Loading...
Cisco Router and Security Device Manager (SDM) Version 2.2 User’s Guide
Corporate Headquarters
Cisco Systems, Inc. 170 West Tasman Drive
San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 526-4100
Customer Order Number:
Text Part Number: OL-4015-08
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCSP, the Cisco Square Bridge logo, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0406R)
Cisco Router and Security Device Manager (SDM) Version 2.2 User’s Guide
Copyright © 2005, Cisco Systems, Inc.
All rights reserved.
C O N T E N T S
Home Page 1 |
|
|
|
|
|
LAN Wizard |
1 |
|
|
|
|
Ethernet Configuration 2 |
|
|
|
||
LAN Wizard: Select an Interface |
3 |
|
|||
LAN Wizard: IP Address and Subnet Mask 3 |
|||||
LAN Wizard: Enable DHCP Server |
4 |
|
|||
LAN Wizard: DHCP Address Pool |
4 |
|
|||
DHCP Options 5 |
|
|
|
|
|
LAN Wizard: VLAN Mode |
6 |
|
|
||
LAN Wizard: Switch Port |
6 |
|
|
||
IRB Bridge |
7 |
|
|
|
|
BVI Configuration |
7 |
|
|
|
|
DHCP Pool for BVI |
8 |
|
|
|
|
IRB for Ethernet 9 |
|
|
|
|
|
Layer 3 Ethernet Configuration 9 |
|
|
|||
802.1Q Configuration |
9 |
|
|
||
Trunking or Routing Configuration |
9 |
||||
Configure Switch Device Module |
10 |
||||
Summary |
10 |
|
|
|
|
How Do I... |
10 |
|
|
|
|
|
|
How Do I Configure a Static Route? 10 |
||
|
|
How Do I View Activity on My LAN Interface? 11 |
||
|
|
How Do I Enable or Disable an Interface? 12 |
||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|
|
|
||
|
OL-4015-06 |
|
|
iii |
|
|
|
||
Contents
How Do I View the IOS Commands I Am Sending to the Router? 12
How Do I Launch the Wireless Application from SDM? 13
Create Connection Wizards 1 |
|
|
|
Create Connection 1 |
|
|
|
WAN Wizard Interface Welcome Window |
2 |
||
ISDN Wizard Welcome Window 3 |
|
|
|
Analog Modem Welcome Window 3 |
|
|
|
Aux Backup Welcome Window 3 |
|
|
|
Select Interface |
4 |
|
|
Encapsulation: PPPoE 4 |
|
|
|
IP Address: ATM or Ethernet with PPPoE/PPPoA 4 |
|||
IP Address: ATM with RFC 1483 Routing |
5 |
|
|
IP Address: Ethernet without PPPoE 6 |
|
|
|
IP Address: Serial with Point-to-Point Protocol |
6 |
||
IP Address: Serial with HDLC or Frame Relay |
7 |
||
IP Address: ISDN BRI or Analog Modem |
8 |
|
|
Authentication |
9 |
|
|
Switch Type and SPIDs 9
Dial String 11
Backup Configuration 11
Backup Configuration: Primary Interface & Next Hop IP Addresses 12
Backup Configuration: Hostname or IP Address to be Tracked 12
|
|
Advanced Options 13 |
|
|
|
|
Encapsulation 13 |
|
|
|
|
PVC 15 |
|
|
|
|
Configure LMI and DLCI |
16 |
|
|
|
Configure Clock Settings |
17 |
|
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
||
|
|
|||
iv |
|
|
OL-4015-06 |
|
|
|
|
||
Contents
Delete Connection 19
Summary 21
Connectivity testing and troubleshooting 22
How Do I... 26
How Do I View the IOS Commands I Am Sending to the Router? 26
How Do I Configure an Unsupported WAN Interface? 26
How Do I Enable or Disable an Interface? 26
How Do I View Activity on My WAN Interface? 27
How Do I Configure NAT on a WAN Interface? 27
How Do I Configure NAT on an Unsupported Interface? 28
How Do I Configure a Dynamic Routing Protocol? 28
How Do I Configure Dial-on-Demand Routing for my ISDN or Asynchronous
Interface? 29
How Do I Edit a Radio Interface Configuration? 30
Edit Interface/Connection 1
Connection: Ethernet for IRB 6
Connection: Ethernet for Routing 7
Existing Dynamic DNS Methods 8
Add Dynamic DNS Method 8
Wireless 10
Association 10
NAT 12
Edit Switch Port 12
General 13
QoS 15
Select Ethernet Configuration Type 16
Connection: VLAN 16
Connection: Subinterfaces 17
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide
|
OL-4015-06 |
v |
|
Contents
|
|
Add or Edit BVI Interface |
18 |
|
|
|
|
||
|
|
Add Loopback Interface/Connection—Loopback |
18 |
|
|||||
|
|
Connection: Ethernet LAN |
|
19 |
|
|
|
||
|
|
Connection: Ethernet WAN |
20 |
|
|
|
|||
|
|
Ethernet Properties |
21 |
|
|
|
|
|
|
|
|
Connection: Ethernet with No Encapsulation 22 |
|
|
|||||
|
|
Connection: ADSL |
23 |
|
|
|
|
|
|
|
|
Connection: ADSL over ISDN |
26 |
|
|
|
|||
|
|
Connection: G.SHDSL 28 |
|
|
|
|
|
||
|
|
Configure DSL Controller |
32 |
|
|
|
|
||
|
|
Connection: G.SHDSL with DSL Controller |
34 |
|
|
||||
|
|
Connection: Serial Interface, Frame Relay Encapsulation 36 |
|||||||
|
|
Connection: Serial Interface, PPP Encapsulation |
39 |
|
|||||
|
|
Connection: Serial Interface, HDLC Encapsulation |
41 |
