Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

javascript 1.5.0_11 web browser issue

Posted on 2013-11-23
13
Medium Priority
?
767 Views
Last Modified: 2013-11-25
hi i wish to get my cisco 837 up and running so i can configure via the web browser

i am currently using a windows 2003 server but logged on locally & server is fully upto date and using ie8 according to sdm gui browser.

when i attempted to install sdm gui on both pc & router it stated i did not have enough memory so i successfully installed it on my windows 2003 server.  however the install also detected that i already have version 2.5 on cisco 837.

i have unticked via control panel/windows components/internet explorer enhanced security configuration:

for admin group - unticked
for all other user groups - ticked

internet options:  use jre 1.5.0_11 - box is ticked

server has also been rebooted

i can open browser: http://10.10.10.1 - successful but the 2nd gui shows html code..!!

question 1.  how i can i resolve this isse ?
sdm-gui--issue.docx
0
Comment
Question by:mikey250
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39672275
Saw in their rel notes pertaining to winXPSP2, but good to verify that the setting is allowed too.

When Cisco SDM is installed on a PC running Windows XP with Service Pack 2, Internet Explorer may display HTML source code when you attempt to launch Cisco SDM. To fix this problem, go to Tools > Internet Options > Advanced. Then scroll to the Security section, check Allow active content to run in files on my computer, and click Apply. Then relaunch Cisco SDM.

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp98305

Another to consider for uninstall and re-install Java 1.6.0.6
http://www.bryanluce.com/kb/2011/02/unable-to-access-additional-tasks-with-in-security-device-manager-sdm-v2-5/

This article talks on installing SDM and troubleshooting that can come in handy (see also pg7)
@ http://packet-lab.com/main/images/stories/installingsdm/installing%20cisco%20security%20device%20mananager%20sdm%20slides.pdf


(in case you want to double verify on the s/w compatible version as per below)
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp16941
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39672325
jre6_u32 will make it work fine on xp box
0
 

Author Comment

by:mikey250
ID: 39672514
hi breadtan,

yes the below solved my problem and can now access sdm gui successfully:

"to fix this problem, go to tools > internet options > advanced.  then scroll to the security section, check allow active content to run in files on my computer, and click apply."

note: my ios version is: 12.3(2)xc2  - this is not showing in 'url' list you provided but url recommends 12.3(8) t4

ive checked the gui and this is what i have found:

ips - not available
nac - not available
qos - looks like it is available
nat - looks like it is available
routing - looks like it is available
security audit - looks like it is available
vpn - look like it is available
ssl vpn - not available
firewall and acl - look like it is available
interface & connections - is available

question 1.  after logging onto sdm the below is what i was prompted: i have attached screenshot)  any advice  ?

the web sites certificate cannot be verified.  do you want to continue - yes

always trust content from this publisher - ticked box

the name of the site does not match the name on the certificate.  do you want to run the application – i clicked run

prompted to logon – successful

sdm gui opens successful and can access all tab
sdm-gui-certificate-issue.docx
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 65

Expert Comment

by:btan
ID: 39672529
Actually it is a self-signed certificate from the cisco router which is not inside your machine cert store. It is used for server authentication like how SSL server aith is done presenting the server cert (from router) to the client (your default browser).

IE used machine's "Trusted Root Certification Authorities" from the machine cert store to check if this server cert is within its store, if it doesn't, it prompts for the "warning". Most of the time is true for new machine and since this is a trusted transaction such as this, no harm moving ahead as what you already did - you can even click "Always trust ..." so that there is no prompt thereafter. The "trusted root cert store" will now have a copy of that cert only you confirm to always trust it.

If you need to remove it, can easily be done http://support.microsoft.com/kb/293819

It is a expected and in each new machine, this prompt will appear.
As I shared in previous post on 3rd link, it shared the exact steps too.

