Basic Router Configuration using SDM - Cisco Systems Cisco Router and Security Device Manager Basic Router Configuration using SDM HOME SUPPO

(1)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1 1//2

24

4

Introduction Introduction Prerequisites Prerequisites Requirements Requirements Components Used Components Used Conventions Conventions Configure Configure Network Diagram Network Diagram Interface Configuration Interface Configuration NAT Configuration NAT Configuration Routing Configuration Routing Configuration Miscellaneous Configuration Miscellaneous Configuration CLI Configuration CLI Configuration Verify Verify Troubleshoot Troubleshoot Comatibilit

Comatibility of SDM with 64-bit OSy of SDM with 64-bit OS

Unable to Launch the SDM through Web Browser Unable to Launch the SDM through Web Browser E

Error: java.bling stack overflowrror: java.bling stack overflow Cis

Cisco Support Community co Support Community - Fea- Featured Converstured Conversationsations R

Related elated InforInformationmation

Introduction

This document describes how to use the

This document describes how to use the Cisco Security Device Manager (SDM)Cisco Security Device Manager (SDM) in in order to set the basic configuration of the router. This includes the configuration of the order to set the basic configuration of the router. This includes the configuration of the IP addre

IP address, ss, defdefault routing, static ault routing, static and dynaand dynamic routing , mic routing , static static and dynaand dynamic NATing,mic NATing, hostname, banner, secret password, user accounts, and so forth. Cisco SDM allows hostname, banner, secret password, user accounts, and so forth. Cisco SDM allows you to configure your router in all kinds of network environments that includes small you to configure your router in all kinds of network environments that includes small office home office (SOHO), branch office (BO), regional office, and central site or office home office (SOHO), branch office (BO), regional office, and central site or Enterprise headquarters using an easy-to-use web-based management interface. Enterprise headquarters using an easy-to-use web-based management interface.

Prerequisites

Requirements

This document assumes that the Cisco router is fully operational and configured to This document assumes that the Cisco router is fully operational and configured to allow the Cisco SDM to make configuration changes.

allow the Cisco SDM to make configuration changes. Note:

Note: Refer toRefer to Allowing HT Allowing HTTPS Access for SDMTPS Access for SDM in order to allow the router to be in order to allow the router to be configured by the SDM.

configured by the SDM.

Compo

Components Use

nents Use d

d

The information in this document is based on these software and hardware versions: The information in this document is based on these software and hardware versions:

Cisco 3640 Router with Cisco IOS

Cisco 3640 Router with Cisco IOS®®Software Release 12.4(8)Software Release 12.4(8) Cisco Security Device Manager (SDM) Version 2.3.1

Cisco Security Device Manager (SDM) Version 2.3.1

The information in this document was created from the devices in a specific lab The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential configuration. If your network is live, make sure that you understand the potential impact of any command.

impact of any command. Note:

Note: If you use a Cisco Integrated Service Router (ISR), refer toIf you use a Cisco Integrated Service Router (ISR), refer to Basic Router Basic Router Configuration Using Cisco Configuration Professional

Configuration Using Cisco Configuration Professional for similar configuration details for similar configuration details with more powerful features. For information on which routers are suppoted by Cisco with more powerful features. For information on which routers are suppoted by Cisco CP, refer to the

CP, refer to the Supported RoutersSupported Routers section of the section of the Release Notes for CiscoRelease Notes for Cisco Configuration Professional 2.5

Configuration Professional 2.5 ..

Conventions

Refer to the

Refer to the Cisco Technical Tips ConventionsCisco Technical Tips Conventions for more information on document for more information on document conventions.

conventions.

Configure

In this section, you are presented with the information to configure the basic settings In this section, you are presented with the information to configure the basic settings for router in a network.

for router in a network. Note:

Note: Use theUse the Command Lookup ToolCommand Lookup Tool((registeredregistered cust cust omers only) to obtain moreomers only) to obtain more information on the commands used in this section.

information on the commands used in this section. PRODUCT SUPPORT

PRODUCT SUPPORT

END-OF-SALE AND END-OF-LIFE END-OF-SALE AND END-OF-LIFE PRODUCTS

PRODUCTS

CISCO ROUTER AND SECURITY CISCO ROUTER AND SECURITY DEVICE MANAGER

DEVICE MANAGER CONFIGURE CONFIGURE CONFIGUR

CONFIGURATION EXAMPLES ATION EXAMPLES ANDAND TECHNOTES

TECHNOTES

Basic Router Configuration Basic Router Configuration using SDM

(2)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

2 2//2

24

4

Note:

Note: The IP addressing schemes used in this configuration are not legally routable onThe IP addressing schemes used in this configuration are not legally routable on the Internet. They are

the Internet. They are RFC 1918RFC 1918 addresses addresses which which havhave e been been used used in in a a lablab environment.

environment.

