© 2006 Cisco Systems, Inc. All rights reserved.SND v Securing the Perimeter Introducing Cisco SDM

© 2006 Cisco Systems, Inc. All rights reserved.SND v Outline Overview Cisco SDM Overview Starting Cisco SDM and Cisco SDM Express Launching Cisco SDM Express Launching Cisco SDM Navigating the Cisco SDM Interface Cisco SDM Wizards Summary

© 2006 Cisco Systems, Inc. All rights reserved.SND v Cisco SDM Overview Cisco SDM is a web-based device management tool for Cisco IOS software-based routers. Cisco SDM offers these benefits: –Ease of use Smart wizards Built-in tutorials –Knowledge base of Cisco TAC-approved Cisco IOS configurations –Integrated services management: Routing Switching Security Wireless QoS

© 2006 Cisco Systems, Inc. All rights reserved.SND v Starting Cisco SDM and Cisco SDM Express Before installing Cisco SDM, connect your PC to the router and disable your web browser popup blockers. For a new router setup, do the following: –If you received the Cisco SDM CD-ROM with the router, put the CD-ROM in your CD drive of your PCand click Install Cisco SDM when the autorun screen displays. –If you did not receive the Cisco SDM CD-ROM with the router, do the following: Download the latest Cisco SDM image from the Cisco IOS Software Center. Unzip the image to a local directory on your PC. Run setup.exe. Note: Cisco SDM is factory installed in some router models.

© 2006 Cisco Systems, Inc. All rights reserved.SND v Files Required to Run Cisco SDM from a Router router#show flash -#- --length date/time path Dec :23:50 +00:00 c2800nm- advsecurityk9-mz bin Feb :00:30 +00:00 startup.config Feb :31:50 +00:00 sdmconfig cfg Feb :32:32 +00:00 sdm.tar Feb :32:56 +00:00 es.tar Feb :33:14 +00:00 common.tar Feb :33:24 +00:00 home.shtml Feb :33:42 +00:00 home.tar Feb :33:56 +00:00 128MB.sdf Feb :34:32 +00:00 attack-drop.sdf

© 2006 Cisco Systems, Inc. All rights reserved.SND v Launching Cisco SDM Express To launch Cisco SDM Express: –For a new router, in a web browser go to –For existing routers go to The first time that you access the router by web browser, you will get the Cisco SDM Express wizard.

© 2006 Cisco Systems, Inc. All rights reserved.SND v Launching Cisco SDM Cisco SDM on a PC Cisco SDM on Router Flash Memory

© 2006 Cisco Systems, Inc. All rights reserved.SND v Navigating the Cisco SDM Interface Toolbar

© 2006 Cisco Systems, Inc. All rights reserved.SND v Navigating the Cisco SDM Interface (Cont.) 1. Choose Configure or Monitor. 2. From the task panel that appears, launch wizards. Task Panel 1 2

© 2006 Cisco Systems, Inc. All rights reserved.SND v Cisco SDM Wizards in Configuration Mode Carry out these tasks with smart wizards in configuration mode: Configure the LAN interfaces and serial interfaces with Interfaces and Connections wizards Configure basic or advanced firewalls with the Firewall and ACL wizards Configure a secure site-to-site VPN, Cisco Easy VPN Server, Cisco Easy VPN Remote, and DMVPN with VPN wizards Perform a router security audit and lock down any insecure features it finds with Security Audit wizards Configure both basic and advanced NAT with NAT wizards. Enable IPS rules on router interfaces, and create, edit, and disable signatures with intrusion prevention wizards Use the QoS policy wizard to prioritize real-time and business- critical application traffic Configure Extensible Authentication Protocol over UDP-based network control access policies with NAC wizards

© 2006 Cisco Systems, Inc. All rights reserved.SND v Configuration ModeAdvanced Configuration The additional Tasks option includes these advanced configurations: Router Properties, including router name, domain name, password, Network Time Protocol, date, and time Router Access, including role-based user access, management access policy, and SSH DHCP DNS and Dynamic DNS Methods Port-to-Application Mapping AAA, including local (on router) or remote server-based authentication and authorization Router Provisioning

© 2006 Cisco Systems, Inc. All rights reserved.SND v Monitor Mode

© 2006 Cisco Systems, Inc. All rights reserved.SND v Summary Cisco SDM is an intuitive, web-based device manager for easy and reliable deployment and management of services on Cisco routers. Cisco SDM supports Cisco IOS Release 12.2(11)T6 or later. Cisco SDM is factory installed on all new Cisco 850 Series and Cisco 870 Series Access Routers, and on Cisco 1800 Series, Cisco 2800 Series, and Cisco 3800 Series Integrated Services Routers. If it is not installed on your router, it can be downloaded from Cisco.com When launching Cisco SDM on a new router, Cisco SDM configures the router Ethernet IP address to Browse to this IP address to launch Cisco SDM. When Cisco SDM launches, a home page with the status of the router is shown. From this page, you can navigate to Microsoft Windows for configuring or monitoring the router. When you are in Configuration mode and Monitor mode, there are separate task bars that give you access to the options available under each mode. The interface in each mode is intuitive and is supported by context-sensitive help.

© 2006 Cisco Systems, Inc. All rights reserved.SND v