(as a personal reference dedicated to Nanook)
The router configs for this post came from “Installing SDM” (1) YouTube video posted by "Cisco Learning Institute" (CSSIAdotORG)
I'm installing SDM-V25 (Cisco’s Security Device Manager) on a c3725 in GNS3 from a WinServer 2008 VM. I’m sure you can use an XP VM to do this. Note that SDM is EoL (End-of-Life) and is replaced (?) by CCP (Cisco Configuration Professional)… but I believe, at this time, SDM is still in the CCNA Security curriculum (?). See: http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html
All ready configured:
- During my installation of SDM it quickly informed me I didn’t have Java so I downloaded the latest version: Version 7 Update 13 (build 1.7.0_13-b20) on the WinServer08 VM
- I have my “Host-only Adapter” set to 10.1.50.1/24
- On the GNS3 c3725 router I have the connecting interface set to 10.1.50.2/24
- Ping works both ways so we have connectivity up to layer 3 (or is it layer 4…???? I’ll come back to this in a future post).
- I’m using chris for my username and cisco for the password
First thing, prep the router:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip http server
R2(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R2(config)#
*Mar 1 00:11:56.183: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#
*Mar 1 00:11:56.291: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new
certificate
R2(config)#ip http authentication local
R2(config)#username chris privilege 15 secret 0 cisco
R2(config)#line vty 0 4
R2(config-line)#privilege level 15
R2(config-line)#login local
R2(config-line)#transport input telnet ssh
R2(config-line)#end
R2#wr
Building configuration...
Since this is in my lab I didn't configure a timeout-policy. Had I wanted to, it would look like this:
R2(config)#ip http timeout-policy idle 300 life 86400 requests 10000
Also there is no need to hide my password… again, this is in my lab. Had I wanted to hide my secret password it would look like this:
R2(config)#username chris privilege 15 secret 5 cisco
At this point I went into the SDM—V25 folder and ran setup.exe …
Since this is the first time I’m installing it, I chose “Both (computer and router)”…
I entered the hostname/IP, username and password:
Then click Next >
I then notice some messages on the router:
R2#
*Mar 1 00:50:09.515: %SYS-5-CONFIG_I: Configured from console by chris on vty0 (10.1.50.1)
R2#
*Mar 1 00:50:14.315: %SYS-5-CONFIG_I: Configured from console by chris on vty0 (10.1.50.1)
R2#
*Mar 1 00:50:16.479: %SYS-5-CONFIG_I: Configured from console by chris on vty0 (10.1.50.1)
R2#
*Mar 1 00:50:18.623: %SYS-5-CONFIG_I: Configured from console by chris on vty0 (10.1.50.1)
R2#
*Mar 1 00:50:20.711: %SYS-5-CONFIG_I: Configured from console by chris on vty0 (10.1.50.1)
R2#
*Mar 1 00:50:24.023: CRYPTO_PKI: Can not select private key (TP-self-signed-78181248)
This last line is interesting…
There is trouble afoot!
In this Post here (see Post)… (2) the OP was having the same problem but was able to copy the sdm.tar and common.tar files to the router’s flash… I’ll try that using a tftp server on the WinServer08 VM (I’m working on a post on how to setup a tftp server in a VM to transfer files… coming soon)
The common.tar file:
The sdm.tar file:
The sdm.tar file was almost 5 times the size and took almost 5 times longer to download – anyway, I digress.
Now, I’ll try installing SDM again but this time I’ll only install it on the computer (WinServer08 VM):
And then Launch Cisco SDM. For the “Device IP Address or Hostname:” I’ll use the router’s IP (10.1.50.2):
This invokes another problem. From the post’s I read here (see Post) (3) apparently MS Internet Explorer doesn’t play nice with SDM and IE is my default browser (SDM run’s in your default browser). So I decided to install FireFox and make that my default browser. Now, let’s try that again (and of course, disable FireFox’s popup blocker):
Then, a second authentication is required:
Then there’s a third pop-up – this time Java wants in on the action:
And that works! Ten pop-up windows later and you’re in SDM!
Well, I hope we all learned a lesson or two here:
- Manually transfer the sdm.tar and common.tar files to your router
- Use FireFox!
But wait, there’s more. Now that I have the .tar files on the router, will GNS3 save those files or will I be SOL next time I reload that topology?!? Also, did I even need to install those .tar files on the router in the first place? I did read about this a while back but am blank at the moment...
- Will GNS3 save those files after I exit? –Answer: Yes. Upon closing out GNS3 (AFTER saving the topology: nvrams / virtual hard drives AND IOS startup configs – something you should be used to by now) – upon closing GNS3 and then reloading the file, the .tar files are there and everything is working peachy!
- Did I need to install those .tar files in the first place? To find out, I replaced the router I’ve been using (R2) with a new router, same configs as above except this router doesn’t have the .tar files. Ping is successful between WinServer08 and the new router so I’ll try and startup SDM…
AND… well, I was able to run SDM and access the router without the .tar files on the router itself. I’m not sure if this will introduce any problems down the road as I’m new to SDM. I was able to configure EIGRP using SDM and the router now as that AS in its running config (… also: show ip proto) so… I don’t know. If I run into any problems I’ll edit this post. Until then, we learned how to install SDM on a local host and install the .tar files on a router using tftp… and we learned it “Just for my reference”. Btw, I’m not using SDM for anything… not right now anyway; I was actually working on installing a RADIUS server and came across this problem and thought I’d give it a go. Santé!
Ref:
1) http://www.youtube.com/watch?v=4FMD8eHL9m4
2) https://supportforums.cisco.com/thread/180578
3) https://learningnetwork.cisco.com/thread/26073
Thank you, really useful.
ReplyDelete