From: Tony Schaffran (groupstudy@cconlinelabs.com)
Date: Mon Dec 20 2004 - 12:04:05 GMT-3
This is just a thought. I cannot remember if this is used for PDM or not.
I know it is required for SSH.
Have you generated an RSA key?
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kevin Minihane
Sent: Monday, December 20, 2004 6:43 AM
To: 'Eric Hoffman'
Cc: ccielab@groupstudy.com
Subject: RE: OT:Connectivity to pix 515E
HI Eric
Thanks for all the help
Yes, this is fresh out of the box. When the config didn't work (as in, I
wasn't able to connect to the PIX using PDM) I made some adjustments. The
line 192.168.1.4 is the IP address of my PC, which I put in, to see if I
could get it to use my own address to configure it
When I've typed show ver, des is enabled, while VPN-3DES-AES is disabled
Here's the output from the show ver command
show ver
Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 13-Aug-03 13:55 by morlee
clearwire-pix up 34 mins 26 secs
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : Crypto5823 (revision 0x1)
0: ethernet0: address is 0012.4334.fc2f, irq 10
1: ethernet1: address is 0012.4334.fc30, irq 11
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
<--- More ---> Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has a Failover Only (FO) license.
Serial Number: 808401517 (0x302f3a6d)
Running Activation Key: 0x4d0c126f 0xf9425d1b 0x24659623 0x4e6af82a
Configuration last modified by enable_15 at 14:20:11.695 UTC Mon Dec 20
2004
Thanks again
Kevin
-----Original Message-----
From: Eric Hoffman [mailto:skeetin@hotmail.com]
Sent: 20 December 2004 14:32
To: kevin.minihane@eirteic.com
Cc: ccielab@groupstudy.com
Subject: RE: OT:Connectivity to pix 515E
If it is a brand new pix, then it will allow you to connect to PDM on the
inside interface, with no configs.... fresh out of the box. You don't have
to do any other configs to make it work.
If you can send a show ver to ensure the des/3des is enabled, we can go from
there...
E
>From: "Kevin Minihane" <kevin.minihane@eirteic.com>
>To: "'Eric Hoffman'" <skeetin@hotmail.com>
>CC: <ccielab@groupstudy.com>
>Subject: RE: OT:Connectivity to pix 515E
>Date: Mon, 20 Dec 2004 14:07:58 -0000
>MIME-Version: 1.0
>Received: from border01.eirteic.com ([83.137.25.66]) by
>mc10-f15.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 20 Dec 2004
>05:05:59 -0800
>Received: from mail.eirteic.com by border01.eirteic.com via smtpd
>(for mc10.bay6.hotmail.com [65.54.166.230]) with ESMTP; Mon, 20 Dec 2004
>14:08:05 +0000
>Received: by mail.eirteic.com (Postfix, from userid 65534)id 05D1195806C;
>Mon, 20 Dec 2004 14:08:04 +0000 (GMT)
>Received: from EirteicFirewallCluster-c0a85344.eirteic.com
>(EirteicFirewallCluster-c0a85344.eirteic.com [192.168.83.68])by
>mail.eirteic.com (Postfix) with ESMTPid 1B71495806A; Mon, 20 Dec 2004
>14:08:03 +0000 (GMT)
>Received: from [212.17.54.222] ([212.17.54.222]) by
>EirteicFirewallCluster-c0a85344.eirteic.com via smtpd (for
>mail.eirteic.com [192.168.83.71]) with ESMTP; Mon, 20 Dec 2004 14:08:03
>+0000
>X-Message-Info: JGTYoYF78jHyAyjNCiGJ6Eq9p3hrdzM2Myk01T+sBdc=
>X-Mailer: Microsoft Office Outlook, Build 11.0.5510
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Thread-Index: AcTmmvYDJGL2uEz/QRyE887tKgnpzQAAPGpg
>X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on mail.eirteic.com
>X-Spam-Level: X-Spam-Status: No, hits=-4.0 required=5.0
>tests=AWL,BAYES_00,NORMAL_HTTP_TO_IP autolearn=no version=2.64
>Return-Path: kevin.minihane@eirteic.com
>X-OriginalArrivalTime: 20 Dec 2004 13:05:59.0406 (UTC)
>FILETIME=[A65FC8E0:01C4E694]
>
>Hi Eric
>
>I've tried that, but to no avail. I've also tried permitting all traffic
>through the inside and outside interfaces , using an acl, but again, I am
>having no luck
>
>I've even tried setting up the PIX as a DHCP server, and grabbing an
>address
>from the pool of addresses.
>
>By the way, it was a typo on my part, not including the 's' (https) when I
>sent my original mail
>
>Anyone have any other ideas?
>
>Thanks again
>
>Kevin
>
>-----Original Message-----
>From: Eric Hoffman [mailto:skeetin@hotmail.com]
>Sent: 20 December 2004 13:50
>To: kevin.minihane@eirteic.com
>Cc: ccielab@groupstudy.com
>Subject: RE: OT:Connectivity to pix 515E
>
>Hi,
>
>You should use:
>https://192.168.1.1
>
>instead of
>
> >
> >http://192.168.1.1/startup.html
>
>Hope this helps,
>Eric
>13843
>
>
> >
> >Hi
> >
> >
> >
> >I'm having a few problems connecting to a PIX 515E. I want to use PDM as
> >I'm not very confidant with PIX technology.
> >
> >Every Cisco site/document I've read tells me I can connect to the inside
> >interface (which by default has an IP address of 192.168.1.1/24) as long
>as
> >I connect it to a hub/switch, and give my PC an address in the same
> >subnet./
> >I've done this, but am still unable to connect to
> >http://192.168.1.1/startup.html as the documents say
> >
> >
> >
> >Does anyone have any idea on what may be wrong? This is a brand new pix
>,
> >out of the box, with a default installation.
> >
> >
> >
> >I'd greatly appreciate any help
> >
> >
> >
> >Thanks
> >
> >
> >
> >Kevin
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:28 GMT-3