Are their any cut down versions for small networks, where I used to work got it, but 15k for what we have here is pissing in the wind.

David

 

You could try JustForFun (JFF) .... no really, google for it. It's free and scales well. I use it for some of our smaller networks where there's no budget or requirement for the big guns of CW.

http://www.jffnms.org/

 

Thanks, Ill have a look.

 

Damn, im definatly rusty on Cisco

Had to do a 3750 and 5 2750's today, all configured with Vlans from previous occupants

1st one was great nice web interface the others were all an older IOS so crappy web front end

Tried to get the latest IOS for them but never had time in the end (new site so no internet connection once there)

 

Web interface!?!?

 

I have installed the Solar Winds TFTP server on a Laptop. I am able to ping this machine from the PIX and vice versa.

When i write the code "wr net" i get the following:

TFTP Error: File open error 3


Any idea's?

 

not tried this, but what about "copy run tftp"

 

got it working...also found this

To copy your configuration from a PIX to a TFTP server you need to use the following commands in configuration mode:
write net <filename>
approximate syntax is depending on the version of your IOS
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1027782
use configure net to retrieve stored configs from a TFTP server.
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1969131

 

Also i have installed the PDM, when i access its prompting for a user name and password...?

I do not recall setting any...though blank does not work..

Is there a default username?
Can i reset the password (what password is this)?

Sam

 

Accessing PDM Software
To access the PDM software, type https://<pix_interface_ip_address> in your browser. An example of this syntax is https://172.16.1.2.

When the username/password box comes up and if AAA authentication is not on, then the PIX Telnet password should go in the password box. If AAA authentication is on (such as on a Telnet to the PIX, and the PIX asks for a username/password instead of just a password), then the PIX username should go in the username box and the password in the password box.

If PIX command authorization is on (in PIX version 6.2 or later) and certain users cannot do all commands (such as write terminal, write memory, or configure terminal), then those users similarly will be limited in PDM (to monitoring the PIX only, or to performing a subset of commands). In PIX 6.2 or later, you can determine whether a user has the most powerful privileges (15) by performing a Telnet into the PIX as that user and issuing the show curpriv command in enable mode.

Troubleshooting
If you continue to experience problems with PDM, try some of the suggestions below.

Check that PDM was installed properly:

show version
.
Cisco PIX Firewall Version 6.1(1)
Cisco PIX Device Manager Version 1.0(2)
.

Check that a DES Activation Key is enabled:

show version
.
VPN-DES: Enabled
.


Check that proxy is not enabled in the browser.

Verify that the software is set for the correct year by issuing the show clock command. Modify the year if necessary using the following command:

clock set <hh:mm:ss> <month> <day> <year>

Under normal operation, when the PIX is set for the correct time, connecting with PDM causes generation of a certificate that is visible with the show ca mypubkey rsa command. If there is some question as to whether or not the clock was set properly at the time of the original connection, reset the clock as described in the previous step. Delete the existing certificate by issuing the ca zeroize rsa command, then reconnect with PDM to cause key regeneration.

Verify that you are connecting using https://.

Before downloading the PDM software to the PIX, make sure that the FTP of the PDM software is a binary transfer by typing bin on the FTP transfer command line. If the transfer was in ASCII or if the PDM file is otherwise corrupted, you may receive a "PDM is not installed" message.

Verify that the browser you are using has the proper Java version.

For Microsoft Internet Explorer, on the Windows system, go to Start > Run and type wjview to determine the version (or type wjview at the DOS prompt). Sample output is shown below.

Microsoft (R) VM for Java, 5.0 Release 5.0.0.3802
The last 4 digits should be 3167 or greater to work with PDM.

For Netscape 4.5.x or 4.7.x, the Java Plug-in option should be disabled if it is installed. To disable the plug-in, go to Edit > Preferences > Advanced and set the Enable Java Plug-in option to "disable". If you do not see the checkbox, then the Java Plug-in is not being used by default.

Verify that you are running a supported browser for the version of PDM that you are using. Browser or Java versions other than what have been tested may not work.

If some stations can connect to the PIX for management and others cannot, make sure that you have an entry for the IP address of each unit that will be managing the PIX:

http <ip_address> [netmask] [if_name]
http server enable

If you see a message that says "The PIX has a version number of unknown," then this is generally a result of one of the conditions listed above not being met, such as:
The PDM version is not agreeing with the PIX version (check the PDM documentation for the prerequisites)

The browser version is not supported (check the PDM documentation for the prerequisites)

The Java version is incorrect or the Java plug-in is enabled (see above)
If all else fails, contact the Cisco TAC. Please be prepared to provide the output of a show tech from the PIX, debug ssl from the PIX, Java console output from your browser, and information about your browser version to help resolve the issue.

 

David, I think you scared him off

 

lol..

Been busy with another project hence have not looked at this...though now am working on it now...

though getting a page can not be displayed now... opps

 

Thanks for all the info, all is now working and the Firewall is ready to be shipped


--Sam