User Guide
Page 12
... 18 Edit Easy VPN Remote 18 Add or Edit Easy VPN Remote 23 Add or Edit Easy VPN Remote: General Settings 25 Network Extension Options 28 Add or Edit Easy VPN Remote: Easy VPN Settings 28 Add or Edit Easy VPN Remote: Authentication Information 30 Add or Edit Easy VPN Remote: Easy VPN Client Phase III Authentication 33 Add or Edit Easy VPN Remote: Interfaces and Connections 35 Add or Edit Easy VPN Remote: Identical Addressing 37 Easy VPN Remote: Add a Device 39 Enter SSH Credentials 39 XAuth Login Window 40 Other Procedures 40 Cisco Router and Security Device Manager 2.5 User's Guide xii...
... 18 Edit Easy VPN Remote 18 Add or Edit Easy VPN Remote 23 Add or Edit Easy VPN Remote: General Settings 25 Network Extension Options 28 Add or Edit Easy VPN Remote: Easy VPN Settings 28 Add or Edit Easy VPN Remote: Authentication Information 30 Add or Edit Easy VPN Remote: Easy VPN Client Phase III Authentication 33 Add or Edit Easy VPN Remote: Interfaces and Connections 35 Add or Edit Easy VPN Remote: Identical Addressing 37 Easy VPN Remote: Add a Device 39 Enter SSH Credentials 39 XAuth Login Window 40 Other Procedures 40 Cisco Router and Security Device Manager 2.5 User's Guide xii...
User Guide
Page 15
Contents General Panel 14 NHRP Panel 15 NHRP Map Configuration 16 Routing Panel 17 How Do I Configure a DMVPN Manually? 19 VPN Global Settings 1 VPN Global Settings 1 VPN Global Settings: IKE 3 VPN Global Settings: IPSec 4 VPN Global Settings: Easy VPN Server 5 VPN Key Encryption Settings 6 IP Security 1 IPSec Policies 1 Add or Edit IPSec Policy 3 Add or Edit Crypto Map: General 5 Add or Edit Crypto Map: Peer Information 6 Add or Edit Crypto Map: Transform Sets 7 Add or Edit Crypto Map: Protecting Traffic 9 Dynamic Crypto Map Sets 11 Add or Edit Dynamic Crypto Map...
Contents General Panel 14 NHRP Panel 15 NHRP Map Configuration 16 Routing Panel 17 How Do I Configure a DMVPN Manually? 19 VPN Global Settings 1 VPN Global Settings 1 VPN Global Settings: IKE 3 VPN Global Settings: IPSec 4 VPN Global Settings: Easy VPN Server 5 VPN Key Encryption Settings 6 IP Security 1 IPSec Policies 1 Add or Edit IPSec Policy 3 Add or Edit Crypto Map: General 5 Add or Edit Crypto Map: Peer Information 6 Add or Edit Crypto Map: Transform Sets 7 Add or Edit Crypto Map: Protecting Traffic 9 Dynamic Crypto Map Sets 11 Add or Edit Dynamic Crypto Map...
User Guide
Page 24
... Overrides 29 Add or Edit an Event Action Override 31 Edit IPS: SEAP Configuration: Event Action Filters 32 Add or Edit an Event Action Filter 34 Edit IPS: Signatures 36 Edit IPS: Signatures 42 Edit Signature 46 File Selection 49 Assign Actions 50 Import Signatures 51 Add, Edit, or Clone Signature 53 Cisco Security Center 55 IPS-Supplied Signature Definition Files 55 Security Dashboard 56 xxiv Cisco Router and Security Device Manager 2.5 User's Guide OL...
... Overrides 29 Add or Edit an Event Action Override 31 Edit IPS: SEAP Configuration: Event Action Filters 32 Add or Edit an Event Action Filter 34 Edit IPS: Signatures 36 Edit IPS: Signatures 42 Edit Signature 46 File Selection 49 Assign Actions 50 Import Signatures 51 Add, Edit, or Clone Signature 53 Cisco Security Center 55 IPS-Supplied Signature Definition Files 55 Security Dashboard 56 xxiv Cisco Router and Security Device Manager 2.5 User's Guide OL...