Interface Configuration

Complete these steps in order to configure the interfaces of a Cisco router. Complete these steps in order to configure the interfaces of a Cisco router.

1. Click

1. Click HomeHome in order to go to the SDM Home page. in order to go to the SDM Home page.

The SDM Home page provides information such as hardware and software of The SDM Home page provides information such as hardware and software of the router, feature availability, and a configuration summary. The green circles the router, feature availability, and a configuration summary. The green circles show the features supported in this router and the red circles show the features show the features supported in this router and the red circles show the features not supported.

not supported.

2. Choose

2. Choose Configure > Interfaces and Connections > Create ConnectionConfigure > Interfaces and Connections > Create Connection in in order to configure the WAN connection for the interface.

order to configure the WAN connection for the interface. As an example, for serial interf

As an example, for serial interface 2/0, choose theace 2/0, choose the SerialSerial option and click option and click Create New Connection

Create New Connection.. Note:

Note: For other types of interfaces likeFor other types of interfaces like EthernetEthernet, choose the respective, choose the respective interfa

(3)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

3 3//2

24

4

3. Click

3. Click NextNext in order to proceed once this interface appears. in order to proceed once this interface appears.

4. Select

4. Select Serial iSerial i nterfnterface 2/0ace 2/0 (desired) from the Available Interfaces option and (desired) from the Available Interfaces option and click

(4)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

4 4//2

24

4

5.

5. Choose the Choose the encapsulatiencapsulati on type fon type for the or the serial interface and serial interface and cliclickck NextNext..

6.

6. Specify the static Specify the static IP addrIP address with the corresponess with the corresponding subnding subnet mask for theet mask for the interfa

(5)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

5 5//2

24

4

address (192.168.1.2 as per network diagram) supplied by the ISP and click

address (192.168.1.2 as per network diagram) supplied by the ISP and click Next

Next..

This window appears and shows the configuration summary configured by the This window appears and shows the configuration summary configured by the user. Click

(6)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

6 6//2

24

4

This window appears and shows the command delivery status to the router.

This window appears and shows the command delivery status to the router. Otherwise, it displays errors if the command delivery fails due to incompatible Otherwise, it displays errors if the command delivery fails due to incompatible commands or unsupported features.

commands or unsupported features.

8. Choose

8. Choose Configure > IConfigure > I nterfaces and Connections > Editnterfaces and Connections > Edit Interfaces/Connections

Interfaces/Connections in order to add/edit/delete the various interfaces. in order to add/edit/delete the various interfaces.

Highlight the interface with which you want to make changes and click Highlight the interface with which you want to make changes and click EditEdit if if you want to edit or change the interface configuration. Here you can change the you want to edit or change the interface configuration. Here you can change the existing static IP address.

(7)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

7 7//2

24

4 NA

NAT

T Configuration

Configuration

Dynamic NAT Configuration Dynamic NAT Configuration

Complete these steps in order to configure the dynamic NAT in a Cisco router. Complete these steps in order to configure the dynamic NAT in a Cisco router.

1. Choose

1. Choose Configure > NAT > Basic NATConfigure > NAT > Basic NAT and click and click Launch the selected taskLaunch the selected task in order to configure basic NATing.

(8)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

8 8//2

24

4

2. Click

2. Click NextNext..

3.

3. Choose the interface that connects to the Internet or your IChoose the interface that connects to the Internet or your ISP and choose theSP and choose the IP address range to which Internet access is to be shared.

IP address range to which Internet access is to be shared.

4.

4. This window This window appears and appears and shows the configuration summary shows the configuration summary configured by theconfigured by the user. Click

(9)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig

gu

urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

9 9//2

24

4

5.

5. The The Edit NAT Configuration window Edit NAT Configuration window shows the configured dynamic NATshows the configured dynamic NAT configuration with the translated IP address overloaded (PATing). If you want to configuration with the translated IP address overloaded (PATing). If you want to configure the dynamic NATing with address pool, click

configure the dynamic NATing with address pool, click Address PoolAddress Pool..

