Cisco Router and Security Device Manager (SDM)

(1)

Session Number

(2)

222

Presentation_ID

Cisco SDM: Combining

Ease Of Use

&

Application Intelligence

• Ease of Use:

Smart

Wizards, Built-in Tutorials

• Application Intelligence:

Knowledgebase of

TAC-approved IOS configs

• Integrated Services

Management:

Routing,

Switching, Security, QoS

(3)

Integrated management of

router services:

Routing,

switching, security, QoS

Web-based, easy-to-use

management tool ships

on all

Cisco 1800, 2800

and 3800 series

.

Uses the Cisco TAC knowledgebase to troubleshoot VPN and WAN

New!

(4)

444

Presentation_ID

SDMv2.0: Embedded Services

Management (cont.)

• New Security Features

–Inline

IPS with dynamic signature update and signature

customization

–Easy VPN Server and AAA

–Role-based router access

–DMVPN: Spoke-to-spoke, redundant hubs

–Digital certificates for IPSec VPNs

– SSHv2

• QoS Policy and NBAR

• VPN, WAN connection troubleshooting

• Real-time and graphical router and application traffic

monitoring

(5)

(6)

666

Presentation_ID

SDM’s Key Features and Benefits

Reduce Mean Time to Repair by leveraging integration of routing, LAN, WAN and

Security features on the router for detailed troubleshooting.

WAN and VPN Troubleshooting

L2 and above troubleshooting integrated with TAC knowledgebase of recovery actions

Effective use of IT staff and remote branch admins with limited technical expertise. Service Providers can reduce OPEX by offering a graphical Read-Only view of the CPE services to end customers.

Real-Time Graphical Monitoring and Role-based Access

Easy to comprehend charts of router and network resource usage. Read-Only user profile.

Improve Network Uptime through reduced instances of configuration errors.

Application Intelligence

Built-in knowledge of interactions between different IOS features, industry best-practices and TAC recommended configurations.

Reduce TCO of Cisco routers through enhanced productivity of Network and Security Administrators.

Ease of Use

Graphical User-Interface for routing,

switching, security, QoS management on Cisco Routers

(7)

SDM Usage Scenarios

• Cisco Router Initial Deployment

–Startup Wizard for quick LAN/WAN, basic router security setup

–Integration with IE2100/CNS for mass deployments

• IOS Security Management

–Integrated Routing and Security Configuration, Monitoring and

Troubleshooting

–Graphical Firewall and ACL Policy View (traffic flows)

–IPSec VPNs (Configuration and Monitoring) with QoS

–NAT Policies

• Day-to-Day Router Operations

(monitoring, troubleshooting)

–Performance Monitoring, Interface Status, Hardware & Software

Inventory

(8)

888

Presentation_ID

Comprehensive IOS Feature Support

CBAC, DMZ, FW Log, Policy Table

Firewall

NAT, ACL, VLAN, CLI Preview Mode, DHCP Server,

Date/Time, NTP, DNS, SSHv2, Management Access Policy

Advanced

Configuration

FR, PPPoE, PPP, HDLC, RFC 1483, Dial-Backup, ADSL auto-detect, QoS, NBAR, Troubleshooting

WAN

10/100/1000 Ethernet, xDSL, Serial T1/E1, ISDN BRI, AM

Interfaces

OSPF, EIGRP, RIPv2, Static

Routing

IPS with dynamic signature update and signature customization

Intrusion

Prevention (IPS)

Easy VPN Server, Easy VPN Remote, IPSec, GRE over IPSec, DMVPN (full mesh/hub-spoke), V3PN, Digital Certificates, VPN Monitor, and Troubleshooting

VPN

Startup Wizard, IOS Home Page, Performance Monitor, Syslog Viewer, Reset to Factory, Security Audit, 1-Step Router Lockdown

(9)

SDMv2.0 Features and Benefits

Leverage integration of routing, LAN, WAN and Security features on the router for detailed

troubleshooting of IPSec VPNs or WAN links.

WAN and VPN Troubleshooting

L2 and above troubleshooting integrated with TAC knowledgebase of recovery actions

Secure, Logical separation of router between NetOps, SecOps, End-Users.

MSSPs can offer a graphical Read-Only view of the CPE services to end customers.

Role-Based Access

Factory-default Profiles: Admin, Read-Only, Firewall, Easy VPN Remote

Network-based protection against worms, viruses, and OS/protocol exploits.

Customize signatures for day-0 protection against new variants of worms/viruses.

Intrusion Prevention (IPS)

Dynamic signature update, quick

deployment of default signatures, Ability to customize signatures, Validation of router resources before signature deployment.

Scalable, Easy to manage, secure remote

access for teleworkers or small offices on Hub routers or branch office access routers.

Easy VPN Server

Wizard-based configuration and real-time monitoring of remote access VPN users. Integration with on-router or remote AAA server.

