From: Eric Hoffman (skeetin@hotmail.com)
Date: Mon Dec 20 2004 - 13:28:33 GMT-3
Hi,
The key gets generated when you first put in https into your browser. If
you are NOT going to be using https, and only be using ssh, you would
generate the key, THEN save it to memory.
You should be able to access PDM, even though it is a failover unit. I have
used Pix failover units for many demo projects for customers.
I wish I would have sent this link before, but it will help with the
troubleshooting process. If you still need help, please contact me off
list:
http://www.cisco.com/warp/public/110/pdm_http404.shtml
Hope this helps,
Eric
Talk to you later,
E
>From: "Tony Schaffran" <groupstudy@cconlinelabs.com>
>Reply-To: "Tony Schaffran" <groupstudy@cconlinelabs.com>
>To: "'Kevin Minihane'" <kevin.minihane@eirteic.com>, "'Eric Hoffman'"
><skeetin@hotmail.com>
>CC: <ccielab@groupstudy.com>
>Subject: RE: OT:Connectivity to pix 515E
>Date: Mon, 20 Dec 2004 07:04:05 -0800
>MIME-Version: 1.0
>Received: from mc8-f32.hotmail.com ([65.54.253.168]) by mc8-s16.hotmail.com
>with Microsoft SMTPSVC(5.0.2195.6824); Mon, 20 Dec 2004 07:04:35 -0800
>Received: from lists.groupstudy.com ([207.44.210.9]) by mc8-f32.hotmail.com
>with Microsoft SMTPSVC(5.0.2195.6824); Mon, 20 Dec 2004 07:04:35 -0800
>Received: (from sympa@localhost)by lists.groupstudy.com (8.11.6/8.11.6) id
>iBKF4UB29897;Mon, 20 Dec 2004 10:04:30 -0500
>Received: from groupstudy.com (www.groupstudy.com [209.168.254.36])by
>lists.groupstudy.com (8.11.6/8.11.6) with ESMTP id iBKF4Po29871for
><ccielab@lists.groupstudy.com>; Mon, 20 Dec 2004 10:04:25 -0500
>Received: from groupstudy.com (groupstudy.com [127.0.0.1])by groupstudy.com
>(8.12.11/8.12.10) with ESMTP id iBKF4L9n018477GroupStudy Mailer; Mon, 20
>Dec 2004 10:04:21 -0500
>Received: (from listserver@localhost)by groupstudy.com
>(8.12.11/8.12.11/Submit) id iBKF4LDx018475for GroupStudy Mailer; Mon, 20
>Dec 2004 10:04:21 -0500
>Received: from cconlinelabs.com (pop.tysys.com [12.162.162.127]) by
>groupstudy.com (8.12.11/8.12.10) with ESMTP id iBKF4J5Z018451 GroupStudy
>Mailer; Mon, 20 Dec 2004 10:04:19 -0500
>Received: from Grandpa [66.14.132.48] by cconlinelabs.com with ESMTP
>(SMTPD32-7.07) id A6A227A0118; Mon, 20 Dec 2004 09:50:10 -0500
>X-Message-Info: gUeNUVfFqHB7EuxRm/WnboDrcUGTHZbcFAwrTOTEKCI=
>Organization: CConlinelabs.com
>X-Mailer: Microsoft Outlook, Build 10.0.6626
>X-MIME-Autoconverted: from quoted-printable to 8bit by groupstudy.com id
>iBKF4J5Z018451
>X-ASK-Info: Whitelist match [from groupstudy@cconlinelabs\.com] (2004/12/20
>10:04:21)
>X-Loop: ccielab@groupstudy.com
>X-Sequence: 28685
>Errors-to: ccielab-owner@groupstudy.com
>Precedence: bulk
>X-no-archive: yes
>List-Id: <ccielab.groupstudy.com>
>List-Help: <mailto:sympa@groupstudy.com?subject=help>
>List-Subscribe: <mailto:sympa@groupstudy.com?subject=subscribe%20ccielab>
>List-Unsubscribe:
><mailto:sympa@groupstudy.com?subject=unsubscribe%20ccielab>
>List-Post: <mailto:ccielab@groupstudy.com>
>List-Owner: <mailto:ccielab-request@groupstudy.com>
>Return-Path: ccielab-owner@groupstudy.com
>X-OriginalArrivalTime: 20 Dec 2004 15:04:35.0390 (UTC)
>FILETIME=[37D4C5E0:01C4E6A5]
>
>This is just a thought. I cannot remember if this is used for PDM or not.