6. Click 6. Click AddAdd..

Here informations such as the pool name and IP address range with netmask Here informations such as the pool name and IP address range with netmask are provided. There can be times when most of the addresses in the pool have are provided. There can be times when most of the addresses in the pool have been assigned, and the IP address pool is nearly depleted. When this occurs, been assigned, and the IP address pool is nearly depleted. When this occurs, PAT can be used with a single IP address in order to satisfy additional requests PAT can be used with a single IP address in order to satisfy additional requests for IP addresses. Check

for IP addresses. Check Port Address Translation (PAT)Port Address Translation (PAT) if you want the if you want the router to use PAT when the address pool is close to depletion.

router to use PAT when the address pool is close to depletion.

7. Click 7. Click AddAdd..

(10)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

10 0//2

24

4

8. Click

8. Click EditEdit..

9. Choose

9. Choose Address PoolAddress Pool in the Type field, provide the name to the Address Pool in the Type field, provide the name to the Address Pool as

as pool1pool1 and click and click OKOK..

10.

10. This window This window shows the configuration for dynamic NATing with the address pool.shows the configuration for dynamic NATing with the address pool. Click

(11)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

11 1//2

24

4

Use this window in order to designate the inside and outside interfaces that you

Use this window in order to designate the inside and outside interfaces that you want to use in NAT translations. NAT uses the inside and outside designations want to use in NAT translations. NAT uses the inside and outside designations when it interprets translation rules, because translations are performed from when it interprets translation rules, because translations are performed from inside to outside, or from outside to inside.

inside to outside, or from outside to inside.

Once designated, these interfaces are used in all NAT translation rules. The Once designated, these interfaces are used in all NAT translation rules. The designated interfaces appear above the Translation Rules list in the main NAT designated interfaces appear above the Translation Rules list in the main NAT window.

window.

Static NAT Configuration Static NAT Configuration

Complete these steps in order to configure static NAT in a Cisco router. Complete these steps in order to configure static NAT in a Cisco router.

1. Choose

1. Choose Configure > NAT > Edit NAT ConfigurationConfigure > NAT > Edit NAT Configuration and click and click AddAdd in order to in order to configure static NATing.

configure static NATing.

2.

2. Choose Choose thethe DirectionDirection either from inside to outside or from outside to inside, either from inside to outside or from outside to inside, specify the inside IP address to be translated under

specify the inside IP address to be translated under Translate from InterfaceTranslate from Interface.. For the

For the Translate to InterfaceTranslate to Interface area select the Type. area select the Type. Choose

Choose IP AddressIP Address if you want the Translate from Address to be if you want the Translate from Address to be translated to an IP address defined in the IP Address field. translated to an IP address defined in the IP Address field. Choose

Choose InterfaceInterface if you want the if you want the Translate from AddressTranslate from Address to use the to use the address of an interface on the router. The

address of an interface on the router. The Translate from AddressTranslate from Address is is translated to the IP address assigned to the interface that you specify in translated to the IP address assigned to the interface that you specify in the Interface field.

the Interface field. Check

(12)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

12 2//2

24

4

This window shows the static NATing configuration with port redirection

This window shows the static NATing configuration with port redirection enabled.

enabled.

Routing Configuration

(13)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

13 3//2

24

4

2.

2. Enter the DeEnter the Destisti nation Network nation Network address with mask anaddress with mask and select either outgoingd select either outgoing interface or next hop IP address.

interface or next hop IP address.

This window shows the static route configured for the 10.1.1.0 network with This window shows the static route configured for the 10.1.1.0 network with 192.168.1.2 as the next hop IP address.

192.168.1.2 as the next hop IP address.

Dynamic Routing Configuration Dynamic Routing Configuration

Complete these steps in order to configure the dynamic routing in a Cisco router. Complete these steps in order to configure the dynamic routing in a Cisco router.

1. Choose

1. Choose Configure > Routing > Dynamic RoutingConfigure > Routing > Dynamic Routing.. 2.

(14)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

14 4//2

24

4

3. Check

3. Check Enable RIPEnable RIP, s, s elect the RIP veelect the RIP version, and clickrsion, and click AddAdd..

4.

4. Specify the Network address to bSpecify the Network address to be adve advertisertis ed.ed.

5. Click 5. Click OKOK..

(15)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

15 5//2

24

4

6. Click

6. Click Deliver Deliver in order to transfer the commands to the router. in order to transfer the commands to the router.

