Cisco Router and Security Device Manager (SDM)

Similar documents
Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

CCNP: Implementing Secure Converged Wide-area Networks

CISCO IOS NETWORK SECURITY (IINS)

Cisco Configuration Professional for Cisco Integrated Services Routers and WAN Edge Routers

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Cisco Certified Network Expert (CCNE)

Cisco Certified Security Professional (CCSP)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

"Charting the Course...

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

How To Learn Cisco Cisco Ios And Cisco Vlan

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Cisco Easy VPN on Cisco IOS Software-Based Routers

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

Cisco Which VPN Solution is Right for You?

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

CCNA Security 2.0 Scope and Sequence

CCNA Security v1.0 Scope and Sequence

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

TABLE OF CONTENTS NETWORK SECURITY 2...1

Securing Networks with PIX and ASA

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

Configure ISDN Backup and VPN Connection

Cisco SR 520-T1 Secure Router

Cisco ASA. Administrators

Recommended IP Telephony Architecture

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

: Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND2)

Cisco Networking Professional-6Months Project Based Training

How To Pass A Credit Course At Florida State College At Jacksonville

Network Security Features on the Cisco Integrated Services Routers

Managing Enterprise Security with Cisco Security Manager

Implementing Cisco IOS Network Security v2.0 (IINS)

Cisco Configuration Professional for Cisco Access Routers

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Implementing Core Cisco ASA Security (SASAC)

Scenario: Remote-Access VPN Configuration

Cisco IOS Software & Router solutions for the SMB market

Managing Enterprise Security with Cisco Security Manager

Installation of the On Site Server (OSS)

Objectives. Background. Required Resources. CCNA Security

TABLE OF CONTENTS NETWORK SECURITY 1...1

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Network Virtualization Network Admission Control Deployment Guide

RuggedCom Solutions for

CCNA Security v1.0 Scope and Sequence

Cisco Virtual Office Express

CCNA Cisco Associate- Level Certifications

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Internet Router. Enhance your Internet surfing experience with various connection types

Secure Network Foundation 1.1 Design Guide for Single Site Deployments

Cisco Small Business ISA500 Series Integrated Security Appliances

NETGEAR VoIP Avaya QE 20

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Barracuda Link Balancer

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led

(d-5273) CCIE Security v3.0 Written Exam Topics

Chapter 1 The Principles of Auditing 1

Implementing Cisco IOS Network Security

Cisco IOS Advanced Firewall

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Interconnecting Cisco Networking Devices, Part 2 **Part of CCNA Route/Switch**

Table of Contents. Introduction

WAN Routing Configuration Examples for the Secure Services Gateway Family

Infoblox vnios Software for CISCO AXP

IINS Implementing Cisco Network Security 3.0 (IINS)

Emerson Smart Firewall

WAN Failover Scenarios Using Digi Wireless WAN Routers

Cisco Configuration Assistant

Edgewater Routers User Guide

Scenario: IPsec Remote-Access VPN Configuration

Network Security Firewall

Multi-Homing Security Gateway

Innominate mguard Version 6

INTERCONNECTING CISCO NETWORKING DEVICES PART 2 V2.0 (ICND 2)

Securing Cisco Network Devices (SND)

Cisco Certified Network Associate - Design

: Interconnecting Cisco Networking Devices Part 2 v1.1

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Interconnecting Cisco Networking Devices Part 2

Barracuda Link Balancer Administrator s Guide

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

CCT vs. CCENT Skill Set Comparison

Edgewater Routers User Guide

Cisco Unified Communications 500 Series

Associate in Science Degree in Computer Network Systems Engineering

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Lab Organizing CCENT Objectives by OSI Layer

Cisco Certified Network Professional (CCNP Routing & Switching)

Cisco Adaptive Security Device Manager Version 5.2F for Cisco Firewall Services Module Software Version 3.2

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

Skills Assessment Student Training Exam

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Transcription:

Cisco Router and Security Device Manager (SDM) Session Number 1

Cisco SDM: Combining Ease Of Use & Application Intelligence Cisco SDM is an intuitive, web-based tool for Easy and Reliable Deployment and Management of services on Cisco IOS routers Ease of Use: Smart Wizards, Built-in Tutorials Application Intelligence: Knowledgebase of TACapproved IOS configs Integrated Services Management: Routing, Switching, Security, QoS 2

New! SDMv2.0: Embedded Services Management Integrated management of router services: Routing, switching, security, QoS Web-based, easy-to-use management tool ships on all Cisco 1800, 2800 and 3800 series. Uses the Cisco TAC knowledgebase to troubleshoot VPN and WAN 3

