Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX will not accept ACL

Hello,

From a console connection with the interface configuration:

name 172.16.204.198 pix_manage

name 172.16.204.200 fo_pix_manage

interface Ethernet2

speed 10

duplex full

nameif manage

security-level 80

ip address pix_manage 255.255.255.224 standby fo_pix_manage

I am attempting to add the following ACL in order connect to the switch and manage it remotely. At least from a device in the same subnet as the interface indicated

access-list uni_manage extended permit tcp 172.16.204.192 255.255.255.224 172.16.204.192 255.255.255.224 eq 22

I am receiving the following error message:

ERROR: IP address,mask <pix_manage,255.255.255.224> doesn't pair

Where in these steps have I erred?

14 REPLIES
Green

Re: PIX will not accept ACL

Does it take something like this...

telnet 172.16.204.192 255.255.255.224 manage

New Member

Re: PIX will not accept ACL

That did, thanks for your prompt and helpful response.

Does the PIX support https or ssh access?

Green

Re: PIX will not accept ACL

Yes it does. Sorry I should have put...

ssh 172.16.204.192 255.255.255.224 manage

http server enable

http 172.16.204.192 255.255.255.224 manage

Please rate helpful posts.

New Member

Re: PIX will not accept ACL

So much better, however, I am now getting authorization problems. Although I am able to access the PIX on my console and telnet access. The ssh and https access will not accept the credentials I setup for telnet.

Do I need to specify a different username and password conbination for ssh & https as opposed to the console & telnet access?

Thanks again.

Green

Re: PIX will not accept ACL

Want to post a clean config from the pix?

New Member

Re: PIX will not accept ACL

Sure, see atached.

Thanks for your help so far.

Green

Re: PIX will not accept ACL

I think this will do it...

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

username cisco password cisco123

New Member

Re: PIX will not accept ACL

Getting closer.

My ssh2 access works now.

When I try https access I get a pop-up

prompting for username and password which

I enter. I then get

HTTP 404 - File not found

New Member

Re: PIX will not accept ACL

I tried these commands:

http server enable

http 172.16.204.214 255.255.255.255 manage

But, I am still getting the error 404 page not found message.

Green

Re: PIX will not accept ACL

Well...1 out of 2 isn't bad. Are you sure the PDM is installed on the pix?

New Member

Re: PIX will not accept ACL

1 out 2 is not bad at all.

I do not know that PDM is installed.

How do I determine that?

New Member

Re: PIX will not accept ACL

Hello,

I obtained a version of the PDM object, but, the instructions I have located do show where to tftp the object to on the VPN server. Is this a simple tftp to the flash: location?

Green

Re: PIX will not accept ACL

Sorry in pix 7 it is the ASDM.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml#t8

You could look at show ver or dir flash: to see if it is installed. If not the doc above will help you get it installed.

New Member

Re: PIX will not accept ACL

Thanks for all your help.

My privilages do not permit downloading the ASDM object.

But, I progressed further than I was earlier today and I learned a couple of new things.

258
Views
5
Helpful
14
Replies
CreatePlease to create content