We have a PIX 506 in a test environment that has been configured in the past using Netscape. Now when we try to connect via https, Netscape says "unable to connect to server (TCP error: I/O error)". The PIX is version 6.1(1) and PDM is 1.0(2). I can connect via telnet and change the configuration but I have not been able to get the web connection working any more.
I captured the connection with ethereal and I see the 3 packets establishing the connection, then the client sends an SSLv2 Client Hello, then the PIX closes the connection. When I dump the configuration from telnet, I get:
http server enable
http clientname 255.255.255.255 inside
where clientname is defined earlier in name and "pdm location" entries.
The PDM Install guide has a Troubleshooting section and it says to make sure the clock is set to UTC. "show clock" shows the time and date, but no zone is listed.
I don't think the IP has changed on either PIX interface. I did do a setup in config mode yesterday to set the clock - it was set to the year 2088. I didnt change any other values with setup. It didnt seem to help any.
I will give those commands a try when I get to the office.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...