Cisco 506e PDM access

Discussion in 'Hardware' started by awilden, Sep 8, 2010.

  1. awilden

    awilden

    Joined:
    Sep 8, 2010
    Messages:
    1
    Hi all,

    I have a Cisco 506e that I am trying to configure PDM access on, here is my configuration. I can ping the PIX but when I use https : / / 10.0.0.250 the page doesn't load and just gives the standard 'could not be found'.

    Not sure if I am missing something but I thought all I needed was to have http server enable and pdm location 10.0.0.0 255.0.0.0 inside for this to work internally?

    Thanks for any help!

    Al




    HTML:
    CISCO SYSTEMS PIX FIREWALL
    Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
    Compiled by morlee
    32 MB RAM
    
    PCI Device Table.
    Bus Dev Func VendID DevID Class              Irq
     00  00  00   8086   7192  Host Bridge
     00  07  00   8086   7110  ISA Bridge
     00  07  01   8086   7111  IDE Controller
     00  07  02   8086   7112  Serial Bus         9
     00  07  03   8086   7113  PCI Bridge
     00  0D  00   8086   1209  Ethernet           11
     00  0E  00   8086   1209  Ethernet           10
    
    Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
    Platform PIX-506E
    System Flash=E28F640J3 @ 0xfff00000
    
    Use BREAK or ESC to interrupt flash boot.
    Use SPACE to begin flash boot immediately.
    Reading 2044416 bytes of image from flash.
    ################################################################################
    #####################################
    32MB RAM
    mcwa i82559 Ethernet at irq 11  MAC: 000b.4680.00ac
    mcwa i82559 Ethernet at irq 10  MAC: 000b.4680.00ab
    System Flash=E28F640J3 @ 0xfff00000
    BIOS Flash=am29f400b @ 0xd8000
    
      -----------------------------------------------------------------------
                                   ||        ||
                                   ||        ||
                                  ||||      ||||
                              ..:||||||:..:||||||:..
                             c i s c o S y s t e m s
                            Private Internet eXchange
      -----------------------------------------------------------------------
                            Cisco PIX Firewall
    
    Cisco PIX Firewall Version 6.3(5)125
    Licensed Features:
    Failover:                    Disabled
    VPN-DES:                     Enabled
    VPN-3DES-AES:                Disabled
    Maximum Physical Interfaces: 2
    Maximum Interfaces:          4
    Cut-through Proxy:           Enabled
    Guards:                      Enabled
    URL-filtering:               Enabled
    Inside Hosts:                Unlimited
    Throughput:                  Unlimited
    IKE peers:                   Unlimited
    
    This PIX has a Restricted (R) license.
    
    
      ****************************** Warning *******************************
      Compliance with U.S. Export Laws and Regulations - Encryption.
    
      This product performs encryption and is regulated for export
      by the U.S. Government.
    
      This product is not authorized for use by persons located
      outside the United States and Canada that do not have prior
      approval from Cisco Systems, Inc. or the U.S. Government.
    
      This product may not be exported outside the U.S. and Canada
      either by physical or electronic means without PRIOR approval
      of Cisco Systems, Inc. or the U.S. Government.
    
      Persons outside the U.S. and Canada may not re-export, resell
      or transfer this product by either physical or electronic means
      or transfer this product by either physical or electronic means
      Government.
      ******************************* Warning *******************************
    
    Copyright (c) 1996-2005 by Cisco Systems, Inc.
    
                    Restricted Rights Legend
    
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
    
                    Cisco Systems, Inc.
                    170 West Tasman Drive
                    San Jose, California 95134-1706
    
    ...outside interface address added to PAT pool
    .
    Cryptochecksum(unchanged): 07120f96 fba6e928 c5f30494 8d9739fc
    
    Cannot select private keyType help or '?' for a list of available commands.
    2CS-PIX-FW>
    
    2CS-PIX-FW>
    2CS-PIX-FW> enable
    Password: ********
    2CS-PIX-FW# show config
    : Saved
    : Written by enable_15 at 00:11:28.390 UTC Fri Jan 1 1993
    PIX Version 6.3(5)125
    interface ethernet0 100full
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password hv.gSR31u/ghQl9a encrypted
    passwd hv.gSR31u/ghQl9a encrypted
    hostname 2CS-PIX-FW
    domain-name ippy.2cs.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 554
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 10.0.0.190 SUPERBAD
    name 192.168.254.0 VPN-Clients
    object-group service RDP tcp
      port-object eq 3389
    access-list outside_access_in permit tcp any host 217.33.xxx.82 eq www
    access-list outside_access_in permit tcp 195.157.xxx.128 255.255.255.192 host 21
    7.33.xxx.82 eq 3389
    access-list outside_access_in permit icmp VPN-Clients 255.255.255.0 10.0.0.0 255
    .0.0.0
    access-list outside_access_in permit tcp any host 217.33.xxx.88 eq www
    access-list outside_access_in permit tcp any host 217.33.xxx.91 eq www
    access-list outside_access_in permit tcp any host 217.33.xxx.91 eq ftp
    access-list outside_access_in permit tcp any host 217.33.xxx.91 eq ftp-data
    access-list outside_access_in permit tcp any host 217.33.xxx.82 eq ftp
    access-list outside_access_in permit tcp any host 217.33.xxx.82 eq ftp-data
    access-list outside_access_in permit tcp any eq echo any eq echo
    access-list outside_access_in remark icmp inbound
    access-list outside_access_in permit icmp any any echo-reply
    access-list outside_access_in remark snmp inbound
    access-list outside_access_in permit udp any eq snmp any eq snmp
    access-list outside_access_in permit tcp any host 217.33.xxx.94 eq www
    access-list inside_access_in permit esp any any
    access-list inside_access_in permit tcp any any eq www
    access-list inside_access_in permit tcp any any eq https
    access-list inside_access_in permit udp any any eq domain
    access-list inside_access_in permit tcp any any eq pop3
    access-list inside_access_in permit tcp any any eq ftp
    access-list inside_access_in permit udp any any range 27000 27015
    access-list inside_access_in permit udp any any eq 4380
    access-list inside_access_in permit tcp any any range 27014 27050
    access-list inside_access_in permit udp any any range 27015 27030
    access-list inside_access_in permit tcp host SUPERBAD host 69.16.xxx.250 eq 563
    