This window shows the dynamic RIP routing configuration. This window shows the dynamic RIP routing configuration.

(16)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

16 6//2

24

4

2. Choose

2. Choose Configure > Additional Tasks > Router Access > User Configure > Additional Tasks > Router Access > User Accounts/View

Accounts/View in order to add/edit/delete the User Accounts to the router. in order to add/edit/delete the User Accounts to the router.

3. Choose

3. Choose File > Save Running Config to PC...File > Save Running Config to PC... in order to save the in order to save the

configuration to the NVRAM of the router as well as the PC and to reset the configuration to the NVRAM of the router as well as the PC and to reset the current configuration to default (factory) settings.

(17)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

17 7//2

24

4

4.

4. Go to the Go to the task bar and task bar and choosechoose Edit > PreferencesEdit > Preferences in order to enable thesein order to enable these User Preferences options:

User Preferences options:

Preview commands before delivering to router. Preview commands before delivering to router. Save signature file to Flash.

Save signature file to Flash. Confirm before exiting from SDM. Confirm before exiting from SDM.

Continue monitoring interface status when switching mode/task. Continue monitoring interface status when switching mode/task.

5. Choose

5. Choose ViewView from the task bar if you want to: from the task bar if you want to: View the Home, Configure, or Monitor pages. View the Home, Configure, or Monitor pages. View the running configuration of the router. View the running configuration of the router. View various

View various showshow commands. commands. View SDM default rules. View SDM default rules. Choose

Choose RefreshRefresh in order to synchronize the router configuration if there in order to synchronize the router configuration if there are any configured through the CLI with SDM.

are any configured through the CLI with SDM.

CLI Configuration

Router Configuration Router Configuration Router#

Router#show runshow run

Building configuration... Building configuration... Current configuratio

Current configuration : n : 2525 bytes2525 bytes !

!

version 12.4 version 12.4

(18)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

18 8//2

24

4

enable password cisco

enable password cisco ! ! no aaa new-model no aaa new-model ! ! resource policy resource policy ! ! ! ! ! ! ip cef ip cef ! ! ! ! ! !

!--- RSA certificate generated after you enable the

!---!--- ip http ip http secure-servsecure-server er command. command. crypto pki

crypto pki trustpoint TP-self-signed-3trustpoint TP-self-signed-39237050292370502 enrollment selfsigned

enrollment selfsigned subject-nam

subject-name e cn=IOS-Self-cn=IOS-Self-Signed-CertiSigned-Certificate-39237ficate-3923705020502 revocation-check none revocation-check none rsakeypair TP-self-signed-392 rsakeypair TP-self-signed-392370502370502 ! ! ! !

crypto pki certificate chain TP-self-signed-392370502 crypto pki certificate chain TP-self-signed-392370502 certificate self-signed 01

certificate self-signed 01 3082023C 308

3082023C 308201A5 A00302201A5 A0030201 02020101 01 02020101 300D0609 2A8300D0609 2A864886 F70D0164886 F70D0101 0405001 04050 30312E30 2C0

30312E30 2C060355 04031360355 04031325 494F532D 25 494F532D 53656C66 2D553656C66 2D536967 6E656436967 6E65642D 436572D 43657 69666963 617

69666963 6174652D 3339324652D 33393233 37303530 33 37303530 32301E17 0D332301E17 0D303530 39323303530 39323330 3433330 34333 375A170D 323

375A170D 32303031 30313003031 30313030 30303030 30 30303030 5A303031 2E35A303031 2E302C06 03550402C06 03550403 1325403 13254 532D5365 6C6

532D5365 6C662D53 69676E62D53 69676E65 642D4365 65 642D4365 72746966 69672746966 69636174 652D3336174 652D3339 3233339 32333 35303230 819

35303230 819F300D 06092AF300D 06092A86 4886F70D 86 4886F70D 01010105 00001010105 0003818D 0030813818D 00308189 0281889 02818 C86C0F42 846

C86C0F42 84656325 70922056325 70922027 EF314C2F 27 EF314C2F 17C8BBE1 B4717C8BBE1 B478AFA3 FE2BC28AFA3 FE2BC2F2 3C272F2 3C272 A3B5E13A 139

