The premiere source of truth powering network automation. Open and extensible, trusted by thousands.
NetBox is now available as a managed cloud solution! Stop worrying about your tooling and get back to building networks.
SDM Requires More Than 256MB Java Heap Size
By stretch | Friday, November 12, 2010 at 2:36 a.m. UTC
As a network engineer, I try to avoid GUI configuration tools. Browsing through the CCNA Security book from Cisco Press, however, I was tempted to walk through the IPS configuration process demonstrated. I quickly configured the bare minimum on a router required to run SDM, and had the GUI up and running a minute later.
Unfortunately, when I went to click the IPS tab under the configuration portion of the utility, I met with an error message.
Your current Java memory heap size is less than 256 MB, the amount required for IOS IPS to run. To change the Java memory heap size, open the Java control panel and enter -Xmx256m in the Java Applet Runtime Settings dialog. This dialog is in the Java tab, or in the Advanced tab of the Java control panel. After you have changed the Java heap size, restart Cisco SDM. Click Help for more information.
It turns out this is a lie. SDM, at least the most recent version, actually requires more than 256 MB of Java heap space. I was successful after setting a limit of 512 MB. In an effort to save others the same trouble I had in the future, here's how to fix this on Windows 7:
- Open the Control Panel.
- Navigate to Programs, and open the Java control panel.
- Under the Java tab, in the Java Runtime Environment Settings pane, click View.
- For all enabled Java versions, enter -Xmx512m under Runtime Parameters.
- Hit OK and close the control panel.
Finally, close all instances of SDM (including any browser pages) and restart it. You should now be able to access the IDS/IPS interface in SDM.
Posted in Random
Comments
November 12, 2010 at 3:09 a.m. UTC
I just want to throw up every time I try the GUI tools... 512Mb, really, that is a Jabba the Hutt of a program!
November 12, 2010 at 9:21 a.m. UTC
java the hutt....!!
November 12, 2010 at 4:51 p.m. UTC
i like the sdm for doing vpn templates, and also good for a qos template (auto qos style), and also its brother on the asa is really nice, way too many lines of cli config to parse through, the old pix sdm sucked all together, but the new versions of asa are fantastic
November 12, 2010 at 6:54 p.m. UTC
Have you tried Cisco Configuration Professional? It's the replacement to SDM, and I find it much more compatable with the more recent versions of Java. I find that whenever I use SDM I have to downgrade my Java to an older version, but the newest versions usually work fine with CCP. Also, most of the screens and wizards used in CCP are exactly the same (or close enough) to SDM.
November 12, 2010 at 6:56 p.m. UTC
SDM/CCP blows. I have no idea why anyone would EVER use those programs. The only time I was glad to use CCP was to configure IOS Content Filtering which is mind numbing to try and figure out in the CLI.
ASDM for the ASA platform is very good, but I only use it for doing VPN related stuff or searching the logging buffer. Other than that, CLI is much faster.
Cisco needs to get their ASDM team to show the SDM/CCP team how to do an interface right....
November 12, 2010 at 9:17 p.m. UTC
I am teaching the CCNA Security curriculum from the Cisco Networking Academy program. Cisco Config Professional is much more reliable than SDM. All PCs in the lab room are Debian boxes and CCP is run within a dedicated XP image on top of KVM virtualisation. This was the only way I found to garantee all the students would get the same behaviour with this kind of tools.
Is it a general tendency to run one tool per virtualized system these days ?!
November 13, 2010 at 8:53 a.m. UTC
if you are running IE9 you will need to do this as well as disabling all your ad-ons with IE9.
November 14, 2010 at 4:44 a.m. UTC
One of the issues with the current CCNA Security exam is that it tests you on the gui tools using SDM - not CCP.
November 14, 2010 at 1:56 p.m. UTC
I ran into this problem too when I was trying to manage an AIP-SSM module in an ASA5510 via ASDM.
To resolve this issue, I manually set the heap sizes in the adsm configuration file so that only this application would use the larger heap sizes instead of all applications.
Filename: adsm-launcher.conf
Add the following lines:
vmparam -Xms256m vmparam -Xmx512m
November 15, 2010 at 4:23 p.m. UTC
They have this exact issue with CTC for their optical platform. We recently migrated our client side to version 8.5 and they recommended we set every machine to allow for a heap size of 512mb in the system environment variables.
At least this makes somewhat more sense since CTC is much larger app than say SDM.
November 16, 2010 at 8:58 p.m. UTC
Hmm.... the SDM and java versions and Win 7 IE 8 FF 3.6 combinations are a mine field... I have SDM working and now thanks to this forum IPS works to... However 'Additional Tasks' is broken nothing populates when I click it!!
I think an older version of JRE is required 1.4.05... but that doesn't seem compatible with the newer versions of IE or FF!!
Nightmare...why do cisco have to base an exam on such an un-compatible tool!!
November 17, 2010 at 11:49 a.m. UTC
@joshlowe: thanks for mentioning the CCP i had no idea it even existed, now i'm trying to use it, it very much user frendly than SDM, though as everyone i prefer cli. bye
December 16, 2010 at 5:55 a.m. UTC
CCP is a huge improvement over SDM. Now, IOS IPS aside...for actually sensor configuration and monitoring just use IME (IPS Manager Express) to configure IPS. You might even like the tool. IME does not support IOS IPS at this time though.
February 17, 2011 at 9:34 p.m. UTC
I have window 7 64bit , I changed the runtime parameters to -Xmx512m my IPS connection still give the pop up window that "Java memory heap size is less than 256 MB"
java runtime version it shows
platform 1.6
product 2.6.0_24
path c/program files (x86)
runtime parameters -Xmx512
enabled
still no go/ can someome pls help.
Thanks
May 3, 2012 at 8:26 p.m. UTC
Thanks Stretch and @pixitha - the .conf fixed my issue with this!