User Guide
Page 70
... Security Device Manager 2.5 User's Guide 4-4 OL-4015-12 If you choose an interface, the source IP address in the RADIUS packets will be the address of interface through which the RADIUS packets exit the router. LAN Wizard: RADIUS Servers for 802.1x Authentication Chapter 4 802.1x Authentication Reset to Defaults Click Reset to Defaults to reset all advanced options to the RADIUS server information, however, do not have Cisco Secure ACS software version 3.3 installed...
... Security Device Manager 2.5 User's Guide 4-4 OL-4015-12 If you choose an interface, the source IP address in the RADIUS packets will be the address of interface through which the RADIUS packets exit the router. LAN Wizard: RADIUS Servers for 802.1x Authentication Chapter 4 802.1x Authentication Reset to Defaults Click Reset to Defaults to reset all advanced options to the RADIUS server information, however, do not have Cisco Secure ACS software version 3.3 installed...
User Guide
Page 165
... dynamic DNS methods. • Create a new dynamic DNS method. Chapter 6 Edit Interface/Connection Authentication Note This feature appears only if supported by your service provider. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 6-55 To clear an associated dynamic DNS method from the interface, choose None from a list. Your service provider or network administrator may use , do not know which type your router. CHAP authentication is available only if...
... dynamic DNS methods. • Create a new dynamic DNS method. Chapter 6 Edit Interface/Connection Authentication Note This feature appears only if supported by your service provider. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 6-55 To clear an associated dynamic DNS method from the interface, choose None from a list. Your service provider or network administrator may use , do not know which type your router. CHAP authentication is available only if...
User Guide
Page 182
... the service module uses in this screen. This interface is connected to remove the current WAAS configuration. Cisco Router and Security Device Manager 2.5 User's Guide 7-6 OL-4015-12 for the router, the WAAS service module, and the gateway that is configured to refresh the information in use; This interface is to redirect traffic to the WAAS service module. Click Reload to avoid redirection loops. Table 7-2 Integrated Service Engine Tab Element Router IP Address IP Address...
... the service module uses in this screen. This interface is connected to remove the current WAAS configuration. Cisco Router and Security Device Manager 2.5 User's Guide 7-6 OL-4015-12 for the router, the WAAS service module, and the gateway that is configured to refresh the information in use; This interface is to redirect traffic to the WAAS service module. Click Reload to avoid redirection loops. Table 7-2 Integrated Service Engine Tab Element Router IP Address IP Address...
User Guide
Page 321
... the Options button and configure the network extension options. • Enable remote management and troubleshooting of the Easy VPN server or concentrator before you choose this box to request a server-assigned IP address for you router. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 12-27 Check this setting. This mode is called Network Extension Plus. If you choose Network Extension, you router. PAT will form one another. • Enable remote management and troubleshooting of the connection will be used for connecting...
... the Options button and configure the network extension options. • Enable remote management and troubleshooting of the Easy VPN server or concentrator before you choose this box to request a server-assigned IP address for you router. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 12-27 Check this setting. This mode is called Network Extension Plus. If you choose Network Extension, you router. PAT will form one another. • Enable remote management and troubleshooting of the connection will be used for connecting...
User Guide
Page 355
...://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • rcp://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • cns: • xmodem: • ymodem: • null: OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 13-19 Chapter 13 Easy VPN Server Creating an Easy VPN Server Connection Add or Edit Client Update Entry This window allows you are editing the client update entry, the client type is usually the operating system, for example, vpn3002. If you to the latest software...
...://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • rcp://username:password@www.cisco.com/go/vpn/vpnclient-4.6.exe • cns: • xmodem: • ymodem: • null: OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 13-19 Chapter 13 Easy VPN Server Creating an Easy VPN Server Connection Add or Edit Client Update Entry This window allows you are editing the client update entry, the client type is usually the operating system, for example, vpn3002. If you to the latest software...
User Guide
Page 365
... displayed in , Add, Edit, and Delete buttons may be available, and the name of the cache for the selected pool. A range of the IP address pool. If a local pool is configured with the group option using the CLI, the name of IP addresses. Add or Edit IP Local Pool This window lets you are working in all Cisco SDM areas. Chapter 13 Easy VPN Server Editing Easy VPN Server Connections IP Pools This window lists the IP address...
... displayed in , Add, Edit, and Delete buttons may be available, and the name of the cache for the selected pool. A range of the IP address pool. If a local pool is configured with the group option using the CLI, the name of IP addresses. Add or Edit IP Local Pool This window lets you are working in all Cisco SDM areas. Chapter 13 Easy VPN Server Editing Easy VPN Server Connections IP Pools This window lists the IP address...
