Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
2
Replies

PIX PDM

andymorph
Level 1
Level 1

‎07-29-2012 02:18 PM - edited ‎03-11-2019 04:35 PM

Hi

im sort of at my wits end, ive spent most of the after noon trying to work this out - I got hold of an old pix 501, running following:

Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 001d.4521.a06f, irq 9

1: ethernet1: address is 001d.4521.a070, irq 10

Licensed Features:

Failover:                    Disabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces:          2

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                10

Throughput:                  Unlimited

IKE peers:                   10

This PIX has a Restricted (R) license.

Serial Number: 907381129 (0x36158989)

Running Activation Key: 0x6e9eef0d 0x39fc65c5 0x12491b66 0x1be8afaf

Configuration has not been modified since last system restart.

192.168.1.1#

Everytime i try and start the PDM, i get the error that there is a hostname mismatch with certificates.

Now i've tried the following:

1) 5 differant versions of java, from 1.5 and under.

2) Tried delating the key on the router and re-createing it.

Ive been all over the internet checking out lots of other people who had this problem and it seems to relate to java or the cetificates, but i still cant get this working...has anyone got any suggestions ?

Im not a company so dont have a CCO login to maybe uprage the IOS and PDM...I'm more than happy to try and configure things via command line...i just cant stand it when i cant work out why its not working.....

Labels:
0 Helpful
2 Replies 2

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-29-2012 08:56 PM

Hi Bro

As long as your config looks like this, this is not a FW problem. Perhaps, it could be your PC. Have you tried with another PC, to see if this works fine? I suspect this has something to do with your browser's cookies etc.

asdm image flash:/asdm
asdm history enable

http server enable
http 10.0.0.0 255.0.0.0 inside

domain-name cisco.com

hostname FW01

      

Try this as well;

ca zeroize rsa

ca generate rsa key 768 <-- 1024 and above seems to have compatiblity issue with some browsers.

ca save all

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful

Karsten Iwen
VIP
VIP

‎07-29-2012 11:28 PM

The error-message in question comes when you connect to your pix with a different hostname then what is in the certificate. If you only have the IP-address in the certificate, then you have to use https://1.2.3.4. If you have used a hostname or FQDN, then you have to use that: https://pixfirewall or https://pixfirewall.yourdomain.local. Just change the IP or the names to what you have on your PIX. If you have a name in your certificate you also need to make sure that the name resolves to the correct IP-address.

If you don't know what's in the certificate, I think the command on this plattform was also "show crypto ca certificate". There you need to look at the field "subject".

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card