Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PDM location statements

I have setup PDM on my PIX 515. After setting it up it added a PDM location statement for every network in my access lists. I try and remove the unwanted PDM locations but they just get added back in.

Below is how I configured PDM on the PIX. What have I done wrong?

pdm history enable

http server enable

http 10.107.128.0 255.255.255.0 inside

plus about 50 PDM location statements.

Thanks,

Scott

2 REPLIES

Re: PDM location statements

You do not need to be concerned about the PDM location commands. They are auto-generated by PDM and are used by PDM to represent network objects. You can delete them all and the next time PDM starts, it will auto-generate all that it needs. I could have sworn there was an FAQ on this but I cannot find it now. If anyone else has this info, please fell free to attach it to this thread. Hope this helps.

Scott

Gold

Re: PDM location statements

Scott,

Here is the explanation:

A PDM location is a pure book keeping command used by PDM to build its topology

database.

It has nothing to do with the PIX's functionalities. In particular, it

does

**NOT** control which host can access PDM which is a common

misunderstanding.

The control is done by the command "http ".

Why do we need it?

In PDM's world, policy (those rules) is built on top of topology.

Ideally user creates the topology first via the Host/Network tab, then

configures policy else where (like Access Rule tab). A network object

exists by itself, even if there is no policy configured directly on it

at a particular time. We use "pdm location" command to remember the

location

of a network object.

Hope this explains it for you.

Jay.

165
Views
0
Helpful
2
Replies
CreatePlease to create content