PIX 520, pdm problems

[jose458]

I have pix 520 firewall version 6.3 and pdm version 3.2

but no active pdm, i configure http in pix

 

[Iainh]

Hope this makes sence.

http server enable
!the following line sets the IP address/subnet and the inside which will be allowed to access the pdm
pdm location 192.168.1.2 255.255.255.255 inside
!This enables the buffering is stats for the pdm
pdm history enable

 

[themut]

You need to generate your RSA key:

ca generate rsa key <key-size>
ca save all

For your key size you can use 512, 1024 or 2048. Then you should use https on your browser.

 

[dx1]

>You need to generate your RSA key:
I thought the key was only if your doing SSH??

 

[Iainh]

The RSA key is not required for PDM.

Your PIX has to have the encryption license but all the later UK ones have and you did have to put the PDM image onto the box but again this has been done for you on the later devices. After that you need to enable the http server and define which ip addresses are able to access the system and through which interface.

 

[NPuser]

Check your PDM image name - if it has PDM**.bin - it won't work. PIX looks for pdm.bin during boot.

 

[themut]

To access the PDM you need to do it through https which means you need a certificate SO the RSA key is needed to generate the certificate on the PIX. Furthermore, to generate the RSA key you need to previously configured a hostname and a domain name on the PIX.

 

[Iainh]

sorry mate but NO I have never had to set the certificate yet just to get pdm

 

[jose458]

I solve my problem update DES Key

pixfirewall# show version
Cisco Secure PIX Firewall Version 6.1(1)
PIX Device Manager Version 1.1(2)
<snip>
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Disabled

If you are missing the lines indicating your PIX or PDM versions, and if both DES and 3DES are disabled, you will not be able to access the PDM software


Tankd fot you help