    access-list inside_access_in permit tcp any any eq 81
    access-list inside_access_in permit icmp 10.0.0.0 255.0.0.0 VPN-Clients 255.255.255.0
    access-list inside_access_in permit tcp any any eq 8882
    access-list inside_access_in remark VPN
    access-list inside_access_in permit udp any any
    access-list inside_access_in permit tcp any any eq 5555
    access-list inside_access_in permit tcp any any eq 7781
    access-list inside_access_in permit udp any any eq 22
    access-list inside_access_in permit tcp any any eq ssh
    access-list inside_access_in remark IMAP with SSL
    access-list inside_access_in permit tcp any any eq 993
    access-list inside_access_in permit tcp any any eq 49167
    access-list inside_access_in remark icmp outbound
    access-list inside_access_in permit icmp any any echo-reply
    access-list inside_access_in permit icmp any any unreachable
    access-list inside_access_in permit udp any eq snmptrap any eq snmp
    access-list inside_access_in permit tcp any eq https any
    access-list inside_access_in permit tcp any any eq smtp
    access-list inside_access_in permit tcp any any eq 5900
    access-list 2csvpn_splittunnelacl permit ip 10.0.0.0 255.0.0.0 any
    access-list outgoing deny tcp any any eq 1443
    access-list outgoing deny tcp any any eq 1444
    access-list inside deny ip host 93.188.112.65 any
    access-list inside deny tcp host 93.188.112.65 any
    access-list inside deny udp host 93.188.112.65 any
    access-list inside deny tcp host 93.188.112.65 eq 26608 any
    access-list inside_outbound_nat0_acl permit ip 10.0.0.0 255.0.0.0 VPN-Clients 25
    5.255.255.0
    access-list outside deny tcp host 93.188.112.65 eq 26608 any
    access-list outside deny ip host 93.188.112.65 any
    access-list outside deny udp host 93.188.112.65 any
    access-list outside deny tcp host 93.188.112.65 any
    access-list inside_access permit tcp any host SUPERBAD
    access-list out-in permit tcp any host SUPERBAD
    access-list outside_inbound_nat0_acl permit ip host VPN-Clients host 10.0.0.0
    pager lines 24
    logging on
    logging host inside SUPERBAD
    icmp permit any echo outside
    icmp deny any outside
    icmp permit any inside
    icmp permit any echo-reply inside
    mtu outside 1500
    mtu inside 1500
    ip address outside 217.33.xxx.83 255.255.255.240
    ip address inside 10.0.0.250 255.0.0.0
    ip verify reverse-path interface outside
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool clientpool 192.168.254.1-192.168.254.200 mask 255.255.255.0
    pdm location 10.0.0.0 255.0.0.0 inside
    pdm location 10.0.0.0 255.255.255.255 inside
    pdm location 0.0.0.0 0.0.0.0 inside
    pdm location 0.0.0.0 255.255.255.255 inside
    pdm location 195.157.xxx.128 255.255.255.192 outside
    pdm location 10.0.0.0 255.255.255.0 inside
    pdm location 195.157.xxx.128 255.255.255.192 inside
    pdm location 0.0.0.0 0.0.0.0 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (outside) 0 access-list outside_inbound_nat0_acl outside
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 217.33.xxx.82 10.0.0.5 netmask 255.255.255.255 0 0
    static (inside,outside) 217.33.xxx.88 10.0.0.6 netmask 255.255.255.255 0 0
    static (inside,outside) 217.33.xxx.91 10.0.0.3 netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 217.33.xxx.81 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    aaa-server local protocol tacacs+
    aaa-server local max-failed-attempts 3
    aaa-server local deadtime 10
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 10.0.0.1 255.255.255.255 inside
    http 10.0.0.0 255.0.0.0 inside
    http ADULTHOOD 255.255.255.255 inside
    http 10.0.0.250 255.255.255.255 inside
    snmp-server host inside SUPERBAD
    snmp-server host inside 10.0.0.1
    snmp-server host inside 10.0.0.2
    no snmp-server location
    no snmp-server contact
    snmp-server community 2csm0nit0r
    no snmp-server enable traps
    tftp-server inside SUPERBAD /ghost
    floodguard enable
    sysopt connection permit-ipsec
    telnet 10.0.0.0 255.0.0.0 inside
    telnet timeout 5
    ssh 10.0.0.0 255.0.0.0 inside
    ssh timeout 5
    console timeout 0
    vpdn username test password ********
    username admin password dMhbleHJu7igkpXD encrypted privilege 2
    terminal width 80
    Cryptochecksum:9e8899c4761d8dac333e9beb9de87580
    awilden, Sep 8, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ms ping
    Replies:
    1
    Views:
    2,272
    Ms ping
    Jul 8, 2003
  2. jaisol
    Replies:
    1
    Views:
    3,724
    Walter Roberson
    May 5, 2005
  3. Michiel
    Replies:
    4
    Views:
    4,626
    Michiel
    Aug 22, 2006
  4. dgr7
    Replies:
    5
    Views:
    1,738
    allan16
    Sep 7, 2007
  5. BF
    Replies:
    2
    Views:
    737
Loading...

Share This Page