User Guide
Page 44
...'s Guide 2-2 OL-4015-12 Note You cannot use Cisco SDM to configure on the physical interfaces available on your router. If the router has Asynchronous Transfer Mode (ATM) or serial interfaces, multiple connections can be configured from a single interface because Cisco Router and Security Device Manager II (Cisco SDM) configures subinterfaces for Cisco 7000 series routers. New Connection Reference Chapter 2 Creating a New Connection...
...'s Guide 2-2 OL-4015-12 Note You cannot use Cisco SDM to configure on the physical interfaces available on your router. If the router has Asynchronous Transfer Mode (ATM) or serial interfaces, multiple connections can be configured from a single interface because Cisco Router and Security Device Manager II (Cisco SDM) configures subinterfaces for Cisco 7000 series routers. New Connection Reference Chapter 2 Creating a New Connection...
User Guide
Page 48
... you want to launch the wireless application from Cisco SDM? Step 1 Step 2 Go to router. In this window you can view the Cisco IOS commands that it cannot be configured using Cisco SDM. This icon looks like an open book with an unsupported configuration, Cisco SDM displays a radio button labeled Other (Unsupported by Cisco SDM). The unsupported interface is displayed when you...
... you want to launch the wireless application from Cisco SDM? Step 1 Step 2 Go to router. In this window you can view the Cisco IOS commands that it cannot be configured using Cisco SDM. This icon looks like an open book with an unsupported configuration, Cisco SDM displays a radio button labeled Other (Unsupported by Cisco SDM). The unsupported interface is displayed when you...
User Guide
Page 83
To save this configuration to the router's running configuration. In this wizard: Click Finish. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 5-5 Cisco SDM will be lost if the router is turned off. Cisco SDM saves the configuration changes to the router's running configuration and leave this window, you can view the CLI commands that you configured.You can review this box...
To save this configuration to the router's running configuration. In this wizard: Click Finish. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 5-5 Cisco SDM will be lost if the router is turned off. Cisco SDM saves the configuration changes to the router's running configuration and leave this window, you can view the CLI commands that you configured.You can review this box...
User Guide
Page 90
... on a T1 line with AMI encoding. The default is b8zs. Cisco SDM will set FDL to none and make this set data coding to AMI. This field configures the router behavior on the T1 line. The default is set to sf, Cisco SDM will set to ensure density on the Facilities Data Link (FDL) ...of eight zero bits. When the router is then inverted, it implements ANSI T1.403. Otherwise leave...
... on a T1 line with AMI encoding. The default is b8zs. Cisco SDM will set FDL to none and make this set data coding to AMI. This field configures the router behavior on the T1 line. The default is set to sf, Cisco SDM will set to ensure density on the Facilities Data Link (FDL) ...of eight zero bits. When the router is then inverted, it implements ANSI T1.403. Otherwise leave...
User Guide
Page 108
.... Select Interface Select the cable modem interface to configure a dynamic DNS method. Dynamic DNS Click the Dynamic DNS button to configure in this screen. Cisco SDM configures a cable modem connection as a DHCP client. The interface that you want to the router. Summary The Summary screen shows the configuration you are using the cable modem connection wizard, and...
.... Select Interface Select the cable modem interface to configure a dynamic DNS method. Dynamic DNS Click the Dynamic DNS button to configure in this screen. Cisco SDM configures a cable modem connection as a DHCP client. The interface that you want to the router. Summary The Summary screen shows the configuration you are using the cable modem connection wizard, and...
User Guide
Page 174
... status • the PPPoE tunnel status • the PPP authentication status After performing these methods, Cisco SDM performs the checks in step 1. If the ping succeeds, Cisco SDM reports success. Automatically determined by SDM Cisco SDM pings its default host to step 4. Cisco SDM detects the router's statically configured DNS servers, and dynamically imported DNS servers. Pings the destination. If the...
... status • the PPPoE tunnel status • the PPP authentication status After performing these methods, Cisco SDM performs the checks in step 1. If the ping succeeds, Cisco SDM reports success. Automatically determined by SDM Cisco SDM pings its default host to step 4. Cisco SDM detects the router's statically configured DNS servers, and dynamically imported DNS servers. Pings the destination. If the...
User Guide
Page 197
To save this configuration to router window appears. In this window, you can view the CLI commands you that Cisco SDM should be able to the router. SDM Warning: SDM Access This window appears when you have indicated that are delivering to access the router from outside interface has a static IP addresses. To do this, you must ensure that...
To save this configuration to router window appears. In this window, you can view the CLI commands you that Cisco SDM should be able to the router. SDM Warning: SDM Access This window appears when you have indicated that are delivering to access the router from outside interface has a static IP addresses. To do this, you must ensure that...
User Guide
Page 242
...Router(config)# appfw policy-name SDM_HIGH Router(cfg-appfw-policy)# application im yahoo Router(cfg-appfw-policy-ymsgr)# server deny name newserver.yahoo.com Router(cfg-appfw-policy-ymsgr)# exit Router(cfg-appfw-policy)# exit Router(config)# Note • IM applications are able to which the applications connect. Cisco SDM configures... learn how to specify the action that the router takes if it encounters traffic with the characteristics that application arrives: Example 10-1 Blocking BitTorrent Traffic BitTorrent Block 10-6 Cisco Router and Security Device Manager 2.5 User's Guide OL...
