Solved

Cisco SDM Login pops up instead of website.

Posted on 2008-10-25
8
959 Views
Last Modified: 2012-05-05
I get the cisco sdm login instead of my website when i type in domain name or wan ip. How can i fix this. i do have port 80 fowarded to my iis machine.


Building configuration...

Current configuration : 8679 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ciscoRouter
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$02Ne$xW9HdERA3EGnaFx2Uvts70
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.100.0 255.255.255.0
   dns-server 67.138.54.100 207.255.209.66
   default-router 192.168.100.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name peninsulaislandresort.com
ip name-server 67.138.54.100
ip name-server 207.255.209.66
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
!
!
crypto pki trustpoint TP-self-signed-777237108
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-777237108
 revocation-check none
 rsakeypair TP-self-signed-777237108
!
!
crypto pki certificate chain TP-self-signed-777237108
 certificate self-signed 01
  3082025D 308201C6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37373732 33373130 38301E17 0D303831 30323630 30323731
  355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3737 37323337
  31303830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  DAAE8F91 85AA939F B1DB6AA6 E1E01110 53AABB13 CBD284EC 2EBB9CCA 3538D89A
  5536FAE2 A0BD132D C48E7361 C5CD57E8 6A27398E 5BBD9E56 0620AA5C 07406A65
  CF11D009 1C09D428 3B16BF3E 19755692 A82341AB 1832A4E5 F39D8F54 EDE65820
  24B83AF9 09A2C1E0 3582CDBA 976523F5 B1DEEA25 A1C0DD8B A32E6580 46ED7ED3
  02030100 01A38186 30818330 0F060355 1D130101 FF040530 030101FF 30300603
  551D1104 29302782 25636973 636F526F 75746572 2E70656E 696E7375 6C616973
  6C616E64 7265736F 72742E63 6F6D301F 0603551D 23041830 16801420 EF63D488
  451B6FD4 D95A789A C85C7AEA CFA13130 1D060355 1D0E0416 041420EF 63D48845
  1B6FD4D9 5A789AC8 5C7AEACF A131300D 06092A86 4886F70D 01010405 00038181
  009A34B3 695972D9 CBDEE100 5F5B307D EDBE1455 06A72218 38CD24CB 485282E6
  2DDC5FA0 00B3AF9D B3563AEA AC314294 3D5B1DB6 2AC6CECB F6362193 1F8A8D75
  B9F24A04 979E36C7 DCEAB625 9493F9AA 49E7AD85 80EC85E6 90F03B3D 786270C6
  827551AF 8BE533D5 DF72953C 240A1216 102EF0F6 CC2C512A 7EE8B18C 75EA2B45 A6
  quit
username admin privilege 15 secret 5 $1$Nn.Q$OCDyzFAlArqcn6h4KZNlq1
!
!
!
!
!
!
interface FastEthernet0
 description $ES_WAN$$FW_OUTSIDE$
 ip address 209.30.103.2 255.255.255.192
 ip access-group 101 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect DEFAULT100 out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 ip address 192.168.100.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip route 0.0.0.0 0.0.0.0 70.247.65.197
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.100.3 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.100.3 21 interface FastEthernet0 21
ip nat inside source static tcp 192.168.100.3 443 interface FastEthernet0 443
ip nat inside source static tcp 192.168.100.3 53 interface FastEthernet0 53
ip nat inside source static tcp 192.168.100.3 110 interface FastEthernet0 110
ip nat inside source static tcp 192.168.100.3 25 interface FastEthernet0 25
ip nat inside source static tcp 192.168.100.3 3389 interface FastEthernet0 3389
ip nat inside source static udp 192.168.100.3 3389 interface FastEthernet0 3389
ip nat inside source static tcp 192.168.100.3 45 interface FastEthernet0 45
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 209.30.103.0 0.0.0.63 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 207.255.209.66 eq domain host 209.30.103.2
access-list 101 permit udp host 67.138.54.100 eq domain host 209.30.103.2
access-list 101 permit tcp any host 209.30.103.2 eq 45
access-list 101 permit udp any host 209.30.103.2 eq 3389
access-list 101 permit tcp any host 209.30.103.2 eq 3389
access-list 101 permit tcp any host 209.30.103.2 eq smtp
access-list 101 permit tcp any host 209.30.103.2 eq pop3
access-list 101 permit tcp any host 209.30.103.2 eq domain
access-list 101 permit tcp any host 209.30.103.2 eq 443
access-list 101 permit tcp any host 209.30.103.2 eq ftp
access-list 101 permit tcp any host 209.30.103.2 eq www
access-list 101 deny   ip 192.168.100.0 0.0.0.255 any
access-list 101 permit icmp any host 209.30.103.2 echo-reply
access-list 101 permit icmp any host 209.30.103.2 time-exceeded
access-list 101 permit icmp any host 209.30.103.2 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
no cdp run
!
!
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

0
Comment
Question by:southmost956
  • 4
  • 4
8 Comments
 
LVL 1

Expert Comment

by:Novensiles
Comment Utility
Start by turning off the http server - 'no ip http server'. That is taking priority over your portforward  rule.
0
 

Author Comment

by:southmost956
Comment Utility
That just takes me to a : Internet Explorer cannot display the webpage.
   
   

 
0
 
LVL 1

Expert Comment

by:Novensiles
Comment Utility
I just tried to connect tp www.peninsulaislandresort.com and to 209.30.103.2, both get forwarded to the websrver. Are you only having a problem getting forwarded when you come in via the internal LAN?
0
 

Author Comment

by:southmost956
Comment Utility
Actually, i have  a cheap belkin router right now. I could not have the website and email down, so i had to substitute the router in the mean time.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Expert Comment

by:Novensiles
Comment Utility
This is an 1800 router?

Try changing the port sdm listens on:

http server enable 8080

0
 

Author Comment

by:southmost956
Comment Utility
Okay... I'm able to view the website when I'am not in the LAN. When I am outside the LAN (from home) I can access the website, the email ect... But also have to access the website from within the LAN. What can be the problem?
0
 

Author Comment

by:southmost956
Comment Utility
and yes i have an 1800 series router
0
 
LVL 1

Accepted Solution

by:
Novensiles earned 500 total points
Comment Utility
The port forward rule will only forward when the connection comes in to the external interface. Port forwarding port 80 traffic on the internal interface might create interesting internet access issues. Can you set up your local DNS server to just point your domain name to the lan ip?

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now