(10)

10 10 10

Presentation_ID

SDMv2.0 Features and Benefits

Faster and easier analysis of router resource and network resource usage.

Real-time Network and Router resource Monitoring

Graphical charts for LAN/WAN traffic and bandwidth usage.

Faster and easier configuration of security

configurations – IPSec VPNs, Firewall, ACLs, IPS, etc.

Task-based SDM UI

Newly designed Home Page, Single starting point for key security tasks, Better

navigation between related tasks

Easily, and effectively optimize WAN/VPN bandwidth and application performance for

different business needs (Voice/Video, Enterprise Apps, Web, etc.)

QoS Policy

3 pre-defined categories: Real-time, Biz Critical, Best Effort

Highly scalable and more secure solution than pre-share keys. Now easy to use and deploy with the combination of SDM, IOS CA, and EzSDD.

Digital Certificates

Real-time, validation of application usage of

WAN/VPN bandwidth against pre-defined service policies.

NBAR

Application traffic performance monitoring

Secure management between PC and Cisco router.

SSHv2

Automatically use SSHv2 for all encrypted communication between SDM and Router

(11)

Cisco Routers and IOS Release Support

12.3(11)T 3825, 3845 12.2(11)T6 , 12.3(1)M, 12.3(2)T 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691 12.3(8)T4 2801, 2811, 2821, 2851 12.3(2)T, 12.3(3)M 7204VXR, 7206VXR, 7301 12.2(11)T6, 12.3(1)M, 12.3(2)T 3620, 3640, 3640A, 3661, 3662 12.2(11)T6, 12.3(1)M, 12.3(2)T 3725, 3745 12.3(8)T4 1841 12.2(15)ZL, 12.3.2XA 12.2(13)ZH, 12.2(13)T3 1701, 1711, 1712 1710, 1721, 1751, 1751-v, 1760, 1760-v 12.2(13)ZH, 12.3.2XA, 12.3(2)T 831, 836, 837

Minimum Supported IOS

Versions

(12)

12 12 12

Presentation_ID

Cisco SDM Availability and Ordering

ROUTER-SDM

Configurable Option

($0 list price)

1700 to 3700 router SKUs

(w/o automatic factory loaded SDM)

SDM factory installed

831-SDM-k9, 836-SDM-k9, 837-SDM-k9

SDM factory installed

All VPN bundles:

1700, 2600XM, 2691, 3700, 7204VXR,

7206VXR, 7301

SDM factory installed

Cisco 1800, 2800, and 3800 Series

Routers (all SKUs including bundles)

(13)

(14)

14 14 14

Presentation_ID

(15)

Smart Wizards

• Startup Wizard

Quickly deploy a factory fresh router

• LAN Configuration

Configure the LAN interfaces and DHCP

• WAN Configuration

Configure PPP, Frame Relay, HDLC WAN interfaces

• Firewall

Two types of firewall wizard - simple inside/outside or

more complex inside/outside/DMZ with multiple interfaces.

• VPN

Four types of wizards to create a secure Site-to-Site VPN,

Easy VPN Server, Easy VPN Client and Dynamic Multipoint VPN

• Security Audit

Perform a router security audit and provides easy instructions on how to lock down the insecure features found

• QoS

(16)

16 16 16

Presentation_ID

Advanced Configuration

• Firewall/ACL Policy

Policy-based view of firewall configurations; modify access or inspection rules

• Rules

View summary of Access, NAT, IPSec, or other rules in router config with ability to create, edit, or delete same

• Routing

Review, add, edit, and delete static/dynamic routes

• Intrusion Prevention

Enable, disable IOS IPS policy on any interface.

• NAT

View NAT rules and address pools and set translation timeouts. Designate interfaces as inside or outside

• Router Properties

Overall attributes of the router (eg. router name, domain name, password, NTP, Date/Time, etc)

• Router Access

Role-Based User Access, Management Access Policy, SSH

• AAA

(17)

Monitor Mode

• Overview

Real-time router resources and services status

• Interface Status

LAN/WAN traffic, BW usage charts

• Firewall Status

Log messages with the regarding connections denied by the firewall

• VPN Status

Detailed statistics about the VPN connections

• QoS, NBAR

Application Traffic monitoring and QoS Policy usage

• Logging

Contains a log of

(18)

18 18 18

Presentation_ID

Security Audit

• Automate NSA, ICSA

Labs and Cisco TAC

recommendations for

securing Cisco Routers

(19)

(20)

20 20 20

Presentation_ID

IPSec VPN Wizards

(21)

Intrusion Prevention (IPS)

(22)

22 22 22

Presentation_ID

Quality of Service (QoS) Policy

(23)

LAN/WAN Interface Monitoring

(24)

24 24 24

Presentation_ID

Cisco SDM Resources

• Latest SDM-related product information:

www.cisco.com/go/sdm

• Cisco SDM Flash Demo, Live Demo on Cisco

Routers, and VoDs:

(25)