Sign In
Upload
Manuals
Brands
Cisco Manuals
Software
SDM 2.2
Cisco SDM 2.2 Manuals
Manuals and User Guides for Cisco SDM 2.2. We have
1
Cisco SDM 2.2 manual available for free PDF download: User Manual
Cisco SDM 2.2 User Manual (688 pages)
Cisco Router and Security Device Manager User's Guide
Brand:
Cisco
| Category:
Software
| Size: 5.67 MB
Table of Contents
Table of Contents
3
Home
25
LAN Wizard
31
Ethernet Configuration
32
LAN Wizard: Select an Interface
33
LAN Wizard: IP Address and Subnet Mask
33
LAN Wizard: Enable DHCP Server
34
LAN Wizard: DHCP Address Pool
34
DHCP Options
35
LAN Wizard: VLAN Mode
36
LAN Wizard: Switch Port
36
IRB Bridge
37
BVI Configuration
37
DHCP Pool for BVI
38
IRB for Ethernet
39
Layer 3 Ethernet Configuration
39
Trunking or Routing Configuration
39
Configure Switch Device Module
40
Summary
40
How Do I
40
How Do I View Activity on My LAN Interface
41
How Do I Enable or Disable an Interface
42
How Do I View the IOS Commands I am Sending to the Router
42
How Do I Launch the Wireless Application from SDM
43
Create Connection Wizards
45
How Do I View the IOS Commands I am Sending to the Router
46
How Do I Configure an Unsupported WAN Interface
46
How Do I Enable or Disable an Interface
46
How Do I View Activity on My WAN Interface
46
How Do I Configure NAT on a WAN Interface
46
How Do I Configure a Dynamic Routing Protocol
46
WAN Wizard Interface Welcome Window
46
ISDN Wizard Welcome Window
47
Analog Modem Welcome Window
47
Aux Backup Welcome Window
47
Select Interface
48
Encapsulation: Pppoe
48
IP Address: ATM or Ethernet with Pppoe/Pppoa
48
IP Address: ATM with RFC 1483 Routing
49
IP Address: Ethernet Without Pppoe
50
IP Address: Serial with Point-To-Point Protocol
50
IP Address: Serial with HDLC or Frame Relay
51
IP Address: ISDN BRI or Analog Modem
52
Authentication
53
Switch Type and Spids
53
Dial String
55
Backup Configuration
55
Backup Configuration: Hostname or IP Address to be Tracked
56
Backup Configuration: Primary Interface & Next Hop IP Addresses
56
Advanced Options
57
Interface
57
Encapsulation
57
Configure LMI and DLCI
60
Configure Clock Settings
61
Delete Connection
63
Association
64
Summary
65
How Do I Enable or Disable an Interface
70
How Do I View the IOS Commands I am Sending to the Router
70
How Do I Configure NAT on an Unsupported Interface
72
Edit Switch Port
88
General
89
Select Ethernet Configuration Type
92
Connection: VLAN
92
Connection: Subinterfaces
93
Add or Edit BVI Interface
94
Add Loopback Interface/Connection—Loopback
94
Connection: Ethernet LAN
95
Connection: Ethernet WAN
96
Ethernet Properties
97
Connection: Ethernet with no Encapsulation
98
Connection: ADSL
99
Connection: ADSL over ISDN
102
Connection: G.SHDSL
104
Configure DSL Controller
108
Connection: G.SHDSL with DSL Controller
109
Connection: Serial Interface, Frame Relay Encapsulation
112
Connection: Serial Interface, PPP Encapsulation
115
Connection: Serial Interface, HDLC Encapsulation
117
Add or Edit GRE Tunnel
118
Connection: ISDN BRI
120
Connection: Analog Modem
123
Connection: (aux Backup)
125
Authentication
126
SPID Details
128
Dialer Options
129
Backup Configuration
131
Create Firewall
133
Basic Firewall Configuration Wizard
136
Basic Firewall Interface Configuration
136
Firewall Remote Management Access
136
Advanced Firewall Configuration Wizard
137
Advanced Firewall Interface Configuration
137
Advanced Firewall DMZ Service Configuration
138
Advanced Firewall Inspection Rule Configuration
139
Application Security Configuration
141
Domain Name Server Configuration
142
Summary
142
How Do I View Activity on My Firewall
144
How Do I Configure a Firewall on an Unsupported Interface
145
How Do I Configure a Firewall after I Have Configured a VPN
146
How Do I Permit Specific Traffic through a DMZ Interface
147
