| Section |
Page |
| Contents |
3 |
| Home Page |
37 |
| Creating a New Connection |
43 |
| Creating a New Connection |
43 |
| New Connection Reference |
44 |
| Create Connection |
44 |
| Additional Procedures |
45 |
| How Do I Configure a Static Route? |
46 |
| How Do I View Activity on My LAN Interface? |
46 |
| How Do I Enable or Disable an Interface? |
47 |
| How Do I View the IOS Commands I Am Sending to the Router? |
47 |
| How Do I Launch the Wireless Application from Cisco SDM? |
48 |
| How Do I Configure an Unsupported WAN Interface? |
48 |
| How Do I Enable or Disable an Interface? |
49 |
| How Do I View Activity on My WAN Interface? |
49 |
| How Do I Configure NAT on a WAN Interface? |
50 |
| How Do I Configure NAT on an Unsupported Interface? |
51 |
| How Do I Configure a Dynamic Routing Protocol? |
51 |
| How Do I Configure Dial-on-Demand Routing for My ISDN or Asynchronous Interface? |
52 |
| How Do I Edit a Radio Interface Configuration? |
53 |
| LAN Wizard |
55 |
| Ethernet Configuration |
56 |
| LAN Wizard: Select an Interface |
56 |
| LAN Wizard: IP Address and Subnet Mask |
57 |
| LAN Wizard: Enable DHCP Server |
57 |
| LAN Wizard: DHCP Address Pool |
58 |
| DHCP Options |
58 |
| LAN Wizard: VLAN Mode |
59 |
| LAN Wizard: Switch Port |
60 |
| IRB Bridge |
61 |
| BVI Configuration |
62 |
| DHCP Pool for BVI |
62 |
| IRB for Ethernet |
63 |
| Layer 3 Ethernet Configuration |
63 |
| 802.1Q Configuration |
64 |
| Trunking or Routing Configuration |
64 |
| Configure Switch Device Module |
64 |
| Configure Gigabit Ethernet Interface |
65 |
| Summary |
65 |
| 802.1x Authentication |
67 |
| LAN Wizard: 802.1x Authentication (Switch Ports) |
67 |
| Advanced Options |
68 |
| LAN Wizard: RADIUS Servers for 802.1x Authentication |
70 |
| Edit 802.1x Authentication (Switch Ports) |
72 |
| LAN Wizard: 802.1x Authentication (VLAN or Ethernet) |
73 |
| 802.1x Exception List |
74 |
| 802.1x Authentication on Layer 3 Interfaces |
75 |
| Edit 802.1x Authentication |
76 |
| How Do I ... |
77 |
| How Do I Configure 802.1x Authentication on More Than One Ethernet Port? |
77 |
| Configuring WAN Connections |
79 |
| Configuring an Ethernet WAN Connection |
79 |
| Ethernet WAN Connection Reference |
80 |
| WAN Wizard Interface Welcome Window������ |
80 |
| Select Interface |
81 |
| IP Address: Ethernet without PPPoE |
81 |
| Encapsulation: PPPoE |
82 |
| Summary �� |
83 |
| Advanced Options� |
83 |
| Configuring a Serial Connection |
84 |
| Serial Connection Reference |
85 |
| IP Address: Serial with Point-to-Point Protocol |
85 |
| IP Address: Serial with HDLC or Frame Relay� |
86 |
| Authentication� |
87 |
| Configure LMI and DLCI |
88 |
| Configure Clock Settings |
89 |
| Configuring a DSL Connection |
91 |
| DSL Connection Reference |
92 |
| IP Address: ATM or Ethernet with PPPoE/PPPoA� |
92 |
| IP Address: ATM with RFC 1483 Routing |
93 |
| Encapsulation Autodetect |
94 |
| PVC�� |
96 |
| Configuring an ISDN Connection |
98 |
| ISDN Connection Reference |
98 |
| ISDN Wizard Welcome Window |
99 |
| IP Address: ISDN BRI or Analog Modem |
99 |
| Switch Type and SPIDs |
100 |
| Dial String |
101 |
| Configuring an Aux Backup Connection |
102 |
| Aux Backup Connection Reference |
102 |
| Aux Backup Welcome Window |
103 |
| Backup Configuration |
103 |
| Backup Configuration: Primary Interface and Next Hop IP Addresses |
104 |
| Backup Configuration: Hostname or IP Address to Be Tracked |
105 |
| Configuring an Analog Modem Connection |
105 |
| Analog Modem Connection Reference |
106 |
| Analog Modem Welcome |
106 |
| Configuring a Cable Modem Connection |
107 |
| Cable Modem Connection Reference |
107 |
| Cable Modem Connection Wizard Welcome |
108 |
| Select Interface |
108 |
| Summary |
108 |
| Edit Interface/Connection |
111 |
| Connection: Ethernet for IRB |
115 |
| Connection: Ethernet for Routing |
