Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
8
Replies

PDM and PIX

karl.jones
Level 1
Level 1

‎01-18-2003 02:32 PM - edited ‎02-20-2020 10:30 PM

Hi

Is it possible to manage a PIX or VPN concentrator from a management station like the PDM. If so, if a hacker broke in to the PIX from outside, I would like for them to be unable to modify the PIX or VPN concentrator configuration, as this would be disabled because it is managed from the management station. This way the config couldnt be modified to allow further attacks on the network.

Is this possible

Regards

Karl

0 Helpful
8 Replies 8

gfullage
Cisco Employee
Cisco Employee

‎01-19-2003 07:34 PM

In the PIX you have to specify what IP addresses or subnets have PDM access with the "http" command. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1029823

For the VPN3000 concentrator, you can also limit what IP addresses have GUI access under the Administration - Access Rights - Access Control List menu.

0 Helpful

karl.jones
Level 1
Level 1
In response to gfullage

‎01-20-2003 11:10 AM

Hi Glenn

Thanks for your reply

I tried this but it didnt work, do I connect on port 80 or something else.

I entered:-

config)#http 10.0.0.30 255.255.255.255 inside

config)#http server enable

10.0.0.30 is the ip addss of client that wishes to connect to the browser.

Am i missing anything?

Regards

0 Helpful

tvanginneken
Level 4
Level 4
In response to karl.jones

‎01-20-2003 03:10 PM

Hi,

is DES or 3DES enabled on the firewall? At least DES is required to make the PDM work.

You can register for a free 56bit DES license at this URL:

https://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324

Kind Regards,

Tom

0 Helpful

karl.jones
Level 1
Level 1
In response to tvanginneken

‎01-21-2003 02:10 AM

Hi Tom

This is what I get with a show ver

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES: Disabled

Does this mean I am ok

Best regards

Karl Jones

0 Helpful

tvanginneken
Level 4
Level 4
In response to karl.jones

‎01-21-2003 02:14 AM

Hi,

should be OK.

Please have a look at this URL for more PDM troubleshooting:

http://www.cisco.com/warp/public/110/pdm_http404.shtml

Kind Regards,

Tom

0 Helpful

ali-franks
Level 1
Level 1
In response to karl.jones

‎01-23-2003 06:32 AM

Karl,

try :

pdm location 10.0.0.30 255.255.255.255 inside

In 6.2.2 if you type PDM ? this command is not shown but you need it. The only mention of the PDM location is when clearing.

HTH

Ali

0 Helpful

kagodfrey
Level 3
Level 3
In response to ali-franks

‎01-23-2003 03:23 PM

Hi

Have you tried using https to connect rather than http?

HTH

Kev

0 Helpful

karl.jones
Level 1
Level 1
In response to kagodfrey

‎01-24-2003 01:13 AM

Hi Guys

I have managed to get this working now

Thanks for your assistance

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card