User Guide
Page 388
... enables you to create a network with a central hub that the spokes must be configured first, to establish the hub IP addresses and the routing parameters that connects other recommendations on a router. Click this button to view the access control entries that Cisco SDM will add to the access rule if you to as a spoke router in a DMVPN, see DMVPN Configuration Recommendations. 15-12 Cisco Router and Security Device Manager 2.5 User's Guide OL...
... enables you to create a network with a central hub that the spokes must be configured first, to establish the hub IP addresses and the routing parameters that connects other recommendations on a router. Click this button to view the access control entries that Cisco SDM will add to the access rule if you to as a spoke router in a DMVPN, see DMVPN Configuration Recommendations. 15-12 Cisco Router and Security Device Manager 2.5 User's Guide OL...
User Guide
Page 433
...-12 Cisco Router and Security Device Manager 2.5 User's Guide 18-7 Edit an existing pre-shared key. The same key must be used in the Edit Pre Shared Key window. Select the pre-shared key, and click Edit. Question marks (?) and spaces must be exchanged with the remote peer. Add or Edit Pre Shared Key Use this : Click Add, and add the pre-shared key in the Adda new Pre Shared Key window. Key This is no DNS server to translate host names...
...-12 Cisco Router and Security Device Manager 2.5 User's Guide 18-7 Edit an existing pre-shared key. The same key must be used in the Edit Pre Shared Key window. Select the pre-shared key, and click Edit. Question marks (?) and spaces must be exchanged with the remote peer. Add or Edit Pre Shared Key Use this : Click Add, and add the pre-shared key in the Adda new Pre Shared Key window. Key This is no DNS server to translate host names...
User Guide
Page 500
... VPN The Edit SSL VPN window allows you entered in the lower part of the tab lists the configured Cisco IOS SSL VPN contexts. You can enable a context that is the string that you modify or create Cisco IOS SSL VPN configurations. Name The name of service by selecting it and clicking Edit. Click Cisco IOS SSL VPN to display the detailed information for links to access the portal. 21-22 Cisco Router and Security Device Manager 2.5 User's Guide...
... VPN The Edit SSL VPN window allows you entered in the lower part of the tab lists the configured Cisco IOS SSL VPN contexts. You can enable a context that is the string that you modify or create Cisco IOS SSL VPN configurations. Name The name of service by selecting it and clicking Edit. Click Cisco IOS SSL VPN to display the detailed information for links to access the portal. 21-22 Cisco Router and Security Device Manager 2.5 User's Guide...
User Guide
Page 537
... an Easy VPN server connection. 23 C H A P T E R VPN Troubleshooting Cisco SDM can take to correct connection problems. The following link provides information on VPN troubleshooting using the CLI. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 23-1 Tunnel Details This box provides the VPN tunnel details. http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/v pnman/vms_2_2/rmc13/useguide/u13_rtrb.htm VPN Troubleshooting This window appear when you can troubleshoot VPN connections that you have failed...
... an Easy VPN server connection. 23 C H A P T E R VPN Troubleshooting Cisco SDM can take to correct connection problems. The following link provides information on VPN troubleshooting using the CLI. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 23-1 Tunnel Details This box provides the VPN tunnel details. http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/v pnman/vms_2_2/rmc13/useguide/u13_rtrb.htm VPN Troubleshooting This window appear when you can troubleshoot VPN connections that you have failed...
User Guide
Page 551
... disable BOOTP is dangerous to allow any system on a directly connected segment to learn how, click Undoing Security Audit Fixes. The configuration that the router is a Cisco device and to determine the model number and the Cisco IOS software version being run . This is dangerous in that the router is a Cisco device and to determine the model number and the Cisco IOS software version being run . OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide...
... disable BOOTP is dangerous to allow any system on a directly connected segment to learn how, click Undoing Security Audit Fixes. The configuration that the router is a Cisco device and to determine the model number and the Cisco IOS software version being run . This is dangerous in that the router is a Cisco device and to determine the model number and the Cisco IOS software version being run . OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide...
