Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Access to the PDM

I cannot access the PDM anymore. It was working until yesterday. I was repeatedly prompted for a password; I checked & reset the PIX clock to the correct GMT as per the troubleshooting guide (it had lost 8 hours). I still cannot bring up the pdm. Here's some of our configuration:

Cisco PIX Firewall Version 6.1(4)

Cisco PIX Device Manager Version 1.1(2)

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000c.85ba.a18b, irq 10

1: ethernet1: address is 000c.85ba.a18c, irq 11

2: ethernet2: address is 0002.b3ca.9e6a, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES: Disabled

Maximum Interfaces: 3

Cut-through Proxy: Enabled

Guards: Enabled

Websense: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

ISAKMP peers: Unlimited

Serial Number: 807141699 (0x301c0143)

http server enabled

Thanks in advance.

New Member

Re: Access to the PDM


With that configuration you can't do nothing with the PIX:))

Please give us more details (configuration).

Can you ping the PIX? In what interface are you? Don't you have any ACL applyed to that interface? Is the PIX clock up to date?


New Member

Re: Access to the PDM

I can ping the real address of the pix, and access the web server inside the DMZ from an outside box using the static address for the DMZ, from the inside using the address assigned to the inside interface, from one DMZ box to another. I can run a TTY session and log in to the PIX. The clock is using the correct time (4 hours greater than EST, which is right since we're still under daylight savings), I just can't launch a PDM session. Here's all of my configuration, copied & pasted from a write terminal command:

PIX Version 6.1(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password xxxxencrypted

passwd xxxxencrypted

hostname DWRpix


fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


name x.x.114.19 Lee

access-list into_outside permit tcp any host eq www

access-list into_outside permit tcp any host eq ftp

access-list into_outside permit tcp host host eq 10945

access-list into_outside permit tcp host Lee host eq 10945

access-list into_outside permit tcp host host eq 10000

access-list into_outside permit tcp host any eq 6101

access-list no_nat_inside permit ip x.x.x.0

access-list no_nat_dmz permit ip x.x.x.0

pager lines 24

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside x.x.x.2

ip address inside

ip address dmz

ip audit info action alarm

ip audit attack action alarm

pdm location inside

pdm location inside

pdm location inside

pdm location inside

pdm location inside

pdm location inside

pdm location dmz

pdm location x.x.x.96 outside

pdm location x.x.x.92 outside

pdm location Lee outside

pdm history enable

arp timeout 14400

global (outside) 1 x.x.114.100-

global (outside) 1 x.x.114.199

nat (inside) 0 access-list no_nat_inside

nat (inside) 1 0 0

nat (dmz) 0 access-list no_nat_dmz

static (dmz,outside) x.x.x.99 netmask 0 0

access-group into_outside in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media


timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh x.x.x.92 outside

ssh x.x.x.96 outside

ssh x.x.x.0 outside

ssh inside

ssh inside

ssh inside

ssh inside

ssh inside

ssh inside

ssh timeout 5

dhcpd address inside

dhcpd dns

dhcpd lease 86400

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80


: end


I didn't want to include all of this info in a clear text message, but there it is. Do I need to install a newer version of PDM, or just tweak the acl for the inside interface?



Re: Access to the PDM

Hi Charles,

1st, is the config you posted above the actual config from the PIX, if so you have left your network to open abuse, I hope that the above config is not the real config of your PIX.

2nd, What happens if your use a static (reserved) IP for your inside PDM access i.e.

> http server enable

> http inside

save with command: write memory

and open up IE on the inside of the above IP address client with https://

Hope this helps and let me know how you get on - Thanks.

New Member

Re: Access to the PDM

Still not working - I even issued a clear http, enalbe http, specified an internal static address with the netmask of all 255's, saved it to memory, and then tried to access the PDM, to no avail.

New Member

Re: Access to the PDM

I had the same problem, one day it worked fine, the other day it didn't. Till I cleared the cache (temp files) in MS Internet Explorer, then it worked again.

Still I don't know it's a known problem.



New Member

Re: Access to the PDM

Could you elaborate how the network is open to abuse. What lines are incorrect and how would you fix them,



CreatePlease to create content