07-29-2012 02:18 PM - edited 03-11-2019 04:35 PM
Hi
im sort of at my wits end, ive spent most of the after noon trying to work this out - I got hold of an old pix 501, running following:
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 001d.4521.a06f, irq 9
1: ethernet1: address is 001d.4521.a070, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10
This PIX has a Restricted (R) license.
Serial Number: 907381129 (0x36158989)
Running Activation Key: 0x6e9eef0d 0x39fc65c5 0x12491b66 0x1be8afaf
Configuration has not been modified since last system restart.
192.168.1.1#
Everytime i try and start the PDM, i get the error that there is a hostname mismatch with certificates.
Now i've tried the following:
1) 5 differant versions of java, from 1.5 and under.
2) Tried delating the key on the router and re-createing it.
Ive been all over the internet checking out lots of other people who had this problem and it seems to relate to java or the cetificates, but i still cant get this working...has anyone got any suggestions ?
Im not a company so dont have a CCO login to maybe uprage the IOS and PDM...I'm more than happy to try and configure things via command line...i just cant stand it when i cant work out why its not working.....
07-29-2012 08:56 PM
Hi Bro
As long as your config looks like this, this is not a FW problem. Perhaps, it could be your PC. Have you tried with another PC, to see if this works fine? I suspect this has something to do with your browser's cookies etc.
asdm image flash:/asdm
asdm history enable
http server enable
http 10.0.0.0 255.0.0.0 inside
domain-name cisco.com
hostname FW01
Try this as well;
ca zeroize rsa
ca generate rsa key 768 <-- 1024 and above seems to have compatiblity issue with some browsers.
ca save all
07-29-2012 11:28 PM
The error-message in question comes when you connect to your pix with a different hostname then what is in the certificate. If you only have the IP-address in the certificate, then you have to use https://1.2.3.4. If you have used a hostname or FQDN, then you have to use that: https://pixfirewall or https://pixfirewall.yourdomain.local. Just change the IP or the names to what you have on your PIX. If you have a name in your certificate you also need to make sure that the name resolves to the correct IP-address.
If you don't know what's in the certificate, I think the command on this plattform was also "show crypto ca certificate". There you need to look at the field "subject".
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide