Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
0
Helpful
3
Replies

PDM Problems

tracey.marshall
Level 1
Level 1

‎08-26-2003 05:34 AM - edited ‎03-09-2019 04:33 AM

I have recently installed Pix 6.3.1 and PDM 3.0.1 for a customer. Personally, I never use PDM but my customer is keen to because he doesn't know the command line too well and there are lots of object-group and long ACLs to administer. The first query I had was an initial screen where the PDM's not sure

which interface specific names/ip addresses reside on. From an earlier posting, I believe that PDM requires a PDM location for everything and by confirming the interface, a pdm location will be built. Is this correct? Is it possible/recommended to add pdm locations manually at the CLI?

My next query is with names and object-groups. Some appeared to be missing but when I try to enter them, pdm complains that they already existed? This is no good if we want to create an additional ACL entry using the name/group.

Lastly, I have lots of null entries in my ACLs. I am not sure if this is a result of "missing" names and object-groups? Are these entries ignored when premitting/denying traffic? Also, when I expand ACL entries, some of the addresses/names/object-groups appeared to be on the wrong interface. I tried correcting the interface but then there was no groups available to select in the drop down boxes.

To summarise, I think these problems stem from names/groups not being assigned to correct interfaces. I am looking for some guidance on how to tidy this up so that pdm can be used to manage ACLs.

Many thanks in advance,

Tracey

Labels:
0 Helpful
3 Replies 3

drolemc
Level 6
Level 6

‎09-02-2003 12:03 PM

Some object-group commands are not fully supported by the PDM and this might be the cause of your problem. Please see the following URL for more information: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pdm/v_30/pdmrn30.htm#68551.

0 Helpful

tracey.marshall
Level 1
Level 1
In response to drolemc

‎09-03-2003 03:30 AM

Thanks for your reply. I will look into this. We are definitely using "object-group protocol" which is not supported.

Tracey

0 Helpful

dean_holroyd
Level 1
Level 1

‎09-03-2003 06:40 AM

Hi

With regards to setting PDM location, I find that the easiest option is to use the setup command from the cli prompt + enter the pdm location there.

PIX(config)#setup

..

..

..

IP address of host running PIX Device Manager: 192.168.254.1 255.255.255.0

This automatically creates all the entries required to run the PDM from the specified host + can be run at any time.

0 Helpful
Customers Also Viewed These Support Documents