Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix PDM

I am trying to get PDM working on my PIX 515. My PIX firewall version is 6.2(1) and I have installed PDM 2.1(1). I am successfully running PDM 3.0 on another PIX I have running version 6.3. Do I have the wrong version of PDM installed for 6.2(1). Which PDM binary do I need for version 6.2(1) exactly? PDM-211.bin is currently installed, so would I need PDM-201.bin?? Or if PDM-211.bin is the correct binary, what would be a reason it won't kick up?

10 REPLIES
Silver

Re: Pix PDM

Hi,

PDM 2.1(1) is the right version for 6.2(1). What is the actual problem? It doesn't display the page at all? If you do "show version", do u see DES/3DES enabled. Does it show that you have the PDM installed? You may run "setup" to reset the values on the PIX in the config mode. Please, consult with the following link:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_installation_guide_chapter09186a00800e3314.html

Thanks,

Mynul

New Member

Re: Pix PDM

My actual problem is that I am getting a page can't be displayed error. DES is enabled and it also shows Cisco PIX Device Manager Version 2.1(1) is installed. I have actually already read that particular link and everything is kosher. I am running IE6 SP1 on an XP box, which does have the updated Java engine also. I haven't tryed running "setup" yet, but I have 2 other PIX firewalls running the new 6.3 version with the PDM 3.0 just fine, and I didn't have to revert to using "setup" which is confusing?

Silver

Re: Pix PDM

Hi,

Thanks and understand your concern regarding rerunning the setup. Sometimes you have to run this beacuse of the corruption of certificate for ssl. With setup, you will generate a new certificate. Does the same IE works with your other PIXes, if thats the case, then running setup most likely would ressolve your issue. If this IE doesn' t work with the other PDMs then you may also want to refer to the following thread due to SUN JVM issue.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.ee9891f

Thanks,

Mynul

New Member

Re: Pix PDM

I installed the new Sun VM and that still didn't help out. Also, the same IE works on my other PIX's. I still haven't tryed running the "setup" yet on my 515, becuase I have to wait until after hours, but I thought I would add one more interesting fact. When I run a port scan on the inside interface's of my other PIX's, it shows port 443 (https) open. On my 515, it isn't open. I don't have any specific conduits to allow https on my other firewalls. Would I need to allow tcp and udp port 443 to a private IP?

Silver

Re: Pix PDM

Hi,

Indeed the port scan report is interesting.. If you have configured PDM then tcp/443 should show open not the UDP. If you have acl applied then yes you do need to allow tcp/443. If you have the similar setup on all the pixes in terms of ACL, and if the port scanner shows you diff report, my suggestion would be to use a diff. port scanner just to make sure that its not false positive.

Thanks,

Mynul

Cisco Employee

Re: Pix PDM

PIX 6.2.1 and PDM 2.1(1) should work fine. Check for the basics on the below url

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ac1.shtml

Thanks,

yatin

Green

Re: Pix PDM

Have you created a crypto key?

The security features needed by the httpS: (note the trailing "S") connection requires that you generate a crypto key (same for SSH).

Good Luck

Scott

New Member

Re: Pix PDM

My understanding is that I would only have to setup crypto specifications if I was trying to access the PDM from the outside interface, which I am not. If I am totally wrong on this, can you please elaborate? If I need to setup crypto and ISAKMP attributes, I will. I am running the PDM on 2 of my other PIX firewalls just fine, except they are running 6.3. Thanks for you help.

Silver

Re: Pix PDM

Hi,

Your understanding is accurate. Thanks,

Mynul

Green

Re: Pix PDM

My PDM (acessing from the inside interface) would't work until I generated a crypto key. That was with V6.2 or 6.2(2) ..I don't remember which ..

This was on a 501 w/ 3DES feature / 10 user.

FWIW

Scott

244
Views
0
Helpful
10
Replies