>I know it is required for SSH.
>
>Have you generated an RSA key?
>
>
>
>Tony Schaffran
>Network Analyst
>CCIE #11071
>CCNP, CCNA, CCDA,
>NNCDS, NNCSS, CNE, MCSE
>
>www.cconlinelabs.com
>Your #1 choice for online Cisco rack rentals.
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Kevin Minihane
>Sent: Monday, December 20, 2004 6:43 AM
>To: 'Eric Hoffman'
>Cc: ccielab@groupstudy.com
>Subject: RE: OT:Connectivity to pix 515E
>
>HI Eric
>
>Thanks for all the help
>
>Yes, this is fresh out of the box. When the config didn't work (as in, I
>wasn't able to connect to the PIX using PDM) I made some adjustments. The
>line 192.168.1.4 is the IP address of my PC, which I put in, to see if I
>could get it to use my own address to configure it
>
>When I've typed show ver, des is enabled, while VPN-3DES-AES is disabled
>
>Here's the output from the show ver command
>
>
>
>show ver
>
> Cisco PIX Firewall Version 6.3(3)
> Cisco PIX Device Manager Version 3.0(1)
>
> Compiled on Wed 13-Aug-03 13:55 by morlee
>
> clearwire-pix up 34 mins 26 secs
>
> Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
> Flash E28F128J3 @ 0x300, 16MB
> BIOS Flash AM29F400B @ 0xfffd8000, 32KB
>
> Encryption hardware device : Crypto5823 (revision 0x1)
> 0: ethernet0: address is 0012.4334.fc2f, irq 10
> 1: ethernet1: address is 0012.4334.fc30, irq 11
> Licensed Features:
> Failover: Enabled
> VPN-DES: Enabled
> VPN-3DES-AES: Disabled
> Maximum Physical Interfaces: 6
> Maximum Interfaces: 10
> Cut-through Proxy: Enabled
> Guards: Enabled
> URL-filtering: Enabled
> <--- More ---> Inside Hosts: Unlimited
> Throughput: Unlimited
> IKE peers: Unlimited
>
> This PIX has a Failover Only (FO) license.
>
> Serial Number: 808401517 (0x302f3a6d)
> Running Activation Key: 0x4d0c126f 0xf9425d1b 0x24659623 0x4e6af82a
> Configuration last modified by enable_15 at 14:20:11.695 UTC Mon Dec 20
>2004
>
>
>Thanks again
>
>Kevin
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>-----Original Message-----
>From: Eric Hoffman [mailto:skeetin@hotmail.com]
>Sent: 20 December 2004 14:32
>To: kevin.minihane@eirteic.com
>Cc: ccielab@groupstudy.com
>Subject: RE: OT:Connectivity to pix 515E
>
>If it is a brand new pix, then it will allow you to connect to PDM on the
>inside interface, with no configs.... fresh out of the box. You don't have
>to do any other configs to make it work.
>
>If you can send a show ver to ensure the des/3des is enabled, we can go
>from
>
>there...