SDMv2.0: Embedded Services Management (cont.) New Security Features Inline IPS with dynamic signature update and signature customization Easy VPN Server and AAA Role-based router access DMVPN: Spoke-to-spoke, redundant hubs Digital certificates for IPSec VPNs SSHv2 QoS Policy and NBAR VPN, WAN connection troubleshooting Real-time and graphical router and application traffic monitoring Major UI Improvements - Router services dashboard, taskbased navigation 4

Application Intelligence Two examples of configuration checking intelligence 5

SDM s Key Features and Benefits Ease of Use SDM Features Graphical User-Interface for routing, switching, security, QoS management on Cisco Routers Application Intelligence Built-in knowledge of interactions between different IOS features, industry best-practices and TAC recommended configurations. Real-Time Graphical Monitoring and Role-based Access Easy to comprehend charts of router and network resource usage. Read-Only user profile. WAN and VPN Troubleshooting L2 and above troubleshooting integrated with TAC knowledgebase of recovery actions Customer Benefits Reduce TCO of Cisco routers through enhanced productivity of Network and Security Administrators. Improve Network Uptime through reduced instances of configuration errors. Effective use of IT staff and remote branch admins with limited technical expertise. Service Providers can reduce OPEX by offering a graphical Read-Only view of the CPE services to end customers. Reduce Mean Time to Repair by leveraging integration of routing, LAN, WAN and Security features on the router for detailed troubleshooting. 6

SDM Usage Scenarios Cisco Router Initial Deployment Startup Wizard for quick LAN/WAN, basic router security setup Integration with IE2100/CNS for mass deployments IOS Security Management Integrated Routing and Security Configuration, Monitoring and Troubleshooting Graphical Firewall and ACL Policy View (traffic flows) IPSec VPNs (Configuration and Monitoring) with QoS NAT Policies Day-to-Day Router Operations (monitoring, troubleshooting) Performance Monitoring, Interface Status, Hardware & Software Inventory Security Audits, Firewall Logs, VPN Tunnel Monitoring 7

Comprehensive IOS Feature Support UI Features VPN Firewall Intrusion Prevention (IPS) Routing Interfaces WAN Startup Wizard, IOS Home Page, Performance Monitor, Syslog Viewer, Reset to Factory, Security Audit, 1-Step Router Lockdown Easy VPN Server, Easy VPN Remote, IPSec, GRE over IPSec, DMVPN (full mesh/hub-spoke), V3PN, Digital Certificates, VPN Monitor, and Troubleshooting CBAC, DMZ, FW Log, Policy Table IPS with dynamic signature update and signature customization OSPF, EIGRP, RIPv2, Static 10/100/1000 Ethernet, xdsl, Serial T1/E1, ISDN BRI, AM FR, PPPoE, PPP, HDLC, RFC 1483, Dial-Backup, ADSL auto-detect, QoS, NBAR, Troubleshooting Advanced Configuration NAT, ACL, VLAN, CLI Preview Mode, DHCP Server, Date/Time, NTP, DNS, SSHv2, Management Access Policy 8

SDMv2.0 Features and Benefits SDMv2.0 Features Easy VPN Server Wizard-based configuration and real-time monitoring of remote access VPN users. Integration with on-router or remote AAA server. Intrusion Prevention (IPS) Dynamic signature update, quick deployment of default signatures, Ability to customize signatures, Validation of router resources before signature deployment. Role-Based Access Factory-default Profiles: Admin, Read- Only, Firewall, Easy VPN Remote WAN and VPN Troubleshooting L2 and above troubleshooting integrated with TAC knowledgebase of recovery actions Customer Benefits Scalable, Easy to manage, secure remote access for teleworkers or small offices on Hub routers or branch office access routers. Network-based protection against worms, viruses, and OS/protocol exploits. Customize signatures for day-0 protection against new variants of worms/viruses. Secure, Logical separation of router between NetOps, SecOps, End-Users. MSSPs can offer a graphical Read-Only view of the CPE services to end customers. Leverage integration of routing, LAN, WAN and Security features on the router for detailed troubleshooting of IPSec VPNs or WAN links. 9

