1 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Cisco VPN Partner Technical Development Module 8 : SDM for Routers APAC Channels Technical Operations 222 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Topics • Security Device Manager Overview • User Interface Modes • Describe how easy it is to: – Configure a Frame Relay interface – Create a firewall on the router – Create a site-to-site VPN with a pre-shared key • Conduct a Security Audit and lock down the router 333 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Security Device Manager • Easy to use Web-based configuration tool that allows you to configure LAN and WAN interfaces, routing, NAT, firewalls, VPNs, and other features on your router. Dual Configuration Mode: Advanced Mode (expert) and Wizard (guided for the novice) Monitor Mode provides status of interfaces and VPN tunnels On line Help System (How to) Assumes Network Engineer/Admin is CCNA equivalent knowledge Non-CLI Jockeys • Resides in Flash on router 444 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Router Platforms Supported in SDM Phase 1 2691 2651XM 2650XM 2621XM1760 36602620XM1751837 374536402611XM1721836 372536202610XM1710831 3700360026001700800 SDM will be included in Security Bundles on each of these platforms SDM will be included on all of these platforms 555 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Feature Details • Security Configuration ACL editor (standard and extended) NAT, PAT Firewall Guide and Feature Mode Configuration: CBAC, DMZ VPN Guide and Feature Mode Configuration • Site to site • Easy VPN Phase II (remote only) • GRE Tunneling • Interface Configuration Ethernet T1/E1 (Serial only) DSL basic (PPPoE) • System Configuration DHCP (server, client, relay) Telnet setup Passwords • Enable Routing: Static, RIP, OSPF, EIGRP • Help Online Help “How to?” Help Tool tips • Security Audit Defines “at risk” problems found Suggestions on how to lock down • “One Click” Router lockdown • Monitoring, logging 666 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Accessing SDM • Supported Browsers Netscape version 4.79 Internet Explorer version 6.0 • You run it from a PC running Microsoft Windows 2000 Windows NT 4.0 (with Service Pack 4) Windows 98 Windows ME Windows XP • Connect PC to the router’s Ethernet 0 or Fast Ethernet 0 LAN Ethernet port using cross-over cable. • Defaulted URL to access SDM: https://10.10.10.1/archive/sdm/sdm/goSDM.shtml 7 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Preview of User Interface 888 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview SDM Modes Mode Options • Wizard Mode Novice “Guide” mode • Advanced Mode User can perform tasks in any order and can view existing configuration • Monitor Mode -Router Status - Interface Status - Firewall Status -VPN Status - Logging Status Left Panel displays mode options “Overview” (first) page displayed 999 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview SDM Wizard Options • Overview View IOS version, hardware installed and configuration summary • LAN Configuration Configure the LAN interfaces and DHCP • WAN Configuration Configure PPP, Frame Relay, HDLC WAN interfaces • Firewall Two types of firewall wizard simple inside/outside or more complex inside/outside/DMZ with multiple interfaces. • VPN Three types of wizards to create a secure site-to-site VPN, Easy VPN and GRE tunnel with IPSec • Security Audit Perform a router security audit and provides easy instructions on how to lock down the insecure features found • Reset Restore to factory default settings. 101010 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview WAN Wizard 1 Each mode provides a use Case Scenario diagram based on the option selected Point and click options • Builds IOS commands for you Not sure what to do? • click “How do I” • Help Click Create a New Connection to start [...]