I know that there are snippets here and there with SDM issues. I am but the latest person that is struggling with this problem. I've had wonderful luck with previous posts here, so I thought I'd give it a shot.
So, I'm looking at taking my CCNA Security exam. I'm overseas in Iraq, and equipment is hard to come by. So, I've loaded up GNS3. To say THAT was a learning curve is an understatement!! But, I finally have GNS3 running successfully. So, let me give you my system setup, and we'll go from there.
I'm running an i7 machine with Windows 7 64 bit Home Premium, 4 Gb of DDR3 ram. It is up to date on all patches, etc.
I am running IE 9, with pop-up blocker turned off during my sessions of frustration with this problem (I use Firefox for most web traffic)
I have the latest Java update, which I think is v.29.
So, GNS3 running. I have a MS Loopback adapter configured with 192.168.1.1 in the "cloud". It is connected via fa0/0 to my 2610XM router, running
(C2600-ADVSECURITYK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2). Here is my config for the router:
aaa authe login AAA_LIST_NAME local
username xxx priv 15 secret xxx
ip address 192.168.1.254 255.255.255.0
ip address 10.0.0.1 255.255.255.0
ip http server
ip http secure-server
ip http authe local
line con 0
privi level 15
login authe AAA_LIST_NAME
line vty 0 15
privi level 15
login authe AAA_LIST_NAME
This is just a basic config to get the darn router up and running. I'm hoping to begin to use SDM to config the darn thing, etc. I mean, Cisco REQUIRES SDM knowledge for the CCNA Security Exam. I even bought my own 2620XM router, which is due here anytime. But, I digress..in the meantime, I'm stuck with GNS3.
So, as you can see, I've set up basic authentication with my router. The Fa0/0 is set with 192.168.1.254. I'm running http secure-server to allow HTTPS access.
Now, here comes the problems.
1. Sometimes I'm able to fully connect into the router with SDM. It will show me the homepage, and allow me to even configure routing. However, when I go to set up a Site to Site VPN, it just sits there...and does nothing. IDS doesnt work, nor does Firewall options.
2. I get the following errors sometimes without connection:
THe IP Address or hostname is not a valid address or is unreachable. (I can ping it)
HTTP or HTTPS is disabled on the router. (uh, look at the config, it's there and running).
I sometimes try and click the "Use HTTPS" for connection, and it gives me the error above. I dont click on it and it connects.
See, now, I clicked on the box JUST NOW, and it connected..it must know I'm telling on it
When it does connect, like now, it shows all features are green and available. IP is enabled; the remaining are available, but not enabled (no check marks). VPN is showing "up" but (0) because there are no tunnels yet configured.
So, again, I go to configure tab, down to VPN icon on the left. Then I select Site to Site VPN. I ensure the radio button is selected for Create a Site to Site VPN, and hit the "Launch the selected task" button. And nothing happens...it just sits there.
So, is it the IOS? I thought advsecurityk9 supported VPN. I know if I go into CLI and click crypto isakmp enable it will turn on, and it appears I can configure it manually. But I need to get the hang of SDM.
Any thoughts would be MUCH appreciated.
As a side note...if SDM is so lame, and it's being replaced, why does Cisco STRESS the darn thing for the CCNA Security exam? It's maddening! I can't wait for my router to get here, so I can try this for real..I'm afraid of what might happen
Try this first
ip http timeout-policy idle 600 life 86400 requests 10000
Then if it still doesn't work then try firefox and/or an older Java version
I added the line to the config.
IE still was having issues. So, I made Firefox the default.
Firefox was having similar issues with the checkmark "connect using HTTPS". If I took the checkmark off, then it would connect and ask me for username/password from both browser and Java applet pop-up. It would connect. But then, it seemed that GNS3 would time out and I would get I/O errors. If I tried to go into the config from GNS3 via console/putty, I would see it try to connect to 127.0.0.1 (loopback) but then it would lock up and error out and abort.
Any further ideas? I guess I can go to java.com and get the older version of java? Anyone know which version seems to work?
can you try with 1.6.0_20
But then, it seemed that GNS3 would time out and I would get I/O errors. If I tried to go into the config from GNS3 via console/putty, I would see it try to connect to 127.0.0.1 (loopback) but then it would lock up and error out and abort.
What do you mean ? post screenshots and errors.
Ok, here goes...
I just attempted to connect with my current setup.
First screen shot is the initial setup on my GNS3:
Nothing complex there...
Now I connect with SDM, trying to connect via HTTPS:
Error msg showing no HTTP or HTTPS found:
I was able to connect when I unchecked the "Connect with HTTPS"
Connected via SDM/Firefox
Showing my config that does have router set up for HTTP and HTTPS...
I can monitor my router successfully..
Then I go to the VPN page:
And I can click the button that says "Launch.." and it does nothing...and nothing..and nothing...
Curiously, I can start the Firewall wizard, and it will take me thru several screens and gets ready to launch firewall commands..VPN never works.
Even more curious..never got any msgs about I/O errors this time. All this time while doing print screen shots, etc...I was able to stay connected with the router with SDM; I could console into the router just fine and do commands and such. Never could get VPN to work. I'm still running Firefox with pop-up block off, latest patches, and latest Java.
I strongly suspect you haen't got an image with crypto support and that's why both https and the VPN wizard are not working.
Just issue sh version in CLI and if you don't see k9 then you don't have crypto support and you'll have to get another IOS image with k9 to get it all working.
If you look at my first post, you'll see that I put the IOS; it is
(C2600-ADVSECURITYK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2
So, that shouldn't be the problem.
So, I went ahead and configured OSPF on both routers in the scenario. I then went CLI and configured VPN on both routers, setting each other as peer. I configured policy map, access list..etc.
The VPN tunnel came up and worked. SDM showed VPN available and enabled. It would show the tunnel under monitoring just fine. So, it's not that the routers wont work with a tunnel. But again, I tried to just use the VPN Site to Site wizard, and nothing! It just sits there!
I worked on this for about an hour configuring everything. Then, I don't know what I did, but I suddenly got :
And I lost all connectivity. I rebooted GNS3 and SDM, and it started working again.
As to confirm this. I am also having the same issue with the VPN Wizard not showing up. Just to share:
IOS: 3700 Software (C3745-ADVSECURITYK9-M)
SDM Version 2.5
Java build: 1.6.0_31-b05
Hopefully, someone has a solution. Will continue to seach the net.
I'm having the same issue with SDM 2.5 running on Windows 7 IE8. If I click edit on an interface the pop up window does not display, this is the SDM application window popup, not an IE popup. This is whether I use http or https.
Also If I change default browser to Chrome the launcher continues to open IE even after a reboot.