Hope it helps

Other - user guide
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/SDM25ug.pdf
0
 

Author Comment

by:mikey250
ID: 39672575
hi and thanks for that!!!

i will go through the user guide:

before i go ahead i am always confused as in order to get my cisco 837 up and running, i logged onto my 'running' config and set the usual 'http/https' access and configured:

int eth0 - this allowed connectivity between win 2003 server & cisco 837 - ok
ip address 10.10.10.1 /29
no shut

int fa0/4
description windows 2003 server
no shut

question 1.  when i attempt to configure (nat basic) it only shows eth0 as possible configuration, but my above config is still in place, so do i need to remove above config in or to get (wan) connection up and running ?

question 2.  do i need to also configure dhcp, although i think not ?
0
 
LVL 65

Expert Comment

by:btan
ID: 39672589
Typically you will do the below (ref packet lab pdf)

Step 1 Enable the HTTP and/or HTTPS servers.
r1(config)#ip http server
-and/or-
r1config)# ip http secure-server

Step 2 Create a user account defined with privilege level 15 (enable privileges).
r1(config)#ip http authentication local
r1(config)#username packetlab privilege 15 password packetlab

No difference...When you configure an interface as a LAN interface, Cisco SDM inserts the
description text $ETH-LAN$ in the configuration file so that it recognizes the
interface as a LAN interface in the future.

using the LAN wizard is preferred to configure the WAN and DHCP. For the local mgmt, preferred a different interface instead for segregation security (dont mix or allow mgmt traffic and user traffic into each int). For how to configure your WAN and DHCP interface, the LAN wizard in the user guide to create or edit existing interface or setting.
0
 

Author Comment

by:mikey250
ID: 39672684
hi yes i have done (step 1 & 2) to get this far.

ive just done the following:

int eth0
shut

the above stopped me from access the cisco 837 via sdm gui.  -  so i ran: 'no shut' again so this is obviously required as it is the management connection - ok

note:  currently i am confirming practical configurations are correct before i do this for real

currently i have a single 192.168.0.x/24 subnet connected to my isa2006/internal nic, which provides internet access as usual via isa/external nic.

my internal master dc/dns/dhcp server - is configured for my default gateway as the isa2006 internal nic address.

my isa2006/externic nic receives my virgin media public address detail, but due to myself being a residential customer i monitor my virgin dynamic public address details as they only  change every few months or so just as a temporary access while testing!!

i have attached a configuration that i would appreciate some help with although as my internal domain is already running a (dhcp), then my config cannot be right so would i just need nat ?
cisco-837-dhcp-config-draft.docx
0
 
LVL 65

Expert Comment

by:btan
ID: 39673354
I would suggest that you close this question if already answered the original query and open another new one please.
0
 
LVL 65

Expert Comment

by:btan
ID: 39673414
You can see the WAN and NAT config illustrated here, suggest you make sure the router is alright to go into internet with the config before the ISA comes in to picture
http://windowsitpro.com/networking/9-steps-setting-cisco-router

On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host. The ISA is the Default Gateway of the LAN Router. The ISA must have a Static Route that tells it to use the LAN Router for all the IP Segments on the whole LAN.

Various FW consideration
http://www.dslreports.com/faq/16332

Also for info, ip default-gateway is only used on a L2 switch. It allows you to telnet to the switch. The switch needs to get back to you so it needs the address of a router when you are on a different network. It can be displayed using show ip default-gateway but it has to be typed in completely. ip default-network and ip route only used on L3 switches.
0
 

Author Comment

by:mikey250
ID: 39673838
hi i appreciate the advice and have now created another question as suggested:

http://www.experts-exchange.com/security/software_firewalls/enterprise_firewalls/cisco_pix_firewall/q_28302811.html
0
 

Author Closing Comment

by:mikey250
ID: 39673846
the 1st advice given gave me the exact answer i was looking for so therefore i presume under the rules i have to allocate points to this expert.

much appreciated!!!
0
 
LVL 65

Expert Comment

by:btan
ID: 39673992
Thanks, so it can extend queries to bigger pool of experts in new question
0
 

Author Comment

by:mikey250
ID: 39674014
hi breadtan, i have mentioned your name in that new thread.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question