05-28-2003 06:51 AM - edited 02-20-2020 10:46 PM
I am trying to get PDM working on my PIX 515. My PIX firewall version is 6.2(1) and I have installed PDM 2.1(1). I am successfully running PDM 3.0 on another PIX I have running version 6.3. Do I have the wrong version of PDM installed for 6.2(1). Which PDM binary do I need for version 6.2(1) exactly? PDM-211.bin is currently installed, so would I need PDM-201.bin?? Or if PDM-211.bin is the correct binary, what would be a reason it won't kick up?
05-28-2003 08:10 AM
Hi,
PDM 2.1(1) is the right version for 6.2(1). What is the actual problem? It doesn't display the page at all? If you do "show version", do u see DES/3DES enabled. Does it show that you have the PDM installed? You may run "setup" to reset the values on the PIX in the config mode. Please, consult with the following link:
Thanks,
Mynul
05-28-2003 10:47 AM
My actual problem is that I am getting a page can't be displayed error. DES is enabled and it also shows Cisco PIX Device Manager Version 2.1(1) is installed. I have actually already read that particular link and everything is kosher. I am running IE6 SP1 on an XP box, which does have the updated Java engine also. I haven't tryed running "setup" yet, but I have 2 other PIX firewalls running the new 6.3 version with the PDM 3.0 just fine, and I didn't have to revert to using "setup" which is confusing?
05-28-2003 11:04 AM
Hi,
Thanks and understand your concern regarding rerunning the setup. Sometimes you have to run this beacuse of the corruption of certificate for ssl. With setup, you will generate a new certificate. Does the same IE works with your other PIXes, if thats the case, then running setup most likely would ressolve your issue. If this IE doesn' t work with the other PDMs then you may also want to refer to the following thread due to SUN JVM issue.
Thanks,
Mynul
05-28-2003 12:36 PM
I installed the new Sun VM and that still didn't help out. Also, the same IE works on my other PIX's. I still haven't tryed running the "setup" yet on my 515, becuase I have to wait until after hours, but I thought I would add one more interesting fact. When I run a port scan on the inside interface's of my other PIX's, it shows port 443 (https) open. On my 515, it isn't open. I don't have any specific conduits to allow https on my other firewalls. Would I need to allow tcp and udp port 443 to a private IP?
05-28-2003 04:21 PM
Hi,
Indeed the port scan report is interesting.. If you have configured PDM then tcp/443 should show open not the UDP. If you have acl applied then yes you do need to allow tcp/443. If you have the similar setup on all the pixes in terms of ACL, and if the port scanner shows you diff report, my suggestion would be to use a diff. port scanner just to make sure that its not false positive.
Thanks,
Mynul
05-28-2003 08:10 AM
PIX 6.2.1 and PDM 2.1(1) should work fine. Check for the basics on the below url
Thanks,
yatin
05-28-2003 10:44 AM
Have you created a crypto key?
The security features needed by the httpS: (note the trailing "S") connection requires that you generate a crypto key (same for SSH).
Good Luck
Scott
05-28-2003 11:00 AM
My understanding is that I would only have to setup crypto specifications if I was trying to access the PDM from the outside interface, which I am not. If I am totally wrong on this, can you please elaborate? If I need to setup crypto and ISAKMP attributes, I will. I am running the PDM on 2 of my other PIX firewalls just fine, except they are running 6.3. Thanks for you help.
05-29-2003 06:46 AM
Hi,
Your understanding is accurate. Thanks,
Mynul
05-29-2003 10:46 AM
My PDM (acessing from the inside interface) would't work until I generated a crypto key. That was with V6.2 or 6.2(2) ..I don't remember which ..
This was on a 501 w/ 3DES feature / 10 user.
FWIW
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide