SDM with GNS3

Deltah_Deltah_ Member Posts: 51 ■■□□□□□□□□
Hi everybody,

I'm not able to make a connection with SDM and my router in GNS3. I have ssh and https but it's doesn't work. Same config as help config.

Someone with an idea ?

Thank you.
«1

Comments

  • scheistermeisterscheistermeister Member Posts: 748 ■□□□□□□□□□
    You have web server on the router up and going? Can you connect to the router through a normal browser? LAN interface that GNS3 is mapped to is up on both the desktop and router? Can you ping between the two?
    Give a man fire and he'll be warm for a day. Set a man on fire and he'll be warm for the rest of his life.
  • Deltah_Deltah_ Member Posts: 51 ■■□□□□□□□□
    My fa0/0 address = 6.6.6.6 255.255.255.0
    Microsoft loopback = 6.6.6.7 255.255.255.0 gateway = 6.6.6.6

    My microsoft loopback is mapped in the cloud.

    I can't access to my router with web browser.
    I can't ping 6.6.6.7

    SDMRouter(config)#ip domain-name sdmrouter.com
    SDMRouter(config)#username .... privilege 15 password ...
    SDMRouter(config)#ip http server
    SDMRouter(config)#ip http secure-server
    SDMRouter(config)#ip http authentication local
    SDMRouter(config)#line vty 0 4
    SDMRouter(config-line)#login local
    SDMRouter(config-line)#transport input telnet ssh
    SDMRouter(config-line)#privilege level 15
    SDMRouter(config-line)#line cons 0
    SDMRouter(config-line)#login local
    SDMRouter(config-line)#transport output telnet ssh
    SDMRouter(config-line)#privilege level 15
    SDMRouter(config-line)#exit
    SDMRouter(config)#crypto key generate rsa gen mod 1024
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Try disabling your other network connections on your PC.
    An expert is a man who has made all the mistakes which can be made.
  • wat08wat08 Member Posts: 128
    Looks like I have the same problem:

    After entering the IP address of my router in the "SDM Launcher" window, FireFox opens and says that Java is enabled and that the SDM application will launch, but it doesn't. It just hangs on the SDM splash screen in the browser and the app never loads.

    Here are some of the things I've tried:

    Router(config)#hostname SomeRouter
    SomeRouter(config)#ip domain-name SomeDomain.com
    SomeRouter(config)#crypto key generate rsa generate-keys modulus 1024
    SomeRouter(config)#ip http server
    SomeRouter(config)#ip http secure-server
    SomeRouter(config)#username SomeUser privilege 15 password cisco
    SomeRouter(config)#ip http authentication local
    SomeRouter(config)#line vty 0 4
    SomeRouter(config-line)#login local

    I first tried configuring the router with HTTP (443) and when that didn't work I attempted HTTP (80) but unfortunately got the same result.

    I can ping between my PC (a real PC, not a virtual PC) and the router, and GNS3 shows green dots between the connection. I'm using IOS version 12.4(17) on a 7200.

    I've disabled my wireless interface on my PC and am only using my interface for my Internet connection.

    I'm an extreme cisco newbie so if I've made a blatantly obvious mistake, forgive me.[/b]
  • scheistermeisterscheistermeister Member Posts: 748 ■□□□□□□□□□
    Is it one of these?
    • Cisco 7204VXR, 7206VXR, and 7301 routers:
    • Cisco IOS Software Release 12.3(2)T or 12.3(3)M; no support for B, E, and S trains
    
    Give a man fire and he'll be warm for a day. Set a man on fire and he'll be warm for the rest of his life.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    wat08 wrote:
    Looks like I have the same problem:

    After entering the IP address of my router in the "SDM Launcher" window, FireFox opens and says that Java is enabled and that the SDM application will launch, but it doesn't. It just hangs on the SDM splash screen in the browser and the app never loads.

    Here are some of the things I've tried:

    Router(config)#hostname SomeRouter
    SomeRouter(config)#ip domain-name SomeDomain.com
    SomeRouter(config)#crypto key generate rsa generate-keys modulus 1024
    SomeRouter(config)#ip http server
    SomeRouter(config)#ip http secure-server
    SomeRouter(config)#username SomeUser privilege 15 password cisco
    SomeRouter(config)#ip http authentication local
    SomeRouter(config)#line vty 0 4
    SomeRouter(config-line)#login local

    I first tried configuring the router with HTTP (443) and when that didn't work I attempted HTTP (80) but unfortunately got the same result.

    I can ping between my PC (a real PC, not a virtual PC) and the router, and GNS3 shows green dots between the connection. I'm using IOS version 12.4(17) on a 7200.

    I've disabled my wireless interface on my PC and am only using my interface for my Internet connection.

    I'm an extreme cisco newbie so if I've made a blatantly obvious mistake, forgive me.[/b]

    Did you try IE instead of Firefox?

    Also check your pop up blocker.
    An expert is a man who has made all the mistakes which can be made.
  • wat08wat08 Member Posts: 128
    I gave IE a try but still got the same result.

    Apparently it's "c7200-PK9U2-M" ? Don't know if that helps...

    What exactly is the "microsoft loopback address"? Is it any different from the 127.x.x.x range?
  • jezg76jezg76 Member Posts: 97 ■■□□□□□□□□
    For IE I have always had to go into Internet Explorer Advanced Properties and make sure "Allow active content to run in files on my Computer" is checked.

    Not sure if that will help with your situation but good luck! :)
    policy-map type inspect TACO
    class type inspect BELL
    drop log
  • wat08wat08 Member Posts: 128
    WooHoo!!!! Got it to work. I had set my loopback adapter incorrectly. Following this tutorial will make everything peachy:

    http://internap.dl.sourceforge.net/sourceforge/gns-3/GNS3-0.5-tutorial.pdf


    I must say, SDM is very aesthetically pleasing, but I prefer my good ol' CLI. I wish Cisco would just scrap the GUI..
  • tierstentiersten Member Posts: 4,505
    wat08 wrote:
    I must say, SDM is very aesthetically pleasing, but I prefer my good ol' CLI. I wish Cisco would just scrap the GUI..
    People complained to Cisco that <insert random manufacturer here> had a GUI based configuration system for their routers so why didn't Cisco? SDM is the result. The configuration generated by SDM is pretty brittle and SDM won't like you changing too much behind its back from the CLI.
  • ump001ump001 Member Posts: 7 ■□□□□□□□□□
    I can get the SDM working, but when for example i select Site to Site VPN, i fill out the initial page, click next to the IKE policy, but nothing happens, the IKE configure page doesnt load and the egg timer just hangs on the first oage.
    The app itself isnt hanging as i'm able to go back, cancel etc. I have tried shutting down SDM but i still get the same issue when i try the VPN again.

    Any ideas?
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    wat08 wrote: »
    WooHoo!!!! Got it to work. I had set my loopback adapter incorrectly. Following this tutorial will make everything peachy:

    http://internap.dl.sourceforge.net/sourceforge/gns-3/GNS3-0.5-tutorial.pdf

    spent all day today doing this...it was a pain...but finally I think have it working now...thanks for the link.
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    In my above post I mentioned that SDM is now working fine, which it is but I have go another weired problem, may be you guys can help me out with this.

    I am working on the SDM and everything is working just fine until all of a sudden the router looses connection to the Dynamips, the router itself doens't show any signs of any disruption, no red lights of 'loss of connectivity' messages, but SDM tells me that router has lost the connection to Dynamips and then when I try to get into the router through terminal service, that doesn't seem to work either.

    I have restart the whole thing and the router looses are configurations and I have to re-configure everything.

    Any help?
  • SepiraphSepiraph Member Posts: 179 ■■□□□□□□□□
    coffeeking wrote: »
    In my above post I mentioned that SDM is now working fine, which it is but I have go another weired problem, may be you guys can help me out with this.

    I am working on the SDM and everything is working just fine until all of a sudden the router looses connection to the Dynamips, the router itself doens't show any signs of any disruption, no red lights of 'loss of connectivity' messages, but SDM tells me that router has lost the connection to Dynamips and then when I try to get into the router through terminal service, that doesn't seem to work either.

    I have restart the whole thing and the router looses are configurations and I have to re-configure everything.

    Any help?

    What's the network topology? I notice that if I try to use a 2nd router between the host router and the 'server' router, IO errors sometimes occur.

    e.g. host-SW-R1-R2, where R2 is setup as the SDM server.
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    Sepiraph wrote: »
    What's the network topology? I notice that if I try to use a 2nd router between the host router and the 'server' router, IO errors sometimes occur.

    e.g. host-SW-R1-R2, where R2 is setup as the SDM server.

