Solved

javascript 1.5.0_11 web browser issue

Posted on 2013-11-23
13
747 Views
Last Modified: 2013-11-25
hi i wish to get my cisco 837 up and running so i can configure via the web browser

i am currently using a windows 2003 server but logged on locally & server is fully upto date and using ie8 according to sdm gui browser.

when i attempted to install sdm gui on both pc & router it stated i did not have enough memory so i successfully installed it on my windows 2003 server.  however the install also detected that i already have version 2.5 on cisco 837.

i have unticked via control panel/windows components/internet explorer enhanced security configuration:

for admin group - unticked
for all other user groups - ticked

internet options:  use jre 1.5.0_11 - box is ticked

server has also been rebooted

i can open browser: http://10.10.10.1 - successful but the 2nd gui shows html code..!!

question 1.  how i can i resolve this isse ?
sdm-gui--issue.docx
0
Comment
Question by:mikey250
  • 6
  • 6
13 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39672275
Saw in their rel notes pertaining to winXPSP2, but good to verify that the setting is allowed too.

When Cisco SDM is installed on a PC running Windows XP with Service Pack 2, Internet Explorer may display HTML source code when you attempt to launch Cisco SDM. To fix this problem, go to Tools > Internet Options > Advanced. Then scroll to the Security section, check Allow active content to run in files on my computer, and click Apply. Then relaunch Cisco SDM.

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp98305

Another to consider for uninstall and re-install Java 1.6.0.6
http://www.bryanluce.com/kb/2011/02/unable-to-access-additional-tasks-with-in-security-device-manager-sdm-v2-5/

This article talks on installing SDM and troubleshooting that can come in handy (see also pg7)
@ http://packet-lab.com/main/images/stories/installingsdm/installing%20cisco%20security%20device%20mananager%20sdm%20slides.pdf


(in case you want to double verify on the s/w compatible version as per below)
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp16941
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39672325
jre6_u32 will make it work fine on xp box
0
 

Author Comment

by:mikey250
ID: 39672514
hi breadtan,

yes the below solved my problem and can now access sdm gui successfully:

"to fix this problem, go to tools > internet options > advanced.  then scroll to the security section, check allow active content to run in files on my computer, and click apply."

note: my ios version is: 12.3(2)xc2  - this is not showing in 'url' list you provided but url recommends 12.3(8) t4

ive checked the gui and this is what i have found:

ips - not available
nac - not available
qos - looks like it is available
nat - looks like it is available
routing - looks like it is available
security audit - looks like it is available
vpn - look like it is available
ssl vpn - not available
firewall and acl - look like it is available
interface & connections - is available

question 1.  after logging onto sdm the below is what i was prompted: i have attached screenshot)  any advice  ?

the web sites certificate cannot be verified.  do you want to continue - yes

always trust content from this publisher - ticked box

the name of the site does not match the name on the certificate.  do you want to run the application – i clicked run

prompted to logon – successful

sdm gui opens successful and can access all tab
sdm-gui-certificate-issue.docx
0
 
LVL 62

Expert Comment

by:btan
ID: 39672529
Actually it is a self-signed certificate from the cisco router which is not inside your machine cert store. It is used for server authentication like how SSL server aith is done presenting the server cert (from router) to the client (your default browser).

IE used machine's "Trusted Root Certification Authorities" from the machine cert store to check if this server cert is within its store, if it doesn't, it prompts for the "warning". Most of the time is true for new machine and since this is a trusted transaction such as this, no harm moving ahead as what you already did - you can even click "Always trust ..." so that there is no prompt thereafter. The "trusted root cert store" will now have a copy of that cert only you confirm to always trust it.

If you need to remove it, can easily be done http://support.microsoft.com/kb/293819

It is a expected and in each new machine, this prompt will appear.
As I shared in previous post on 3rd link, it shared the exact steps too.

