mikey250
asked on
javascript 1.5.0_11 web browser issue
hi i wish to get my cisco 837 up and running so i can configure via the web browser
i am currently using a windows 2003 server but logged on locally & server is fully upto date and using ie8 according to sdm gui browser.
when i attempted to install sdm gui on both pc & router it stated i did not have enough memory so i successfully installed it on my windows 2003 server. however the install also detected that i already have version 2.5 on cisco 837.
i have unticked via control panel/windows components/internet explorer enhanced security configuration:
for admin group - unticked
for all other user groups - ticked
internet options: use jre 1.5.0_11 - box is ticked
server has also been rebooted
i can open browser: http://10.10.10.1 - successful but the 2nd gui shows html code..!!
question 1. how i can i resolve this isse ?
sdm-gui--issue.docx
i am currently using a windows 2003 server but logged on locally & server is fully upto date and using ie8 according to sdm gui browser.
when i attempted to install sdm gui on both pc & router it stated i did not have enough memory so i successfully installed it on my windows 2003 server. however the install also detected that i already have version 2.5 on cisco 837.
i have unticked via control panel/windows components/internet explorer enhanced security configuration:
for admin group - unticked
for all other user groups - ticked
internet options: use jre 1.5.0_11 - box is ticked
server has also been rebooted
i can open browser: http://10.10.10.1 - successful but the 2nd gui shows html code..!!
question 1. how i can i resolve this isse ?
sdm-gui--issue.docx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sandy
jre6_u32 will make it work fine on xp box
ASKER
hi breadtan,
yes the below solved my problem and can now access sdm gui successfully:
"to fix this problem, go to tools > internet options > advanced. then scroll to the security section, check allow active content to run in files on my computer, and click apply."
note: my ios version is: 12.3(2)xc2 - this is not showing in 'url' list you provided but url recommends 12.3(8) t4
ive checked the gui and this is what i have found:
ips - not available
nac - not available
qos - looks like it is available
nat - looks like it is available
routing - looks like it is available
security audit - looks like it is available
vpn - look like it is available
ssl vpn - not available
firewall and acl - look like it is available
interface & connections - is available
question 1. after logging onto sdm the below is what i was prompted: i have attached screenshot) any advice ?
the web sites certificate cannot be verified. do you want to continue - yes
always trust content from this publisher - ticked box
the name of the site does not match the name on the certificate. do you want to run the application – i clicked run
prompted to logon – successful
sdm gui opens successful and can access all tab
sdm-gui-certificate-issue.docx
yes the below solved my problem and can now access sdm gui successfully:
"to fix this problem, go to tools > internet options > advanced. then scroll to the security section, check allow active content to run in files on my computer, and click apply."
note: my ios version is: 12.3(2)xc2 - this is not showing in 'url' list you provided but url recommends 12.3(8) t4
ive checked the gui and this is what i have found:
ips - not available
nac - not available
qos - looks like it is available
nat - looks like it is available
routing - looks like it is available
security audit - looks like it is available
vpn - look like it is available
ssl vpn - not available
firewall and acl - look like it is available
interface & connections - is available
question 1. after logging onto sdm the below is what i was prompted: i have attached screenshot) any advice ?
the web sites certificate cannot be verified. do you want to continue - yes
always trust content from this publisher - ticked box
the name of the site does not match the name on the certificate. do you want to run the application – i clicked run
prompted to logon – successful
sdm gui opens successful and can access all tab
sdm-gui-certificate-issue.docx
Actually it is a self-signed certificate from the cisco router which is not inside your machine cert store. It is used for server authentication like how SSL server aith is done presenting the server cert (from router) to the client (your default browser).
IE used machine's "Trusted Root Certification Authorities" from the machine cert store to check if this server cert is within its store, if it doesn't, it prompts for the "warning". Most of the time is true for new machine and since this is a trusted transaction such as this, no harm moving ahead as what you already did - you can even click "Always trust ..." so that there is no prompt thereafter. The "trusted root cert store" will now have a copy of that cert only you confirm to always trust it.
If you need to remove it, can easily be done http://support.microsoft.com/kb/293819
It is a expected and in each new machine, this prompt will appear.
As I shared in previous post on 3rd link, it shared the exact steps too.
Hope it helps
Other - user guide
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/SDM25ug.pdf
IE used machine's "Trusted Root Certification Authorities" from the machine cert store to check if this server cert is within its store, if it doesn't, it prompts for the "warning". Most of the time is true for new machine and since this is a trusted transaction such as this, no harm moving ahead as what you already did - you can even click "Always trust ..." so that there is no prompt thereafter. The "trusted root cert store" will now have a copy of that cert only you confirm to always trust it.
If you need to remove it, can easily be done http://support.microsoft.com/kb/293819
It is a expected and in each new machine, this prompt will appear.
As I shared in previous post on 3rd link, it shared the exact steps too.
Hope it helps
Other - user guide
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/SDM25ug.pdf
ASKER
hi and thanks for that!!!
i will go through the user guide:
before i go ahead i am always confused as in order to get my cisco 837 up and running, i logged onto my 'running' config and set the usual 'http/https' access and configured:
int eth0 - this allowed connectivity between win 2003 server & cisco 837 - ok
ip address 10.10.10.1 /29
no shut
int fa0/4
description windows 2003 server
no shut
question 1. when i attempt to configure (nat basic) it only shows eth0 as possible configuration, but my above config is still in place, so do i need to remove above config in or to get (wan) connection up and running ?
question 2. do i need to also configure dhcp, although i think not ?
i will go through the user guide:
before i go ahead i am always confused as in order to get my cisco 837 up and running, i logged onto my 'running' config and set the usual 'http/https' access and configured:
int eth0 - this allowed connectivity between win 2003 server & cisco 837 - ok
ip address 10.10.10.1 /29
no shut
int fa0/4
description windows 2003 server
no shut
question 1. when i attempt to configure (nat basic) it only shows eth0 as possible configuration, but my above config is still in place, so do i need to remove above config in or to get (wan) connection up and running ?
question 2. do i need to also configure dhcp, although i think not ?