...Router(config)# appfw policy-name SDM_HIGH Router(cfg-appfw-policy)# application im yahoo Router(cfg-appfw-policy-ymsgr)# server deny name newserver.yahoo.com Router(cfg-appfw-policy-ymsgr)# exit Router(cfg-appfw-policy)# exit Router(config)# Note • IM applications are able to which the applications connect. Cisco SDM configures... learn how to specify the action that the router takes if it encounters traffic with the characteristics that application arrives: Example 10-1 Blocking BitTorrent Traffic BitTorrent Block 10-6 Cisco Router and Security Device Manager 2.5 User's Guide OL...
User Guide
Page 243
... be permitted or denied. To learn how to maintain the URL filter server list, click URL Filter Servers. Cisco SDM configures block and permit actions based on the router that is used for these lists, you can connect to. Information for all Application Security policies. For general ... also maintain these lists with URL lists on how the router uses a local URL list in combination with or without a configured Application Security policy, you to control user access to -peer networks are blocked. Because Cisco IOS software can maintain these lists the Additional Tasks window....
... be permitted or denied. To learn how to maintain the URL filter server list, click URL Filter Servers. Cisco SDM configures block and permit actions based on the router that is used for these lists, you can connect to. Information for all Application Security policies. For general ... also maintain these lists with URL lists on how the router uses a local URL list in combination with or without a configured Application Security policy, you to control user access to -peer networks are blocked. Because Cisco IOS software can maintain these lists the Additional Tasks window....
User Guide
Page 266
...QoS) controls to encrypted packets. • Tunnel-Encrypt data and IP header. What Do You Want to continue VPN configuration. 11-12 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Then click Next to Do? This method allows users to ...configured for the VPN to : Select a transform set for this transform set, this : Select a transform set , this column will be encrypted. Transport mode is not supported on all routers. Because the entire IP packet is encapsulated within AH or ESP, a new IP header is encrypted. Type Either User Defined, or Cisco SDM...
...QoS) controls to encrypted packets. • Tunnel-Encrypt data and IP header. What Do You Want to continue VPN configuration. 11-12 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 Then click Next to Do? This method allows users to ...configured for the VPN to : Select a transform set for this transform set, this : Select a transform set , this column will be encrypted. Transport mode is not supported on all routers. Because the entire IP packet is encapsulated within AH or ESP, a new IP header is encrypted. Type Either User Defined, or Cisco SDM...
User Guide
Page 269
...the CLI commands you that you can be shown in another window. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 11-15 Cisco SDM saves the configuration changes to the router. It lists the windows you need to complete, giving you data that you need ...to communicate with the DMVPN hub that are delivering to the router's running configuration and leave this window, you configured. In this wizard: ...
...the CLI commands you that you can be shown in another window. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 11-15 Cisco SDM saves the configuration changes to the router. It lists the windows you need to complete, giving you data that you need ...to communicate with the DMVPN hub that are delivering to the router's running configuration and leave this window, you configured. In this wizard: ...
User Guide
Page 287
...of the configuration that can only be configured. To generate a template configuration for the local router you which your router. If you do not want both VPN connections to connect to create the initial VPN connection. Click Next>. Cisco SDM generates VPN configurations on the destination router and want ...to protect in the Peer Identity field, you used as a template that is only correct for the peer VPN router: Step 1 From the left frame, select VPN...
...of the configuration that can only be configured. To generate a template configuration for the local router you which your router. If you do not want both VPN connections to connect to create the initial VPN connection. Click Next>. Cisco SDM generates VPN configurations on the destination router and want ...to protect in the Peer Identity field, you used as a template that is only correct for the peer VPN router: Step 1 From the left frame, select VPN...
User Guide
Page 428
...shared Keys for more information. After the two peers agree on a policy, the security parameters of encryption that should configure other IKE policies so that the router is able to the IKE policies that you prefer that the peer can accept. These security associations apply to communicate... to add, edit, or remove an IKE policy from the router's configuration. Create a pre-shared key. Click the Pre-Shared Key node on the router, and allows you to : Do this policy relative to authenticate each peer. Cisco SDM provides a default IKE policy, but there is used to all...
...shared Keys for more information. After the two peers agree on a policy, the security parameters of encryption that should configure other IKE policies so that the router is able to the IKE policies that you prefer that the peer can accept. These security associations apply to communicate... to add, edit, or remove an IKE policy from the router's configuration. Create a pre-shared key. Click the Pre-Shared Key node on the router, and allows you to : Do this policy relative to authenticate each peer. Cisco SDM provides a default IKE policy, but there is used to all...
User Guide
Page 429
...configure other IKE policies so that the router is no guarantee that the peer can accept. They cannot be performed using digital signatures. Authentication will be edited. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 18-3 SDM_DEFAULT policies cannot be performed using pre-shared keys. • RSA_SIG. Cisco SDM...want to be used. • Pre-SHARE. Remove an IKE policy from the router's configuration. Authentication will be edited. Click Add, and configure a new IKE policy in the Edit IKE policy window. Chapter 18 Internet Key ...