|
|||||
|
|
Add or Edit GRE Tunnel' |
42 |
|
|
|
|
||
|
|
Connection: ISDN BRI 44 |
|
|
|
|
|
||
|
|
Connection: Analog Modem |
47 |
|
|
|
|||
|
|
Connection: (AUX Backup) |
49 |
|
|
|
|||
|
|
Authentication |
51 |
|
|
|
|
|
|
|
|
SPID Details 52 |
|
|
|
|
|
|
|
|
|
Dialer Options |
53 |
|
|
|
|
|
|
|
|
Backup Configuration 55 |
|
|
|
|
|
||
|
|
Create Firewall |
1 |
|
|
|
|
|
|
|
|
Basic Firewall Configuration Wizard 4 |
|
|
|
||||
|
|
Basic Firewall Interface Configuration |
4 |
|
|
||||
|
|
Firewall Remote Management Access |
4 |
|
|
||||
|
|
Advanced Firewall Configuration Wizard 5 |
|
|
|
||||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|||||
|
|
|
|
||||||
vi |
|
|
|
|
|
|
|
OL-4015-06 |
|
|
|
|
|
|
|
|
|
||
Contents
|
Advanced Firewall Interface Configuration 5 |
|
|
|
|||
|
Advanced Firewall DMZ Service Configuration 6 |
|
|
|
|||
|
DMZ Service Configuration |
7 |
|
|
|
|
|
|
Advanced Firewall Inspection Rule Configuration 7 |
|
|
|
|||
|
Application Security Configuration |
9 |
|
|
|
||
|
Domain Name Server Configuration |
10 |
|
|
|
||
|
Summary 10 |
|
|
|
|
|
|
|
How Do I... |
11 |
|
|
|
|
|
|
How Do |
I View Activity on My Firewall? 12 |
|
|
|
||
|
How Do |
I Configure a Firewall on an Unsupported Interface? |
13 |
|
|
||
|
How Do |
I Configure a Firewall After I Have Configured a VPN? 14 |
|||||
|
How Do |
I Permit Specific Traffic Through a DMZ Interface? |
15 |
|
|
||
|
How Do |
I Modify an Existing Firewall to Permit Traffic from a New Network |
|||||
|
or Host? |
16 |
|
|
|
|
|
|
How Do |
I Configure NAT on an Unsupported Interface? 16 |
|
|
|
||
|
How Do I Configure NAT Passthrough for a Firewall? 17 |
|
|
|
|||
|
How Do I Permit Traffic Through a Firewall to My Easy VPN Concentrator? 17 |
||||||
|
How Do I Associate a Rule with an Interface? 19 |
|
|
|
|||
|
How Do I Disassociate an Access Rule from an Interface 19 |
|
|
|
|||
|
How Do I Delete a Rule That Is Associated with an Interface? 20 |
||||||
|
How Do I Create an Access Rule for a Java List? 20 |
|
|
|
|||
|
How Do I Permit Specific Traffic onto My Network if I Don’t Have a DMZ |
||||||
|
Network? 21 |
|
|
|
|
|
|
|
Firewall Policy |
1 |
|
|
|
|
|
|
Edit Firewall Policy/ACL 1 |
|
|
|
|
|
|
|
Add App-Name Application Entry |
11 |
|
|
|
||
|
Add rpc Application Entry 11 |
|
|
|
|
|
|
|
Add Fragment application entry |
12 |
|
|
|
|
|
|
Add or Edit http Application Entry 13 |
|
|
|
|||
|
Java Applet Blocking 14 |
|
|
|
|
|
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
||||
|
|||||||
|
OL-4015-06 |
|
|
|
|
|
vii |
|
|
|
|
|
|
||
Contents
|
|
SDM Warning: Inspection Rule |
15 |
|
|
|||||||
|
|
SDM Warning: Firewall |
16 |
|
|
|
|
|||||
|
|
Application Security |
17 |
|
|
|
|
|
|
|
||
|
|
Application Security Windows |
17 |
|
|
|
||||||
|
|
No Application Security Policy |
19 |
|
|
|
||||||
|
|
20 |
|
|
|
|
|
|
|
|
|
|
|
|
HTTP |
21 |
|
|
|
|
|
|
|
|
|
|
|
Header Options |
23 |
|
|
|
|
|
|
|
||
|
|
Content Options |
23 |
|
|
|
|
|
|
|||
|
|
Instant Messaging |
25 |
|
|
|
|
|
|
|
||
|
|
Point-to-Point Applications 25 |
|
|
|
|
||||||
|
|
Applications/Protocols |
26 |
|
|
|
|
|
|
|||
|
|
Global Timeouts and Thresholds |
27 |
|
|
|
||||||
|
|
Associate Policy with an Interface |
29 |
|
||||||||
|
|
Edit Inspection Rule |
30 |
|
|
|
|
|
|
|||
|
|
Permit, Block, and Alarm Controls |
31 |
|
||||||||
|
|
Site-to-Site VPN 33 |
|
|
|
|
|
|
|
|
|
|
|
|
Create Site to Site VPN |
33 |
|
|
|
|
|
|
|||
|
|
Site-to-Site VPN Wizard |
|
36 |
|
|
|
|
||||
|
|
View Defaults |
37 |
|
|
|
|
|
|
|
||
|
|
VPN Connection Information |
38 |
|
|
|||||||
|
|
IKE Proposals |
40 |
|
|
|
|
|
|
|
||
|
|
Transform Set |
43 |
|
|
|
|
|
|
|
||
|
|
Traffic to Protect |
45 |
|
|
|
|
|
|
|||
|
|
Summary of the Configuration |
46 |
|
|
|||||||
|
|
|
Spoke Configuration |
|
47 |
|
|
|
|
|||
|
|
Secure GRE Tunnel (GRE-over-IPSec) 48 |
||||||||||
|
|
GRE Tunnel Information |
48 |
|
|
|
|
|||||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
||||||||||
|
|
|||||||||||
viii |
|
|
|
|
|
|
|
|
|
|
OL-4015-06 |
|
|
|
|
|
|
|
|
|
|
|
|
||
Contents
VPN Authentication Information |
49 |
|
|||
Backup GRE Tunnel Information |
51 |
|
|||
Routing Information |
52 |
|
|
|
|
Static Routing Information |
53 |
|
|
|
|
Select Routing Protocol |
|
54 |
|
|
|
Summary of Configuration |
55 |
|
|
|
|
Edit Site-to-Site VPN 55 |
|
|
|
|
|
Add new connection 58 |
|
|
|
|
|
Add Additional Crypto Maps |
