Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PDM 3.0(1)

Hello,

I have a PIX-535 with :

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 3.0(1)

The problem is then I run PDM and in configuration file appear a lot of pdm location and pdm group lines with all IP Address and Groups used.

Thanks,

Sorin

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: PDM 3.0(1)

Hello Sorin,

Here is the answer I obtained from Cisco on the PDM location in the PIX config :

A PDM location is a pure book keeping command used by PDM to build its topology

database.

It has nothing to do with the PIX's functionalities. In particular, it

does

**NOT** control which host can access PDM which is a common

misunderstanding.

The control is done by the command "http ".

Why do we need it?

In PDM's world, policy (those rules) is built on top of topology.

Ideally user creates the topology first via the Host/Network tab, then

configures policy else where (like Access Rule tab). A network object

exists by itself, even if there is no policy configured directly on it

at a particular time. We use "pdm location" command to remember the

location

of a network object.

Hope this explains it..

If this answers your question please rate this post, thanks.

Jay.

1 REPLY
Gold

Re: PDM 3.0(1)

Hello Sorin,

Here is the answer I obtained from Cisco on the PDM location in the PIX config :

A PDM location is a pure book keeping command used by PDM to build its topology

database.

It has nothing to do with the PIX's functionalities. In particular, it

does

**NOT** control which host can access PDM which is a common

misunderstanding.

The control is done by the command "http ".

Why do we need it?

In PDM's world, policy (those rules) is built on top of topology.

Ideally user creates the topology first via the Host/Network tab, then

configures policy else where (like Access Rule tab). A network object

exists by itself, even if there is no policy configured directly on it

at a particular time. We use "pdm location" command to remember the

location

of a network object.

Hope this explains it..

If this answers your question please rate this post, thanks.

Jay.

84
Views
0
Helpful
1
Replies
CreatePlease to create content