How Do I Configure NAT on an Unsupported Interface
148
How Do I Modify an Existing Firewall to Permit Traffic from a New Network or Host
148
How Do I Configure NAT Passthrough for a Firewall
149
How Do I Permit Traffic through a Firewall to My Easy VPN Concentrator
149
How Do I Associate a Rule with an Interface
151
How Do I Disassociate an Access Rule from an Interface
151
How Do I Delete a Rule that Is Associated with an Interface
152
How Do I Create an Access Rule for a Java List
152
Network
153
Firewall Policy
153
Edit Firewall Policy/Acl
154
Firewall Policy
155
Add App-Name Application Entry
165
Add Rpc Application Entry
165
Add Fragment Application Entry
166
Add or Edit Http Application Entry
167
Java Applet Blocking
168
SDM Warning: Inspection Rule
169
SDM Warning: Firewall
170
Application Security
171
Application Security Windows
171
No Application Security Policy
173
E-Mail
174
Http
174
Header Options
177
Content Options
177
Instant Messaging
179
Point-To-Point Applications
179
Applications/Protocols
180
Global Timeouts and Thresholds
181
Associate Policy with an Interface
183
Edit Inspection Rule
184
Permit, Block, and Alarm Controls
185
Site-To-Site VPN
187
Create Site to Site VPN
187
Site-To-Site VPN Wizard
190
View Defaults
191
VPN Connection Information
192
IKE Proposals
194
Transform Set
197
Traffic to Protect
199
Summary of the Configuration
200
Spoke Configuration
201
Secure GRE Tunnel (GRE-Over-Ipsec)
202
GRE Tunnel Information
202
VPN Authentication Information
203
Backup GRE Tunnel Information
205
Routing Information
206
Static Routing Information
207
Select Routing Protocol
208
Summary of Configuration
209
Edit Site-To-Site VPN
209
Add New Connection
212
Add Additional Crypto Maps
213
Crypto Map Wizard: Welcome
214
Crypto Map Wizard: General
214
Crypto Map Wizard: Peers
216
Crypto Map Wizard: Transform Set
216
Crypto Map Wizard: Traffic to Protect
217
Crypto Map Wizard: Summary of the Configuration
218
Ping
219
Delete Connection
219
Generate Mirror
220
SDM Warning: NAT Rules with ACL
221
How Do I Create a VPN to more than One Site?
222
After Configuring a VPN, How Do I Configure the VPN on the Peer Router
224
How Do I Edit an Existing VPN Tunnel
225
How Do I Confirm that My VPN Is Working
226
How Do I Accommodate Multiple Devices with Different Levels of VPN Support
227
How Do I Configure a Backup Peer for My VPN
227
How Do I Configure a VPN on an Unsupported Interface
228
How Do I Configure a VPN after I Have Configured a Firewall
229
How Do I Configure NAT Passthrough for a VPN
229
Easy VPN Remote
231
Create Easy VPN Remote
231
Configure an Easy VPN Remote Client
231
Connection Settings
232
Interfaces
233
Authentication
233
Edit Easy VPN Remote
236
Summary of Configuration
236
Edit Easy Vpn Remote
237
Add or Edit Easy VPN Remote
243
Add or Edit Easy VPN Remote: Easy VPN Settings
245
Add or Edit Easy VPN Remote: Authentication Information
248
Enter SSH Credentials
249
Xauth Login Window
250
Add or Edit Easy VPN Remote: General Settings
250
Network Extension Options
251
Add or Edit Easy VPN Remote: Authentication Information
252
Add or Edit Easy VPN Remote: Interfaces and Connections
254
How Do I Edit an Existing Easy VPN Connection
256
How Do I Configure a Backup for an Easy VPN Connection
256
Easy VPN Server
259
Create an Easy VPN Server
259
Welcome to the Easy VPN Server Wizard
260
Interface and Authentication
260
Group Authorization: Group Policy Lookup
261
User Authentication (Xauth)
262
Add RADIUS Server
263
User Accounts for Xauth
263
Group Authorization: User Group Policies
264
General Group Information
265
DNS and WINS Configuration
266
Split Tunneling
267
Client Settings
269
Add or Edit Browser Proxy Settings
271
Choose Browser Proxy Settings
271
User Authentication (Xauth)
273
Client Update
274
