Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 506 - can't connect to PDM any more

We have a PIX 506 in a test environment that has been configured in the past using Netscape. Now when we try to connect via https, Netscape says "unable to connect to server (TCP error: I/O error)". The PIX is version 6.1(1) and PDM is 1.0(2). I can connect via telnet and change the configuration but I have not been able to get the web connection working any more.

I captured the connection with ethereal and I see the 3 packets establishing the connection, then the client sends an SSLv2 Client Hello, then the PIX closes the connection. When I dump the configuration from telnet, I get:

<snip>

http server enable

http clientname 255.255.255.255 inside

<snip>

where clientname is defined earlier in name and "pdm location" entries.

The PDM Install guide has a Troubleshooting section and it says to make sure the clock is set to UTC. "show clock" shows the time and date, but no zone is listed.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 506 - can't connect to PDM any more

Have you changed the IP address on the PIX interface at some point? If so, try regenerating the public/private key pairs. Do:

> ca zeroize rsa

> ca gen rsa key 512

> ca save all

or you can just run the "setup" command from within config mode and it'll do all that for you. Then try reconnecting.

3 REPLIES
Cisco Employee

Re: PIX 506 - can't connect to PDM any more

Have you changed the IP address on the PIX interface at some point? If so, try regenerating the public/private key pairs. Do:

> ca zeroize rsa

> ca gen rsa key 512

> ca save all

or you can just run the "setup" command from within config mode and it'll do all that for you. Then try reconnecting.

New Member

Re: PIX 506 - can't connect to PDM any more

I don't think the IP has changed on either PIX interface. I did do a setup in config mode yesterday to set the clock - it was set to the year 2088. I didnt change any other values with setup. It didnt seem to help any.

I will give those commands a try when I get to the office.

New Member

Re: PIX 506 - can't connect to PDM any more

That fixed it!

Thanks!

280
Views
0
Helpful
3
Replies