Dual Configuration Mode: Advanced Mode expert and Wizard guided for the novice Monitor Mode provides status of interfaces and VPN tunnels On line Help System How to Assumes Network Engi
Trang 1Cisco VPN Partner Technical Development
Module 8 : SDM for Routers
APAC Channels Technical Operations
Trang 2• Security Device Manager Overview
• User Interface Modes
• Describe how easy it is to:
– Configure a Frame Relay interface
– Create a firewall on the router
– Create a site-to-site VPN with a pre-shared key
• Conduct a Security Audit and lock down the
router
Trang 3Security Device Manager
• Easy to use
Web-based configuration tool that allows you to
configure LAN and WAN interfaces, routing, NAT,
firewalls, VPNs, and other features on your router.
Dual Configuration Mode: Advanced Mode (expert) and Wizard (guided for the novice)
Monitor Mode provides status of interfaces and VPN
tunnels
On line Help System (How to)
Assumes Network Engineer/Admin is CCNA equivalent knowledge
Non-CLI Jockeys
• Resides in Flash on router
Trang 4Router Platforms Supported in SDM Phase 1
2691 2651XM 2650XM
2621XM 1760
3660 2620XM
1751 837
3745 3640
2611XM 1721
836
3725 3620
2610XM 1710
831
3700 3600
2600 1700
800
SDM will be included in Security Bundles
on each of these platforms
SDM will be included
on all of these platforms
Trang 6Accessing SDM
• Supported Browsers
Netscape version 4.79
Internet Explorer version 6.0
• You run it from a PC running Microsoft
• Connect PC to the router’s Ethernet 0 or Fast
Ethernet 0 LAN Ethernet port using cross-over cable.
• Defaulted URL to access SDM:
https://10.10.10.1/archive/sdm/sdm/goSDM.shtml
Trang 7Preview of User Interface
Trang 10WAN Wizard
1
Each mode provides a
use Case Scenario
diagram based on the
option selected
Point and click options
• Builds IOS commands
for you
Not sure what to do?
• click “How do I”
• Help
Click Create a New
Connection to start
Trang 11• Only valid WAN interfaces display.
• All pages have commands located
at the lower right.
• Click Next on each page to proceed.
Trang 12WAN Wizard
Frame Relay Example
• Select the Encapsulation.
Trang 13WAN Wizard
6
• Select the LMI
• Enter the DLCI
• Select IETF FR Encapsulation button for non-Cisco routers
Trang 15WAN Wizard
• A summary of the WAN configuration is
displayed
• Examine the summary
• Go Back and make any changes if needed
• Click Finish to complete.
8
Trang 16Deliver Configuration Changes to
Trang 17Edit Existing WAN Connection
Trang 18Advanced Mode – Interface Status
• SDM automatically enables the new interface.
Trang 19Firewall Wizard
Two Types
• One Step Firewall
One inside and
Trang 20Firewall Configuration Using Wizard Mode
2 or 3 basic steps you
Trang 21Firewall Configuration Using Wizard Mode
Trang 22Firewall Configuration Using Wizard Mode
Trang 24VPN Wizard for Site-to-Site with
Pre-Shared Key
2
Two Wizard choices
• Quick Setup
Used between two
Cisco routers using
SDM Uses SDM
generated defaults
(you can change)
• Step by Step Wizard
More configuration
flexibility
Trang 25Quick Setup
VPN Connection Configuration
• Select the existing
interface for this VPN
connection
• Identify the remote
VPN peer
• Both sides must agree
on the Pre-shared key
• Select the source
(inside) interface
• Enter the destination
IP addresses that will
Trang 26Quick Setup
Summary of Configuration
• Verify the configuration
summary
• IKE Policy and
Transform set are using
SDM defaults
• IPSec Rule is generated
from the Source and
Destination fields from
the previous screen
• Click Finish to deliver to
the router
4
Trang 27VPN Wizard Configuration Completion
5
6
• The IOS commands delivered are displayed
• Once delivery completes,
the new VPN connection
displays.
Trang 28Advanced Mode
Viewing or Changing VPN Settings
• Use VPN mode to
view, add, or edit VPN
rules, policies, and
Trang 29SDM provides a check list
of security faults found
Trang 30• Other screens may appear prompting for configuration
Trang 31Security Audit
5
• Review the summary
of changes that will
be delivered to the router.
• Go Back and make any changes before delivering the
configuration.
• Click Finish to begin the configuration delivery to Flash.
Trang 32Advanced Mode
• Advanced Mode allows the user to jump
to the desired configuration (versus guided)
• A selection of “areas of interest”
display on the left side.
• System Properties is selected in this example
Trang 33Advanced Mode, VPN – IKE - Edit
Example: To edit an IKE Policy
1 Expand the VPN tab (+)
2 Select the IKE Policies tab
3 Select the policy on the right side
4 Click Edit in the upper right corner
5 Edit window will pop up, allowing the
Trang 34Monitor Mode
• Overview
Provides router status
including error log entries
• Interface Status
Select the interface to
monitor and the conditions
(packets and errors in/out
Trang 36• Security Device Manager Overview
• User Interface Modes
– Wizard Mode
– Advanced Mode
– Monitor Mode
• Describe how easy it is to:
– Configure a Frame Relay interface
– Create a firewall on the router
– Create a site-to-site VPN with a pre-shared key
• Conduct a Security Audit and lock down the
router