Solved

javascript 1.5.0_11 web browser issue

Posted on 2013-11-23
13
740 Views
Last Modified: 2013-11-25
hi i wish to get my cisco 837 up and running so i can configure via the web browser

i am currently using a windows 2003 server but logged on locally & server is fully upto date and using ie8 according to sdm gui browser.

when i attempted to install sdm gui on both pc & router it stated i did not have enough memory so i successfully installed it on my windows 2003 server.  however the install also detected that i already have version 2.5 on cisco 837.

i have unticked via control panel/windows components/internet explorer enhanced security configuration:

for admin group - unticked
for all other user groups - ticked

internet options:  use jre 1.5.0_11 - box is ticked

server has also been rebooted

i can open browser: http://10.10.10.1 - successful but the 2nd gui shows html code..!!

question 1.  how i can i resolve this isse ?
sdm-gui--issue.docx
0
Comment
Question by:mikey250
  • 6
  • 6
13 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Saw in their rel notes pertaining to winXPSP2, but good to verify that the setting is allowed too.

When Cisco SDM is installed on a PC running Windows XP with Service Pack 2, Internet Explorer may display HTML source code when you attempt to launch Cisco SDM. To fix this problem, go to Tools > Internet Options > Advanced. Then scroll to the Security section, check Allow active content to run in files on my computer, and click Apply. Then relaunch Cisco SDM.

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp98305

Another to consider for uninstall and re-install Java 1.6.0.6
http://www.bryanluce.com/kb/2011/02/unable-to-access-additional-tasks-with-in-security-device-manager-sdm-v2-5/

This article talks on installing SDM and troubleshooting that can come in handy (see also pg7)
@ http://packet-lab.com/main/images/stories/installingsdm/installing%20cisco%20security%20device%20mananager%20sdm%20slides.pdf


(in case you want to double verify on the s/w compatible version as per below)
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp16941
0
 
LVL 13

Expert Comment

by:Sandy
Comment Utility
jre6_u32 will make it work fine on xp box
0
 

Author Comment

by:mikey250
Comment Utility
hi breadtan,

yes the below solved my problem and can now access sdm gui successfully:

"to fix this problem, go to tools > internet options > advanced.  then scroll to the security section, check allow active content to run in files on my computer, and click apply."

note: my ios version is: 12.3(2)xc2  - this is not showing in 'url' list you provided but url recommends 12.3(8) t4

ive checked the gui and this is what i have found:

ips - not available
nac - not available
qos - looks like it is available
nat - looks like it is available
routing - looks like it is available
security audit - looks like it is available
vpn - look like it is available
ssl vpn - not available
firewall and acl - look like it is available
interface & connections - is available

question 1.  after logging onto sdm the below is what i was prompted: i have attached screenshot)  any advice  ?

the web sites certificate cannot be verified.  do you want to continue - yes

always trust content from this publisher - ticked box

the name of the site does not match the name on the certificate.  do you want to run the application – i clicked run

prompted to logon – successful

sdm gui opens successful and can access all tab
sdm-gui-certificate-issue.docx
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Actually it is a self-signed certificate from the cisco router which is not inside your machine cert store. It is used for server authentication like how SSL server aith is done presenting the server cert (from router) to the client (your default browser).

IE used machine's "Trusted Root Certification Authorities" from the machine cert store to check if this server cert is within its store, if it doesn't, it prompts for the "warning". Most of the time is true for new machine and since this is a trusted transaction such as this, no harm moving ahead as what you already did - you can even click "Always trust ..." so that there is no prompt thereafter. The "trusted root cert store" will now have a copy of that cert only you confirm to always trust it.

If you need to remove it, can easily be done http://support.microsoft.com/kb/293819

It is a expected and in each new machine, this prompt will appear.
As I shared in previous post on 3rd link, it shared the exact steps too.