Hope it helps

Other - user guide
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/SDM25ug.pdf
0
 

Author Comment

by:mikey250
ID: 39672575
hi and thanks for that!!!

i will go through the user guide:

before i go ahead i am always confused as in order to get my cisco 837 up and running, i logged onto my 'running' config and set the usual 'http/https' access and configured:

int eth0 - this allowed connectivity between win 2003 server & cisco 837 - ok
ip address 10.10.10.1 /29
no shut

int fa0/4
description windows 2003 server
no shut

question 1.  when i attempt to configure (nat basic) it only shows eth0 as possible configuration, but my above config is still in place, so do i need to remove above config in or to get (wan) connection up and running ?

question 2.  do i need to also configure dhcp, although i think not ?
0
 
LVL 62

Expert Comment

by:btan
ID: 39672589
Typically you will do the below (ref packet lab pdf)

Step 1 Enable the HTTP and/or HTTPS servers.
r1(config)#ip http server
-and/or-
r1config)# ip http secure-server

Step 2 Create a user account defined with privilege level 15 (enable privileges).
r1(config)#ip http authentication local
r1(config)#username packetlab privilege 15 password packetlab

No difference...When you configure an interface as a LAN interface, Cisco SDM inserts the
description text $ETH-LAN$ in the configuration file so that it recognizes the
interface as a LAN interface in the future.

using the LAN wizard is preferred to configure the WAN and DHCP. For the local mgmt, preferred a different interface instead for segregation security (dont mix or allow mgmt traffic and user traffic into each int). For how to configure your WAN and DHCP interface, the LAN wizard in the user guide to create or edit existing interface or setting.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:mikey250
ID: 39672684
hi yes i have done (step 1 & 2) to get this far.

ive just done the following:

int eth0
shut

the above stopped me from access the cisco 837 via sdm gui.  -  so i ran: 'no shut' again so this is obviously required as it is the management connection - ok

note:  currently i am confirming practical configurations are correct before i do this for real

currently i have a single 192.168.0.x/24 subnet connected to my isa2006/internal nic, which provides internet access as usual via isa/external nic.

my internal master dc/dns/dhcp server - is configured for my default gateway as the isa2006 internal nic address.

my isa2006/externic nic receives my virgin media public address detail, but due to myself being a residential customer i monitor my virgin dynamic public address details as they only  change every few months or so just as a temporary access while testing!!

i have attached a configuration that i would appreciate some help with although as my internal domain is already running a (dhcp), then my config cannot be right so would i just need nat ?
cisco-837-dhcp-config-draft.docx
0
 
LVL 62

Expert Comment

by:btan
ID: 39673354
I would suggest that you close this question if already answered the original query and open another new one please.
0
 
LVL 62

Expert Comment

by:btan
ID: 39673414
You can see the WAN and NAT config illustrated here, suggest you make sure the router is alright to go into internet with the config before the ISA comes in to picture
http://windowsitpro.com/networking/9-steps-setting-cisco-router

On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host. The ISA is the Default Gateway of the LAN Router. The ISA must have a Static Route that tells it to use the LAN Router for all the IP Segments on the whole LAN.

Various FW consideration
http://www.dslreports.com/faq/16332

Also for info, ip default-gateway is only used on a L2 switch. It allows you to telnet to the switch. The switch needs to get back to you so it needs the address of a router when you are on a different network. It can be displayed using show ip default-gateway but it has to be typed in completely. ip default-network and ip route only used on L3 switches.
0
 

Author Comment

by:mikey250
ID: 39673838
hi i appreciate the advice and have now created another question as suggested:

http://www.experts-exchange.com/security/software_firewalls/enterprise_firewalls/cisco_pix_firewall/q_28302811.html
0
 

Author Closing Comment

by:mikey250
ID: 39673846
the 1st advice given gave me the exact answer i was looking for so therefore i presume under the rules i have to allocate points to this expert.

much appreciated!!!
0
 
LVL 62

Expert Comment

by:btan
ID: 39673992
Thanks, so it can extend queries to bigger pool of experts in new question
0
 

Author Comment

by:mikey250
ID: 39674014
hi breadtan, i have mentioned your name in that new thread.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stack Switches in IOU  web V22 6 60
Cisco Any Connect Client 5 36
EIGRP Configuration 2 46
Help with an ACL to isolate our wireless newtork 9 13
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now