Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > Cisco 506e PDM access

Reply
Thread Tools

Cisco 506e PDM access

 
 
awilden awilden is offline
Junior Member
Join Date: Sep 2010
Posts: 1
 
      09-08-2010
Hi all,

I have a Cisco 506e that I am trying to configure PDM access on, here is my configuration. I can ping the PIX but when I use https : / / 10.0.0.250 the page doesn't load and just gives the standard 'could not be found'.

Not sure if I am missing something but I thought all I needed was to have http server enable and pdm location 10.0.0.0 255.0.0.0 inside for this to work internally?

Thanks for any help!

Al




HTML Code:
CISCO SYSTEMS PIX FIREWALL
Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
Compiled by morlee
32 MB RAM

PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  00  00   8086   7192  Host Bridge
 00  07  00   8086   7110  ISA Bridge
 00  07  01   8086   7111  IDE Controller
 00  07  02   8086   7112  Serial Bus         9
 00  07  03   8086   7113  PCI Bridge
 00  0D  00   8086   1209  Ethernet           11
 00  0E  00   8086   1209  Ethernet           10

Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-506E
System Flash=E28F640J3 @ 0xfff00000

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 2044416 bytes of image from flash.
################################################################################
#####################################
32MB RAM
mcwa i82559 Ethernet at irq 11  MAC: 000b.4680.00ac
mcwa i82559 Ethernet at irq 10  MAC: 000b.4680.00ab
System Flash=E28F640J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000

  -----------------------------------------------------------------------
                               ||        ||
                               ||        ||
                              ||||      ||||
                          ..:||||||:..:||||||:..
                         c i s c o S y s t e m s
                        Private Internet eXchange
  -----------------------------------------------------------------------
                        Cisco PIX Firewall

Cisco PIX Firewall Version 6.3(5)125
Licensed Features:
Failover:                    Disabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Disabled
Maximum Physical Interfaces: 2
Maximum Interfaces:          4
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has a Restricted (R) license.


  ****************************** Warning *******************************
  Compliance with U.S. Export Laws and Regulations - Encryption.

  This product performs encryption and is regulated for export
  by the U.S. Government.

  This product is not authorized for use by persons located
  outside the United States and Canada that do not have prior
  approval from Cisco Systems, Inc. or the U.S. Government.

  This product may not be exported outside the U.S. and Canada
  either by physical or electronic means without PRIOR approval
  of Cisco Systems, Inc. or the U.S. Government.

  Persons outside the U.S. and Canada may not re-export, resell
  or transfer this product by either physical or electronic means
  or transfer this product by either physical or electronic means
  Government.
  ******************************* Warning *******************************

Copyright (c) 1996-2005 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

...outside interface address added to PAT pool
.
Cryptochecksum(unchanged): 07120f96 fba6e928 c5f30494 8d9739fc

Cannot select private keyType help or '?' for a list of available commands.
2CS-PIX-FW>

2CS-PIX-FW>
2CS-PIX-FW> enable
Password: ********
2CS-PIX-FW# show config
: Saved
: Written by enable_15 at 00:11:28.390 UTC Fri Jan 1 1993
PIX Version 6.3(5)125
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password hv.gSR31u/ghQl9a encrypted
passwd hv.gSR31u/ghQl9a encrypted
hostname 2CS-PIX-FW
domain-name ippy.2cs.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 554
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 10.0.0.190 SUPERBAD
name 192.168.254.0 VPN-Clients
object-group service RDP tcp
  port-object eq 3389
access-list outside_access_in permit tcp any host 217.33.xxx.82 eq www
access-list outside_access_in permit tcp 195.157.xxx.128 255.255.255.192 host 21
7.33.xxx.82 eq 3389
access-list outside_access_in permit icmp VPN-Clients 255.255.255.0 10.0.0.0 255
.0.0.0
access-list outside_access_in permit tcp any host 217.33.xxx.88 eq www
access-list outside_access_in permit tcp any host 217.33.xxx.91 eq www
access-list outside_access_in permit tcp any host 217.33.xxx.91 eq ftp
access-list outside_access_in permit tcp any host 217.33.xxx.91 eq ftp-data
access-list outside_access_in permit tcp any host 217.33.xxx.82 eq ftp
access-list outside_access_in permit tcp any host 217.33.xxx.82 eq ftp-data
access-list outside_access_in permit tcp any eq echo any eq echo
access-list outside_access_in remark icmp inbound
access-list outside_access_in permit icmp any any echo-reply
access-list outside_access_in remark snmp inbound
access-list outside_access_in permit udp any eq snmp any eq snmp
access-list outside_access_in permit tcp any host 217.33.xxx.94 eq www
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any any eq www
access-list inside_access_in permit tcp any any eq https
access-list inside_access_in permit udp any any eq domain
access-list inside_access_in permit tcp any any eq pop3
access-list inside_access_in permit tcp any any eq ftp
access-list inside_access_in permit udp any any range 27000 27015
access-list inside_access_in permit udp any any eq 4380
access-list inside_access_in permit tcp any any range 27014 27050
access-list inside_access_in permit udp any any range 27015 27030
access-list inside_access_in permit tcp host SUPERBAD host 69.16.xxx.250 eq 563