... Once delivery completes, the new VPN connection displays SDM Overview © 2003, Cisco Systems, Inc All rights reserved 6 27 Advanced Mode Viewing or Changing VPN Settings • Use VPN mode to view, add, or edit VPN rules, policies, and global settings • Interfaces and Connections provides a status and summary SDM Overview © 2003, Cisco Systems, Inc All rights reserved 28 Wizard Mode Security Audit Examine... SDM Overview © 2003, Cisco Systems, Inc All rights reserved 22 VPN Wizard • Select one of the three VPN wizards • Use Case Scenario displays for selected wizard 1 • Click Launch the selected task to begin configuration SDM Overview © 2003, Cisco Systems, Inc All rights reserved 23 VPN Wizard for Site-to-Site with Pre-Shared Key Two Wizard choices • Quick Setup Used between two Cisco routers using SDM. .. DMZ SDM Overview © 2003, Cisco Systems, Inc All rights reserved 19 Firewall Configuration Using Wizard Mode 2 or 3 basic steps you specify: • Inside (trusted) • Outside (untrusted) • DMZ interface (optional) • VPN pass-through 1 2 SDM Overview © 2003, Cisco Systems, Inc All rights reserved 20 Firewall Configuration Using Wizard Mode • SDM creates the appropriate inspection rules 3 • Click Finish SDM. .. choices • Quick Setup Used between two Cisco routers using SDM Uses SDM generated defaults (you can change) 2 • Step by Step Wizard More configuration flexibility SDM Overview © 2003, Cisco Systems, Inc All rights reserved 24 Quick Setup VPN Connection Configuration • Select the existing interface for this VPN connection • Identify the remote VPN peer • Both sides must agree on the Pre-shared key • Select... Router • Click OK • Done SDM Overview © 2003, Cisco Systems, Inc All rights reserved 16 Edit Existing WAN Connection • New WAN connection displays • You can edit or delete it SDM Overview © 2003, Cisco Systems, Inc All rights reserved 17 Advanced Mode – Interface Status • SDM automatically enables the new interface SDM Overview © 2003, Cisco Systems, Inc All rights reserved 18 Firewall Wizard Two Types... values SDM Overview 3 © 2003, Cisco Systems, Inc All rights reserved 25 Quick Setup Summary of Configuration • Verify the configuration summary • IKE Policy and Transform set are using SDM defaults • IPSec Rule is generated from the Source and Destination fields from the previous screen • Click Finish to deliver to the router SDM Overview 4 © 2003, Cisco Systems, Inc All rights reserved 26 VPN Wizard... Wizard Mode Security Audit Examine the router and interfaces for a security hole 1 2 SDM provides a check list of security faults found SDM Overview © 2003, Cisco Systems, Inc All rights reserved 29 Security Audit • Enable (Fix it) the fault you want SDM to secure • Other screens may appear prompting for configuration 3 4 SDM Overview © 2003, Cisco Systems, Inc All rights reserved 30 Security Audit • Review... of attempts denied by the firewall • VPN Status Displays statistics about the VPN connections active on the router • Logging Contains a log of events categorized by severity level, like a UNIX syslog service SDM Overview © 2003, Cisco Systems, Inc All rights reserved 34 Deliver • Use Deliver to save the commands to the router flash ondemand • Save to file creates a SDM- CLI-DDMON-YY.txt file to a user... Next on each page to proceed SDM Overview © 2003, Cisco Systems, Inc All rights reserved 3 11 WAN Wizard Frame Relay Example • Select the Encapsulation 4 5 • Enter IP address • Enter Subnet mask or select /X SDM Overview © 2003, Cisco Systems, Inc All rights reserved 12 WAN Wizard 6 • Select the LMI • Enter the DLCI • Select IETF FR Encapsulation button for non-Cisco routers SDM Overview © 2003, Cisco... configuration delivery to Flash 5 SDM Overview © 2003, Cisco Systems, Inc All rights reserved 31 Advanced Mode • Advanced Mode allows the user to jump to the desired configuration (versus guided) • A selection of “areas of interest” display on the left side • System Properties is selected in this example SDM Overview © 2003, Cisco Systems, Inc All rights reserved 32 Advanced Mode, VPN – IKE - Edit Example: . rights reserved. SDM Overview Router Platforms Supported in SDM Phase 1 2691 2651XM 2650XM 2621XM1760 36602620XM175 183 7 374536402611XM172 183 6 372536202610XM171 083 1 370036002600170 080 0 SDM will be. SDM: https://10.10.10.1/archive /sdm/ sdm/goSDM.shtml 7 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Preview of User Interface 88 8 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview SDM Modes Mode. rights reserved. SDM Overview Cisco VPN Partner Technical Development Module 8 : SDM for Routers APAC Channels Technical Operations 222 © 2003, Cisco Systems, Inc. All rights reserved. SDM Overview Topics •