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 4
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited

This PIX has a Restricted (R) license.

Serial Number: ***********************
Running Activation Key: ***********************************
Configuration last modified by ******** at 01:30:04.731 EST Wed Aug 7 2013
SAUS-PIX2# sh run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ********** encrypted
passwd ********** encrypted
hostname SAUS-PIX2
domain-name **********
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.0.0.6 CCTV
name 192.0.0.5 Primary2
name 192.0.0.4 BIServer
name 192.0.0.14 Avenue
name 192.0.0.13 ShimDC
name 192.0.0.12 Reporting
name 192.0.0.11 ShimMail
name 192.0.0.10 Prontoserver
name 192.0.0.94 Accountant-GN
name 192.0.0.93 Maea
name 192.0.0.92 Graphics
name 192.0.0.91 Sandy
name 192.0.0.90 Spare
name 192.0.0.88 MattB
name 192.0.0.87 DanielB
name 192.0.0.9 Backup
name 192.0.0.8 Security
name 192.0.0.95 GlennL
object-group service RDP tcp
description Remote Desktop
port-object range 3389 3389
object-group network saus
network-object 192.0.0.0 255.255.255.0
object-group network w3vpn
network-object 172.20.170.0 255.255.255.0
network-object 172.20.180.0 255.255.255.0
network-object 172.20.190.0 255.255.255.0
object-group network sic
network-object 172.16.0.0 255.255.0.0
network-object 172.19.0.0 255.255.0.0
object-group network saus2
network-object 192.168.2.0 255.255.255.0
object-group network w3irv
network-object 172.20.200.0 255.255.255.0
access-list outside_access_in permit icmp any any echo-reply
access-list outside_access_in permit icmp any any time-exceeded
access-list outside_access_in permit icmp any any unreachable
access-list outside_access_in permit tcp any host ********** eq www
access-list outside_access_in permit tcp any host ********** eq https
access-list outside_access_in permit tcp any host ********** eq smtp
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq www
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq www
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq www
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq www
access-list outside_access_in permit tcp any host ********** eq https
access-list outside_access_in permit tcp any host ********** eq ssh
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq telnet
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list outside_access_in permit tcp any host ********** eq 3389
access-list inside_nat0_outbound permit ip object-group saus object-group saus2
access-list inside_nat0_outbound permit ip object-group saus object-group w3vpn
access-list inside_nat0_outbound permit ip object-group saus object-group sic
access-list inside_nat0_outbound permit ip object-group saus object-group w3irv
access-list outside_cryptomap_10 permit ip object-group saus object-group saus2
access-list outside_cryptomap_20 permit ip object-group saus object-group w3vpn
access-list outside_cryptomap_21 permit ip object-group saus object-group sic
access-list outside_cryptomap_30 permit ip object-group saus object-group w3irv
pager lines 24
icmp permit any outside
mtu outside 1500
mtu inside 1500
ip address outside ********** 255.255.255.0
ip address inside 192.0.0.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location BIServer 255.255.255.255 inside
pdm location Primary2 255.255.255.255 inside
pdm location CCTV 255.255.255.255 inside
pdm location Security 255.255.255.255 inside
pdm location Backup 255.255.255.255 inside
pdm location Prontoserver 255.255.255.255 inside
pdm location ShimMail 255.255.255.255 inside
pdm location Reporting 255.255.255.255 inside
pdm location ShimDC 255.255.255.255 inside
pdm location Avenue 255.255.255.255 inside
pdm location DanielB 255.255.255.255 inside
pdm location MattB 255.255.255.255 inside
pdm location Spare 255.255.255.255 inside
pdm location Sandy 255.255.255.255 inside
pdm location Graphics 255.255.255.255 inside
pdm location Maea 255.255.255.255 inside
pdm location Accountant-GN 255.255.255.255 inside
pdm location 172.16.0.0 255.255.0.0 outside
pdm location 172.19.0.0 255.255.0.0 outside