A3B5E13A 1392A158 73D8FE2A158 73D8FE0D 20BFD952 0D 20BFD952 6B22890C 3876B22890C 38776830 241BE276830 241BE259 EE2AA59 EE2AA CF4124EA 37E

CF4124EA 37E41B46 A2076541B46 A2076586 2F0F9A74 86 2F0F9A74 FDB72B3B 615FDB72B3B 6159EEF7 0DEC7D9EEF7 0DEC7D44 BE48944 BE489 9E351BF7 F5C

9E351BF7 F5C808D9 2706C8808D9 2706C8B7 F5CE4B73 B7 F5CE4B73 39ED8A61 50839ED8A61 508F455A 68245AF455A 68245A6B D072F6B D072F 02030100 01A

02030100 01A36630 64300F36630 64300F06 03551D13 06 03551D13 0101FF04 0530101FF04 05300301 01FF3000301 01FF3011 0603511 06035 11040A30 088

11040A30 08820652 6F757420652 6F757465 72301F06 65 72301F06 03551D23 04103551D23 04183016 80148983016 80148943 F236943 F2369 ACD8CCA6 CA0

ACD8CCA6 CA04EC47 C68B814EC47 C68B8179 E205301D 79 E205301D 0603551D 0E00603551D 0E041604 14894341604 148943F2 36910F2 36910 D8CCA6CA 04E

D8CCA6CA 04EC47C6 8B8179C47C6 8B8179E2 05300D06 E2 05300D06 092A8648 86F092A8648 86F70D01 01040570D01 01040500 0381800 03818 3B93B9DC 7DA

3B93B9DC 7DA78DF5 6D1D0D78DF5 6D1D0D68 6CE075F3 68 6CE075F3 FFDAD0FB 9C5FFDAD0FB 9C58E269 FE36038E269 FE360329 2CEE329 2CEE3 D8661EB4 041

D8661EB4 041DEFEF E14AA7DEFEF E14AA79D F33661FC 9D F33661FC 2E667519 E182E667519 E185D586 13FBD65D586 13FBD678 F52E178 F52E1 E3C92ACD 527

E3C92ACD 52741FA4 4429D041FA4 4429D0B7 EB3DF979 B7 EB3DF979 0EB9D563 51C0EB9D563 51C950E0 11504B950E0 11504B41 4AE7941 4AE79 0DD0BE16 856

0DD0BE16 856B688C B727B3B688C B727B3DB 30A9A91E DB 30A9A91E 10236FA7 63B10236FA7 63BAEACB 5F7E86AEACB 5F7E8602 0C33D02 0C33D quit quit ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

!--- Create a user account named

!--- Create a user account named sdmsdm sdmsdm with all privileges. with all privileges. username sdmsdm privilege 15 password 0 sdmsdm

username sdmsdm privilege 15 password 0 sdmsdm ! ! ! ! ! ! ! ! ! ! ! ! interface Ethernet0/0 interface Ethernet0/0 no ip address no ip address shutdown shutdown half-duplex half-duplex ! !

!--- The LAN interface configured with a private IP address.

!--- The LAN interface configured with a private IP address. interface

interface FastEthernetFastEthernet1/01/0 ip

ip address 172.16.1.2 255.255.255.0address 172.16.1.2 255.255.255.0

!--- Designate that traffic that originates from behind

(19)

---w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

1

19 9//2

24

4

ip nat outside

ip

ip virtual-reasvirtual-reassemblysembly ! ! interface Serial2/1 interface Serial2/1 no ip address no ip address shutdown shutdown ! ! interface Serial2/2 interface Serial2/2 no ip address no ip address shutdown shutdown ! ! interface Serial2/3 interface Serial2/3 no ip address no ip address shutdown shutdown ! !

!--- RIP version 2 routing is enabled.

!--- RIP version 2 routing is enabled. router rip router rip version 2 version 2 network 172.1.0.0 network 172.1.0.0 no

no auto-summaryauto-summary

!--- This is where the commands to enable HTTP and HTTPS are configured.

!--- This is where the commands to enable HTTP and HTTPS are configured. ip http server ip http server ip http ip http secure-servesecure-serverr ! !

!--- This configuration is for dynamic NAT.

! !

!--- Define a pool of outside IP addresses for NAT.

!--- Define a pool of outside IP addresses for NAT. ip nat

ip nat pool pool1 192.168.1.3 192.168.1.10 netmask 255.255.255.0pool pool1 192.168.1.3 192.168.1.10 netmask 255.255.255.0

!--- In order to enable NAT of

!--- In order to enable NAT of the inside source address,the inside source address,

!--- specify that traffic from hosts that match access list 1

!--- are NATed to the address pool named pool1.

