Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Cisco Router and Security Device Manager (SDM)

Cisco Router and Security Device
Manager (SDM)
Session Number
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
1
Cisco SDM: Combining Ease Of Use &
Application Intelligence
Cisco SDM is an intuitive, web-based tool for Easy and Reliable
Deployment and Management of services on Cisco IOS routers
• Ease of Use: Smart
Wizards, Built-in Tutorials
• Application Intelligence:
Knowledgebase of TACapproved IOS configs
• Integrated Services
Management: Routing,
Switching, Security, QoS
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
2
New!
SDMv2.0: Embedded Services Management
Uses the Cisco TAC knowledgebase to
troubleshoot VPN and WAN
Integrated management of
router services: Routing,
switching, security, QoS
Web-based, easy-to-use
management tool ships
on all Cisco 1800, 2800
and 3800 series.
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
3
SDMv2.0: Embedded Services
Management (cont.)
• New Security Features
–Inline IPS with dynamic signature update and signature
customization
–Easy VPN Server and AAA
–Role-based router access
–DMVPN: Spoke-to-spoke, redundant hubs
–Digital certificates for IPSec VPNs
– SSHv2
• QoS Policy and NBAR
• VPN, WAN connection troubleshooting
• Real-time and graphical router and application traffic
monitoring
• Major UI Improvements - Router services dashboard, taskbased navigation
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
4
Application Intelligence
Two
examples of
configuration
checking
intelligence
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
5
SDM’s Key Features and Benefits
SDM Features
Ease of Use
Graphical User-Interface for routing,
switching, security, QoS management on
Cisco Routers
Customer Benefits
Reduce TCO of Cisco routers through
enhanced productivity of Network and
Security Administrators.
Application Intelligence
Built-in knowledge of interactions between
different IOS features, industry best-practices
and TAC recommended configurations.
Improve Network Uptime through reduced
instances of configuration errors.
Real-Time Graphical Monitoring and
Role-based Access
Effective use of IT staff and remote branch
admins with limited technical expertise.
Easy to comprehend charts of router and
network resource usage. Read-Only user
profile.
Service Providers can reduce OPEX by
offering a graphical Read-Only view of the
CPE services to end customers.
WAN and VPN Troubleshooting
L2 and above troubleshooting integrated with
TAC knowledgebase of recovery actions
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
Reduce Mean Time to Repair by leveraging
integration of routing, LAN, WAN and
Security features on the router for detailed
troubleshooting.
6
SDM Usage Scenarios
• Cisco Router Initial Deployment
–Startup Wizard for quick LAN/WAN, basic router security setup
–Integration with IE2100/CNS for mass deployments
• IOS Security Management
–Integrated Routing and Security Configuration, Monitoring and
Troubleshooting
–Graphical Firewall and ACL Policy View (traffic flows)
–IPSec VPNs (Configuration and Monitoring) with QoS
–NAT Policies
• Day-to-Day Router Operations (monitoring, troubleshooting)
–Performance Monitoring, Interface Status, Hardware & Software
Inventory
–Security Audits, Firewall Logs, VPN Tunnel Monitoring
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
7
Comprehensive IOS Feature Support
UI Features
Startup Wizard, IOS Home Page, Performance Monitor,
Syslog Viewer, Reset to Factory, Security Audit, 1-Step
Router Lockdown
VPN
Easy VPN Server, Easy VPN Remote, IPSec, GRE over
IPSec, DMVPN (full mesh/hub-spoke), V3PN, Digital
Certificates, VPN Monitor, and Troubleshooting
Firewall
CBAC, DMZ, FW Log, Policy Table
Intrusion
Prevention (IPS)
IPS with dynamic signature update and signature
customization
Routing
OSPF, EIGRP, RIPv2, Static
Interfaces
10/100/1000 Ethernet, xDSL, Serial T1/E1, ISDN BRI, AM
WAN
FR, PPPoE, PPP, HDLC, RFC 1483, Dial-Backup,
ADSL auto-detect, QoS, NBAR, Troubleshooting
Advanced
Configuration
NAT, ACL, VLAN, CLI Preview Mode, DHCP Server,
Date/Time, NTP, DNS, SSHv2, Management Access Policy
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
8
SDMv2.0 Features and Benefits
SDMv2.0 Features
Easy VPN Server
Wizard-based configuration and real-time
monitoring of remote access VPN users.
Integration with on-router or remote AAA
server.
Intrusion Prevention (IPS)
Dynamic signature update, quick
deployment of default signatures, Ability
to customize signatures, Validation of
router resources before signature
deployment.
Role-Based Access
Factory-default Profiles: Admin, ReadOnly, Firewall, Easy VPN Remote
WAN and VPN Troubleshooting
L2 and above troubleshooting integrated
with TAC knowledgebase of recovery
actions
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
Customer Benefits
Scalable, Easy to manage, secure remote
access for teleworkers or small offices on Hub
routers or branch office access routers.
Network-based protection against worms,
viruses, and OS/protocol exploits.
Customize signatures for day-0 protection
against new variants of worms/viruses.
Secure, Logical separation of router between
NetOps, SecOps, End-Users.
MSSPs can offer a graphical Read-Only view of
the CPE services to end customers.
Leverage integration of routing, LAN, WAN and
Security features on the router for detailed
troubleshooting of IPSec VPNs or WAN links.
9
SDMv2.0 Features and Benefits
SDMv2.0 Features
QoS Policy
3 pre-defined categories: Real-time, Biz
Critical, Best Effort
NBAR
Application traffic performance monitoring
Customer Benefits
Easily, and effectively optimize WAN/VPN
bandwidth and application performance for
different business needs (Voice/Video, Enterprise
Apps, Web, etc.)
