Enabling and Disabling PDM
Before application PDM, you charge accredit the PDM account and configure specific,
authorized audience for authoritative access.To accredit PDM, you charge aboriginal enter
the afterward Agreement approach command:
PIX1(config)# http server enable
Configure PDM administration audience application the afterward command:
http
In this command, ip_address and netmask specify the applicant or arrangement IP
address and arrangement affectation that can admission the PIX firewall through PDM.The
network affectation is affected to be 255.255.255.255 (single host) if not specified.
The interface constant specifies the PIX interface name on which the management
client will affix and is affected to be the central interface if not specified.
For example:
PIX1(config)# http 192.168.1.0 255.255.255.0 inside
www.syngress.com
460 Chapter 9 • PIX Device Manager
PDM is now enabled for any applicant on the central interface, which is on the
192.168.1.0/24 network. Should you charge to configure added clients, use the http
command again.
NOTE
To acquiesce PDM admission from all clients, use the IP abode of 0.0.0.0 with a
network affectation of 0.0.0.0.
To attenuate PDM, blazon no http server accredit from the configure prompt.
Doing so disables PDM for all clients.To attenuate specific clients, type:
no http
In this command, all three ambit (ip_address, netmask, and interface) are
required.
NOTE
The factory-based agreement on the PIX 501 and 506 models enables
PDM by absence for centralized addresses. Additionally, the PIX 501 and 506
firewalls are configured with an central interface abode of 192.168.1.1
and a DHCP server that distributes 192.168.1.0/24 addresses.