ZAK360
asked on
While Opening SDM Express from IE in XP and Vista
Hi,
i want to do some changes in cisco 877 adsl router but I could not get through the sdm express page. I'm trying with the IP Address https://<ipaddress> it gives certificate error and could not load Cisco SDM Express software. I turned off pop up blocker as well but the problem remains.
What to do ? This happens from Vista Businees and Win XP Pro. Win 2000 is okay.
i want to do some changes in cisco 877 adsl router but I could not get through the sdm express page. I'm trying with the IP Address https://<ipaddress> it gives certificate error and could not load Cisco SDM Express software. I turned off pop up blocker as well but the problem remains.
What to do ? This happens from Vista Businees and Win XP Pro. Win 2000 is okay.
ASKER
Thx. I'll check that
Well i tried changing the IPAddress from telnet session and executed the following command in series. Tell me if iam missing anything.
c:\ telnet <ipaddress>
username: abc123
password: *******
routers# config
router (confir)# interface vlan1
router (config-if)# ip address 10.0.0.1 255.255.255.0
router (config-if)# no shutdown
router (config-if)# en
router# write
Building configuration ........
router# reload
c:\
for the permanent change of IP Address I feel something i missed here because from the router i can ping to google but from the pc i cant... (100% its not a problem with dns or gateway of my machine).... can u tell me what i missed.
-- zak
Well i tried changing the IPAddress from telnet session and executed the following command in series. Tell me if iam missing anything.
c:\ telnet <ipaddress>
username: abc123
password: *******
routers# config
router (confir)# interface vlan1
router (config-if)# ip address 10.0.0.1 255.255.255.0
router (config-if)# no shutdown
router (config-if)# en
router# write
Building configuration ........
router# reload
c:\
for the permanent change of IP Address I feel something i missed here because from the router i can ping to google but from the pc i cant... (100% its not a problem with dns or gateway of my machine).... can u tell me what i missed.
-- zak
you would have to post the entire configuration in order for me or anyone else to tell why the PC cant ping google.com. More than likely it is an Access Control List (ACL) that is blocking the traffic from going through the router.
Your IP address change looks fine. Can you ping the new IP address from your PC?
do a tracert to google.com and see where the packets are being dropped.
Your IP address change looks fine. Can you ping the new IP address from your PC?
do a tracert to google.com and see where the packets are being dropped.
ASKER
Their is no ACL define. I can able to ping to new IP Address from PC. I'll tell u what happend on one another same router with same configuration. after telnet session and executing above commands i went through IE to the new IP Address from Win2k pc. i clicked on LAN button ( i notice that the new IP address was in place) and before i go into another tabs (like internet and security) it asked me whether i want to ave the changes for the LAN settings and clicked apply changes.
After this i was able to ping google.com.
My thoughts are that from telnet the changes was not applied though it was set but not applied until i clicked "apply changes" from cisco sdm express
what do you say?
After this i was able to ping google.com.
My thoughts are that from telnet the changes was not applied though it was set but not applied until i clicked "apply changes" from cisco sdm express
what do you say?
It is not necessary to use SDM express to apply changes made at the command line. All SDM does is execute Command line commands for you. We should be able to tell you what is going on, but we will need to see the configuration of the router. I would recommend masking out any real IP addresses / usernames, passwords before posting it.
ASKER
Here is the configuration.
Router#show run
Building configuration...
Current configuration : 4784 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Organization
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$uaFh$HxeVg8B6dYA.lGWK/h
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 4
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 213.42.20.20 195.229.241.222
default-router 192.168.1.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name atlan123.ae
ip name-server 213.42.20.20
ip name-server 195.229.241.222
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3991563673
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3991563673
!