Real-time, validation of application usage of
WAN/VPN bandwidth against pre-defined service
policies.
SSHv2
Automatically use SSHv2 for all encrypted
communication between SDM and Router
Task-based SDM UI
Newly designed Home Page, Single starting
point for key security tasks, Better
navigation between related tasks
Real-time Network and Router
resource Monitoring
Graphical charts for LAN/WAN traffic and
bandwidth usage.
Digital Certificates
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
Secure management between PC and Cisco router.
Faster and easier configuration of security
configurations – IPSec VPNs, Firewall, ACLs, IPS,
etc.
Faster and easier analysis of router resource and
network resource usage.
Highly scalable and more secure solution than
pre-share keys. Now easy to use and deploy with
the combination of SDM, IOS CA, and EzSDD.
10
Cisco Routers and IOS Release Support
SDM Supported Platforms
Minimum Supported IOS
Versions
831, 836, 837
12.2(13)ZH, 12.3.2XA, 12.3(2)T
1701, 1711, 1712
12.2(15)ZL, 12.3.2XA
1710, 1721, 1751, 1751-v, 1760, 1760-v
12.2(13)ZH, 12.2(13)T3
1841
12.3(8)T4
2610XM, 2611XM, 2620XM, 2621XM,
2650XM, 2651XM, 2691
12.2(11)T6 , 12.3(1)M, 12.3(2)T
2801, 2811, 2821, 2851
12.3(8)T4
3620, 3640, 3640A, 3661, 3662
12.2(11)T6, 12.3(1)M, 12.3(2)T
3725, 3745
12.2(11)T6, 12.3(1)M, 12.3(2)T
3825, 3845
12.3(11)T
7204VXR, 7206VXR, 7301
12.3(2)T, 12.3(3)M
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
11
Cisco SDM Availability and Ordering
Cisco 1800, 2800, and 3800 Series
Routers (all SKUs including bundles)
SDM factory installed
All VPN bundles:
1700, 2600XM, 2691, 3700, 7204VXR,
7206VXR, 7301
SDM factory installed
831-SDM-k9, 836-SDM-k9, 837-SDM-k9
SDM factory installed
1700 to 3700 router SKUs
ROUTER-SDM
Configurable Option
(w/o automatic factory loaded SDM)
($0 list price)
SDM can be downloaded from CCO for existing routers
http://www.cisco.com/cgi-bin/tablebuild.pl/sdm
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
12
TECHNICAL OVERVIEW
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
13
Startup Wizard
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
14
Smart Wizards
• Startup Wizard
Quickly deploy a factory fresh router
• LAN Configuration
Configure the LAN interfaces and DHCP
• WAN Configuration
Configure PPP, Frame Relay, HDLC WAN interfaces
• Firewall
Two types of firewall wizard - simple inside/outside or
more complex inside/outside/DMZ with multiple interfaces.
• VPN
Four types of wizards to create a secure Site-to-Site VPN,
Easy VPN Server, Easy VPN Client and Dynamic Multipoint VPN
• Security Audit
Perform a router security audit and provides easy instructions on
how to lock down the insecure features found
• QoS
QoS Policy wizard to prioritize real-time and business critical
application traffic
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
15
Advanced Configuration
• Firewall/ACL Policy
Policy-based view of firewall configurations; modify
access or inspection rules
• Rules
View summary of Access, NAT, IPSec, or other rules in
router config with ability to create, edit, or delete same
• Routing
Review, add, edit, and delete static/dynamic routes
• Intrusion Prevention
Enable, disable IOS IPS policy on any interface.
• NAT
View NAT rules and address pools and set translation
timeouts. Designate interfaces as inside or outside
• Router Properties
Overall attributes of the router (eg. router name, domain
name, password, NTP, Date/Time, etc)
• Router Access
Role-Based User Access, Management Access Policy,
SSH
• AAA
Local (on router) or remote server-based Authentication
& Authorization
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
16
Monitor Mode
• Overview
Real-time router
resources and
services status
• Interface Status
LAN/WAN traffic, BW
usage charts
• Firewall Status
Log messages with the
regarding connections
denied by the firewall
• VPN Status
Detailed statistics
about the VPN
connections
• QoS, NBAR
Application Traffic
monitoring and QoS
Policy usage
• Logging
Contains a log of
events categorized by
severity level, like a
UNIX syslog service
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
17
Security Audit
• Automate NSA, ICSA
Labs and Cisco TAC
recommendations for
securing Cisco Routers
• Customize Security
Policy based on sitespecific needs
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
18
Firewall Policy View
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
19
IPSec VPN Wizards
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
New!
2.0
20
Intrusion Prevention (IPS)
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
New!
2.0
21
Quality of Service (QoS) Policy
New!
2.0
Wizard-based
QoS Policy
Configuration
built on Cisco
recommended
QoS
Architecture
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
22
LAN/WAN Interface Monitoring
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
New!
2.0
23
Cisco SDM Resources
• Latest SDM-related product information:
www.cisco.com/go/sdm
• Cisco SDM Flash Demo, Live Demo on Cisco
Routers, and VoDs:
www.cisco.com/go/sdm ► Product Literature ►
Presentations
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
24
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.
25
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Linksys BEFSX41 Broadband Firewall Router with 4
Linksys BEFSX41 Broadband Firewall Router with 4
Cisco 2611 Router
Cisco 2611 Router
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
CCNA Security – Chapter 9 Case Study © 2009 Cisco Learning
CCNA Security – Chapter 9 Case Study © 2009 Cisco Learning
Cisco Services are most attractive to customers when they are sold
Cisco Services are most attractive to customers when they are sold
102 - ICM Software House
102 - ICM Software House
Download