116 |
| Existing Dynamic DNS Methods |
117 |
| Add Dynamic DNS Method |
117 |
| Wireless |
119 |
| Association �� |
119 |
| NAT |
121 |
| Edit Switch Port |
122 |
| Application Service |
123 |
| General |
124 |
| Select Ethernet Configuration Type |
126 |
| Connection: VLAN |
127 |
| Subinterfaces List |
127 |
| Add or Edit BVI Interface |
128 |
| Add or Edit Loopback Interface |
128 |
| Connection: Virtual Template Interface |
129 |
| Connection: Ethernet LAN��� |
129 |
| Connection: Ethernet WAN� |
130 |
| Connection: Ethernet Properties |
132 |
| Connection: Ethernet with No Encapsulation |
134 |
| Connection: ADSL� |
135 |
| Connection: ADSL over ISDN |
138 |
| Connection: G.SHDSL |
140 |
| Connection: Cable Modem |
144 |
| Configure DSL Controller |
145 |
| Add a G.SHDSL Connection |
147 |
| Connection: Serial Interface, Frame Relay Encapsulation |
150 |
| Connection: Serial Interface, PPP Encapsulation |
153 |
| Connection: Serial Interface, HDLC Encapsulation |
155 |
| Add or Edit GRE Tunnel� |
156 |
| Connection: ISDN BRI |
158 |
| Connection: Analog Modem |
161 |
| Connection: (AUX Backup) |
163 |
| Authentication |
165 |
| SPID Details |
166 |
| Dialer Options |
167 |
| Backup Configuration |
169 |
| Delete Connection |
170 |
| Connectivity Testing and Troubleshooting |
172 |
| Wide Area Application Services |
177 |
| Configuring a WAAS Connection |
178 |
| WAAS Reference |
179 |
| NM WAAS |
180 |
| Integrated Service Engine |
182 |
| WCCP |
183 |
| Central Manager Registration |
184 |
| Create Firewall |
185 |
| Basic Firewall Configuration Wizard |
188 |
| Basic Firewall Interface Configuration |
188 |
| Configuring Firewall for Remote Access |
189 |
| Advanced Firewall Configuration Wizard |
189 |
| Advanced Firewall Interface Configuration |
189 |
| Advanced Firewall DMZ Service Configuration |
190 |
| DMZ Service Configuration |
191 |
| Application Security Configuration |
192 |
| Domain Name Server Configuration |
193 |
| URL Filter Server Configuration |
193 |
| Select Interface Zone |
193 |
| ZPF Inside Zones |
194 |
| Voice Configuration |
194 |
| Summary |
195 |
| SDM Warning: SDM Access |
197 |
| How Do I... |
199 |
| How Do I View Activity on My Firewall? |
199 |
| How Do I Configure a Firewall on an Unsupported Interface? |
201 |
| How Do I Configure a Firewall After I Have Configured a VPN? |
201 |
| How Do I Permit Specific Traffic Through a DMZ Interface? |
202 |
| How Do I Modify an Existing Firewall to Permit Traffic from a New Network or Host? |
203 |
| How Do I Configure NAT on an Unsupported Interface? |
203 |
| How Do I Configure NAT Passthrough for a Firewall? |
204 |
| How Do I Permit Traffic Through a Firewall to My Easy VPN Concentrator? |
204 |
| How Do I Associate a Rule with an Interface? |
206 |
| How Do I Disassociate an Access Rule from an Interface |
206 |
| How Do I Delete a Rule That Is Associated with an Interface? |
207 |
| How Do I Create an Access Rule for a Java List? |
207 |
| How Do I Permit Specific Traffic onto My Network if I Don’t Have a DMZ Network? |
208 |
| Firewall Policy |
211 |
| Edit Firewall Policy/ACL |
211 |
| Choose a Traffic Flow |
213 |
| Examine the Traffic Diagram and Choose a Traffic Direction |
214 |
| Make Changes to Access Rules |
216 |
| Make Changes to Inspection Rules |
220 |
| Add App-Name Application Entry |
222 |
| Add rpc Application Entry |
222 |
| Add Fragment application entry |
223 |
| Add or Edit http Application Entry |
224 |
| Java Applet Blocking |
225 |
| Cisco SDM Warning: Inspection Rule |
226 |
| Cisco SDM Warning: Firewall |
227 |
| Edit Firewall Policy |
227 |
| Add a New Rule |
231 |
| Add Traffic |
232 |
| Application Inspection |
233 |
| URL Filter |
234 |
| Quality of Service |
234 |
| Inspect Parameter |
234 |
| Select Traffic |
234 |
| Delete Rule |
235 |
| Application Security |
237 |
