Hello all.
I know that there are snippets here and there with SDM issues. I am but the latest person that is struggling with this problem. I've had wonderful luck with previous posts here, so I thought I'd give it a shot.
So, I'm looking at taking my CCNA Security exam. I'm overseas in Iraq, and equipment is hard to come by. So, I've loaded up GNS3. To say THAT was a learning curve is an understatement!! But, I finally have GNS3 running successfully. So, let me give you my system setup, and we'll go from there.
I'm running an i7 machine with Windows 7 64 bit Home Premium, 4 Gb of DDR3 ram. It is up to date on all patches, etc.
I am running IE 9, with pop-up blocker turned off during my sessions of frustration with this problem (I use Firefox for most web traffic)
I have the latest Java update, which I think is v.29.
So, GNS3 running. I have a MS Loopback adapter configured with 192.168.1.1 in the "cloud". It is connected via fa0/0 to my 2610XM router, running
(C2600-ADVSECURITYK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2). Here is my config for the router:
aaa new-model
aaa authe login AAA_LIST_NAME local
username xxx priv 15 secret xxx
int fa0/0
ip address 192.168.1.254 255.255.255.0
no shut
int s0/0
ip address 10.0.0.1 255.255.255.0
clockrate 192000
no shut
ip http server
ip http secure-server
ip http authe local
line con 0
privi level 15
login authe AAA_LIST_NAME
line vty 0 15
privi level 15
login authe AAA_LIST_NAME
This is just a basic config to get the darn router up and running. I'm hoping to begin to use SDM to config the darn thing, etc. I mean, Cisco REQUIRES SDM knowledge for the CCNA Security Exam. I even bought my own 2620XM router, which is due here anytime. But, I digress..in the meantime, I'm stuck with GNS3.
So, as you can see, I've set up basic authentication with my router. The Fa0/0 is set with 192.168.1.254. I'm running http secure-server to allow HTTPS access.
Now, here comes the problems.
1. Sometimes I'm able to fully connect into the router with SDM. It will show me the homepage, and allow me to even configure routing. However, when I go to set up a Site to Site VPN, it just sits there...and does nothing. IDS doesnt work, nor does Firewall options.
2. I get the following errors sometimes without connection:
THe IP Address or hostname is not a valid address or is unreachable. (I can ping it)
HTTP or HTTPS is disabled on the router. (uh, look at the config, it's there and running).
I sometimes try and click the "Use HTTPS" for connection, and it gives me the error above. I dont click on it and it connects.
See, now, I clicked on the box JUST NOW, and it connected..it must know I'm telling on it
When it does connect, like now, it shows all features are green and available. IP is enabled; the remaining are available, but not enabled (no check marks). VPN is showing "up" but (0) because there are no tunnels yet configured.
So, again, I go to configure tab, down to VPN icon on the left. Then I select Site to Site VPN. I ensure the radio button is selected for Create a Site to Site VPN, and hit the "Launch the selected task" button. And nothing happens...it just sits there.
So, is it the IOS? I thought advsecurityk9 supported VPN. I know if I go into CLI and click crypto isakmp enable it will turn on, and it appears I can configure it manually. But I need to get the hang of SDM.
Any thoughts would be MUCH appreciated.
As a side note...if SDM is so lame, and it's being replaced, why does Cisco STRESS the darn thing for the CCNA Security exam? It's maddening! I can't wait for my router to get here, so I can try this for real..I'm afraid of what might happen