User Guide
Page 636
.... 27-24 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 You can also remove an existing category configuration if you want to pass through without scanning for the corresponding engine. See Create IPS: Configuration File Location and Category for more information. Enable Deny Action on IPS interface This option is applicable if signature actions are configured to Cisco IOS IPS interfaces. By default, Cisco IOS IPS applies ACLs to...
.... 27-24 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 You can also remove an existing category configuration if you want to pass through without scanning for the corresponding engine. See Create IPS: Configuration File Location and Category for more information. Enable Deny Action on IPS interface This option is applicable if signature actions are configured to Cisco IOS IPS interfaces. By default, Cisco IOS IPS applies ACLs to...
User Guide
Page 639
... update file in the IPS Autoupdate URL Settings fields. Click Apply Changes to send the changes that you want the router to the router. every day, Sunday through Thursday. Click Discard Changes to remove the data that you want to obtain the update from the server. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 27-27 Chapter 27 Cisco IOS IPS Edit IPS IPS Autoupdate URL Settings Enter the username and password...
... update file in the IPS Autoupdate URL Settings fields. Click Apply Changes to send the changes that you want the router to the router. every day, Sunday through Thursday. Click Discard Changes to remove the data that you want to obtain the update from the server. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 27-27 Chapter 27 Cisco IOS IPS Edit IPS IPS Autoupdate URL Settings Enter the username and password...
User Guide
Page 711
... list by its IP address, MAC address, or the type of the policy that governs the host access to the network. Choose a row and click Edit to use the Add button as many times as printers, IP phones, and hosts without NAC posture agent software installed are disabled when there is recommended that must be identified by clicking Add and entering information about a host from this window. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide...
... list by its IP address, MAC address, or the type of the policy that governs the host access to the network. Choose a row and click Edit to use the Add button as many times as printers, IP phones, and hosts without NAC posture agent software installed are disabled when there is recommended that must be identified by clicking Add and entering information about a host from this window. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide...
User Guide
Page 808
...) and application services such as selectively blocking or allowing file search, file transfer, and text chat capabilities. Layer 4 class maps sort the traffic based on how to add the default class map. If you want taken when a match is found, and whether you are P2P class maps for policy application. Click Add > New Class Map to create a new Point-to PAM may be specified. 37-6 Cisco Router and Security Device Manager 2.5 User's Guide OL...
...) and application services such as selectively blocking or allowing file search, file transfer, and text chat capabilities. Layer 4 class maps sort the traffic based on how to add the default class map. If you want taken when a match is found, and whether you are P2P class maps for policy application. Click Add > New Class Map to create a new Point-to PAM may be specified. 37-6 Cisco Router and Security Device Manager 2.5 User's Guide OL...
User Guide
Page 856
... the specified inside local address or outside local address. Rule Type Meaning of Permit Meaning of Deny Access rule Allow matching traffic in Protect matching addresses from NAT Do not protect matching addresses from route map translation. NAT translation. Allow it . Reserved Addresses You must not use the following areas: • TCP Services • UDP Services • ICMP Message Types 40-6 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12...
... the specified inside local address or outside local address. Rule Type Meaning of Permit Meaning of Deny Access rule Allow matching traffic in Protect matching addresses from NAT Do not protect matching addresses from route map translation. NAT translation. Allow it . Reserved Addresses You must not use the following areas: • TCP Services • UDP Services • ICMP Message Types 40-6 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12...
User Guide
Page 943
...then update Cisco SDM using the Update wizard. To update Cisco SDM from Cisco.com: Step 1 Step 2 Select Update Cisco SDM from Cisco.com from Cisco.com. Chapter 46 Tools Menu Commands Wireless Application Save the New PIN to Router Check the Save the new PIN to router checkbox if you want to set other configuration parameters. You can have Cisco SDM obtain and install an update automatically. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 46-3 Cisco SDM checks Cisco.com for user PINs. Cisco SDM can help you configure and display the IP address...
...then update Cisco SDM using the Update wizard. To update Cisco SDM from Cisco.com: Step 1 Step 2 Select Update Cisco SDM from Cisco.com from Cisco.com. Chapter 46 Tools Menu Commands Wireless Application Save the New PIN to Router Check the Save the new PIN to router checkbox if you want to set other configuration parameters. You can have Cisco SDM obtain and install an update automatically. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 46-3 Cisco SDM checks Cisco.com for user PINs. Cisco SDM can help you configure and display the IP address...