Typically you will do the below (ref packet lab pdf)
Step 1 Enable the HTTP and/or HTTPS servers.
r1(config)#ip http server
-and/or-
r1config)# ip http secure-server
Step 2 Create a user account defined with privilege level 15 (enable privileges).
r1(config)#ip http authentication local
r1(config)#username packetlab privilege 15 password packetlab
No difference...When you configure an interface as a LAN interface, Cisco SDM inserts the
description text $ETH-LAN$ in the configuration file so that it recognizes the
interface as a LAN interface in the future.
using the LAN wizard is preferred to configure the WAN and DHCP. For the local mgmt, preferred a different interface instead for segregation security (dont mix or allow mgmt traffic and user traffic into each int). For how to configure your WAN and DHCP interface, the LAN wizard in the user guide to create or edit existing interface or setting.
Step 1 Enable the HTTP and/or HTTPS servers.
r1(config)#ip http server
-and/or-
r1config)# ip http secure-server
Step 2 Create a user account defined with privilege level 15 (enable privileges).
r1(config)#ip http authentication local
r1(config)#username packetlab privilege 15 password packetlab
No difference...When you configure an interface as a LAN interface, Cisco SDM inserts the
description text $ETH-LAN$ in the configuration file so that it recognizes the
interface as a LAN interface in the future.
using the LAN wizard is preferred to configure the WAN and DHCP. For the local mgmt, preferred a different interface instead for segregation security (dont mix or allow mgmt traffic and user traffic into each int). For how to configure your WAN and DHCP interface, the LAN wizard in the user guide to create or edit existing interface or setting.
ASKER
hi yes i have done (step 1 & 2) to get this far.
ive just done the following:
int eth0
shut
the above stopped me from access the cisco 837 via sdm gui. - so i ran: 'no shut' again so this is obviously required as it is the management connection - ok
note: currently i am confirming practical configurations are correct before i do this for real
currently i have a single 192.168.0.x/24 subnet connected to my isa2006/internal nic, which provides internet access as usual via isa/external nic.
my internal master dc/dns/dhcp server - is configured for my default gateway as the isa2006 internal nic address.
my isa2006/externic nic receives my virgin media public address detail, but due to myself being a residential customer i monitor my virgin dynamic public address details as they only change every few months or so just as a temporary access while testing!!
i have attached a configuration that i would appreciate some help with although as my internal domain is already running a (dhcp), then my config cannot be right so would i just need nat ?
cisco-837-dhcp-config-draft.docx
ive just done the following:
int eth0
shut
the above stopped me from access the cisco 837 via sdm gui. - so i ran: 'no shut' again so this is obviously required as it is the management connection - ok
note: currently i am confirming practical configurations are correct before i do this for real
currently i have a single 192.168.0.x/24 subnet connected to my isa2006/internal nic, which provides internet access as usual via isa/external nic.
my internal master dc/dns/dhcp server - is configured for my default gateway as the isa2006 internal nic address.
my isa2006/externic nic receives my virgin media public address detail, but due to myself being a residential customer i monitor my virgin dynamic public address details as they only change every few months or so just as a temporary access while testing!!
i have attached a configuration that i would appreciate some help with although as my internal domain is already running a (dhcp), then my config cannot be right so would i just need nat ?
cisco-837-dhcp-config-draft.docx
I would suggest that you close this question if already answered the original query and open another new one please.
You can see the WAN and NAT config illustrated here, suggest you make sure the router is alright to go into internet with the config before the ISA comes in to picture
http://windowsitpro.com/networking/9-steps-setting-cisco-router
On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host. The ISA is the Default Gateway of the LAN Router. The ISA must have a Static Route that tells it to use the LAN Router for all the IP Segments on the whole LAN.
Various FW consideration
http://www.dslreports.com/faq/16332
Also for info, ip default-gateway is only used on a L2 switch. It allows you to telnet to the switch. The switch needs to get back to you so it needs the address of a router when you are on a different network. It can be displayed using show ip default-gateway but it has to be typed in completely. ip default-network and ip route only used on L3 switches.
http://windowsitpro.com/networking/9-steps-setting-cisco-router
On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host. The ISA is the Default Gateway of the LAN Router. The ISA must have a Static Route that tells it to use the LAN Router for all the IP Segments on the whole LAN.
Various FW consideration
http://www.dslreports.com/faq/16332
Also for info, ip default-gateway is only used on a L2 switch. It allows you to telnet to the switch. The switch needs to get back to you so it needs the address of a router when you are on a different network. It can be displayed using show ip default-gateway but it has to be typed in completely. ip default-network and ip route only used on L3 switches.
ASKER
hi i appreciate the advice and have now created another question as suggested:
https://www.experts-exchange.com/security/software_firewalls/enterprise_firewalls/cisco_pix_firewall/q_28302811.html
https://www.experts-exchange.com/security/software_firewalls/enterprise_firewalls/cisco_pix_firewall/q_28302811.html
ASKER
the 1st advice given gave me the exact answer i was looking for so therefore i presume under the rules i have to allocate points to this expert.
much appreciated!!!
much appreciated!!!
Thanks, so it can extend queries to bigger pool of experts in new question
ASKER
hi breadtan, i have mentioned your name in that new thread.