pdm location 172.20.170.0 255.255.255.0 outside
pdm location 172.20.180.0 255.255.255.0 outside
pdm location 172.20.190.0 255.255.255.0 outside
pdm location 172.20.200.0 255.255.255.0 outside
pdm location 192.168.2.0 255.255.255.0 outside
pdm location ********** 255.255.255.255 outside
pdm location GlennL 255.255.255.255 inside
pdm location 172.20.180.0 255.255.255.0 inside
pdm location ********** 255.255.255.0 outside
pdm group saus inside
pdm group w3vpn outside
pdm group sic outside
pdm group saus2 outside
pdm group w3irv outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) ********** BIServer netmask 255.255.255.255 0 0
static (inside,outside) ********** Primary2 netmask 255.255.255.255 0 0
static (inside,outside) ********** CCTV netmask 255.255.255.255 0 0
static (inside,outside) ********** Security netmask 255.255.255.255 0 0
static (inside,outside) ********** Backup netmask 255.255.255.255 0 0
static (inside,outside) ********** Prontoserver netmask 255.255.255.255 0 0
static (inside,outside) ********** ShimMail netmask 255.255.255.255 0 0
static (inside,outside) ********** Reporting netmask 255.255.255.255 0 0
static (inside,outside) ********** ShimDC netmask 255.255.255.255 0 0
static (inside,outside) ********** Avenue netmask 255.255.255.255 0 0
static (inside,outside) ********** MattB netmask 255.255.255.255 0 0
static (inside,outside) ********** DanielB netmask 255.255.255.255 0 0
static (inside,outside) ********** Spare netmask 255.255.255.255 0 0
static (inside,outside) ********** Accountant-GN netmask 255.255.255.255 0 0
static (inside,outside) ********** Graphics netmask 255.255.255.255 0 0
static (inside,outside) ********** Maea netmask 255.255.255.255 0 0
static (inside,outside) ********** Sandy netmask 255.255.255.255 0 0
static (inside,outside) ********** GlennL netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ********** 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http ********** 255.255.255.255 outside
http ********** 255.255.255.0 outside
http 0.0.0.0 0.0.0.0 inside
snmp-server host outside ********** poll
no snmp-server location
no snmp-server contact
snmp-server community **********
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set w3vpn esp-aes esp-md5-hmac
crypto map outside_map 10 ipsec-isakmp
crypto map outside_map 10 match address outside_cryptomap_10
crypto map outside_map 10 set peer **********
crypto map outside_map 10 set transform-set w3vpn
crypto map outside_map 10 set security-association lifetime seconds 28000 kilobytes 4608000
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer **********
crypto map outside_map 20 set transform-set w3vpn
crypto map outside_map 20 set security-association lifetime seconds 28000 kilobytes 4608000
crypto map outside_map 21 ipsec-isakmp
crypto map outside_map 21 match address outside_cryptomap_21
crypto map outside_map 21 set peer **********
crypto map outside_map 21 set transform-set w3vpn
crypto map outside_map 21 set security-association lifetime seconds 28000 kilobytes 4608000
crypto map outside_map 30 ipsec-isakmp
crypto map outside_map 30 match address outside_cryptomap_30
crypto map outside_map 30 set peer **********
crypto map outside_map 30 set transform-set w3vpn
crypto map outside_map 30 set security-association lifetime seconds 28000 kilobytes 4608000
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address ********** netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address ********** netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address ********** netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address ********** netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes
isakmp policy 20 hash md5
isakmp policy 20 group 5
isakmp policy 20 lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
management-access inside
console timeout 0
dhcpd address 192.0.0.240-192.0.0.252 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username ********** password ********** encrypted privilege 15
terminal width 80
Cryptochecksum:487a8e34e2f3fbccd09051a584afd92c
: end
SAUS-PIX2#



Sent from Cisco Technical Support iPad App