!
crypto pki certificate chain TP-self-signed-3991563673
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393931 35363336 3733301E 170D3032 30333031 30373139
30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393135
36333637 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B14B 88677652 A3644EDB B1E72979 9257B384 4A23F2F1 CDC49289 995553B7
B74360FD BA7BCFA4 D6D30F56 BBADBD35 1DEBBDFC F76FC5E8 844D7A8D 6F605D2B
4E928A08 F817DEE3 6D356B05 4CE53160 C0C806FB 5E8ABCD2 64FC32C5 D31FF7CA
67AA2B06 61BEBD1E B266EFC7 C1943A12 DA2F6C9B 5629BFBB 0605FFB9 31F65B67
E7530203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 1741746C 616E7469 73756171 2E61746C 616E7561 712E6165
301F0603 551D2304 18301680 14D292D9 AA40ADAF FD229D2A BDC7B3D9 8E937C41
CB301D06 03551D0E 04160414 D292D9AA 40ADAFFD 229D2ABD C7B3D98E 937C41CB
300D0609 2A864886 F70D0101 04050003 81810035 7FDEBE2D 6133BA9A E36CC6E6
6D265FBE 3AB30FDD B081AAE7 E4D40287 FE61A0C3 F3729F8E E77D3AFE FE1FDBB5
E70A86CB 8DABE45C 55A31333 A0A4FF6C 2DE4B270 0C54EFBE 128BDD8F A10049A4
FB642F48 9ADCCCA6 6083087D E4020442 44A1A12D 22ABD52B A856FEE7 D9B8C9E5
918E5E39 BBACB1D6 A8CFD35F BBF2FDD3 4BBD1B
quit
username atlan123 privilege 15 secret 5 $1$mZxJ$Pmg2l5vrOyvquEm0mn
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 0/50
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 10.0.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname atlan123
ppp chap password 7 09485708015D061F5D
ppp pap sent-username atlan123 password 7 0300420A1E57304118
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Router#show run
Building configuration...
Current configuration : 4784 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Organization
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$uaFh$HxeVg8B6dYA.lGWK/h
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 4
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 213.42.20.20 195.229.241.222
default-router 192.168.1.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name atlan123.ae
ip name-server 213.42.20.20
ip name-server 195.229.241.222
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3991563673
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3991563673
!
!
crypto pki certificate chain TP-self-signed-3991563673
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393931 35363336 3733301E 170D3032 30333031 30373139
30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393135
36333637 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B14B 88677652 A3644EDB B1E72979 9257B384 4A23F2F1 CDC49289 995553B7
B74360FD BA7BCFA4 D6D30F56 BBADBD35 1DEBBDFC F76FC5E8 844D7A8D 6F605D2B
4E928A08 F817DEE3 6D356B05 4CE53160 C0C806FB 5E8ABCD2 64FC32C5 D31FF7CA
67AA2B06 61BEBD1E B266EFC7 C1943A12 DA2F6C9B 5629BFBB 0605FFB9 31F65B67
E7530203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 1741746C 616E7469 73756171 2E61746C 616E7561 712E6165
301F0603 551D2304 18301680 14D292D9 AA40ADAF FD229D2A BDC7B3D9 8E937C41
CB301D06 03551D0E 04160414 D292D9AA 40ADAFFD 229D2ABD C7B3D98E 937C41CB
300D0609 2A864886 F70D0101 04050003 81810035 7FDEBE2D 6133BA9A E36CC6E6
6D265FBE 3AB30FDD B081AAE7 E4D40287 FE61A0C3 F3729F8E E77D3AFE FE1FDBB5
E70A86CB 8DABE45C 55A31333 A0A4FF6C 2DE4B270 0C54EFBE 128BDD8F A10049A4
FB642F48 9ADCCCA6 6083087D E4020442 44A1A12D 22ABD52B A856FEE7 D9B8C9E5
918E5E39 BBACB1D6 A8CFD35F BBF2FDD3 4BBD1B
quit
username atlan123 privilege 15 secret 5 $1$mZxJ$Pmg2l5vrOyvquEm0mn
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 0/50
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 10.0.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname atlan123
ppp chap password 7 09485708015D061F5D
ppp pap sent-username atlan123 password 7 0300420A1E57304118
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you want to see the error on the router, go to the command line and type this:
router#debug ip http all
router#debug crypto pki transactions
router#terminal monitor
then try to access the site again from your browser and see what debug messages come up.