!--- are NATed to the address pool named pool1. ip nat inside source list 1 pool pool1

ip nat inside source list 1 pool pool1 !

!

!--- Access list 1 permits only 172.16.1.0 network to be NATed.

!--- Access list 1 permits only 172.16.1.0 network to be NATed. access-list 1 remark SDM_ACL

access-list 1 remark SDM_ACL Category=2Category=2 access-list 1 permit 172.16.1.0 0.0.0.255 access-list 1 permit 172.16.1.0 0.0.0.255 !

!

!--- This configuration is for static NAT

!--- In order to translate the packets between the real IP address 172.16.1.1 with TCP

!--- port 80 and the mapped IP address 192.168.1.1 with TCP port 500.

ip nat inside source

ip nat inside source static tcp 172.16.1.1 80 192.168.1.3 500 extendablestatic tcp 172.16.1.1 80 192.168.1.3 500 extendable

! ! ! ! ! ! ! !

!--- The default route is configured and points to 192.168.1.2.

!--- The default route is configured and points to 192.168.1.2. ip route 0.0.0.0 0.0.0.0 192.168.1.2

(20)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

2

20 0//2

24

4

! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! line con 0 line con 0 line aux 0 line aux 0

!--- Telnet enabled with password as

!--- Telnet enabled with password as sdmsdm.sdmsdm. line vty 0 4 line vty 0 4 password sdmsdm password sdmsdm login login ! ! ! ! end end

Verify

Choose

Choose Configure > IConfigure > I nterface & Connections > Edit Interface nterface & Connections > Edit Interface Connections Connections >> Test Connection

Test Connection in order to test the end-to-end connectivity. You can specify the in order to test the end-to-end connectivity. You can specify the remote end IP address if you click the

remote end IP address if you click the User-specifiedUser-specified radio button. radio button.

Troubleshoot

The

The Output Interpreter ToolOutput Interpreter Tool ( (registeredregistered customers only) (OIT) supports certain customers only) (OIT) supports certain showshow commands. Use the OIT to view an analysis of

commands. Use the OIT to view an analysis of showshow command output. command output. Note:

Note: Refer toRefer to Important Information on Debug CommandsImportant Information on Debug Commands before you issue debug before you issue debug commands.

commands.

You can use these options in order to troubleshoot: You can use these options in order to troubleshoot:

Choose

Choose Tools > Update SDMTools > Update SDM from the task bar in order to ping, Telnet, and from the task bar in order to ping, Telnet, and upgrade the SDM to the latest version. You can do this from Cisco.com, from upgrade the SDM to the latest version. You can do this from Cisco.com, from the local PC, or from the CD.

(21)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

2

21 1//2

24

4

Choose

Choose Help > About this Router Help > About this Router in order to view information on the hardware in order to view information on the hardware configuration of the router.

configuration of the router.

This window shows information about the IOS image stored in the router. This window shows information about the IOS image stored in the router.

(22)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

2

22 2//2

24

4 Comatibility of SDM with 64-bit OS

Comatibility of SDM with 64-bit OS

SDM is not supported on machines with 64-bit OS. You should install SDM on the SDM is not supported on machines with 64-bit OS. You should install SDM on the router and access it through the web browser.

router and access it through the web browser. Refer to

Refer to Task 4: Install the SDM FilesTask 4: Install the SDM Filesfor more information on the installation of SDMfor more information on the installation of SDM files on the router.

files on the router.

Unable to Launch the SDM through Web Browser

Problem Problem

When you use SDM through the web browser, an SDM start up error message When you use SDM through the web browser, an SDM start up error message appears.

appears. Solution 1 Solution 1

The issue could be with the version of the Java. The Java update may not be The issue could be with the version of the Java. The Java update may not be compatible with the SDM version. If the version of Java is Java 6 update 12, then compatible with the SDM version. If the version of Java is Java 6 update 12, then uninstall that version and install Java 6 update 3

uninstall that version and install Java 6 update 3. This fixes the problem. Refer to. This fixes the problem. Refer to the

the Web Browser Versions and Java Runtime Environment VersionsWeb Browser Versions and Java Runtime Environment Versions section of section of SDMSDM 2.5 Release Note