Add or Edit Client Update Entry
275
Summary
275
Browser Proxy Settings
276
Add or Edit Easy VPN Server
277
Add or Edit Easy VPN Server Connection
279
Restrict Access
280
Group Policies Configuration
280
Local Pools
280
Local Pools
283
Add or Edit IP Local Pool
284
Add IP Address Range
284
Dmvpn
285
Dynamic Multipoint VPN
285
Dynamic Multipoint VPN (DMVPN) Hub Wizard
286
Configure Pre-Shared Key
287
Hub GRE Tunnel Interface Configuration
288
Advanced Configuration for the Tunnel Interface
289
Primary Hub
290
Routing Information
291
Select Routing Protocol
291
Dynamic Multipoint VPN (DMVPN) Spoke Wizard
293
DMVPN Network Topology
293
Specify Hub Information
294
Spoke GRE Tunnel Interface Configuration
294
SDM Warning: DMVPN Dependency
295
Edit Dynamic Multipoint VPN (DMVPN)
296
General Panel
298
NHRP Panel
299
NHRP Map Configuration
300
Routing Panel
301
How Do I Configure a DMVPN Manually
303
VPN Global Settings
305
VPN Global Settings: IKE
307
VPN Global Settings: Ipsec
308
VPN Key Encryption Settings
309
IP Security
311
Ipsec Policies
311
Add or Edit Ipsec Policy
313
Add or Edit Crypto Map: General Panel
315
Add or Edit Crypto Map: Peer Information Panel
316
Add or Edit Crypto Map: Transform Sets Panel
316
Add or Edit Crypto Map: Ipsec Rules Panel
318
Dynamic Crypto Map Sets
319
Add or Edit Dynamic Crypto Map Set
319
Associate Crypto Map with this Ipsec Policy
320
Ipsec Profiles
320
Add or Edit Ipsec Profile and Add Dynamic Crypto Map
321
Transform Set
321
Add or Edit Transform Set
324
Ipsec Rules
327
Internet Key Exchange (IKE)
329
IKE Policies
329
Ike Policies
330
Add or Edit IKE Policy
332
IKE Pre-Shared Keys
334
Add or Edit Pre Shared Key
335
VPN Troubleshooting
337
VPN Troubleshooting: Specify Easy VPN Client
339
VPN Troubleshooting: Generate Traffic
340
VPN Troubleshooting: Generate GRE Traffic
341
SDM Warning: SDM will Enable Router Debugs
342
Security Audit
343
Welcome
344
Interface Selection
346
Report Card
347
Disable Finger Service
348
Disable PAD Service
349
Disable TCP Small Servers Service
349
Disable UDP Small Servers Service
350
Disable IP BOOTP Server Service
350
Disable IP Identification Service
351
Disable CDP
351
Disable IP Source Route
352
Enable Password Encryption Service
352
Enable TCP Keepalives for Inbound Telnet Sessions
353
Enable TCP Keepalives for Outbound Telnet Sessions
353
Enable Sequence Numbers and Time Stamps on Debugs
353
Enable IP CEF
354
Disable IP Gratuitous Arps
354
Set Minimum Password Length to Less than 6 Characters
354
Set Authentication Failure Rate to Less than 3 Retries
355
Set TCP Synwait Time
355
Set Banner
356
Enable Logging
356
Set Enable Secret Password
357
Disable SNMP
357
Set Scheduler Interval
358
Set Scheduler Allocate
358
Set Users
359
Enable Telnet Settings
359
Enable Netflow Switching
359
Disable IP Redirects
360
Disable IP Proxy ARP
360
Disable IP Directed Broadcast
361
Disable MOP Service
362
Disable IP Unreachables
362
Disable IP Mask Reply
362
Disable IP Unreachables on NULL Interface
363
Enable Unicast RPF on Outside Interfaces
364
Enable Firewall on All of the Outside Interfaces
364
Set Access Class on HTTP Server Service
365
Set Access Class on VTY Lines
365
Enable SSH for Access to the Router
366
Enable AAA
366
Configuration Summary Screen
367
SDM and Cisco IOS Autosecure
367
Security Configurations SDM Can Undo
369
Undoing Security Audit Fixes
370
Add or Edit Telnet/Ssh Account Screen
370
Configure User Accounts for Telnet/Ssh
371
Enable Secret and Banner
372
Logging
373
Routing
375
Add or Edit IP Static Route
377
Add or Edit an RIP Route
379
Add or Edit an OSPF Route
379
Add or Edit EIGRP Route
381
Network Address Translation
383
Network Address Translation Wizards
383
Basic NAT Wizard: Welcome
384
Basic NAT Wizard: Connection
384
Advanced NAT Wizard: Welcome
385
Summary
