Cisco Security Device Manager Problems

[Almin]

HI

I was playing around with SDM that is installed on my router but every time I try to get to it via the browser I get that the Certificate is invalid. When I clcik on continue anyway I get to the login screen, I put in my username and password, and it opens up another window (pop up) where it displays the error message that is attached bellow. I tried this on 3 diffrent PC's with 3 diffrent OS. XP, Vista, and Win7 all PC's are up to date and all certificates have been renewd. is there are workaround on this?

 

[burtsbees]

router>en
router#conf t
router(config)#crypto key gen rsa mod 1024

it will ask you if you want to replace the keys or something, I think---click "yes".

Have you tried just http? Post a sh run please.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Almin]

Tried all that including http:// but I get nothing.. When I use http:// I get "The page cannot be displayed"

here is rh run

Primary-Router#sh run
Building configuration...

Current configuration : 8587 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Primary-Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$wOoQ$FO9gu6Yykv64fQCunz
enable password 7 104107140913595F
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Vlan1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
ip dhcp pool Vlan2
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
!
ip dhcp pool Vlan3
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
!
ip dhcp pool Vlan4
import all
network 192.168.4.0 255.255.255.0
default-router 192.168.4.254
!
ip dhcp pool Vlan5
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.5.254
!
ip dhcp pool Vlan23
import all
network 192.168.6.0 255.255.255.0
default-router 192.168.6.254
!
ip dhcp pool Vlan99
import all
network 192.168.7.0 255.255.255.0
default-router 192.168.7.1
!
!
no ip bootp server
no ip domain lookup
ip domain name rpt.bosanci.net
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
login block-for 300 attempts 5 within 120
!
!
crypto pki trustpoint TP-self-signed-3942079258
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3942079258
revocation-check none
rsakeypair TP-self-signed-3942079258
!
!
crypto pki certificate chain TP-self-signed-3942079258
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393432 30373932 3538301E 170D3130 30353036 31393537
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39343230
37393235 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C656 EF64F554 D4FBD3BC DF6D5478 B34FBFC5 B16DE515 848E4667 45F2AA60
ECE664FD C63A71FF 44B0E552 E3C7B3C8 86B9EEBE 27BEC0E5 608EDF30 74EA3321
C5A9C059 488A612E C65361D4 019B2EEB AD612310 6E8D4D47 82362B20 E4B013F8
240020C2 AB29EE06 07914025 CFB86740 4F79C9E0 407C3DBC 972BD2AC E57D8C5F
269F0203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E507269 6D617279 2D526F75 7465722E 7270742E 626F7361
6E63692E 6E657430 1F060355 1D230418 30168014 EA5974A7 7003C92E 29BA778A
21FA9384 FC41C535 301D0603 551D0E04 160414EA 5974A770 03C92E29 BA778A21
FA9384FC 41C53530 0D06092A 864886F7 0D010104 05000381 810023E8 10FA0333
7A0979EE EBD8D554 E2BC655D 00E2C3A8 9BF71AE0 C36353F9 736BB056 B94B519D
B4EE27D9 B64FECDF 72F914F4 B6993A78 8387F7FE A356D493 9E89703F B031B229
04B2C1C8 4B0D5B75 22C77D4E E411A4C5 C11A3650 488FEF53 030999DE CFD0184D
32512167 8BD0F68F AB0B92B9 B7F76543 B6BA686C 5279C9FB 659E
q
username admin privilege 15 password 7 02090A5607E731F
username @dmin password 7 1418100F7B797708
archive
log config
logging enable
!
!
ip tcp intercept list autosec_tcp_intercept_list
ip tcp intercept connection-timeout 3600
ip tcp intercept watch-timeout 15
ip tcp intercept max-incomplete low 450
ip tcp intercept max-incomplete high 550
ip tcp intercept drop-mode random
ip ssh time-out 90
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
description Connection to LAN Network via Sub-Interfaces
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.1
description Vlan1 - Link to LAN Area Network
encapsulation dot1Q 1 native
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.2
description Vlan2 - Link to Wirelless Network
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.3
description Vlan3 - Link to Workstation 2
encapsulation dot1Q 3
ip address 192.168.3.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.4
description Vlan4 - Link to Workstation 1
encapsulation dot1Q 4
ip address 192.168.4.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.5
description Vlan5 - Link to Work PC - VPN
encapsulation dot1Q 5
ip address 192.168.5.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.23
description Vlan23 - Link to SysLog Server
encapsulation dot1Q 23
ip address 192.168.6.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.24
description Vlan99 - Link to Managment Server
encapsulation dot1Q 99
ip address 192.168.7.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description Connection to ISP
ip address dhcp
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat outside
ip virtual-reassembly
duplex auto
speed 100
no mop enabled
!
interface FastEthernet0/0/0
description Connection to Secondary Router
switchport access vlan 99
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no mop enabled
!
interface Vlan2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no mop enabled
!
interface Vlan99
ip address 192.168.10.254 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 0
network 192.168.7.0 0.0.0.255 area 0
network 192.168.9.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
!
logging trap debugging
logging facility local2
logging 192.168.6.1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
no cdp run
!
!
!
control-plane
!
!
banner motd ^C
******************************************************************
W A R N I N G !
THIS INFORMATION SYSTEM IS PROVIDED ONLY IN CONNECTION WITH
AUTHORIZED BUSINESS USE FOR THIS CORPORATION, ITS
SUBSIDIARIES AND AFFILLIATES. UNAUTHORIZED ACCESS IS
PROHIBITED. USE OF THIS SYSTEM SHOULD NOT BE CONSIDERED
PRIVATE AND USAGE WILL BE MONITORED. USERS ARE SUBJECT TO
CURRENT COMPANY POLICIES ON USAGE, SECURITY AND CONFIDENTIALITY.
******************************************************************
^C
!
line con 0
exec-timeout 30 30
password 7 0609012C4045B56
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
exec-timeout 5 30
password 7 151D0501082177B
login authentication local_auth
transport input ssh
!
scheduler allocate 20000 1000
end

Primary-Router#

 

[burtsbees]

From where are you trying to connect?

no ip http server

That will prevent you from http://

So, try

router(config)#ip http server

then try it again (

http://)to

verify you can get to your router via browser. Also,post the output of

show ip http server secure status

and

show ip http client secure status

/



tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Cluebird]

Check your Java version. You may need to downgrade to something like 1.4.2_05 to get SDM to work. Cisco GUIs are very particular to Java version.

 

[Almin]

Hi, Java is on current version and updated..

Here is the sh ip http server secure status...

Primary-Router#show ip http server secure status
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
Primary-Router#


I still get the same problem when using http://

Dont know what could be wrong

 

[Cluebird]

Read my post. DOWNGRADE the Java. You need an OLDER version than what you have installed.

 

[Almin]

I downgraded to 1.4.2_05 and still get the same error message. This is a part of the lab, I dont really need to get to it that bad... but still curious what it does and if it has any good use out of it.

 

[burtsbees]

post a new sh run---let's see FIRST of you can even get to it via your browser. What browser are you using? I'm using Firefox, with Java 1.6.0_16-b01, and https does not work with it, but http does. Mine for sure is the Java version, but yours sounds like the browser. Try

ip http server

then use Firefox. SDM is a VERY important program for you to know like the back of your hand for CCNA and CCNP exams, as well as Cisco Express Foundation exams (Cisco Channel Partners).

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!