...configure other IKE policies so that the router is no guarantee that the peer can accept. They cannot be performed using digital signatures. Authentication will be edited. OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 18-3 SDM_DEFAULT policies cannot be performed using pre-shared keys. • RSA_SIG. Cisco SDM...want to be used. • Pre-SHARE. Remove an IKE policy from the router's configuration. Authentication will be edited. Click Add, and configure a new IKE policy in the Edit IKE policy window. Chapter 18 Internet Key ...
User Guide
Page 432
.... Both peers must be marked as read -only icon appears in the crypto isakmp key command. 18-6 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 If a name is specified, then the key...is an address for the host address. The network mask specifies how much is not readable in the router's configuration. IKE Pre-shared Keys This window allows you need to examine the pre shared key, go to... view, add, edit, and remove IKE pre-shared keys in Cisco SDM windows. A network mask of 255.255.255.255 indicates that the last 10 bits are for...
.... Both peers must be marked as read -only icon appears in the crypto isakmp key command. 18-6 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 If a name is specified, then the key...is an address for the host address. The network mask specifies how much is not readable in the router's configuration. IKE Pre-shared Keys This window allows you need to examine the pre shared key, go to... view, add, edit, and remove IKE pre-shared keys in Cisco SDM windows. A network mask of 255.255.255.255 indicates that the last 10 bits are for...
User Guide
Page 495
Cisco SDM configures the router to the PC. examples shows an install bundle located on the web page that appears. You are connected to the download page for Cisco IOS platforms, and provide your PC, choose My Computer and browse for Cisco IOS platforms and other platforms on the PC's desktop. There ... on your PC, and then provide the path to the install bundle is displayed, and navigate to a software install bundle. Cisco SDM places the router file system or PC path you must download it to your PC, you specified in the Select Location window. If the software...
Cisco SDM configures the router to the PC. examples shows an install bundle located on the web page that appears. You are connected to the download page for Cisco IOS platforms, and provide your PC, choose My Computer and browse for Cisco IOS platforms and other platforms on the PC's desktop. There ... on your PC, and then provide the path to the install bundle is displayed, and navigate to a software install bundle. Cisco SDM places the router file system or PC path you must download it to your PC, you specified in the Select Location window. If the software...
User Guide
Page 518
If it is located on the router, click Router and browse for it . This section contains the following : 21-40 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 This help topics in Cisco SDM configuration windows and describes how Cisco IOS SSL VPN components work together. Before discussing each component individually, it is helpful to note...
If it is located on the router, click Router and browse for it . This section contains the following : 21-40 Cisco Router and Security Device Manager 2.5 User's Guide OL-4015-12 This help topics in Cisco SDM configuration windows and describes how Cisco IOS SSL VPN components work together. Before discussing each component individually, it is helpful to note...
User Guide
Page 521
... this IP address. User clicks self signed certificate and configures a certificate in all the router. For example if the context Europe is also configured to use in the Persistent Self Signed Certificate dialog. Cisco SDM also begins to access the portal. Cisco IOS SSL VPN configurations. Certificate: Router_Certificate Cisco SDM creates a gateway named "gateway_1" that will be associated with...
... this IP address. User clicks self signed certificate and configures a certificate in all the router. For example if the context Europe is also configured to use in the Persistent Self Signed Certificate dialog. Cisco SDM also begins to access the portal. Cisco IOS SSL VPN configurations. Certificate: Router_Certificate Cisco SDM creates a gateway named "gateway_1" that will be associated with...
User Guide
Page 522
...Table 21-5 Creating a New SSLVPN (continued) Cisco IOS SSL VPN Wizard Window Configuration User chooses Locally on this color scheme. The URL list will be governed by policy_1. Cisco SDM configures the HTTP display settings with this router. The user can customize the HTTP display settings... in uses these settings. permit tcp any host 172.16.5.5 eq 443 21-44 Cisco Router and Security Device Manager 2.5 User's Guide...
...Table 21-5 Creating a New SSLVPN (continued) Cisco IOS SSL VPN Wizard Window Configuration User chooses Locally on this color scheme. The URL list will be governed by policy_1. Cisco SDM configures the HTTP display settings with this router. The user can customize the HTTP display settings... in uses these settings. permit tcp any host 172.16.5.5 eq 443 21-44 Cisco Router and Security Device Manager 2.5 User's Guide...
User Guide
Page 565
... permit access-list deny any In addition, the following configuration will use Cisco SDM's Create Firewall screens to the HTTP service by writing Access Control Lists (ACLs). This approach leaves firewall doors open, so most administrators tend to each vty line: OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 24-23 The...
... permit access-list deny any In addition, the following configuration will use Cisco SDM's Create Firewall screens to the HTTP service by writing Access Control Lists (ACLs). This approach leaves firewall doors open, so most administrators tend to each vty line: OL-4015-12 Cisco Router and Security Device Manager 2.5 User's Guide 24-23 The...