access-list inside_access_in permit tcp any any eq 81
access-list inside_access_in permit icmp 10.0.0.0 255.0.0.0 VPN-Clients 255.255.255.0
access-list inside_access_in permit tcp any any eq 8882
access-list inside_access_in remark VPN
access-list inside_access_in permit udp any any
access-list inside_access_in permit tcp any any eq 5555
access-list inside_access_in permit tcp any any eq 7781
access-list inside_access_in permit udp any any eq 22
access-list inside_access_in permit tcp any any eq ssh
access-list inside_access_in remark IMAP with SSL
access-list inside_access_in permit tcp any any eq 993
access-list inside_access_in permit tcp any any eq 49167
access-list inside_access_in remark icmp outbound
access-list inside_access_in permit icmp any any echo-reply
access-list inside_access_in permit icmp any any unreachable
access-list inside_access_in permit udp any eq snmptrap any eq snmp
access-list inside_access_in permit tcp any eq https any
access-list inside_access_in permit tcp any any eq smtp
access-list inside_access_in permit tcp any any eq 5900
access-list 2csvpn_splittunnelacl permit ip 10.0.0.0 255.0.0.0 any
access-list outgoing deny tcp any any eq 1443
access-list outgoing deny tcp any any eq 1444
access-list inside deny ip host 93.188.112.65 any
access-list inside deny tcp host 93.188.112.65 any
access-list inside deny udp host 93.188.112.65 any
access-list inside deny tcp host 93.188.112.65 eq 26608 any
access-list inside_outbound_nat0_acl permit ip 10.0.0.0 255.0.0.0 VPN-Clients 25
5.255.255.0
access-list outside deny tcp host 93.188.112.65 eq 26608 any
access-list outside deny ip host 93.188.112.65 any
access-list outside deny udp host 93.188.112.65 any
access-list outside deny tcp host 93.188.112.65 any
access-list inside_access permit tcp any host SUPERBAD
access-list out-in permit tcp any host SUPERBAD
access-list outside_inbound_nat0_acl permit ip host VPN-Clients host 10.0.0.0
pager lines 24
logging on
logging host inside SUPERBAD
icmp permit any echo outside
icmp deny any outside
icmp permit any inside
icmp permit any echo-reply inside
mtu outside 1500
mtu inside 1500
ip address outside 217.33.xxx.83 255.255.255.240
ip address inside 10.0.0.250 255.0.0.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool clientpool 192.168.254.1-192.168.254.200 mask 255.255.255.0
pdm location 10.0.0.0 255.0.0.0 inside
pdm location 10.0.0.0 255.255.255.255 inside
pdm location 0.0.0.0 0.0.0.0 inside
pdm location 0.0.0.0 255.255.255.255 inside
pdm location 195.157.xxx.128 255.255.255.192 outside
pdm location 10.0.0.0 255.255.255.0 inside
pdm location 195.157.xxx.128 255.255.255.192 inside
pdm location 0.0.0.0 0.0.0.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (outside) 0 access-list outside_inbound_nat0_acl outside
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 217.33.xxx.82 10.0.0.5 netmask 255.255.255.255 0 0
static (inside,outside) 217.33.xxx.88 10.0.0.6 netmask 255.255.255.255 0 0
static (inside,outside) 217.33.xxx.91 10.0.0.3 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 217.33.xxx.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server local protocol tacacs+
aaa-server local max-failed-attempts 3
aaa-server local deadtime 10
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 10.0.0.1 255.255.255.255 inside
http 10.0.0.0 255.0.0.0 inside
http ADULTHOOD 255.255.255.255 inside
http 10.0.0.250 255.255.255.255 inside
snmp-server host inside SUPERBAD
snmp-server host inside 10.0.0.1
snmp-server host inside 10.0.0.2
no snmp-server location
no snmp-server contact
snmp-server community 2csm0nit0r
no snmp-server enable traps
tftp-server inside SUPERBAD /ghost
floodguard enable
sysopt connection permit-ipsec
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
console timeout 0
vpdn username test password ********
username admin password dMhbleHJu7igkpXD encrypted privilege 2
terminal width 80
Cryptochecksum:9e8899c4761d8dac333e9beb9de87580
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
cisco pix 506e: how to upgrade the PDM dgr7 Cisco 5 09-07-2007 02:27 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2) Michiel Cisco 2 08-22-2006 08:46 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT Michiel Cisco 4 08-22-2006 12:26 PM
Upgrading Firewall Version and PDM on PIX 506E (newbie user) jaisol Cisco 1 05-05-2005 02:33 AM
PIX 506e - Can't start PDM after change old version Ms ping Cisco 1 07-08-2003 04:04 PM



Advertisments