385
Advanced NAT Wizard: Connection
386
Add IP Address
386
Advanced NAT Wizard: Networks
386
Add Network
387
Advanced NAT Wizard: Server Public IP Addresses
387
Add or Edit Address Translation Rule
388
Advanced NAT Wizard: VPN Conflict
390
Details
390
Network Address Translation Rules
390
Designate NAT Interfaces
390
Edit Route Map
393
Translation Timeout Settings
393
Designate Nat Interfaces
394
Translation Timeout Settings
394
Edit Route Map Entry
396
Address Pools
397
Add or Edit Address Pool
398
Add or Edit Static Address Translation Rule: Inside to Outside
399
Add or Edit Static Address Translation Rule: Outside to Inside
402
Add or Edit Dynamic Address Translation Rule: Inside to Outside
405
Add or Edit Dynamic Address Translation Rule: Outside to Inside
408
How Do I Configure NAT with One LAN and Multiple Wans
410
Intrusion Prevention System
413
IPS Rules
413
Create IPS Rule
414
Welcome to the IPS Rule Configuration Wizard
415
Select Interfaces
415
SDF Location
415
IPS Rule Wizard Summary
416
IPS Rules Configuration
416
Enable or Edit IPS on an Interface
417
Enable or Edit Ips on an Interface
419
Import Signatures
420
File Selection
421
Welcome to the IPS Signature Import Wizard
422
Signature Definition File (SDF) and Signature Selection
422
Signature Filter
422
Signature Edit
423
Signature Import Wizard Summary
423
Signatures
423
Assign Actions
427
Import Signatures
427
Assign Actions
428
Add, Edit, or Clone Signature
430
Add or Edit a Signature Location
431
Cisco Intrusion Prevention Alert Center
432
IPS-Supplied Signature Definition Files
432
Global Settings
433
Edit Global Settings
435
SDEE Messages
436
SDEE Message Text
436
Sdee Message Text
437
Network Module Management
439
IDS Network Module Management
439
IDS Sensor Interface IP Address
441
IP Address Determination
442
IDS NM Configuration Checklist
443
IDS NM Interface Monitoring Configuration
445
Network Module Login
445
Feature Unavailable
445
Switch Module Interface Selection
446
Quality of Service
447
Create Qos Policy
447
Qos Wizard
447
Qos Policy Generation
448
Interface Selection
448
View Qos Class Details
449
View Qos Class Details
450
Edit Qos Policy
451
Summary of the Configuration
451
Edit Qos Class
452
Edit Qos Class
453
Add a Protocol
455
Interface Association
456
Qos Status
456
Network Admission Control
459
Create NAC Tab
459
Other Tasks in a NAC Implementation
460
RADIUS Server
461
Welcome
461
Select the Interface(S)
463
NAC Exception List
463
Configure Exception List Entry Dialog
464
Add Exception Policy
465
Policy List
465
Agentless Host Policy
466
NAC Router Management Access
467
Open Interface ACL
467
Details Window
468
Summary of the Configuration
468
Edit NAC Tab
469
Eapoudp Components
469
Exception List Window
470
Exception Policies Window
470
Eapoudp Timeouts
471
Configure a NAC Policy
472
How Do I Configure a NAC Policy Server
473
How Do Install and Configure a Posture Agent on a Host
473
Router Properties
475
Device Properties
475
Date and Time: Clock Properties
476
Date and Time Properties
477
Add or Edit NTP Server Details
479
Sntp
481
Add an NTP Server
481
Syslog
482
Snmp
482
Router Access
484
User Accounts: Configure User Accounts for Router Access
484
Add or Edit a Username
485
View Password
486
Vtys
487
Edit VTY Lines
488
Configure Management Access Policies
489
Add or Edit a Management Policy
491
Management Access Error Messages
492
SDM Warning: any Not Allowed
492
SDM Warning: Current Host Not Allowed
493
SDM Warning: SDM Not Allowed
493
SDM Warning: Unsupported Access Control Entry
493
DHCP Configuration
495
DHCP Pools
495
Add or Edit DHCP Pool
496
DHCP Bindings
497
Add or Edit DHCP Binding
498
DNS Properties
500
Dynamic DNS Methods
500
Add or Edit Dynamic DNS Method
501
ACL Editor
503
Useful Procedures for Access Rules and Firewalls