>
>E
>
>
> >From: "Kevin Minihane" <kevin.minihane@eirteic.com>
> >To: "'Eric Hoffman'" <skeetin@hotmail.com>
> >CC: <ccielab@groupstudy.com>
> >Subject: RE: OT:Connectivity to pix 515E
> >Date: Mon, 20 Dec 2004 14:07:58 -0000
> >MIME-Version: 1.0
> >Received: from border01.eirteic.com ([83.137.25.66]) by
> >mc10-f15.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 20 Dec
>2004
>
> >05:05:59 -0800
> >Received: from mail.eirteic.com by border01.eirteic.com via
>smtpd
> >(for mc10.bay6.hotmail.com [65.54.166.230]) with ESMTP; Mon, 20 Dec 2004
> >14:08:05 +0000
> >Received: by mail.eirteic.com (Postfix, from userid 65534)id 05D1195806C;
> >Mon, 20 Dec 2004 14:08:04 +0000 (GMT)
> >Received: from EirteicFirewallCluster-c0a85344.eirteic.com
> >(EirteicFirewallCluster-c0a85344.eirteic.com [192.168.83.68])by
> >mail.eirteic.com (Postfix) with ESMTPid 1B71495806A; Mon, 20 Dec 2004
> >14:08:03 +0000 (GMT)
> >Received: from [212.17.54.222] ([212.17.54.222]) by
> >EirteicFirewallCluster-c0a85344.eirteic.com via smtpd (for
> >mail.eirteic.com [192.168.83.71]) with ESMTP; Mon, 20 Dec 2004 14:08:03
> >+0000
> >X-Message-Info: JGTYoYF78jHyAyjNCiGJ6Eq9p3hrdzM2Myk01T+sBdc=
> >X-Mailer: Microsoft Office Outlook, Build 11.0.5510
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >Thread-Index: AcTmmvYDJGL2uEz/QRyE887tKgnpzQAAPGpg
> >X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on
>mail.eirteic.com
> >X-Spam-Level: X-Spam-Status: No, hits=-4.0 required=5.0
> >tests=AWL,BAYES_00,NORMAL_HTTP_TO_IP autolearn=no version=2.64
> >Return-Path: kevin.minihane@eirteic.com
> >X-OriginalArrivalTime: 20 Dec 2004 13:05:59.0406 (UTC)
> >FILETIME=[A65FC8E0:01C4E694]
> >
> >Hi Eric
> >
> >I've tried that, but to no avail. I've also tried permitting all traffic
> >through the inside and outside interfaces , using an acl, but again, I am
> >having no luck
> >
> >I've even tried setting up the PIX as a DHCP server, and grabbing an
> >address
> >from the pool of addresses.
> >
> >By the way, it was a typo on my part, not including the 's' (https) when
>I
> >sent my original mail
> >
> >Anyone have any other ideas?
> >
> >Thanks again
> >
> >Kevin
> >
> >-----Original Message-----
> >From: Eric Hoffman [mailto:skeetin@hotmail.com]
> >Sent: 20 December 2004 13:50
> >To: kevin.minihane@eirteic.com
> >Cc: ccielab@groupstudy.com
> >Subject: RE: OT:Connectivity to pix 515E
> >
> >Hi,
> >
> >You should use:
> >https://192.168.1.1
> >
> >instead of
> >
> > >
> > >http://192.168.1.1/startup.html
> >
> >Hope this helps,
> >Eric
> >13843
> >
> >
> > >
> > >Hi
> > >
> > >
> > >
> > >I'm having a few problems connecting to a PIX 515E. I want to use PDM
>as
> > >I'm not very confidant with PIX technology.
> > >
> > >Every Cisco site/document I've read tells me I can connect to the
>inside
> > >interface (which by default has an IP address of 192.168.1.1/24) as
>long
> >as
> > >I connect it to a hub/switch, and give my PC an address in the same
> > >subnet./
> > >I've done this, but am still unable to connect to
> > >http://192.168.1.1/startup.html as the documents say
> > >
> > >
> > >
> > >Does anyone have any idea on what may be wrong? This is a brand new
>pix
> >,
> > >out of the box, with a default installation.
> > >
> > >
> > >
> > >I'd greatly appreciate any help
> > >
> > >
> > >
> > >Thanks
> > >
> > >
> > >
> > >Kevin
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:28 GMT-3