Cisco 1841,SDM will not connect nor install
I am trying to install a VPN Server on my Cisco 1841 router. When I try to connect SDM it will not connect. I tried reinstalling the SDM on the router, but it comes to a stage & says "copy operation failed".
I tried to install VPN through CLI, but the CLI doesn't recognize the CRYPTO command.
Need your quickest advise.
Software/Hardware used:
Software/Hardware used:
ASKED:
July 28, 2009 8:30 PM
UPDATED:
February 2, 2012 6:46 AM
Answer Wiki:
If the 1841 does not recognise the CRYPTO command in config mode, then you do not have a version of the IOS with the features needed to configure a VPN. If you post the software version from the '<b>show ver</b>' command, then we can confirm that.
Can't advise much on SDM as I have never used it. I suspect you cannot copy it onto the router because it has not enough free flash memory. SDM also requires an IP address configured, the interface up (no shutdown) and the http server enabled (or maybe the https one).
Post some more specific information about the router and the IOS version, and possibly the config (remove any passwords, company information, and change IP addresses) and we can help you further.
<b>Not so sure, but maybe these will help:
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
access-list 23 permit 10.10.10.0 0.0.0.7 (replace with yours)</b>
To see all answers submitted to the Answer Wiki: View Answer History.
BlankReg,
Thanks for your answer. The software version is as below:
Using 1148 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouTer
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$zsdO$YDpRkybMvgxRExqCPSHe70
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
RouTer#sh ver
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(3i), RELEASE SO
FTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 28-Nov-07 18:17 by stshen
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
RouTER uptime is 1 day, 18 hours, 48 minutes
System returned to ROM by power-on
System image file is “flash:c1841-ipbase-mz.124-3i.bin”
Cisco 1841 (revision 7.0) with 114688K/16384K bytes of memory.
Processor board ID FCZ1233742N
2 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0×2102
Thanks for your prompt reply.
I believe that you need the Advanced Security version of the software for teh CRYPTO command.
That version would look more like..
Cisco IOS Software, 1841 Software (1841-ADVSECURITYK9-M), Version 12.4(xx)xx, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Thanks for your kind advise & I have upgraded my IOS as below, but still facing SDM installation problem:
ROUTER#sh run
Building configuration…
Current configuration : 2957 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$zsdO$YDpRkybMvgxRExqCPSHe70
!
aaa new-model
!
!
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip name-server 100.23.23.24
ip name-server 100.23.23.25
ip name-server 4.2.2.2
!
!
crypto pki trustpoint TP-self-signed-1334741160
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1334741160
revocation-check none
rsakeypair TP-self-signed-1334741160
!
!
crypto pki certificate chain TP-self-signed-1334741160
certificate self-signed 02
30820241 308201AA A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333334 37343131 3630301E 170D3039 30383039 31393233
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33333437
34313136 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D5BB 6C117635 CC54BCE6 E632043D 047199E7 89375457 CD4D96C3 EFE57200
C120B44A C82159B3 0CADB656 0CDAE36D 10EDB600 829FC95D C11F312D 678E5943
741759F6 DC73FDD5 16430171 841B2418 2C33E778 F56BF1F8 5730C248 029EAEE7
39E68EC3 FECB034A 5F4B545E B804575C C6BA0931 DFD1FBAB 01890776 437D9AE2
56F6F9E2 AD
quit
username danny secret 5 $1$6W0I$7Y/JOq.CTSs1/1uAokYnH0
username mike secret 5 $1$7OS4$zbHrf//iTDd9To23KJQxs0
username khan view root password 7 045A180A0E2C47460817
username userdan privilege 15 view root secret 5 $1$7L73$HKquyLgbIlDXZM2aY0o8q/
!
!
!
!
!
!
interface FastEthernet0/0
description to LAN
ip address 192.168.100.6 255.255.255.252
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 212.76.76.54 255.255.255.248
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.100.5
!
ip http server
no ip http secure-server
!
snmp-server community survival101 RO
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login authentication local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
ROUTER#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(19b), RE
LEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 13-Jun-08 01:35 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
ROUTER uptime is 5 hours, 52 minutes
System returned to ROM by reload at 13:52:21 UTC Sun Aug 9 2009
System image file is “flash:c1841-advsecurityk9-mz.124-19b.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.
Processor board ID FCZ1233742N
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0×2102
ROUTER#sh config
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$zsdO$YDpRkybMvgxRExqCPSHe70
!
aaa new-model
!
!
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip name-server 100.23.23.24
ip name-server 100.23.23.25
ip name-server 4.2.2.2
!
!
!
username danny secret 5 $1$6W0I$7Y/JOq.CTSs1/1uAokYnH0
username mike secret 5 $1$7OS4$zbHrf//iTDd9To23KJQxs0
username khan view root password 7 045A180A0E2C47460817
username userdan privilege 15 view root secret 5 $1$7L73$HKquyLgbIlDXZM2aY0o8q/
!
!
!
!
!
!
interface FastEthernet0/0
description to LAN
ip address 192.168.100.6 255.255.255.252
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 100.23.23.24 255.255.255.248
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.100.5
!
ip http server
no ip http secure-server
!
snmp-server community survival101 RO
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
end
Now, when I am trying to install SDM on the router the message appears: “”"cannot install sdm components because http is denied or ip http authentication local command is not enable on the router. HTTP access must be enabled with sufficient privileges before installation can proceed.”"”"
Need your expert help in getting this working as facing lot of problems due to this.
Thanks.
Not so sure, but maybe these will help:
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
access-list 23 permit 10.10.10.0 0.0.0.7 (replace with yours)
I have a problem where after upgraded 1841 router from c1841-ipbase-mz.124-1c.bin toc1841-advipservicesk9-mz.124-3i the router still wouldn’t accept the crypto command.
Please help