I am trying to get PDM working on my PIX 515. My PIX firewall version is 6.2(1) and I have installed PDM 2.1(1). I am successfully running PDM 3.0 on another PIX I have running version 6.3. Do I have the wrong version of PDM installed for 6.2(1). Which PDM binary do I need for version 6.2(1) exactly? PDM-211.bin is currently installed, so would I need PDM-201.bin?? Or if PDM-211.bin is the correct binary, what would be a reason it won't kick up?
PDM 2.1(1) is the right version for 6.2(1). What is the actual problem? It doesn't display the page at all? If you do "show version", do u see DES/3DES enabled. Does it show that you have the PDM installed? You may run "setup" to reset the values on the PIX in the config mode. Please, consult with the following link:
My actual problem is that I am getting a page can't be displayed error. DES is enabled and it also shows Cisco PIX Device Manager Version 2.1(1) is installed. I have actually already read that particular link and everything is kosher. I am running IE6 SP1 on an XP box, which does have the updated Java engine also. I haven't tryed running "setup" yet, but I have 2 other PIX firewalls running the new 6.3 version with the PDM 3.0 just fine, and I didn't have to revert to using "setup" which is confusing?
Thanks and understand your concern regarding rerunning the setup. Sometimes you have to run this beacuse of the corruption of certificate for ssl. With setup, you will generate a new certificate. Does the same IE works with your other PIXes, if thats the case, then running setup most likely would ressolve your issue. If this IE doesn' t work with the other PDMs then you may also want to refer to the following thread due to SUN JVM issue.
I installed the new Sun VM and that still didn't help out. Also, the same IE works on my other PIX's. I still haven't tryed running the "setup" yet on my 515, becuase I have to wait until after hours, but I thought I would add one more interesting fact. When I run a port scan on the inside interface's of my other PIX's, it shows port 443 (https) open. On my 515, it isn't open. I don't have any specific conduits to allow https on my other firewalls. Would I need to allow tcp and udp port 443 to a private IP?
Indeed the port scan report is interesting.. If you have configured PDM then tcp/443 should show open not the UDP. If you have acl applied then yes you do need to allow tcp/443. If you have the similar setup on all the pixes in terms of ACL, and if the port scanner shows you diff report, my suggestion would be to use a diff. port scanner just to make sure that its not false positive.
PIX 6.2.1 and PDM 2.1(1) should work fine. Check for the basics on the below url
Have you created a crypto key?
The security features needed by the httpS: (note the trailing "S") connection requires that you generate a crypto key (same for SSH).
My understanding is that I would only have to setup crypto specifications if I was trying to access the PDM from the outside interface, which I am not. If I am totally wrong on this, can you please elaborate? If I need to setup crypto and ISAKMP attributes, I will. I am running the PDM on 2 of my other PIX firewalls just fine, except they are running 6.3. Thanks for you help.
My PDM (acessing from the inside interface) would't work until I generated a crypto key. That was with V6.2 or 6.2(2) ..I don't remember which ..
This was on a 501 w/ 3DES feature / 10 user.