2.5 Release Note for more information about the compatibility. SDM version 2.5 runs for more information about the compatibility. SDM version 2.5 runs under u

(23)

w

ww

w..c

ciis

sc

co

o..c

co

om

m//e

en

n//U

US

S//p

prro

od

du

uc

ctts

s//s

sw

w//s

se

ec

cu

urrs

sw

w//p

ps

s5

53

31

18 8//p

prro

od

du

uc

ctts

s_

_c

co

on

nffiig u

g urra

attiio

on

n_

_e

ex

xa

am

mp

plle

e0

09

91

18

86 6a

a0

00

08

80

07

73 3e

e0

06

67 7..s

sh

httm

mll

2

23 3//2

24

4

Su

Subscrbscribibee

Start A New Discussion

Error: java.bling stack overflow

Problem Problem

I am unable to connect to the SDM, and I receive this error message: I am unable to connect to the SDM, and I receive this error message:

java.bling stack over flow java.bling stack over flow Solution

Solution

This problem usually occurs when Java code version 1.5.0_06 is used. For information This problem usually occurs when Java code version 1.5.0_06 is used. For information on how to resolve this issue, refer to

on how to resolve this issue, refer to The user is unable to connect to Security DeviceThe user is unable to connect to Security Device Manager (SDM) and receives the java.bling stack over flow error message

Manager (SDM) and receives the java.bling stack over flow error message..

Cisco Support Community - Featured Conversations

Cisco Support Community

Cisco Support Community is a forum for you to ask and answer questions, share is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers. Below are just some of the most recent suggestions, and collaborate with your peers. Below are just some of the most recent and relevant conversations happening right now.

and relevant conversations happening right now.

Want t

Want to see o see more? Join us more? Join us by cby clickinglicking herehere Site To Site

Site To Site VPVPN(IPSEC)N(IPSEC)adminadmin 2 Replies2 Replies 9 years, 6 months ago9 years, 6 months ago

857 dhcp config

857 dhcp configkayasamankayasaman 16 Replies16 Replies5 years, 6 months ago5 years, 6 months ago

SDM Express

SDM Express rcamacho24rcamacho24 1 Reply1 Reply5 year5 years, 7 months ags, 7 months agoo

Port Forwar

Port Forwarding with ding with Cisco SB107Cisco SB107GORDONHAYGORDONHAY 4 Replies4 Replies 7 years, 3 months ago7 years, 3 months ago

cannot connect to 2821 router using

cannot connect to 2821 router using SDMSDMkalpapathumkalpapathum 3 Replies3 Replies5 years, 1 month ago5 years, 1 month ago

877W, SDM Express and getting it...

877W, SDM Express and getting it...davidrawledavidrawle 25 Replies25 Replies5 years, 5 days ago5 years, 5 days ago

Router SDM basic Firewall

Router SDM basic Firewall configuratconfigurationionrleung2001rleung2001 2 Replies2 Replies6 year6 years, 10 months as, 10 months agogo

Do Network Engineers still us

Do Network Engineers still use CLI to..e CLI to....LATINMUSIC74LATINMUSIC74 5 Replies5 Replies2 years, 1 month ago2 years, 1 month ago

What is SDM (security device manager)???

What is SDM (security device manager)??? sathyasavsathyasav 12 Replies12 Replies1 year, 1 year, 9 months 9 months agoago

Related Information

Cisco Security Device Manager Installation Guide Cisco Security Device Manager Installation Guide Cisco Product Support Page - Routers

Cisco Product Support Page - Routers Cis

Cisco Configuration Professco Configuration Professional ional Support PageSupport Page NAT Support Page

NAT Support Page Technical

Technical Support & Documentation - Support & Documentation - CisCisco Systco Systemsems U

Uppddaatteedd: : JJuul l 2277, , 22001111 DDooccuummeennt t IIDD: : 7711330055

Infor

Information mation For For

Small Business

Service

Service ProProvider vider

Executives Executives Home Home Contacts Contacts

News & Alerts News & Alerts

Ne Newwsroomsroom Blogs Blogs Ne Newwsletterssletters Field Notices Field Notices Security Advisories Security Advisories Technology Trends Technology Trends Support Support Do Dowwnloadsnloads Documentation Documentation Communities Communities De

Developer Netwveloper Networkork

Learning N

Learning Netwetworkork

Support Community Support Community About Cisco About Cisco Investor Relations Investor Relations