59 |
|
|
||
Crypto Map Wizard: Welcome |
60 |
|
|||
Crypto Map Wizard: General |
60 |
|
|
||
Crypto Map Wizard: Peers |
62 |
|
|
|
|
Crypto Map Wizard: Transform Set |
62 |
||||
Crypto Map Wizard: Traffic to Protect 63 |
|||||
Crypto Map Wizard: Summary of the configuration 64 |
|||||
Delete Connection |
65 |
|
|
|
|
Ping 65 |
|
|
|
|
|
Generate Mirror... |
66 |
|
|
|
|
SDM Warning: NAT Rules with ACL |
67 |
||||
How Do I... 67
How Do I Create a VPN to More Than One Site? 68
After Configuring a VPN, How Do I Configure the VPN on the Peer Router? 70
How Do I Edit an Existing VPN Tunnel? 71
How Do I Confirm That My VPN Is Working? 72
How Do I Configure a Backup Peer for My VPN? 73
How Do I Accommodate Multiple Devices with Different Levels of VPN
Support? 73
|
|
How Do I Configure a VPN on an Unsupported Interface? 74 |
||
|
|
How Do I Configure a VPN After I Have Configured a Firewall? 75 |
||
|
|
How Do I Configure NAT Passthrough for a VPN? 75 |
||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|
|
|
||
|
OL-4015-06 |
|
|
ix |
|
|
|
||
Contents
|
|
Easy VPN Remote 77 |
|
|
|
|
|
|
|
Create Easy VPN Remote |
77 |
|
|
|
|
|
|
Configure an Easy VPN Remote Client 77 |
|
|
|
||
|
|
Connection Settings 78 |
|
|
|
|
|
|
|
Authentication 79 |
|
|
|
|
|
|
|
Interfaces 80 |
|
|
|
|
|
|
|
Summary of Configuration 82 |
|
|
|
||
|
|
Edit Easy VPN Remote 83 |
|
|
|
|
|
|
|
Add or Edit Easy VPN Remote |
89 |
|
|
|
|
|
|
Add or Edit Easy VPN Remote: Easy VPN Settings 91 |
|
|
|||
|
|
Add or Edit Easy VPN Remote: Authentication Information |
94 |
|
|||
|
|
Enter SSH Credentials |
95 |
|
|
|
|
|
|
XAuth Login Window |
96 |
|
|
|
|
|
|
Add or Edit Easy VPN Remote: General Settings 96 |
|
|
|||
|
|
Network Extension Options 98 |
|
|
|
||
|
|
Add or Edit Easy VPN Remote: Authentication Information |
98 |
|
|||
|
|
Add or Edit Easy VPN Remote: Interfaces and Connections |
100 |
|
|||
|
|
How Do I... 101 |
|
|
|
|
|
|
|
How Do I Edit an Existing Easy VPN Connection? 102 |
|
|
|||
|
|
How Do I Configure a Backup for an Easy VPN Connection? 102 |
|||||
|
|
Easy VPN Server 105 |
|
|
|
|
|
|
|
Create an Easy VPN Server |
105 |
|
|
|
|
|
|
Welcome to the Easy VPN Server Wizard |
106 |
|
|
||
|
|
Interface and Authentication |
106 |
|
|
|
|
|
|
Group Authorization: Group Policy Lookup |
107 |
|
|
||
|
|
User Authentication (XAuth) |
108 |
|
|
|
|
|
|
User Accounts for XAuth |
109 |
|
|
|
|
|
|
Add RADIUS Server 109 |
|
|
|
|
|
|
|
Group Authorization: User Group Policies |
110 |
|
|
||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|||
|
|
|
|
||||
x |
|
|
|
|
|
OL-4015-06 |
|
|
|
|
|
|
|
||
Contents
General Group Information 111 |
|
|
||
DNS and WINS Configuration 112 |
|
|
||
Split Tunneling |
113 |
|
|
|
Client Settings |
115 |
|
|
|
Choose Browser Proxy Settings |
117 |
|
||
Add or Edit Browser Proxy Settings |
117 |
|||
User Authentication (XAuth) 119 |
|
|
||
Client Update |
120 |
|
|
|
Add or Edit Client Update Entry |
121 |
|
||
Summary 121 |
|
|
|
|
Browser Proxy Settings 122 |
|
|
|
|
Add or Edit Easy VPN Server |
123 |
|
|
|
Add or Edit Easy VPN Server Connection |
125 |
|||
Restrict Access |
126 |
|
|
|
Group Policies Configuration |
126 |
|
|
|
Local Pools 129 |
|
|
|
|
Add or Edit IP Local Pool |
130 |
|
|
|
Add IP Address Range 130 |
|
|
||
DMVPN 1
Dynamic Multipoint VPN 1
Dynamic Multipoint VPN (DMVPN) Hub Wizard 2
Type of Hub |
3 |
|
Configure Pre-Shared Key |
3 |
|
Hub GRE Tunnel Interface Configuration 4 |
||
Advanced Configuration for the Tunnel Interface 5 |
||
Primary Hub |
6 |
|
Select Routing Protocol |
7 |
|
|
Routing Information 7 |
|
|
|
|
Dynamic Multipoint VPN (DMVPN) Spoke Wizard |
9 |
|
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|
|
||||
|
OL-4015-06 |
|
|
xi |
|
|
|
||
Contents
DMVPN Network Topology 9 |
|
|
|
Specify Hub Information |
10 |
|
|
Spoke GRE Tunnel Interface Configuration |
10 |
||
SDM Warning: DMVPN Dependency |
11 |
|
|
Edit Dynamic Multipoint VPN (DMVPN) 12 |
|
|
|
General Panel 14 |
|
|
|
NHRP Panel 15 |
|
|
|
NHRP Map Configuration 16 |
|
|
|
Routing Panel 17 |
|
|
|
How Do I Configure a DMVPN Manually? 19 |
|
|
|
VPN Global Settings 21 |
|
|
|
VPN Global Settings 21 |
|
|
|
VPN Global Settings: IKE 23 |
|
|
|
VPN Global Settings: IPSec |
24 |
|
|
VPN Key Encryption Settings |
25 |
|
|
IP Security 27 |
|
|
|
IPSec Policies 27 |
|
|
|
Add or Edit IPSec Policy 29 |
|
|
|
