SDM issues when using https

Unanswered Question
Oct 30th, 2009

Hi,

I've installed sdm 2.5 on my PC and configured an 877W running c870-advsecurityk9-mz.124-24.T.bin with a very basic config just to get me going. I can use launch sdm via the launcher using http and it runs fine, allows me to make config changes and save them to running config.

If I try using the launcher and https it opens sdm and gives me a information box about installing a temporary file to flash. I OK this and then have the full sdm 'gui'. If I make any changes to the router config however it does not apply the commands and I cannot save the router config (a message appears in the bottom right corner saying running config could not be copied to startup). I have done a 'dir all' before and after the info box about installing a temp file but nothing seems to get installed as the outputs are both the same.

I'm using IE8 and my Java Platform is at version 6 update 7. I've tried removing all the certificates from my browser and Java but still no joy.

If anyone could shed some light on what's wrong I'd really appreciate it. I don't fancy configuring the fw features and Webvpn via cli...!!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
yjdabear Fri, 10/30/2009 - 09:27

Well, you might not have to go that far. Per the SDM 2.5 release notes, only the following browser and Java versions are supported:

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr25.html#wp35379

I'd "downgrade" one-at-a-time, either the browser or JRE, to the supported versions, until a working combination. Even though "Internet Explorer 5.5 and later versions" kinda implies IE 8 is covered, I wouldn't be surprised it's way too recent to be the case.

Lucien Avramov Fri, 10/30/2009 - 12:54

SDM is very sensitive to java and the browser.

You cant use IE8 because It will not let you downgrade Java, or at least I have not found how.

Downgrade your JRE and use firefox:

Cisco SDM requires Sun Java Runtime Environment (JRE). The following versions are supported:

•JRE 1.5_09

•JRE1.4.2_08

•JRE 1.5.0_06

•JRE 1.5.0_07

•JRE 1.6.0_02

•JRE 1.6.0_03

paulmoore69 Fri, 10/30/2009 - 15:27

Hi,

Thanks for the replies. I've downgrad to ie7 and java to JRE 1.6.0_02 but still getting the same issue.

I can't use Firefox as I've installed sdm on my pc, I haven't got too much room on the router to install SDM on the flash.

Do you know what file sdm tries to install on the router flash when loading and why it does it whilst using https but not http?

Once again appreciate your help.

Thanks.

Paul.

Lucien Avramov Fri, 10/30/2009 - 15:46

When SDM is loading it doesnt install any files on the flash (or on your computer if during the installer, you installed locally on the PC) but it rather reads files from the flash.

The files are on table "Cisco SDM Files" in this document:

https://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr25.html

do you have ip http secure-server enabled?

paulmoore69 Sat, 10/31/2009 - 09:47

Hi,

I have got http secure-server, http server and http authentication local configured. I've also got local username with privilege 15 and login local with privilege level 15 on the lines. RSA keys and locally generated certificates are created and saved.

In the table 'Cisco SDM Files' from the link you posted do certain ones have to be present on the flash even though I am launching SDM from my PC?

I had to format the flash recently due to a problem so would have deleted any files present.

Cheers.

Paul.

Lucien Avramov Sat, 10/31/2009 - 09:50

If you installed SDM on the pc you should not have to.

However I have observed that it works better when launched from the router.

I suggest that you install the files on the router.

Your config seems fine.

Ton confirm you user with privilege 15, go on the http://x.x.x.x (ip of router) and confirm your login works.

paulmoore69 Sun, 11/01/2009 - 01:53

I can login fine with the username and privilege level as it works when using http from the sdm launcher.

I'm going to try downgrading the IOS to 12.3 and see if makes any difference.

paulmoore69 Mon, 11/02/2009 - 08:00

I've downgraded to 12.3(14)YT1 and can successfully use SDM with https. (When loading it doesn't show the pop up box regarding saving a temporary file to flash). I've also loaded 12.4(15)XY3 and am able to succesfully launch SDM using https.

I downloaded 12.4(24)T2 from Cisco again (in case I had a corrupt image) but am still getting the same issue. It would therefore seem to be a problem with that particular IOS level.

Thanks to all for their comments and assistance, much appreciated.

Lucien Avramov Thu, 11/05/2009 - 10:52

Well here is the problem: the support for SDM under IOS has stopped. The product replacing it is called CCP: Cisco Configuration Profesionnal.

Bugs related to newer IOS and SDM will not be fixed as SDM is end of life. Your test indicates that it's related to the newer IOS and it's interoperation with

You can download this from: http://www.cisco.com/go/ccp

Actions

This Discussion