Solved

While Opening SDM Express from IE in XP and Vista

Posted on 2008-10-09
7
1,132 Views
Last Modified: 2008-10-24
Hi,
i want to do some changes in cisco 877 adsl router but I could not get through the sdm express page. I'm trying with the IP Address https://<ipaddress> it gives certificate error and could not load Cisco SDM Express software. I turned off pop up blocker as well but the problem remains.

What to do ? This happens from Vista Businees and Win XP Pro. Win 2000 is okay.
0
Comment
Question by:ZAK360
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:ngravatt
Comment Utility
It is probably your browser security settings since the router is using a self signed certificate.  Are you even prompted to accept the certificate?  What version of IE are you using.


If you want to see the error on the router, go to the command line and type this:

router#debug ip http all
router#debug crypto pki transactions
router#terminal monitor

then try to access the site again from your browser and see what debug messages come up.


0
 

Author Comment

by:ZAK360
Comment Utility
Thx. I'll check that
Well i tried changing the IPAddress from telnet session and executed the following command in series. Tell me if iam missing anything.
c:\ telnet <ipaddress>
username: abc123
password: *******
routers# config
router (confir)# interface vlan1
router (config-if)# ip address 10.0.0.1 255.255.255.0
router (config-if)# no shutdown
router (config-if)# en
router# write
Building configuration ........
router# reload
c:\

for the permanent change of IP Address I feel something i missed here because from the router i can ping to google but from the pc i cant... (100% its not a problem with dns or gateway of my machine).... can u tell me what i missed.
-- zak
0
 
LVL 10

Expert Comment

by:ngravatt
Comment Utility
you would have to post the entire configuration in order for me or anyone else to tell why the PC cant ping google.com.  More than likely it is an Access Control List (ACL) that is blocking the traffic from going through the router.

Your IP address change looks fine.  Can you ping the new IP address from your PC?

do a tracert to google.com and see where the packets are being dropped.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:ZAK360
Comment Utility
Their is no ACL define. I can able to ping to new IP Address from PC. I'll tell u what happend on one another same router with same configuration. after telnet session and executing above commands i went through IE to the new IP Address from Win2k pc. i clicked on LAN button ( i notice that the new IP address was in place) and before i go into another tabs (like internet and security) it asked me whether i want to ave the changes for the LAN settings and clicked apply changes.

After this i was able to ping google.com.

My thoughts are that from telnet the changes was not applied though it was set but not applied until i clicked "apply changes" from cisco sdm express

what do you say?
0
 
LVL 10

Expert Comment

by:cstosgale
Comment Utility
It is not necessary to use SDM express to apply changes made at the command line. All SDM does is execute Command line commands for you. We should be able to tell you what is going on, but we will need to see the configuration of the router. I would recommend masking out any real IP addresses / usernames, passwords before posting it.
0
 

Author Comment

by:ZAK360
Comment Utility
Here is the configuration.

Router#show run
Building configuration...

Current configuration : 4784 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Organization
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$uaFh$HxeVg8B6dYA.lGWK/hROh.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 4
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 213.42.20.20 195.229.241.222
   default-router 192.168.1.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name atlan123.ae
ip name-server 213.42.20.20
ip name-server 195.229.241.222
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3991563673
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3991563673
 revocation-check none
 rsakeypair TP-self-signed-3991563673
!
!
crypto pki certificate chain TP-self-signed-3991563673
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393931 35363336 3733301E 170D3032 30333031 30373139
  30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393135
  36333637 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B14B 88677652 A3644EDB B1E72979 9257B384 4A23F2F1 CDC49289 995553B7
  B74360FD BA7BCFA4 D6D30F56 BBADBD35 1DEBBDFC F76FC5E8 844D7A8D 6F605D2B
  4E928A08 F817DEE3 6D356B05 4CE53160 C0C806FB 5E8ABCD2 64FC32C5 D31FF7CA
  67AA2B06 61BEBD1E B266EFC7 C1943A12 DA2F6C9B 5629BFBB 0605FFB9 31F65B67
  E7530203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 1741746C 616E7469 73756171 2E61746C 616E7561 712E6165
  301F0603 551D2304 18301680 14D292D9 AA40ADAF FD229D2A BDC7B3D9 8E937C41
  CB301D06 03551D0E 04160414 D292D9AA 40ADAFFD 229D2ABD C7B3D98E 937C41CB
  300D0609 2A864886 F70D0101 04050003 81810035 7FDEBE2D 6133BA9A E36CC6E6
  6D265FBE 3AB30FDD B081AAE7 E4D40287 FE61A0C3 F3729F8E E77D3AFE FE1FDBB5
  E70A86CB 8DABE45C 55A31333 A0A4FF6C 2DE4B270 0C54EFBE 128BDD8F A10049A4
  FB642F48 9ADCCCA6 6083087D E4020442 44A1A12D 22ABD52B A856FEE7 D9B8C9E5
  918E5E39 BBACB1D6 A8CFD35F BBF2FDD3 4BBD1B
  quit
username atlan123 privilege 15 secret 5 $1$mZxJ$Pmg2l5vrOyvquEm0mnvxu0
!
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 no snmp trap link-status
 pvc 0/50
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.0.2.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname atlan123
 ppp chap password 7 09485708015D061F5D
 ppp pap sent-username atlan123 password 7 0300420A1E57304118
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
 
LVL 10

Accepted Solution

by:
cstosgale earned 50 total points
Comment Utility
Although you have changed the IP address of the router, you have not updated the dhcp pool. You will need to change this part of the config:-

p dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 213.42.20.20 195.229.241.222
   default-router 192.168.1.1
!

to:

ip dhcp excluded-address 10.0.2.1 10.0.2.50
ip dhcp excluded-address 10.0.2.101 10.0.2.254
!
ip dhcp pool sdm-pool1
   import all
   network 10.0.2.0 255.255.255.0
   dns-server 213.42.20.20 195.229.241.222
   default-router 10.0.2.1
!

remove the existing commands first.

Once you have done this, reboot your workstation and you should be back on.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now