Add or Edit Crypto Map: General Panel 31 |
|
|
|
Add or Edit Crypto Map: Peer Information Panel |
32 |
||
Add or Edit Crypto Map: Transform Sets Panel |
32 |
||
Add or Edit Crypto Map: IPSec Rules Panel |
34 |
|
|
Dynamic Crypto Map Sets 35 |
|
|
|
Add or Edit Dynamic Crypto Map Set 35 |
|
|
|
Associate Crypto Map with this IPSec Policy 36 |
|||
|
|
IPSec Profiles |
36 |
|
|
|
Add or Edit IPSec Profile and Add Dynamic Crypto Map 37 |
||
|
|
Transform Set |
37 |
|
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
||
|
|
|||
xii |
|
|
OL-4015-06 |
|
|
|
|
||
Contents
|
Add or Edit Transform Set |
40 |
|
|
|
|
||
|
IPSec Rules 43 |
|
|
|
|
|
|
|
|
Internet Key Exchange |
45 |
|
|
|
|
|
|
|
Internet Key Exchange (IKE) 45 |
|
|
|
|
|
||
|
IKE Policies 46 |
|
|
|
|
|
|
|
|
Add or Edit IKE Policy |
48 |
|
|
|
|
||
|
IKE Pre-shared Keys 50 |
|
|
|
|
|
||
|
Add or Edit Pre Shared Key |
51 |
|
|
|
|||
|
VPN Troubleshooting |
53 |
|
|
|
|
|
|
|
VPN Troubleshooting |
53 |
|
|
|
|
|
|
|
VPN Troubleshooting: Specify Easy VPN Client 55 |
|||||||
|
VPN Troubleshooting: Generate Traffic |
56 |
|
|
||||
|
VPN Troubleshooting: Generate GRE Traffic 57 |
|||||||
|
SDM Warning: SDM will enable router debugs... 58 |
|||||||
|
Security Audit 1 |
|
|
|
|
|
|
|
|
Welcome Page 4 |
|
|
|
|
|
|
|
|
Interface Selection Page 4 |
|
|
|
|
|
||
|
Report Card Page 5 |
|
|
|
|
|
|
|
|
Fix It Page 5 |
|
|
|
|
|
|
|
|
Disable Finger Service |
6 |
|
|
|
|
|
|
|
Disable PAD Service |
7 |
|
|
|
|
|
|
|
Disable TCP Small Servers Service |
7 |
|
|
||||
|
Disable UDP Small Servers Service |
8 |
|
|
||||
|
Disable IP BOOTP Server Service |
8 |
|
|
|
|||
|
Disable IP Identification Service |
9 |
|
|
|
|||
|
Disable CDP 9 |
|
|
|
|
|
|
|
|
Disable IP Source Route 10 |
|
|
|
|
|||
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|||||
|
||||||||
|
OL-4015-06 |
|
|
|
|
|
|
xiii |
|
|
|
|
|
|
|
||
Contents
|
|
Enable Password Encryption Service |
10 |
|
|
|
|
||||||
|
|
Enable TCP Keepalives for Inbound Telnet Sessions 11 |
|
|
|||||||||
|
|
Enable TCP Keepalives for Outbound Telnet Sessions |
11 |
|
|
||||||||
|
|
Enable Sequence Numbers and Time Stamps on Debugs |
11 |
|
|||||||||
|
|
Enable IP CEF |
12 |
|
|
|
|
|
|
|
|
|
|
|
|
Disable IP Gratuitous ARPs |
12 |
|
|
|
|
|
|
||||
|
|
Set Minimum Password Length to Less Than 6 Characters |
12 |
|
|||||||||
|
|
Set Authentication Failure Rate to Less Than 3 Retries |
13 |
|
|||||||||
|
|
Set TCP Synwait Time |
13 |
|
|
|
|
|
|
|
|||
|
|
Set Banner |
14 |
|
|
|
|
|
|
|
|
|
|
|
|
Enable Logging |
14 |
|
|
|
|
|
|
|
|
|
|
|
|
Set Enable Secret Password |
15 |
|
|
|
|
|
|||||
|
|
Disable SNMP |
15 |
|
|
|
|
|
|
|
|
|
|
|
|
Set Scheduler Interval |
16 |
|
|
|
|
|
|
|
|||
|
|
Set Scheduler Allocate |
16 |
|
|
|
|
|
|
|
|||
|
|
Set Users |
17 |
|
|
|
|
|
|
|
|
|
|
|
|
Enable Telnet Settings |
17 |
|
|
|
|
|
|
|
|||
|
|
Enable NetFlow Switching |
17 |
|
|
|
|
|
|
||||
|
|
Disable IP Redirects |
18 |
|
|
|
|
|
|
|
|||
|
|
Disable IP Proxy ARP |
18 |
|
|
|
|
|
|
|
|||
|
|
Disable IP Directed Broadcast |
19 |
|
|
|
|
|
|||||
|
|
Disable MOP Service |
|
20 |
|
|
|
|
|
|
|
||
|
|
Disable IP Unreachables 20 |
|
|
|
|
|
|
|
||||
|
|
Disable IP Mask Reply |
20 |
|
|
|
|
|
|
|
|||
|
|
Disable IP Unreachables on NULL Interface |
21 |
|
|
|
|||||||
|
|
Enable Unicast RPF on Outside Interfaces |
22 |
|
|
|
|||||||
|
|
Enable Firewall on All of the Outside Interfaces 22 |
|
|
|
||||||||
|
|
Set Access Class on HTTP Server Service |
23 |
|
|
|
|||||||
|
|
Set Access Class on VTY Lines |
23 |
|
|
|
|
|
|||||
|
|
Enable SSH for Access to the Router |
24 |
|
|
|
|
||||||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|
||||||||
|
|
|
|
|
|||||||||
xiv |
|
|
|
|
|
|
|
|
|
|
|
OL-4015-06 |
|
|
|
|
|
|
|
|
|
|
|
|
|
||
Contents
|
Enable AAA 24 |
|
|
|
|
|
|
|
|
Configuration Summary Screen |
25 |
|
|
|
|
|
|
|
SDM and Cisco IOS AutoSecure |
25 |
|
|
|
|
||
|
Security Configurations SDM Can Undo |
27 |
|
|
|
|||
|
Undoing Security Audit Fixes 28 |
|
|
|
|
|
|
|
|
Add or Edit Telnet/SSH Account Screen |
28 |
|
|
|
|||
|
Configure User Accounts for Telnet/SSH Page |
29 |
|
|
||||
|
Enable Secret and Banner Page |
30 |
|
|
|
|
|
|
|
Logging Page 31 |
|
|
|
|
|
|
|
|
Routing 1 |
|
|
|
|
|
|
|
|
Add or Edit IP Static Route |
3 |
|
|
|
|
|
|
|
Add or Edit an RIP Route 5 |
|
|
|
|
|
|
|
|
Add or Edit an OSPF Route |
5 |
|
|
|
|
|
|
|
Add or Edit EIGRP Route 7 |
