Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
0
Helpful
10
Replies

Pix PDM

eknell
Level 1
Level 1

‎05-28-2003 06:51 AM - edited ‎02-20-2020 10:46 PM

I am trying to get PDM working on my PIX 515. My PIX firewall version is 6.2(1) and I have installed PDM 2.1(1). I am successfully running PDM 3.0 on another PIX I have running version 6.3. Do I have the wrong version of PDM installed for 6.2(1). Which PDM binary do I need for version 6.2(1) exactly? PDM-211.bin is currently installed, so would I need PDM-201.bin?? Or if PDM-211.bin is the correct binary, what would be a reason it won't kick up?

0 Helpful
10 Replies 10

mhoda
Level 5
Level 5

‎05-28-2003 08:10 AM

Hi,

PDM 2.1(1) is the right version for 6.2(1). What is the actual problem? It doesn't display the page at all? If you do "show version", do u see DES/3DES enabled. Does it show that you have the PDM installed? You may run "setup" to reset the values on the PIX in the config mode. Please, consult with the following link:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_installation_guide_chapter09186a00800e3314.html

Thanks,

Mynul

0 Helpful

eknell
Level 1
Level 1
In response to mhoda

‎05-28-2003 10:47 AM

My actual problem is that I am getting a page can't be displayed error. DES is enabled and it also shows Cisco PIX Device Manager Version 2.1(1) is installed. I have actually already read that particular link and everything is kosher. I am running IE6 SP1 on an XP box, which does have the updated Java engine also. I haven't tryed running "setup" yet, but I have 2 other PIX firewalls running the new 6.3 version with the PDM 3.0 just fine, and I didn't have to revert to using "setup" which is confusing?

0 Helpful

mhoda
Level 5
Level 5
In response to eknell

‎05-28-2003 11:04 AM

Hi,

Thanks and understand your concern regarding rerunning the setup. Sometimes you have to run this beacuse of the corruption of certificate for ssl. With setup, you will generate a new certificate. Does the same IE works with your other PIXes, if thats the case, then running setup most likely would ressolve your issue. If this IE doesn' t work with the other PDMs then you may also want to refer to the following thread due to SUN JVM issue.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.ee9891f

Thanks,

Mynul

0 Helpful

eknell
Level 1
Level 1
In response to mhoda

‎05-28-2003 12:36 PM

I installed the new Sun VM and that still didn't help out. Also, the same IE works on my other PIX's. I still haven't tryed running the "setup" yet on my 515, becuase I have to wait until after hours, but I thought I would add one more interesting fact. When I run a port scan on the inside interface's of my other PIX's, it shows port 443 (https) open. On my 515, it isn't open. I don't have any specific conduits to allow https on my other firewalls. Would I need to allow tcp and udp port 443 to a private IP?

0 Helpful

mhoda
Level 5
Level 5
In response to eknell

‎05-28-2003 04:21 PM

Hi,

Indeed the port scan report is interesting.. If you have configured PDM then tcp/443 should show open not the UDP. If you have acl applied then yes you do need to allow tcp/443. If you have the similar setup on all the pixes in terms of ACL, and if the port scanner shows you diff report, my suggestion would be to use a diff. port scanner just to make sure that its not false positive.

Thanks,

Mynul

0 Helpful

ywadhavk
Cisco Employee
Cisco Employee

‎05-28-2003 08:10 AM

PIX 6.2.1 and PDM 2.1(1) should work fine. Check for the basics on the below url

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ac1.shtml

Thanks,

yatin

0 Helpful

scottmac
Level 10
Level 10

‎05-28-2003 10:44 AM

Have you created a crypto key?

The security features needed by the httpS: (note the trailing "S") connection requires that you generate a crypto key (same for SSH).

Good Luck

Scott

0 Helpful

eknell
Level 1
Level 1
In response to scottmac

‎05-28-2003 11:00 AM

My understanding is that I would only have to setup crypto specifications if I was trying to access the PDM from the outside interface, which I am not. If I am totally wrong on this, can you please elaborate? If I need to setup crypto and ISAKMP attributes, I will. I am running the PDM on 2 of my other PIX firewalls just fine, except they are running 6.3. Thanks for you help.

0 Helpful

mhoda
Level 5
Level 5
In response to eknell

‎05-29-2003 06:46 AM

Hi,

Your understanding is accurate. Thanks,

Mynul

0 Helpful

scottmac
Level 10
Level 10
In response to mhoda

‎05-29-2003 10:46 AM

My PDM (acessing from the inside interface) would't work until I generated a crypto key. That was with V6.2 or 6.2(2) ..I don't remember which ..

This was on a 501 w/ 3DES feature / 10 user.

FWIW

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card