01-18-2003 02:32 PM - edited 02-20-2020 10:30 PM
Hi
Is it possible to manage a PIX or VPN concentrator from a management station like the PDM. If so, if a hacker broke in to the PIX from outside, I would like for them to be unable to modify the PIX or VPN concentrator configuration, as this would be disabled because it is managed from the management station. This way the config couldnt be modified to allow further attacks on the network.
Is this possible
Regards
Karl
01-19-2003 07:34 PM
In the PIX you have to specify what IP addresses or subnets have PDM access with the "http" command. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1029823
For the VPN3000 concentrator, you can also limit what IP addresses have GUI access under the Administration - Access Rights - Access Control List menu.
01-20-2003 11:10 AM
Hi Glenn
Thanks for your reply
I tried this but it didnt work, do I connect on port 80 or something else.
I entered:-
config)#http 10.0.0.30 255.255.255.255 inside
config)#http server enable
10.0.0.30 is the ip addss of client that wishes to connect to the browser.
Am i missing anything?
Regards
01-20-2003 03:10 PM
Hi,
is DES or 3DES enabled on the firewall? At least DES is required to make the PDM work.
You can register for a free 56bit DES license at this URL:
https://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324
Kind Regards,
Tom
01-21-2003 02:10 AM
Hi Tom
This is what I get with a show ver
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES: Disabled
Does this mean I am ok
Best regards
Karl Jones
01-21-2003 02:14 AM
Hi,
should be OK.
Please have a look at this URL for more PDM troubleshooting:
http://www.cisco.com/warp/public/110/pdm_http404.shtml
Kind Regards,
Tom
01-23-2003 06:32 AM
Karl,
try :
pdm location 10.0.0.30 255.255.255.255 inside
In 6.2.2 if you type PDM ? this command is not shown but you need it. The only mention of the PDM location is when clearing.
HTH
Ali
01-23-2003 03:23 PM
Hi
Have you tried using https to connect rather than http?
HTH
Kev
01-24-2003 01:13 AM
Hi Guys
I have managed to get this working now
Thanks for your assistance
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: