Cisco Configuration Professional Troubleshooting. From Doc. Wiki. Introduction. Cisco Configuration Professional Cisco CP is a GUI based device management tool for Cisco access routers. This tool simplifies routing, firewall, IPS, VPN, unified communications, WAN, and LAN configuration through GUI based wizards. Using Cisco CP, network administrators and channel partners can deploy routers with ease. It offers one click router lock down and voice and security auditing capability to check and recommend changes to router configuration. Cisco CP also monitors router status and troubleshoots WAN and VPN connectivity issues. CiscoCatalyst3. ThinClient SSL VPN technology can be used to allow secure access for applications that use static ports. Examples are Telnet 23, SSH 22, POP3 110, IMAP4 143. This document provides a sample configuration for the LANtoLAN SitetoSite IPsec tunnel between Cisco Security Appliances ASAPIX and a Cisco IOS Router. Cisco has ceased development on the IPSec VPN client, and shifted to pushing the SSL VPN client for remote VPN access for both IOS and ASA platforms. But that costs. Cisco CP is free and you can download it from. This document contains troubleshooting information for Cisco CP. Contents. The troubleshooting information available is as follows. Minimum screen resolution for Cisco CPCisco CP requires a screen resolution of at least 1. JRE settings for Cisco CPThe following JRE settings are needed for Cisco CP to function properly. Go to Start Control Panel Java. Click View under Java Applet Runtime Settings. Introduction. Cisco Configuration Professional Cisco CP is a GUI based device management tool for Cisco access routers. This tool simplifies routing, firewall, IPS. Select your JRE in use. Set the Java runtime parameters with the value Xmx. Dsun. java. 2d. d. In addition, if JRE is upgraded to versions 1. Cisco CP. Go to Start Control Panel Java Advance. Select Java Plug in tree. Java For Cisco Sdm' title='Java For Cisco Sdm' />Uncheck the check box for Enable next generation Java Plug in. Restart Cisco CP. Pop up screens appearing on primary monitor if Cisco CP is moved to extended monitor. Symptom If Cisco CP is running on a laptop that is also connected to an external monitor and the screen is set for extended display, pop up dialog boxes of all SDM applet security pages, routing pages, and help pages appear on the primary monitor. Connect the monitor to a laptop and set the screen for extended display. Launch Cisco CP and move it to secondary screen. Click Configure Security Security Audit Perform Security Audit. The Audit screen appears in the primary monitor and Cisco CP in the secondary monitor. Workaround There is no workaround. Cisco IOS enforces one time use of default credentials. To address CSCsm. Cisco IOS images included with recent shipments of Cisco 8. Cisco 1. 80. 0, Cisco 2. Java For Cisco Sdm' title='Java For Cisco Sdm' />Cisco 2. Cisco 3. Cisco 3. Cisco CP configuration file. If you bypass Cisco CP or Cisco CP Express and use a console or Telnet connection to log into the router, the login and exec banners warn you that you must change the user name to cisco and the password to cisco before you log off the router. If you do not change the credentials as directed, you will not be able to log into the router the next time that you attempt to do so. The following Cisco IOS releases enforce the one time use of the default credentials. T or later. 1. 2. Devil May Cry 4 Compressed here. SW, 1. 2. 41. 1SW1, 1. XV, 1. 2. 41. 1XJ. T5, 1. 2. 49T6. M or later. Follow the procedure in this section to secure the router by creating a new username and password, to remove the login banner and exec banner warnings, and to save the configuration changes to the router startup configuration. Note If you log into the router using a Telnet or a console connection but do not complete the steps in this procedure, be aware of the following. If you do not change the default username and password, and log off the router, you will not be able to log into the router again without entering the reload command. No additional warning is given before you log off. If you do not change the default username and password, but do enter the write memory command before ending the session, future logins are disabled. In this case, you will need to follow the password recovery procedure at the following link. USproductsswiosswrelps. To secure the router, remove the banner warnings, and save the changes to the router startup config, complete the following steps. Connect the blue console port on your router to a serial port on your PC using the light blue console cable, included with your router. See your routers hardware installation guide for instructions. Connect the power supply to your router, plug the power supply into a power outlet, and turn on your router. See your routers quick start guide for instructions. Use Hyper. Terminal or a similar terminal emulation program on your PC, with the terminal emulation settings of 9. When prompted, enter the username cisco, and password cisco. Enter configuration mode by entering the following command. Create a new username and password by entering the following command. Replace username and password with the username and password that you want to use. Remove the default username and password by entering the following command. To remove the login banner, enter the following command. The login banner warning will no longer appear. To remove the exec banner, enter the following command. The exec banner warning will no longer appear. Leave configuration mode by entering the following command. Copy the configuration changes to the startup configuration by entering the following command. When logging into the router in the future, use the username and password that you created in 6. Cisco CP Merge and Replace Configuration Functions Fail Under Some Conditions. The problem described here is caveat CSCsj. If you attempt to merge configuration changes made using the Cisco CP Config Editor feature, or replace the running configuration with a configuration from the Config Editor, the router configuration will not be changed if there is a network device with a Network Address Translation NAT IP address, or a cache engine in the connection between the PC and the router. If you need to make changes to the router configuration that you would normally make using the Cisco CP Config Editor, use the Cisco IOS CLI instead. Cisco CP Security Dashboard May Display Threats Unrelated to Your Cisco IOS IPS Installation. Some or all of the top threats you obtain using the Cisco CP Security Dashboard may not pertain to your Cisco IOS IPS installation. After you deploy the signatures applicable to the top threats displayed by the Cisco CP Security Dashboard, the dashboard may still display some or all top threats with a red icon because applicable signatures could not be found. Those remaining top threats are unrelated to your Cisco IOS IPS installation and are not a danger to your router running Cisco IOS software. Cisco CP May Lose Connection to Network Access Device. This note concerns the Network Admission Control NAC feature. If the PC used to invoke Cisco CP returns a posture state Healthy, Infected, Checkup, Quarantine, or Unknown and if the group policy on the ACS server attached to the posture token assigned to the PC has a redirect URL configured, the connection between Cisco CP and the router acting as the Network Access Device NAD may be lost. The same problem can occur if an exception list entry attached to a policy with a redirect URL is configured with the IP address or MAC address of the PC. If you try to reinvoke Cisco CP from this type of PC, you will not be able to do so because the browser will be redirected to the location specified in the redirect URL. There are two workarounds for this problem. Ensure that the PC that you use to invoke Cisco CP attains a posture token that has an associated group policy on the ACS server that is not configured with a redirect URL.