|
|
|
|
|
|
|
|
Network Address Translation 1 |
|
|
|
|
|
|
|
|
Network Address Translation Wizards |
1 |
|
|
|
|||
|
Basic NAT Wizard: Welcome |
2 |
|
|
|
|
||
|
Basic NAT Wizard: Connection |
2 |
|
|
|
|
||
|
Summary 3 |
|
|
|
|
|
|
|
|
Advanced NAT Wizard: Welcome |
3 |
|
|
|
|||
|
Advanced NAT Wizard: Connection |
4 |
|
|
|
|||
|
Add IP Address 4 |
|
|
|
|
|
|
|
|
Advanced NAT Wizard: Networks |
4 |
|
|
|
|||
|
Add Network 5 |
|
|
|
|
|
|
|
|
Advanced NAT Wizard: Server Public IP Addresses 5 |
|||||||
|
Add or Edit Address Translation Rule |
6 |
|
|
||||
|
Advanced NAT Wizard: VPN Conflict 8 |
|
|
|
||||
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|||||
|
||||||||
|
OL-4015-06 |
|
|
|
|
|
|
xv |
|
|
|
|
|
|
|
||
Contents
|
|
Details 8 |
|
|
|
|
|
|
|
|
|
|
Network Address Translation Rules 8 |
|
|
|
|
||||
|
|
Designate NAT Interfaces |
12 |
|
|
|
|
|
||
|
|
Translation Timeout Settings |
12 |
|
|
|
|
|||
|
|
Edit Route Map 14 |
|
|
|
|
|
|
|
|
|
|
Edit Route Map Entry |
15 |
|
|
|
|
|
||
|
|
Address Pools |
15 |
|
|
|
|
|
|
|
|
|
Add or Edit Address Pool |
16 |
|
|
|
|
|||
|
|
Add or Edit Static Address Translation Rule: Inside to Outside |
17 |
|
|
|||||
|
|
Add or Edit Static Address Translation Rule: Outside to Inside |
20 |
|
|
|||||
|
|
Add or Edit Dynamic Address Translation Rule: Inside to Outside |
23 |
|
||||||
|
|
Add or Edit Dynamic Address Translation Rule: Outside to Inside |
26 |
|
||||||
|
|
How Do I . . . 28 |
|
|
|
|
|
|
|
|
|
|
How Do I Configure NAT With One LAN and Multiple WANs? 28 |
|
|
||||||
|
|
Intrusion Prevention System |
31 |
|
|
|
|
|
|
|
|
|
IPS Rules 32 |
|
|
|
|
|
|
|
|
|
|
Create IPS Rule 32 |
|
|
|
|
|
|
|
|
|
|
Welcome to the IPS Rule Configuration Wizard |
33 |
|
|
|
||||
|
|
Select Interfaces 33 |
|
|
|
|
|
|
|
|
|
|
SDF Location |
33 |
|
|
|
|
|
|
|
|
|
IPS Rule Wizard Summary |
34 |
|
|
|
|
|
||
|
|
IPS Rules Configuration |
34 |
|
|
|
|
|
|
|
|
|
Enable or Edit IPS on an Interface 37 |
|
|
|
|
||||
|
|
Import Signatures |
38 |
|
|
|
|
|
|
|
|
|
File Selection |
39 |
|
|
|
|
|
|
|
|
|
Welcome to the IPS Signature Import Wizard |
40 |
|
|
|
||||
|
|
Signature Definition File (SDF) and Signature Selection 40 |
|
|
|
|||||
|
|
Signature Filter 40 |
|
|
|
|
|
|
|
|
|
|
Signature Edit |
41 |
|
|
|
|
|
|
|
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|
|
||||
|
|
|
|
|
|
|||||
xvi |
|
|
|
|
|
|
|
OL-4015-06 |
|
|
|
|
|
|
|
|
|
|
|||
Contents
|
Signature Import Wizard Summary 41 |
|
|
|
|||||
|
Signatures 42 |
|
|
|
|
|
|
|
|
|
Assign Actions |
46 |
|
|
|
|
|
|
|
|
Import Signatures |
46 |
|
|
|
|
|
||
|
Add, Edit, or Clone Signature 48 |
|
|
|
|||||
|
Add or Edit a Signature Location 49 |
|
|
|
|||||
|
Cisco Intrusion Prevention Alert Center |
50 |
|
|
|||||
|
IPS-Supplied Signature Definition Files |
50 |
|
|
|||||
|
Global Settings 51 |
|
|
|
|
|
|
|
|
|
Edit Global Settings |
53 |
|
|
|
|
|
||
|
SDEE Messages 54 |
|
|
|
|
|
|
|
|
|
SDEE Message Text |
55 |
|
|
|
|
|
||
|
Network Module Management |
1 |
|
|
|
|
|||
|
IDS Network Module Management |
1 |
|
|
|
||||
|
IDS Sensor Interface IP Address |
3 |
|
|
|
||||
|
IP Address Determination 4 |
|
|
|
|
||||
|
IDS NM Configuration Checklist |
5 |
|
|
|
||||
|
IDS NM Interface Monitoring Configuration 7 |
||||||||
|
Network Module Login |
7 |
|
|
|
|
|
||
|
Feature Unavailable |
7 |
|
|
|
|
|
|
|
|
Switch Module Interface Selection |
8 |
|
|
|
||||
|
Quality of Service 9 |
|
|
|
|
|
|
|
|
|
Create QoS Policy |
9 |
|
|
|
|
|
|
|
|
QoS Wizard 10 |
|
|
|
|
|
|
|
|
|
Interface Selection |
10 |
|
|
|
|
|
|
|
|
QoS Policy Generation |
10 |
|
|
|
|
|
||
|
View QoS Class Details |
12 |
|
|
|
|
|||
|
Summary of the configuration |
13 |
|
|
|
|
|||
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
||||||
|
|||||||||
|
OL-4015-06 |
|
|
|
|
|
|
|
xvii |
|
|
|
|
|
|
|
|
||
Contents
Edit QoS Policy 13
Edit QoS Class 15
Add a Protocol 17
Interface Association 18
QoS Status 18
Network Admission Control 21
Create NAC Tab 21
Other Tasks in a NAC Implementation 22
Welcome 23
RADIUS Server 23
Select the Interface(s) 25
NAC Exception List 25
Configure Exception List Entry Dialog 26
Policy List 27
Add Exception Policy 27
Agentless Host Policy 28
NAC Router Management Access 29
Open Interface ACL 29
Details Window 30
Summary of the configuration 30
Edit NAC Tab 31
EAPoUDP Components 31
Exception List Window 32
Exception Policies Window 32