504
Rules Windows
505
Associate with an Interface
511
Add a Standard Rule Entry
513
Add an Extended Rule Entry
515
Select a Rule
518
Port-To-Application Mapping
521
Port-To-Application Mappings
521
Add or Edit Port Map Entry
523
Authentication, Authorization, and Accounting
525
AAA Main Window
525
AAA Servers and Groups
526
AAA Servers Window
527
Add or Edit a TACACS+ Server
528
Add or Edit a RADIUS Server
529
Edit Global Settings
529
AAA Server Groups Window
530
Authentication and Authorization Policies
531
Authentication and Authorization Windows
531
Authentication NAC
532
Add or Edit a Method List for Authentication or Authorization
533
Router Provisioning
535
Router Provisioning from USB
535
Public Key Infrastructure
537
Certificate Wizards
537
Welcome to the SCEP Wizard
539
Certificate Authority (CA) Information
539
Certificate Subject Name Attributes
541
Advanced Options
541
Other Subject Attributes
542
RSA Keys
543
Summary
544
Enrollment Status
545
Cut and Paste Wizard Welcome
545
Enrollment Task
545
Enrollment Request
545
Continue with Unfinished Enrollment
546
Import CA Certificate
547
Import Router Certificate(S)
547
Digital Certificates
548
Trustpoint Information
550
Certificate Details
550
Revocation Check
551
Revocation Check, CRL Only
551
RSA Keys Window
552
Generate RSA Key Pair
553
USB Tokens
554
Add or Edit USB Token
555
SDP Troubleshooting Tips
557
Open Firewall
558
Open Firewall Details
559
Resetting to Factory Defaults
561
This Feature Not Supported
564
More about
565
IP Addresses and Subnet Masks
565
Host and Network Fields
567
Available Interface Configurations
568
DHCP Address Pools
569
Meanings of the Permit and Deny Keywords
570
Services and Ports
570
More about NAT
577
Static Address Translation Scenarios
577
Dynamic Address Translation Scenarios
580
Reasons that SDM Cannot Edit a NAT Rule
581
More about VPN
582
Cisco.com Resources
582
More about VPN Connections and Ipsec Policies
583
More about IKE
585
More about IKE Policies
586
Allowable Transform Combinations
587
Reasons Why a Serial Interface or Subinterface Configuration May be Read-Only
588
Reasons Why an ATM Interface or Subinterface Configuration May be Read-Only
589
Reasons Why an Ethernet Interface Configuration May be Read-Only
590
Reasons Why an ISDN BRI Interface Configuration May be Read-Only
591
Reasons Why an Analog Modem Interface Configuration May be Read-Only
592
Firewall Policy Use Case Scenario
593
DMVPN Configuration Recommendations
596
SDM White Papers
598
Getting Started
599
What's New in this Release
600
Cisco IOS Versions Supported
600
Viewing Router Information
601
Overview
602
Interface Status
602
VPN Status
602
Firewall Status
602
Interface Status
606
Vpn Status
608
Firewall Status
613
Application Security Log
614
NAC Status
615
Logging
617
File Menu Commands
621
Save Running Config to PC
621
Deliver Configuration to Router
621
Write to Startup Config
622
Reset to Factory Defaults
622
File Management
622
Rename
624
New Folder
625
Exit
625
Unable to Perform 'Squeeze Flash
625
Edit Menu Commands
629
Preferences
629
View Menu Commands
631
Configure
631
Home
631
Monitor
631
Running Config
632
SDM Default Rules
632
Show Commands
632
Refresh
633
Tools Menu Commands
635
Ping
635
Security Audit
635
Telnet
635
USB Token PIN Settings
636
Update SDM
637
Help Menu Commands
641
Help Topics
641
About this Router
641
About SDM
641
Advertisement
Advertisement
Related Products
Cisco ST373307LC
Cisco Surveillance Media Server
Cisco SMTP
Cisco Servers
Cisco CiscoWorks SIMS 3.4.1
Cisco SFS InfiniBand
Cisco Security Device Manager
Cisco Secure ACS
Cisco S8500
Cisco Secure Access Control Server
Cisco Categories
Switch
IP Phone
Network Router
Wireless Access Point
Conference System
More Cisco Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL