877 Advanced IP Services 12.4(22)T & SDM 2.5

Unanswered Question
Oct 14th, 2008
User Badges:
  • Gold, 750 points or more

I have a 877 ISR router that has been running 12.4(15)T7 for a while without problems. Recently I experimented with the SSL VPN features through SDM and realised I needed more memory (FLASH & DRAM). I have now upgraded the FLASH & DRAM to the maximum it can take (52MB FLASH & 256MB DRAM). I have also upgraded the IOS to the very latest 12.4(22)T but some features of SDM have stopped working.

When SDM is started it connects to the router and starts parsing the configuration. During this it stops and a dialogue box appears stating 'SDM cannot connect to your router for the following reason: communication exception' If I click OK SDM continues to load and another dialogue box appears: 'In order for SDM to deliver commands to your router, SDM needs to write a temporary file to your router's flash'. I then click OK and SDM is running and the Home page shows everything except NAC is configured (which is correct). If I click the configure button, then click 'IPS' I get a page saying HTTP or HTTPS needs to be enabled and that HTTPS has been detected, however the pages that were previously available are not there. If I look at the SSL VPN configuration pages it tells me that the SSL VPN Client software is not installed, however from the CLI it is shown as installed.

I have made no changes to the configuration between the IOS & memory upgrade but there was some playing around due to the FLASH upgrade, however I am pretty certain it is back to how it was previously.


I am running the latest version of SDM (2.5).


Cheers


Andy



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.butterworth Tue, 10/14/2008 - 02:37
User Badges:
  • Gold, 750 points or more

OK, I think I have narrowed this down somewhat but still have the problem. I am using HTTPS as the transport for SDM to access the 877. If I enable HTTP and then connect using HTTP instead of HTTPS the exception doesn't occur (the SSL VPN issue is still there but thats a different problem I think). I am therefore leaning toward it being a certificate/crypto issue.

So, I have zeroized the keys and cleared all trustpoint configuration from the router and reloaded. I have then created the crypto keys (crypto key generate rsa general-keys modulus 1024) but still the problem remains when connecting SDM via HTTPS.


Any ideas or does this look like a bug between the latest 12.4(22)T IOS and SDM 2.5?


Andy

Hi Andy


I have the same problem. Using http works ok, but https just hangs when connecting to the SDM directly on the router.


When using the SDM launcher from my machine though, both http and https work. I get the same errors you do and have not been able to "Deliver command" after configuring anything though.


I have to enter the commands manually by copying and pasting them. (You can see which commands should be delivered by going to Edit -> Preferences, then checking "Preview commands before delivering to router").


I assume this must be some bug between 12.4(22) and SDM 2.5


Hemal

andrew.butterworth Sun, 11/30/2008 - 04:59
User Badges:
  • Gold, 750 points or more

Hi Hemal


I am using SDM from a Windows PC and I have full functionality when using HTTP. It is only when I use HTTPS that I have problems and it is only the IPS stuff that fails to work. I thought it was a crypto key or certificate issue, however I have zeroized the key and re-enrolled for a certificate from the CA and the behaviour remains the same.

I am convinced this is a bug between ios 12.4(22)T and SDM 2.5 as it worked fine with 12.4(15)T7 and 12.4(20)T. I am loathed to raise a TAC case as it's now such a pain to do so, plus this router isn't covered under any Smartnet contract. I'll just wait for either a new version of SDM to appear or a later IOS and try that.


Andy

andrew.butterworth Wed, 04/08/2009 - 07:19
User Badges:
  • Gold, 750 points or more

I have upgraded to 12.4(24)T and the issue remains. I have also hit the Java issue since the Java client on my machine upgraded itself recently...

So I have attempted to work around this by switching to Cisco Configuration Professional since this will replace SDM eventually anyway (or so it says on the CPP page). Anway I have installed the latest 1.3 Beta version and sucessfully discovered my router. However I can't configure IPS, either using HTTPS or HTTP. The IPS page is simply blank.


Has anyone else managed to get this going? I am using an 877 with Advanced IP Services.


Andy

Actions

This Discussion