I dont know why, I cannot open our Pix Web interface eventhough I have added my IP for the access.
Below is the configuration list:
pixsbcp# sh run
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password xxxx
clock timezone MYT 8
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list inside_access_in permit icmp any any
access-list inside_access_in permit tcp any any
access-list outside_access_in permit icmp any any
access-list dmz_access_in permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 100.82.250.91 255.255.255.252
ip address inside 10.88.104.10 255.255.255.0
ip address dmz 10.88.188.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
pdm location 192.168.6.0 255.255.255.0 inside
pdm location 192.168.6.185 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.88.0.0 255.255.0.0 0 0
nat (inside) 1 192.168.0.0 255.255.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
access-group dmz_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 100.82.250.90 1
route inside 10.88.0.0 255.255.0.0 10.88.100.1 1
route inside 192.168.0.0 255.255.0.0 10.88.100.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.88.83.199 255.255.255.255 inside
http 10.88.83.185 255.255.255.255 inside
http 10.88.1.27 255.255.255.255 inside
http 192.168.8.185 255.255.255.255 inside
http 10.88.1.222 255.255.255.255 inside
http 10.88.83.28 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 10.88.83.199 255.255.255.255 inside
telnet 10.88.83.185 255.255.255.255 inside
telnet 10.88.1.27 255.255.255.255 inside
telnet 192.168.8.185 255.255.255.255 inside
telnet 10.88.1.222 255.255.255.255 inside
telnet 10.88.83.28 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
username Darlien password xxx encrypted privilege 15
terminal width 80
Darlien, what message do you get when attempting to connect to fw through the browser? are you doing secure connection as https://fw_Inside_IPaddress , if so are you geting any browser mesagges ? issue " show version " at command line of pix, it should indictate whether you have Device manager installed and its version, please post that information .
Darlien, if you got up to the password means pix have pdm installed, unless it is corrupted, have you tried accessing it from another system , or have pdm worked before on this pix?
Last month my collegue change the pix password, after a few days he had forgotten his own admin password. So, he downloaded from CIsco the reset pix to factory setting files via ftp.
Could this process have corrupted the PDM inside the firewall?
Before this event, the PDM can be access by us.
Is there any way we can re-install/reconfigure the PDM?
Daelien, anything is possible when reseting devices , but reseting to factory defaults would not cause file corruption, what I would do before posting instructions on tftp pdm for you pix code version is to telnet to pix enable mode and remove all https entries and add as follows.
no http 10.88.83.199 255.255.255.255 inside
no http 10.88.83.185 255.255.255.255 inside
no http 10.88.1.27 255.255.255.255 inside
no http 192.168.8.185 255.255.255.255 inside
no http 10.88.1.222 255.255.255.255 inside
no http 10.88.83.28 255.255.255.255 inside
and replace with
http 0.0.0.0 0.0.0.0 inside
then try loading pdm.
Here are the instructions for installing pdm.
First you need to download it .
You have pix version 6.3 you need pdm version
first Backup configs and write down activation keys just in case.
activation keys is found at bottom of " show version " output, right
bellow serial number of pix " running actication keys : xxxx xxxxx xxxxx xxxx,
nothing to do with pdm download but best to backup these, that's my process.
1- setup a tftp server and place pdm image in server
2.- Copy PDM image to flash from tftp
* Below is the procedure for PDM upgrde
PIXFIREWALL(config)# copy tftp flash:pdm
Address or name of remote host [127.0.0.1] ip_of_tftp_server
Source file name [cdisk] pdm-304.bin
copying tftp://ip_of_tftp_server/ pdm-304.bin to flash:pdm
after file is successfuly copied you need to rebood pix.
Do you have at least a VPN-DES license (or better, a VPN-3DES-AES license) enabled (use 'show version')?
I was having similar problems until I upgraded the product license. Without the VPN license SSL won't work, and many modern browsers won't be happy with just the DES license.
If you haven't upgraded, see https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?FormId=119