• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 776
  • Last Modified:

javascript 1.5.0_11 web browser issue

hi i wish to get my cisco 837 up and running so i can configure via the web browser

i am currently using a windows 2003 server but logged on locally & server is fully upto date and using ie8 according to sdm gui browser.

when i attempted to install sdm gui on both pc & router it stated i did not have enough memory so i successfully installed it on my windows 2003 server.  however the install also detected that i already have version 2.5 on cisco 837.

i have unticked via control panel/windows components/internet explorer enhanced security configuration:

for admin group - unticked
for all other user groups - ticked

internet options:  use jre 1.5.0_11 - box is ticked

server has also been rebooted

i can open browser: - successful but the 2nd gui shows html code..!!

question 1.  how i can i resolve this isse ?
  • 6
  • 6
1 Solution
btanExec ConsultantCommented:
Saw in their rel notes pertaining to winXPSP2, but good to verify that the setting is allowed too.

When Cisco SDM is installed on a PC running Windows XP with Service Pack 2, Internet Explorer may display HTML source code when you attempt to launch Cisco SDM. To fix this problem, go to Tools > Internet Options > Advanced. Then scroll to the Security section, check Allow active content to run in files on my computer, and click Apply. Then relaunch Cisco SDM.


Another to consider for uninstall and re-install Java

This article talks on installing SDM and troubleshooting that can come in handy (see also pg7)
@ http://packet-lab.com/main/images/stories/installingsdm/installing%20cisco%20security%20device%20mananager%20sdm%20slides.pdf

(in case you want to double verify on the s/w compatible version as per below)
jre6_u32 will make it work fine on xp box
mikey250Author Commented:
hi breadtan,

yes the below solved my problem and can now access sdm gui successfully:

"to fix this problem, go to tools > internet options > advanced.  then scroll to the security section, check allow active content to run in files on my computer, and click apply."

note: my ios version is: 12.3(2)xc2  - this is not showing in 'url' list you provided but url recommends 12.3(8) t4

ive checked the gui and this is what i have found:

ips - not available
nac - not available
qos - looks like it is available
nat - looks like it is available
routing - looks like it is available
security audit - looks like it is available
vpn - look like it is available
ssl vpn - not available
firewall and acl - look like it is available
interface & connections - is available

question 1.  after logging onto sdm the below is what i was prompted: i have attached screenshot)  any advice  ?

the web sites certificate cannot be verified.  do you want to continue - yes

always trust content from this publisher - ticked box

the name of the site does not match the name on the certificate.  do you want to run the application – i clicked run

prompted to logon – successful

sdm gui opens successful and can access all tab
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

btanExec ConsultantCommented:
Actually it is a self-signed certificate from the cisco router which is not inside your machine cert store. It is used for server authentication like how SSL server aith is done presenting the server cert (from router) to the client (your default browser).

IE used machine's "Trusted Root Certification Authorities" from the machine cert store to check if this server cert is within its store, if it doesn't, it prompts for the "warning". Most of the time is true for new machine and since this is a trusted transaction such as this, no harm moving ahead as what you already did - you can even click "Always trust ..." so that there is no prompt thereafter. The "trusted root cert store" will now have a copy of that cert only you confirm to always trust it.

If you need to remove it, can easily be done http://support.microsoft.com/kb/293819

It is a expected and in each new machine, this prompt will appear.
As I shared in previous post on 3rd link, it shared the exact steps too.

Hope it helps

Other - user guide
mikey250Author Commented:
hi and thanks for that!!!

i will go through the user guide:

before i go ahead i am always confused as in order to get my cisco 837 up and running, i logged onto my 'running' config and set the usual 'http/https' access and configured:

int eth0 - this allowed connectivity between win 2003 server & cisco 837 - ok
ip address /29
no shut

int fa0/4
description windows 2003 server
no shut

question 1.  when i attempt to configure (nat basic) it only shows eth0 as possible configuration, but my above config is still in place, so do i need to remove above config in or to get (wan) connection up and running ?

question 2.  do i need to also configure dhcp, although i think not ?
btanExec ConsultantCommented:
Typically you will do the below (ref packet lab pdf)

Step 1 Enable the HTTP and/or HTTPS servers.
r1(config)#ip http server
r1config)# ip http secure-server

Step 2 Create a user account defined with privilege level 15 (enable privileges).
r1(config)#ip http authentication local
r1(config)#username packetlab privilege 15 password packetlab

No difference...When you configure an interface as a LAN interface, Cisco SDM inserts the
description text $ETH-LAN$ in the configuration file so that it recognizes the
interface as a LAN interface in the future.

using the LAN wizard is preferred to configure the WAN and DHCP. For the local mgmt, preferred a different interface instead for segregation security (dont mix or allow mgmt traffic and user traffic into each int). For how to configure your WAN and DHCP interface, the LAN wizard in the user guide to create or edit existing interface or setting.
mikey250Author Commented:
hi yes i have done (step 1 & 2) to get this far.

ive just done the following:

int eth0

the above stopped me from access the cisco 837 via sdm gui.  -  so i ran: 'no shut' again so this is obviously required as it is the management connection - ok

note:  currently i am confirming practical configurations are correct before i do this for real

currently i have a single 192.168.0.x/24 subnet connected to my isa2006/internal nic, which provides internet access as usual via isa/external nic.

my internal master dc/dns/dhcp server - is configured for my default gateway as the isa2006 internal nic address.

my isa2006/externic nic receives my virgin media public address detail, but due to myself being a residential customer i monitor my virgin dynamic public address details as they only  change every few months or so just as a temporary access while testing!!

i have attached a configuration that i would appreciate some help with although as my internal domain is already running a (dhcp), then my config cannot be right so would i just need nat ?
btanExec ConsultantCommented:
I would suggest that you close this question if already answered the original query and open another new one please.
btanExec ConsultantCommented:
You can see the WAN and NAT config illustrated here, suggest you make sure the router is alright to go into internet with the config before the ISA comes in to picture

On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host. The ISA is the Default Gateway of the LAN Router. The ISA must have a Static Route that tells it to use the LAN Router for all the IP Segments on the whole LAN.

Various FW consideration

Also for info, ip default-gateway is only used on a L2 switch. It allows you to telnet to the switch. The switch needs to get back to you so it needs the address of a router when you are on a different network. It can be displayed using show ip default-gateway but it has to be typed in completely. ip default-network and ip route only used on L3 switches.
mikey250Author Commented:
hi i appreciate the advice and have now created another question as suggested:

mikey250Author Commented:
the 1st advice given gave me the exact answer i was looking for so therefore i presume under the rules i have to allocate points to this expert.

much appreciated!!!
btanExec ConsultantCommented:
Thanks, so it can extend queries to bigger pool of experts in new question
mikey250Author Commented:
hi breadtan, i have mentioned your name in that new thread.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now