    Topology is as simple as running only one router with one PC (presented by the cloud). My main objective was to get the SDM up and running and then I was going add other stuff along the way but keep running into this trouble where I have re-do the whole configuration.
  • mohsinhafeezmohsinhafeez Member Posts: 2 ■□□□□□□□□□
    Hi all, my name is Mohsin Hafeez, have successfully completed CCNA, now pursuing CCNA security. I used boson for CCNA labs. got to know about GNS3 a few days back. I have been trying to configure it to use SDM as SDM is an important topic in CCNA security. I am using c3645, i can ping my loopback interface, my SDMR, but once i launch SDM, 2 windows open, so after the second window open's SDM application is suppose to start right? but it doesnt, i tried it with both IE and Firefox, sort of getting frustrated now coz i want to get on with CCNA Security. Please help. Thank You.
  • mohsinhafeezmohsinhafeez Member Posts: 2 ■□□□□□□□□□
    coffeeking wrote: »
    Topology is as simple as running only one router with one PC (presented by the cloud). My main objective was to get the SDM up and running and then I was going add other stuff along the way but keep running into this trouble where I have re-do the whole configuration.



    Hi, have you tried to save your config with wr?? try that.
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    Hi, have you tried to save your config with wr?? try that.

    Hi Mohsin, welcome to the forums.

    I got a solution to the problem, the underlying problem was that I was assigning the router an idle PC value before making a connection to the console and then off course I saved the config and network files the right way; you should save both of them, just saving the project won't do it.

    Now SDM runs just fine for me, don't have any broken connections or anything.

    To address your issue, make sure you have a setup the loopback adapter correctly and more than anything make sure what IP address you assign to you interface connecting to the loopback interface; I struggled with this a bit as well.

    It should ideally work just fine in IE, I can't think of many suggestions besides:

    1- check your ActiveX settings
    2- configure your router with username and password
    3- setup https to be used <-- don't think this would make a difference but worked for me.

    You also mentioned that you are using 3645 router, just as a heads up this is not going support Zone-based firewall; something massively covered in CCNA: Sec. I haven't been able to find an image that would as of yet. But as long as you have the general idea of how it works on SDM, I think you should be OK.
  • Ryan82Ryan82 Member Posts: 428
    coffeeking wrote: »
    Topology is as simple as running only one router with one PC (presented by the cloud). My main objective was to get the SDM up and running and then I was going add other stuff along the way but keep running into this trouble where I have re-do the whole configuration.


    Which IOS are you using? I had a similiar (possibly the same) issue when I was using a 2600 series IOS.

    I switched to a 3725 IOS and haven't had any connectivity problems since.

    EDIT: you figured it out while I was typing a response. Also, for the Zone-based firewall I know that the 3725 IOS: c3725-advipservicesk9-mz.124-11.XW7 supports it.
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    Ryan82 wrote: »
    Which IOS are you using? I had a similiar (possibly the same) issue when I was using a 2600 series IOS.

    I switched to a 3725 IOS and haven't had any connectivity problems since.

    EDIT: you figured it out while I was typing a response. Also, for the Zone-based firewall I know that the 3725 IOS: c3725-advipservicesk9-mz.124-11.XW7 supports it.

    Ryan82, thanks for providing the info on the image, I just gotta figure out how to get one.

    One of my colleagues who just recently took the exam said that as long as you have an idea of how zone-based firewalls work you can get by it. They don't particularly ask you to configure or set it up.
  • Ryan82Ryan82 Member Posts: 428
    coffeeking wrote: »
    Ryan82, thanks for providing the info on the image, I just gotta figure out how to get one.

    One of my colleagues who just recently took the exam said that as long as you have an idea of how zone-based firewalls work you can get by it. They don't particularly ask you to configure or set it up.

    Well, you may be able to, but I would highly suggest some hands on with it. I took it back in March. Without crossing the NDA threshold I will say that if my memory serves me correctly, you are tested on it pretty heavily in theory and in implementation/verification.

    Best of luck
  • captobviouscaptobvious Member Posts: 648
    Deltah_ wrote: »
    Hi everybody,

    I'm not able to make a connection with SDM and my router in GNS3. I have ssh and https but it's doesn't work. Same config as help config.

    Someone with an idea ?

    Thank you.
    It could be that magical mix of SDM version and Java platform. Sometimes you have to play with the Java platform running to get it to work.

    This is an example that I used. Release Notes for Cisco Router and Security Device Manager 2.4

    You would have to check your version of SDM. Release Notes for SDM
  • blogmasterblogmaster Registered Users Posts: 5 ■□□□□□□□□□
    Ryan82 wrote: »
    Which IOS are you using? I had a similiar (possibly the same) issue when I was using a 2600 series IOS.

    I switched to a 3725 IOS and haven't had any connectivity problems since.