Hope it helps

Other - user guide
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/SDM25ug.pdf
0
 

Author Comment

by:mikey250
Comment Utility
hi and thanks for that!!!

i will go through the user guide:

before i go ahead i am always confused as in order to get my cisco 837 up and running, i logged onto my 'running' config and set the usual 'http/https' access and configured:

int eth0 - this allowed connectivity between win 2003 server & cisco 837 - ok
ip address 10.10.10.1 /29
no shut

int fa0/4
description windows 2003 server
no shut

question 1.  when i attempt to configure (nat basic) it only shows eth0 as possible configuration, but my above config is still in place, so do i need to remove above config in or to get (wan) connection up and running ?

question 2.  do i need to also configure dhcp, although i think not ?
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Typically you will do the below (ref packet lab pdf)

Step 1 Enable the HTTP and/or HTTPS servers.
r1(config)#ip http server
-and/or-
r1config)# ip http secure-server

Step 2 Create a user account defined with privilege level 15 (enable privileges).
r1(config)#ip http authentication local
r1(config)#username packetlab privilege 15 password packetlab

No difference...When you configure an interface as a LAN interface, Cisco SDM inserts the
description text $ETH-LAN$ in the configuration file so that it recognizes the
interface as a LAN interface in the future.

using the LAN wizard is preferred to configure the WAN and DHCP. For the local mgmt, preferred a different interface instead for segregation security (dont mix or allow mgmt traffic and user traffic into each int). For how to configure your WAN and DHCP interface, the LAN wizard in the user guide to create or edit existing interface or setting.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:mikey250
Comment Utility
hi yes i have done (step 1 & 2) to get this far.

ive just done the following:

int eth0
shut

the above stopped me from access the cisco 837 via sdm gui.  -  so i ran: 'no shut' again so this is obviously required as it is the management connection - ok

note:  currently i am confirming practical configurations are correct before i do this for real

currently i have a single 192.168.0.x/24 subnet connected to my isa2006/internal nic, which provides internet access as usual via isa/external nic.

my internal master dc/dns/dhcp server - is configured for my default gateway as the isa2006 internal nic address.

my isa2006/externic nic receives my virgin media public address detail, but due to myself being a residential customer i monitor my virgin dynamic public address details as they only  change every few months or so just as a temporary access while testing!!

i have attached a configuration that i would appreciate some help with although as my internal domain is already running a (dhcp), then my config cannot be right so would i just need nat ?
cisco-837-dhcp-config-draft.docx
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
I would suggest that you close this question if already answered the original query and open another new one please.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
You can see the WAN and NAT config illustrated here, suggest you make sure the router is alright to go into internet with the config before the ISA comes in to picture
http://windowsitpro.com/networking/9-steps-setting-cisco-router

On a multi-subnet LAN the LAN Router is the Default Gateway of all the LAN's
host. The ISA is the Default Gateway of the LAN Router. The ISA must have a Static Route that tells it to use the LAN Router for all the IP Segments on the whole LAN.

Various FW consideration
http://www.dslreports.com/faq/16332

Also for info, ip default-gateway is only used on a L2 switch. It allows you to telnet to the switch. The switch needs to get back to you so it needs the address of a router when you are on a different network. It can be displayed using show ip default-gateway but it has to be typed in completely. ip default-network and ip route only used on L3 switches.
0
 

Author Comment

by:mikey250
Comment Utility
hi i appreciate the advice and have now created another question as suggested:

http://www.experts-exchange.com/security/software_firewalls/enterprise_firewalls/cisco_pix_firewall/q_28302811.html
0
 

Author Closing Comment

by:mikey250
Comment Utility
the 1st advice given gave me the exact answer i was looking for so therefore i presume under the rules i have to allocate points to this expert.

much appreciated!!!
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Thanks, so it can extend queries to bigger pool of experts in new question
0
 

Author Comment

by:mikey250
Comment Utility
hi breadtan, i have mentioned your name in that new thread.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now