PIX 501 help

[Carapace]

OK, I'm hoping for a little help here.

I have a PIX 501 that I am TRYING to administer through the PDM or web interface and can't figure out 3 things.

1. Which is the easiest, how do view the log file that alerts you to anyone trying to get in, i.e. port scans, etc
2. I cannot access the Internet from a VPN client PC while the IPSEC tunnel is initiated. Disconnect and it works again. I keep thinking it's a static route somewhere, but I cannot find it.
3. I cannot administer the PIX via the PDM interface while connected to it VIA VPN. I can, however, administer it with the same interface on the same PC when not connected VIA VPN. I'm thinking NAT is the problem here, but again it's got me stumped.

I know the web interface sux, but it's all I know well at the moment.

Thanks for any help in advance!

 

[MysticLlama]

I'll give this a shot the best I can, I'm still learning, but I'm starting to get a pretty good grasp on these things.

1. I have a syslog server set up to capture the log output from the 515 at my office. I'm using Kiwi syslog daemon on a Win2k server to capture the logs and write them to disk, and then I use RnR ReportGen for CiscoPIX to parse and view them as something that makes sense. On the PIX I have the syslog server set up as the IP of the Win2k box.
*(these programs were recommended by other members in this forum, just passing along the info. )

2. This *sounds* like a split-tunneling problem, i.e. it's not letting you, though I'm not sure how to set that up or lock it down, as my client VPN machines have always been able to get out just fine. In your access-list are you sure you are looking for only interesting traffic (i.e. going to just the IPs of the other network you're looking for) and not 0.0.0.0? If you are matching all traffic, then all of your traffic is probably being encrypted and sent to the other end, and since you can't turn around traffic on a PIX, and the terminating firewall could very well be the gateway on the other network, you are trapped and can't get back out to the net.

3. I haven't figured out how to get to pdm from the opposite end of the tunnel either, because I can't even ping the terminating box. (Basically if my remote 501 is at 192.168.0.1 a ping to that from the office won't get any response, but a ping to 192.168.0.2 which is a workstation works just fine) I think it's another one of those traffic routing issues, and would probably be cleared up by a router and some configs on the other end, but to get around it, I typically just remote desktop to a machine that's on the other side and then use pdm or the console cable I keep hooked up. (Yes, I know, it doesn't work too well when the tunnel is down, I just use SSH for that, or, since a couple of the boxes are on the private networks of web-exposed servers, I can remote in on their public IP and fiddle with the unit.)

Hope this helps a little.