Launching PDM cisco

Launching PDM

PDM administration audience are alone acceptable from accustomed IP addresses as

specified ahead by the http command. Afore attempting to affix to the

PIX via PDM, verify that the administration workstation meets all functional

requirements ahead detailed. In addition, verify that the PDM management

client is included in the http agreement account on the PIX firewall.To

verify that the applicant administration base is configured for admission to PDM, use

the appearance http command on the PIX device.

Complete the afterward accomplish to affix to the PIX firewall with PDM:

1. Barrage a JDK 1.1.4 able browser on an accustomed PDM management

workstation and affix to the centralized IP abode of the PIX

firewall application SSL.

www.syngress.com

PIX Accessory Manager • Chapter 9 461

NOTE

Be abiding to blazon https://, not http://, in the URL string. PDM alone allows

encrypted admission and will not action via an unencrypted link.

2. A Aegis Alert window will arise aloft abutting to PDM the first

time, as apparent in Figure 9.1.

3. Back you’re prompted to proceed, acquire to acquire the SSL security

certificate by beat Yes.

4. After you acquire the aegis certificate, an affidavit prompt

appears, as apparent in Figure 9.2.When prompted for affidavit credentials,

do not admission a username unless you accept already configured

individual user accounts via the PIX CLI. Admission the accredit countersign in

the countersign acreage and bang OK.

NOTE

The PIX 501 and 506 platforms are not configured with a countersign by

default. If you are abutting to these platforms for the aboriginal time using

PDM, artlessly bang OK to proceed.

www.syngress.com

Figure 9.1 The Aegis Alert Window

462 Chapter 9 • PIX Accessory Manager

5. A Aegis Awning window will appear, as apparent in Figure 9.3. Click

Yes.

6. PDM will barrage in a abstracted window agnate to the angel apparent in

Figure 9.4.

From the capital PDM screen, apprehension that there are pull-down menus, toolbar

buttons, and bristles called screens. Bang the tabs and pull-down airheaded to become

familiar with the interface.The bristles called screens are as follows:

 Admission Rules This awning is acclimated to admittance and abjure specific network

traffic traversing the PIX firewall. Additionally, AAA affidavit and

URL/ActiveX/Java filters are configured from the Admission Rules tab.

www.syngress.com

Figure 9.2 The PDM Login Window

Figure 9.3 The Aegis Warning Window

PIX Accessory Manager • Chapter 9 463

 Translation Rules This awning is acclimated to configure NAT pools and

rules.

 VPN This awning is acclimated to configure site-to-site and alien access

VPNs.

 Hosts/Networks This awning is acclimated to configure altar such as networks

and hosts.You can additionally actualize accumulation altar from this tab.

 Arrangement Properties This awning allows for basal aliment of the PIX

firewall system. Properties such as DHCP applicant behavior, IDS configuration,

interface attributes,AAA, and added variables can be configured here.

 Monitoring This awning is acclimated to adviser the PIX firewall.

In accession to the capital called screens accessible in PDM, there are several

useful buttons and pull-down menus, as apparent in Figure 9.5.

www.syngress.com

Figure 9.4 The PIX Accessory Manager

464 Chapter 9 • PIX Accessory Manager

From the File pull-down menu, you can abode agreement changes to various

locations such as a TFTP server or the PIX firewall as able-bodied as appearance and print

the active configuration, brace the PDM configuration, or displace the PIX to

the branch absence configuration. Cisco ships PIX firewall models 501, 506, and

506E with a branch absence configuration, which is kept in the PIX firewall flash

memory.The branch absence agreement protects the centralized arrangement from

unsolicited cartage and enables DHCP on the alfresco interface for automated IP

addresses acquisition. A absence DHCP server abode basin in the 192.168.1.0/24

network is included for hosts on the central interface.All casework are permitted

outbound and translated to the firewall’s alien interface by default. Finally, the

internal IP abode of the PIX firewall is preconfigured as 192.168.1.1.

Resetting the PIX to the branch absence agreement is a acceptable way to

erase any changes fabricated to the agreement back it was installed and resort to

an antecedent accompaniment of operation.

The Rules pull-down card provides the adeptness to add, delete, and modify

access, NAT, and VPN rules. From the Rules menu, you can additionally copy, cut, and

paste rules for simplified maintenance. Additionally, right-click abrasion functionality

is accessible throughout the PDM interface, which mimics functionality in

the Rules pull-down menu. Right-click capabilities are accessible wherever rules

are activated to the configuration.

The Search pull-down card provides criteria-based analytic for access,

NAT, and VPN rules; administrators with ample and circuitous aphorism sets will appreciate

this affection to bound locate specific admission rules, for instance.

From the Options pull-down menu, PDM administrators can appearance PIX

commands not parsed by PDM, such as unapplied admission lists, and can modify

PDM-specific preferences from the Preferences window, as apparent in Figure 9.6.

The Tools pull-down card provides a ping account and the adeptness to modify

the PIX firewall anon from a Web-based CLI interface.This CLI interface can

prove absolutely advantageous if you crave multiline or accumulation firewall agreement updates.

The Tools card additionally provides the adeptness to actualize firewall account groups for

administrators to logically accumulation TCP and UDP services.

www.syngress.com

Figure 9.5 The PDM Capital Awning and Buttons

PIX Accessory Manager • Chapter 9 465

NOTE

When authoritative changes to the PIX firewall via PDM, baddest the Preview

Commands afore sending to PIX advantage from the Preferences Window

to apprentice agnate PIX firewall CLI commands.

Two actual advantageous appearance can be begin beneath the Wizards pull-down menu:

the Startup Wizard and the VPN Wizard.These wizards accommodate systematic

prompts for the antecedent agreement of PIX firewall VPNs.

The final pull-down card is Help. From Help, you will acquisition links to detailed

information apropos PDM and the PIX firewall. Advice appearance in PDM are

context sensitive.You will additionally acquisition specific adaptation advice apropos PDM

and the PIX firewall in this menu.

In addition, several buttons represent shortcuts to options accessible in the

pull-down menus, such as the New Aphorism buttons.The New Aphorism buttons are

represented by icons with dejected pages and an orange asterisk and are advised to

make aphorism additions quick and easy. Added buttons accommodate the Annul Rule, Cut

Rule, and Paste Aphorism buttons, as able-bodied as the Brace PDM with Running

Configuration and Save Active Agreement to Beam buttons.

One of the best important buttons is the Save to Beam Needed button,

which appears back you accept fabricated changes to the active agreement that

must be adored to the PIX beam memory. If you don’t save the running

www.syngress.com

Figure 9.6 The Preferences Window

466 Chapter 9 • PIX Accessory Manager

configuration to flash, any changes you accomplish to the PIX firewall will be lost

upon reboot.To apprentice added about a specific button, hover the abrasion pointer

over the button for a popup advice description.

All of these called screens, in accession to the pull-down airheaded and toolbar

buttons, are discussed in detail in the afterward sections.