Home > IT Answers > Security > cannot connect to PIX Firewall via ISA Proxy ...
RonP
25 pts.
0
Q:
cannot connect to PIX Firewall via ISA Proxy server using ASDM Launcher
ISA Server 2004, PIX 525 firewall, ASDM, Cisco PIX, Firewalls, PuTTY
Need asistance with ISA rules to allow ASDM Launcher (from authorized workstations) to connect to the PIX Appliance for management purposes. I can connect directly to the PIX device via traditional "telnet" (using PuTTY)functionality but can't seem to figure out why ISA is not allowing the ASDM Interface. All local browser traffic is filtered thru the ISA Proxy beforehand and standard HTTP, HTTPS, SSH, Protocols have already been established in a Policy on the ISA. The ISA Server also has same rulesets established from localhost to the PIX device as well. Just can't seem to get beyond the ISA Server. Thanks in advance.
ASKED: Jul 3 2009  4:42 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
TreyJ
30 pts.
0
A:
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
  • AddThis Social Bookmark Button
Do you have http/https enabled on the PIX? If so, can you launch ASDM using a https connection to the inside interface of the PIX? If you starts to launch and then stops, you may need to change the version of Java that is on your PC.

On the ASDM:

If you go to Configuration -> Properties -> HTTP/HTTPS, you should be able to change the port number in there.
Last Answered: Jul 10 2009  2:54 PM GMT by TreyJ   30 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

RonP   25 pts.  |   Jul 9 2009  3:29PM GMT

Yes, HTTP Server is enabled on the PIX. At this point, I believe the source of the problem may be with the port I’m using to start outbound HTTP sessions in my browser (I.E. 7). I just discovered all outbound browser connections are being established with the Proxy Server (ISA) on Port 8080. If I speciifically add the PIX Inside Interface (IP Address) to the list of “Exceptions” in my browser, thereby avoiding the ISA entirely, the Cisco ASDM Launcher works. This tell me both the PIX and my workstation (i.e. Java components, etc) have been configured properly and no problems exist at the foundation level.

So, in essence, my question really is how I can leverage the ISA Proxy Server to allow/process traffic both to the PIX interface and back to my workstation via Cisco’s ASDM Interface using Port 8080? If this can’t be done, then I’ll continue to exclude the Proxy from these sessions in my browser. Was merely wondering if there was a workaround. Can the PIX “HTTP Server” option be configured to use a different Port once enabled on the interface??? Thx.

 

RonP   25 pts.  |   Jul 12 2009  4:43PM GMT

Great..Thx..Another issue I discovered is the ISA Server is on a much lower security, and as such, static routes needed to be established to and back from the “inside interface”..Port Number Configuration info was bang on..!!

 
0