    EDIT: you figured it out while I was typing a response. Also, for the Zone-based firewall I know that the 3725 IOS: c3725-advipservicesk9-mz.124-11.XW7 supports it.

    after lots of search and failure i could not get the 3725 IOS: c3725-advipservicesk9-mz.124-11.XW7 however I got this one c3745-adventerprisek9-mz.124-11.XW7.bin , do you think it is suitable and enough for CCNA-Security zone-based firewall?

    can you please brief me little about cisco ios variant like these: adventerprise, advipservices, advsecurity, ipbase etc?
  • tierstentiersten Member Posts: 4,505
    blogmaster wrote: »
    can you please brief me little about cisco ios variant like these: adventerprise, advipservices, advsecurity, ipbase etc?
    Cisco Portable Product Sheets
  • blogmasterblogmaster Registered Users Posts: 5 ■□□□□□□□□□
    i just cant make the sdm load, can anyone please help me? I tried first by just using basic authentication, and then later complete authentication like this one:

    SDMRouter(config)#ip domain-name sdmrouter.com
    SDMRouter(config)#username .... privilege 15 password ...
    SDMRouter(config)#ip http server
    SDMRouter(config)#ip http secure-server
    SDMRouter(config)#ip http authentication local
    SDMRouter(config)#line vty 0 4
    SDMRouter(config-line)#login local
    SDMRouter(config-line)#transport input telnet ssh
    SDMRouter(config-line)#privilege level 15
    SDMRouter(config-line)#line cons 0
    SDMRouter(config-line)#login local
    SDMRouter(config-line)#transport output telnet ssh
    SDMRouter(config-line)#privilege level 15
    SDMRouter(config-line)#exit
    SDMRouter(config)#crypto key generate rsa gen mod 1024

    but everytime after giving username and password i get the following two output:


    1.jpg


    2.jpg


    I used the 172.16.0.1 255.255.255.0 ip for the router and 172.16.0.2 255.255.255.0 172.16.0.1 gateway for the cloud/loopback adapter . I can ping from putty and command prompt, but cant make the sdm to load. my JRE version is latest downloaded on 17th august 2010. the topology is simple, just the router and cloud. I used this IOS

    c3745-adventerprisek9-mz.124-11.XW7.bin and many other IOS for 2600,2691,3600,3700,7200 etc but nothing seems to load the sdm. please help me.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    An expert is a man who has made all the mistakes which can be made.
  • tierstentiersten Member Posts: 4,505
    blogmaster wrote: »
    my JRE version is latest downloaded on 17th august 2010
    SDM was designed to work with an older version of Java and changes in recent Java versions has caused issues with it. Downgrade to Java 6 Update 5 or lower and it should run properly.

    Next time you do screenshots, resize or crop them to only show the relevant details.
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    It could be that magical mix of SDM version and Java platform. Sometimes you have to play with the Java platform running to get it to work.

    This is an example that I used. Release Notes for Cisco Router and Security Device Manager 2.4

    You would have to check your version of SDM. Release Notes for SDM

    This, most definitely. I've never been able to get current versions of java to work & had to grab an older version (6u6 works, 6u15 does not... for me). Even worse, 6u6 won't work with current firefox (in windows), meaning I had to use IE. In Linux, my iceweasel (3.5.11) works with 6u6 though.
    Latest Completed: CISSP

    Current goal: Dunno
  • blogmasterblogmaster Registered Users Posts: 5 ■□□□□□□□□□
    sorry for posting such a huge image, next time I will be careful.

    I just uninstalled jre6u21, cleaned windows registry and installed jre6u03 as it is supported by SDM 2.5 mentioned on cisco support page.

    however I am still getting the same message, java null pointer exception and sdm startup error, i tried every possible way to config the router.

    Later, I just open the router configuration from IE to see if there is really any privilege error or not, so applied the router ip on IE address bar, asked for username and pass, I put the level 15 info, and it accessed the router, so it means the security is ok.

    Then what problem is there ? Why can't I use the sdm, can any one troubleshoot the problem? please help me.

    while after following the braindump tutorial it is assumed that i need to install the sdm on the router too, so then i tried to install sdm on the router and then got the following message:

    3.jpg

    it can connect to my router, but cant grant access! i used
    router#username name privilege 15 password 0 pass

    and also vty privilege level were all correct as shown on the tutorial.

    Thanks
  • blogmasterblogmaster Registered Users Posts: 5 ■□□□□□□□□□
    can't anyone help me to run the sdm setup? please I need to learn sdm, can't afford to buy a real router, and even after seeing this terrible installation problem, my wish to buy a real cisco router has faded away. I just don't understand why it is asking for privilege level 15 user although I am giving the right username and password!
    I also tried disabling windows firewall and all other network connection except the required loopback one.
    also used this login:
    #username name view root password pass

    btw I too tried using "cisco" as password and also a different word of password, but failure, failure and failure.
Sign In or Register to comment.