SDMv2.0 Features and Benefits QoS Policy 3 pre-defined categories: Real-time, Biz Critical, Best Effort NBAR Application traffic performance monitoring SSHv2 Task-based SDM UI Newly designed Home Page, Single starting point for key security tasks, Better navigation between related tasks Real-time Network and Router resource Monitoring Graphical charts for LAN/WAN traffic and bandwidth usage. Digital Certificates SDMv2.0 Features Automatically use SSHv2 for all encrypted communication between SDM and Router Customer Benefits Easily, and effectively optimize WAN/VPN bandwidth and application performance for different business needs (Voice/Video, Enterprise Apps, Web, etc.) Real-time, validation of application usage of WAN/VPN bandwidth against pre-defined service policies. Secure management between PC and Cisco router. Faster and easier configuration of security configurations IPSec VPNs, Firewall, ACLs, IPS, etc. Faster and easier analysis of router resource and network resource usage. Highly scalable and more secure solution than pre-share keys. Now easy to use and deploy with the combination of SDM, IOS CA, and EzSDD. 10

Cisco Routers and IOS Release Support 1841 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691 2801, 2811, 2821, 2851 3620, 3640, 3640A, 3661, 3662 3725, 3745 3825, 3845 SDM Supported Platforms 831, 836, 837 1701, 1711, 1712 1710, 1721, 1751, 1751-v, 1760, 1760-v Minimum Supported IOS Versions 12.2(13)ZH, 12.3.2XA, 12.3(2)T 12.2(15)ZL, 12.3.2XA 12.2(13)ZH, 12.2(13)T3 12.3(8)T4 12.2(11)T6, 12.3(1)M, 12.3(2)T 12.3(8)T4 12.2(11)T6, 12.3(1)M, 12.3(2)T 12.2(11)T6, 12.3(1)M, 12.3(2)T 12.3(11)T 7204VXR, 7206VXR, 7301 12.3(2)T, 12.3(3)M 11

Cisco SDM Availability and Ordering Cisco 1800, 2800, and 3800 Series Routers (all SKUs including bundles) All VPN bundles: 1700, 2600XM, 2691, 3700, 7204VXR, 7206VXR, 7301 831-SDM-k9, 836-SDM-k9, 837-SDM-k9 1700 to 3700 router SKUs (w/o automatic factory loaded SDM) SDM factory installed SDM factory installed SDM factory installed ROUTER-SDM Configurable Option ($0 list price) SDM can be downloaded from CCO for existing routers http://www.cisco.com/cgi-bin/tablebuild.pl/sdm 12

TECHNICAL OVERVIEW 13

Startup Wizard 14

Smart Wizards Startup Wizard Quickly deploy a factory fresh router LAN Configuration Configure the LAN interfaces and DHCP WAN Configuration Configure PPP, Frame Relay, HDLC WAN interfaces Firewall Two types of firewall wizard - simple inside/outside or more complex inside/outside/dmz with multiple interfaces. VPN Four types of wizards to create a secure Site-to-Site VPN, Easy VPN Server, Easy VPN Client and Dynamic Multipoint VPN Security Audit Perform a router security audit and provides easy instructions on how to lock down the insecure features found QoS QoS Policy wizard to prioritize real-time and business critical application traffic 15

Advanced Configuration Firewall/ACL Policy Policy-based view of firewall configurations; modify access or inspection rules Rules View summary of Access, NAT, IPSec, or other rules in router config with ability to create, edit, or delete same Routing Review, add, edit, and delete static/dynamic routes Intrusion Prevention Enable, disable IOS IPS policy on any interface. NAT View NAT rules and address pools and set translation timeouts. Designate interfaces as inside or outside Router Properties Overall attributes of the router (eg. router name, domain name, password, NTP, Date/Time, etc) Router Access Role-Based User Access, Management Access Policy, SSH AAA Local (on router) or remote server-based Authentication & Authorization 16

Monitor Mode Overview Real-time router resources and services status Interface Status LAN/WAN traffic, BW usage charts Firewall Status Log messages with the regarding connections denied by the firewall VPN Status Detailed statistics about the VPN connections QoS, NBAR Application Traffic monitoring and QoS Policy usage Logging Contains a log of events categorized by severity level, like a UNIX syslog service 17

Security Audit Automate NSA, ICSA Labs and Cisco TAC recommendations for securing Cisco Routers Customize Security Policy based on sitespecific needs 18

Firewall Policy View 19

IPSec VPN Wizards New! 2.0 20

Intrusion Prevention (IPS) New! 2.0 21

Quality of Service (QoS) Policy New! 2.0 Wizard-based QoS Policy Configuration built on Cisco recommended QoS Architecture 22

LAN/WAN Interface Monitoring New! 2.0 23

Cisco SDM Resources Latest SDM-related product information: www.cisco.com/go/sdm Cisco SDM Flash Demo, Live Demo on Cisco Routers, and VoDs: www.cisco.com/go/sdm Product Literature Presentations 24

25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information