EAPoUDP Timeouts 33
Configure a NAC Policy 34
|
|
How Do I... |
35 |
|
|
|
How Do I Configure a NAC Policy Server? 35 |
||
|
|
How Do Install and Configure a Posture Agent on a Host? 35 |
||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
||
|
|
|||
xviii |
|
|
OL-4015-06 |
|
|
|
|
||
Contents
Router Properties 1 |
|
Device Properties 1 |
|
Date and Time: Clock Properties 2 |
|
Date and Time Properties 3 |
|
NTP 4 |
|
Add or Edit NTP Server Details 5 |
|
SNTP |
7 |
Add an NTP Server 7 |
|
Syslog |
8 |
SNMP |
8 |
Router Access 10
User Accounts: Configure User Accounts for Router Access 10
|
Add or Edit a Username 11 |
|
|
|
|
|
View Password |
13 |
|
|
|
|
VTYs 13 |
|
|
|
|
|
Edit VTY Lines |
14 |
|
|
|
|
Configure Management Access Policies 15 |
||||
|
Add or Edit a Management Policy 17 |
|
|
|
|
|
Management Access Error Messages |
18 |
|
|
|
|
SDM Warning: ANY Not Allowed |
18 |
|
|
|
|
SDM Warning: Unsupported Access Control Entry 19 |
||||
|
SDM Warning: SDM Not Allowed |
19 |
|
|
|
|
SDM Warning: Current Host Not Allowed 19 |
||||
|
SSH 20 |
|
|
|
|
|
DHCP Configuration |
21 |
|
|
|
|
DHCP Pools 21 |
|
|
|
|
|
Add or Edit DHCP Pool 22 |
|
|
|
|
|
DHCP Bindings |
23 |
|
|
|
|
Add or Edit DHCP Binding 24 |
|
|
|
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
||
|
|||||
|
OL-4015-06 |
|
|
|
xix |
|
|
|
|
||
Contents
DNS Properties 26
Dynamic DNS Methods 26
Add or Edit Dynamic DNS Method 27
ACL Editor 1
Useful Procedures for Access Rules and Firewalls 2
Rules Windows |
3 |
|
Add or Edit a Rule |
7 |
|
Associate with an Interface |
9 |
|
Add a Standard Rule Entry |
11 |
|
Add an Extended Rule Entry |
13 |
|
Select a Rule 16 |
|
|
Port-to-Application Mapping 19
Port-to-Application Mappings 19
Add or Edit Port Map Entry 21
Authentication, Authorization, and Accounting 23
AAA Main Window 23
AAAServers and Groups 24
AAA Servers Window 25
Add or Edit a TACACS+ Server 26
Add or Edit a RADIUS Server 27
Edit Global Settings 27
AAA Server Groups Window 28
Authentication and Authorization Policies 29
Authentication and Authorization Windows 29
Authentication NAC 30
Add or Edit a Method List for Authentication or Authorization 31
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide
xx |
OL-4015-06 |
|
|
Contents
|
Router Provisioning |
33 |
|
|
|
|
|
|
||
|
Router Provisioning from USB 33 |
|
|
|
|
|||||
|
Public Key Infrastructure |
35 |
|
|
|
|
|
|||
|
Certificate Wizards |
35 |
|
|
|
|
|
|
||
|
Welcome to the SCEP Wizard |
37 |
|
|
|
|||||
|
Certificate Authority (CA) Information |
37 |
|
|
||||||
|
Advanced Options |
39 |
|
|
|
|
||||
|
Certificate Subject Name Attributes |
39 |
|
|
||||||
|
Other Subject Attributes |
40 |
|
|
|
|||||
|
RSA Keys |
41 |
|
|
|
|
|
|
|
|
|
Summary |
42 |
|
|
|
|
|
|
|
|
|
Enrollment Status |
|
43 |
|
|
|
|
|
|
|
|
Cut and Paste Wizard Welcome 43 |
|
|
|
||||||
|
Enrollment Task |
43 |
|
|
|
|
|
|
||
|
Enrollment Request |
44 |
|
|
|
|
|
|
||
|
Continue with Unfinished Enrollment 44 |
|
|
|
||||||
|
Import CA certificate 45 |
|
|
|
|
|
||||
|
Import Router Certificate(s) |
46 |
|
|
|
|
||||
|
Digital Certificates |
46 |
|
|
|
|
|
|
||
|
Trustpoint Information |
48 |
|
|
|
|
||||
|
Certificate Details |
48 |
|
|
|
|
|
|||
|
Revocation Check |
49 |
|
|
|
|
|
|||
|
Revocation Check, CRL Only |
49 |
|
|
|
|||||
|
RSA Keys Window |
50 |
|
|
|
|
|
|
||
|
Generate RSA Key Pair |
51 |
|
|
|
|
||||
|
USB Tokens 52 |
|
|
|
|
|
|
|
|
|
|
Add or Edit USB Token |
53 |
|
|
|
|
||||
|
SDP Troubleshooting Tips |
55 |
|
|
|
|
||||
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|||||||
|
||||||||||
|
OL-4015-06 |
|
|
|
|
|
|
|
|
xxi |
|
|
|
|
|
|
|
|
|
||
Contents
Open Firewall 56
|
|
Open Firewall Details 57 |
|
|
|
||
|
|
Resetting to Factory Defaults |
1 |
|
|
|
|
|
|
This Feature Not Supported |
4 |
|
|
|
|
|
|
More About.... 1 |
|
|
|
|
|
|
|
IP Addresses and Subnet Masks 1 |
|
|
|
||
|
|
Host and Network Fields |
3 |
|
|
|
|
|
|
Available Interface Configurations 4 |
|
|
|
||
|
|
DHCP Address Pools 5 |
|
|
|
|
|
|
|
Meanings of the Permit and Deny Keywords |
6 |
|
|
||
|
|
Services and Ports |
6 |
|
|
|
|
|
|
More About NAT |
13 |
|
|
|
|
|
|
Static Address Translation Scenarios 13 |
|
|
|
||
|
|
Dynamic Address Translation Scenarios |
16 |
|
|
||
|
|
Reasons that SDM Cannot Edit a NAT Rule 17 |
|
|
|||
|
|
More About VPN |
18 |
|
|
|
|
|
|
Cisco.com Resources 18 |
|
|
|
||
|
|
More about VPN Connections and IPSec Policies 19 |
|
|
|||
|
|
More About IKE 21 |
|
|
|
|
|
|
|
More About IKE Policies |
22 |
|
|
|
|
|
|
Allowable Transform Combinations 23 |
|
|
|
||
|
|
Reasons Why a Serial Interface or Subinterface Configuration May Be |
|
|
|||
|
|
Read-Only 24 |
|
|
|
|
|
|
|
Reasons Why an ATM Interface or Subinterface Configuration May Be |
|
|
|||
|
|
Read-Only 25 |
|
|
|
|
|
|
|
Reasons Why an Ethernet Interface Configuration May Be Read-Only |
26 |
|
|||
|
|
Reasons Why an ISDN BRI Interface Configuration May Be Read-Only |
27 |
|
|||
|
|
Reasons Why an Analog Modem Interface Configuration May Be Read-Only 28 |
|||||
|
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
|
|
|||
|
|
|
|
||||
xxii |
|
|
|
|
OL-4015-06 |
|
|
|
|
|
|
|
|||
Contents
Firewall Policy Use Case Scenario 29
DMVPN Configuration Recommendations 32
SDM White Papers 34
Getting Started 1
What’s New in this Release? 2
Cisco IOS Versions Supported 2
Viewing Router Information 1
Overview 2
Interface Status 6
VPN Status 8
Firewall Status 13
Application Security Log 14
NAC Status 15
Logging 17
File Menu Commands 1
Save Running Config to PC 1
Deliver Configuration to Router 1
Write to Startup Config 2
Reset to Factory Defaults 2
File Management 2
Rename 4
New Folder 5
Save SDF to PC 5
Exit 5
Unable to perform ‘squeeze flash’ 5
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
OL-4015-06 |
xxiii |
Contents
Edit Menu Commands 9
Preferences 9
View Menu Commands 1
Home 1
Configure 1
Monitor 1
Running Config 2
Show Commands 2
SDM Default Rules 2
Refresh 3
Tools Menu Commands 1
Ping 1
Telnet 1
Security Audit 1
USB Token PIN Settings 2
Update SDM 3
Help Menu Commands 1
Help Topics 1
SDM on CCO 1
About this router... 1
About SDM 1
|
Cisco Router and Security Device Manager (SDM) Version 2.1 User’s Guide |
xxiv |
OL-4015-06 |
C H A P T E R 1
Home Page
The home page supplies basic information about the router’s hardware, software, and configuration. This page contains the following sections:
Host Name
The configured name of the router.
About Your Router
Shows basic information about your router hardware and software, and contains the following fields:
|
Hardware |
|
Software |
|
|
|
|
|
|
|
|
||
|
Model Type |
Shows the router model |
IOS Version |
The version of Cisco |
||
|
|
number. |
|
IOS software that is |
||
|
|
|
|
currently running on the |
||
|
|
|
|
router. |
||
|
|
|
|
|
||
|
Available/Total Memory |
Available RAM/Total |
SDM Version |
The version of Cisco |
||
|
|
RAM |
|
Cisco Router and |
||
|
|
|
|
Security Device |
||
|
|
|
|
Manager (SDM) |
||
|
|
|
|
software that is |
||
|
|
|
|
currently running on the |
||
|
|
|
|
router. |
||
|
|
|
|
|
|
|
|
|
Cisco Router and Security Device Manager Version 2.2 User’s Guide |
|
|
||
|
|
|
||||
|
OL-4015-08 |
|
|
|
|
1-1 |
|
|
|
|
|
||
Chapter 1 Home Page
|
|
|
|
|
|
|
|
|
|
Hardware |
|
Software |
||
|
|
|
|
|
Total Flash Capacity |
Flash plus Webflash (if |
|
|
|
|
|
applicable) |
|
|
|
|
|
|
|
Feature Availability |
The features available in the Cisco IOS image the router is using are |
|||
|
|
designated by a check. The features SDM checks for are: IP, Firewall, VPN, |
||
|
|
IPS, and NAC. |
||
|
|
|
|
|
More...
The More... link displays a popup window providing additional hardware and software details.
•Hardware Details—In addition to the information presented in the About Your Router section, this tab displays information about:
–Where the router boots from–Flash or Configuration File.
–Whether the router has accelerators, such as VPN accelerators.
–A diagram of the hardware configuration, including flash memory and installed devices such as USB flash and USB tokens.
•Software Details—In addition to the information presented in the About Your Router section, this tab displays information about:
–The feature sets included in the IOS image.
–The version of SDM running.
Configuration Overview
This section of the home page summarizes the configuration settings that have been made.
Note If you do not see feature information described in this help topic on the home page, the Cisco IOS image does not support the feature. For example, if the router is running a Cisco IOS image that does not support security features, the Firewall Policy, VPN, and Intrusion Prevention sections do not appear on the home page.
View Running Config
Click this button to display the router’s running configuration.
|
Cisco Router and Security Device Manager Version 2.2 User’s Guide |
1-2 |
OL-4015-08 |
Chapter 1 Home Page
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Up (n): The number of |
Down (n): The number |
Double-arrow head: Click |
||||||
|
Interfaces and |
|
LAN and WAN |
|
of LAN and WAN |
to display/hide details. |
|||||
|
Connections |
|
connections that are |
connections that are |
|
|
|
|
|
||
|
|
|
up. |
|
down. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
Total Supported LAN |
|
The total number of |
Total Supported WAN |
The number of |
||||||
|
|
|
LAN interfaces that |
|
|
SDM-supported WAN |
|||||
|
|
|
are present in the |
|
|
interfaces that are present |
|||||
|
|
|
router. |
|
|
|
on the router. |
||||
|
|
|
|
|
|
|
|
|
|||
|
Configured LAN |
|
The number of |
|
Total WAN Connections |
The total number of |
|||||
|
Interface |
|
supported LAN |
|
|
|
SDM-supported WAN |
||||
|
|
|
interfaces currently |
|
|
connections that are |
|||||
|
|
|
configured on the |
|
|
present on the router. |
|||||
|
|
|
router. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DHCP Server |
|
Configured/ |
|
|
|
|
|
|
|
|
|
|
|
Not Configured |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
DHCP Pool (Detail view) |
If one pool is |
|
Number of DHCP Clients |
Current number of clients |
||||||
|
|
|
configured, starting |
(Detail view) |
|
leasing addresses. |
|||||
|
|
|
and ending address of |
|
|
|
|
|
|
|
|
|
|
|
DHCP pool. |
|
|
|
|
|
|
|
|
|
|
|
If multiple pools are |
|
|
|
|
|
|
|
|
|
|
|
configured, list of |
|
|
|
|
|
|
|
|
|
|
|
configured pool |
|
|
|
|
|
|
|
|
|
|
|
names. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
Interface |
|
Type |
|
IP/Mask |
|
Description |
||||
|
|
|
|
|
|
|
|
|
|||
|
Name of configured |
|
Interface type |
|
IP address and subnet |
Description of interface |
|||||
|
interface |
|
|
|
mask |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|||||
|
Firewall Policies |
Active/Inactive |
Trusted (n) |
Untrusted (n) |
|
DMZ (n) |
|||||
|
|
|
|
|
|
||||||
|
|
Active—A firewall |
The number of |
The number of |
The number of |
||||||
|
|
is in place. |
trusted (inside) |
untrusted (outside) |
DMZ interfaces. |
||||||
|
|
Inactive—No |
interfaces. |
interfaces. |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
||
|
|
firewall is in place. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
Cisco Router and Security Device Manager Version 2.2 User’s Guide |
|
|
|
|||||
|
|
|
|||||||||
|
OL-4015-08 |
|
|
|
|
|
|
|
|
1-3 |
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
Chapter 1 Home Page |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Firewall Policies |
Active/Inactive |
Trusted (n) |
|
Untrusted (n) |
|
DMZ (n) |
||
|
|
|
|
|
|
|
|
|
Interface |
Firewall Icon |
NAT |
|
Inspection Rule |
|
Access Rule |
||
|
|
|
|
|
|
|
|
|
The name of the |
Whether the |
The name or |
The names or |
|
The names or |
|||
interface to which |
interface is |
number of the NAT |
numbers of the |
|
numbers of the |
|||
a firewall has been |
designated as an |
rule applied to this |
inbound and |
|
inbound and |
|||
applied |
inside or an |
interface. |
|
outbound |
|
outbound access |
||
|
|
outside interface. |
|
|
inspection rules. |
rules. |
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Up (n)- The number of |
|
|
|
|
|
VPN |
|
active VPN |
|
|
|
|
|
|
|
|
|
connections. |
|
|
|
|
|
|
|
|
|
|
|
|||
IPSec (Site-to-Site) |
|
The number of |
|
GRE over IPSec |
The number of |
|||
|
|
|
configured site-to-site |
|
|
configured GRE over |
||
|
|
|
VPN connections. |
|
|
IPSec connections. |
||
|
|
|
|
|
||||
Xauth Login Required |
|
The number of Easy |
Easy VPN Remote |
The number of |
||||
|
|
|
VPN connections |
|
|
configured Easy VPN |
||
|
|
|
awaiting an Xauth |
|
|
Remote connections. |
||
|
|
|
Login. See note. |
|
|
|
|
|
|
|
|
|
|
||||
No. of DMVPN Clients |
|
If router is configured |
No. of Active VPN clients |
If this router is |
||||
|
|
|
as a DMVPN hub, the |
|
|
functioning as an Easy |
||
|
|
|
number of DMVPN |
|
|
VPN Server, the number |
||
|
|
|
clients. |
|
|
|
of Easy VPN clients |
|
|
|
|
|
|
|
|
with active connections. |
|
|
|
|
|
|
|
|||
Interface |
|
Type |
|
IPSec Policy |
Description |
|||
|
|
|
|
|
||||
The name of an |
|
The type of VPN |
The name of the IPSec |
A description of the |
||||
interface with a |
|
connection configured |
policy associated with |
connection. |
||||
configured VPN |
|
on the interface. |
the VPN connection. |
|
|
|||
connection |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco Router and Security Device Manager Version 2.2 User’s Guide |
1-4 |
OL-4015-08 |
Chapter 1 Home Page
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note |
• Some VPN servers or concentrators authenticate clients using Extended |
|||||||
|
|
|
|
|
Authentication (XAuth). This shows the number of VPN tunnels awaiting an |
||||
|
|
|
|
|
Xauth login. If any Easy VPN tunnel awaits XAuth login, a separate message |
||||
|
|
|
|
|
panel is shown with a Login button. Clicking Login allows you to enter the |
||||
|
|
|
|
|
credentials for the tunnel. |
|
|
||
|
|
|
|
• If Xauth has been configured for a tunnel, it will not begin to function until |
|||||
|
|
|
|
|
the login and password has been supplied. There is no timeout after which it |
||||
|
|
|
|
|
will stop waiting; it will wait indefinitely for this information. |
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NAC Policies |
|
Active or Inactive |
|||
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Interface Column |
|
NAC Policy Column |
|||
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The name of the interface to which the |
The name of the NAC policy. |
||||
|
|
|
|
||||||
|
|
|
|
policy is applied. For example, |
|
|
|
||
|
|
|
|
FastEthernet 0, or Ethernet 0/0. |
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
Routing |
|
|
Intrusion Prevention |
|
|
|||
|
|
|
|
|
|
||||
|
No. of Static Routes |
|
The number of static |
Active Signatures |
The number of active |
||||
|
|
|
|
|
routes configured on the |
|
|
signatures the router is |
|
|
|
|
|
|
router. |
|
|
using. These may be |
|
|
|
|
|
|
|
|
|
built in, or they may be |
|
|
|
|
|
|
|
|
|
loaded from a remote |
|
|
|
|
|
|
|
|
|
location. |
|
|
|
|
|
|
|
||||
|
Dynamic Routing |
|
Lists any dynamic |
No. of IPS-enabled |
The number of router |
||||
|
Protocols |
|
routing protocols that |
interfaces |
interfaces on which IPS |
||||
|
|
|
|
|
are configured on the |
|
|
has been enabled. |
|
|
|
|
|
|
router. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco Router and Security Device Manager Version 2.2 User’s Guide |
|
|
|
|
|
||
|
OL-4015-08 |
|
|
1-5 |
|
|
|
Chapter 1 Home Page
|
Cisco Router and Security Device Manager Version 2.2 User’s Guide |
1-6 |
OL-4015-08 |
Loading...