Can't connect to SDM on a Cisco 871 access router

Unanswered Question
Sep 1st, 2008
User Badges:

After a configuring disaster, I reset the router to the default configuration. Per instructions in "Cisco Router and Security Device Manager Quick Start Guide - pages 16-18, Using the Console Terminal, I configured the running configuration (default configuration) with: (1)- IP address for the Vlan1 Fast Ethernet interface to the LAN. (2)- Enabled the Router's HTTP/HTTPS server & verified that the HTTPS service was ON. (3) Created a default Username and password with privilege level 15. (4)Enabled Telnet/SSH access to the Router from the LAN. I then copied the Running-Config file to the Startup-config file. I then connected a PC to a router port and set a static IP address 10.40.6.20) similar to to the Router IP address (10.40.6.3). On the first attempt (8/31/2008), I appear to have entered the SDM on the router because I successfully went through a login procedure before receiving an error message stating that there were more than one certificate and I should contact the IT and get a another certificate. I don't understand what that was about. In the process of trying to resolve that issue, I erased the NVRAM and lost the config file. Today, (9/1/2008), I went through the whole drill again but this time I got nowhere with SDM. Got the error message " Bad IP address of the router or SSH on the router not enabled". I confirmed that SSH (HTTPS) was active on the router. So apparently the IP address was in error although it was the same address I used the day before. I know my Startup- config file is minimal and probably lacks some required parameters but I don't know what they could be. I wonder if it would be possible to get a copy of the initial config file that Cisco ships with the Router and upload that since it has the necessary minimun configuration to get SDM up?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bmcginn Mon, 09/01/2008 - 16:55
User Badges:
  • Bronze, 100 points or more

High there, this is probably a silly question, but did you create a key before enabling https?


something like crypto key generate modulus 1024 etc?



dbdickson Mon, 09/01/2008 - 18:30
User Badges:

The key was part of the first configuration of the router approximately 9 months ago.

Below is what was in the config file.

" crypto pki trustpoint TP-self signed-2022193033 enrollment selfsigned subject-name cn=IOS-self-signed-certificate-2022193033

revocation-check none

rsakeypair TP-self-signed-2022193033"

dbdickson Tue, 09/02/2008 - 18:04
User Badges:

I have a further update on my issue. I was finally able to successfully go through the SDM logon sequence on my router. However I didn't get too far. I got the following error message:


"You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: ""Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number"" "

I don't know what this means or what action to take. can't anyone enlighten me?

Actions

This Discussion