| Application Security Windows |
237 |
| No Application Security Policy |
239 |
| E-mail |
240 |
| Instant Messaging |
241 |
| Peer-to-Peer Applications |
242 |
| URL Filtering |
243 |
| HTTP |
244 |
| Header Options |
245 |
| Content Options |
246 |
| Applications/Protocols |
248 |
| Timeouts and Thresholds for Inspect Parameter Maps and CBAC�� |
249 |
| Associate Policy with an Interface |
252 |
| Edit Inspection Rule |
252 |
| Permit, Block, and Alarm Controls |
253 |
| Site-to-Site VPN |
255 |
| VPN Design Guide |
255 |
| Create Site to Site VPN |
255 |
| Site-to-Site VPN Wizard |
258 |
| View Defaults |
259 |
| VPN Connection Information |
260 |
| IKE Proposals |
262 |
| Transform Set |
265 |
| Traffic to Protect |
267 |
| Summary of the Configuration |
268 |
| Spoke Configuration |
269 |
| Secure GRE Tunnel (GRE-over-IPSec) |
270 |
| GRE Tunnel Information |
270 |
| VPN Authentication Information |
271 |
| Backup GRE Tunnel Information |
272 |
| Routing Information |
273 |
| Static Routing Information |
274 |
| Select Routing Protocol� |
276 |
| Summary of Configuration |
277 |
| Edit Site-to-Site VPN |
277 |
| Add new connection |
280 |
| Add Additional Crypto Maps |
280 |
| Crypto Map Wizard: Welcome |
281 |
| Crypto Map Wizard: Summary of the configuration |
282 |
| Delete Connection |
282 |
| Ping |
283 |
| Generate Mirror... |
283 |
| Cisco SDM Warning: NAT Rules with ACL |
284 |
| How Do I... |
285 |
| How Do I Create a VPN to More Than One Site? |
285 |
| After Configuring a VPN, How Do I Configure the VPN on the Peer Router? |
287 |
| How Do I Edit an Existing VPN Tunnel? |
288 |
| How Do I Confirm That My VPN Is Working? |
289 |
| How Do I Configure a Backup Peer for My VPN? |
290 |
| How Do I Accommodate Multiple Devices with Different Levels of VPN Support? |
290 |
| How Do I Configure a VPN on an Unsupported Interface? |
291 |
| How Do I Configure a VPN After I Have Configured a Firewall? |
292 |
| How Do I Configure NAT Passthrough for a VPN? |
292 |
| Easy VPN Remote |
295 |
| Creating an Easy VPN Remote Connection |
296 |
| Create Easy VPN Remote Reference |
297 |
| Create Easy VPN Remote |
298 |
| Configure an Easy VPN Remote Client |
299 |
| Easy VPN Remote Wizard: Network Information |
299 |
| Easy VPN Remote Wizard: Identical Address Configuration |
300 |
| Easy VPN Remote Wizard: Interfaces and Connection Settings |
301 |
| Easy VPN Remote Wizard: Server Information |
303 |
| Easy VPN Remote Wizard: Authentication |
305 |
| Easy VPN Remote Wizard: Summary of Configuration |
307 |
| Administering Easy VPN Remote Connections |
308 |
| Editing an Existing Easy VPN Remote Connection |
309 |
| Creating a New Easy VPN Remote Connection |
309 |
| Deleting an Easy VPN Remote Connection |
310 |
| Resetting an Established Easy VPN Remote Connection |
310 |
| Connecting to an Easy VPN Server |
311 |
| Connecting other Subnets to the VPN Tunnel |
311 |
| Administering Easy VPN Remote Reference |
312 |
| Edit Easy VPN Remote |
312 |
| Add or Edit Easy VPN Remote |
317 |
| Add or Edit Easy VPN Remote: General Settings |
319 |
| Network Extension Options |
322 |
| Add or Edit Easy VPN Remote: Easy VPN Settings |
322 |
| Add or Edit Easy VPN Remote: Authentication Information |
324 |
| Add or Edit Easy VPN Remote: Easy VPN Client Phase III Authentication |
327 |
| Add or Edit Easy VPN Remote: Interfaces and Connections |
329 |
| Add or Edit Easy VPN Remote: Identical Addressing |
331 |
| Easy VPN Remote: Add a Device |
333 |
| Enter SSH Credentials |
333 |
| XAuth Login Window |
334 |
| Other Procedures |
334 |
| How Do I Edit an Existing Easy VPN Connection? |
334 |
| How Do I Configure a Backup for an Easy VPN Connection? |
335 |
| Easy VPN Server |
337 |
| Creating an Easy VPN Server Connection |
337 |
| Create an Easy VPN Server Reference |
339 |
| Create an Easy VPN Server |
340 |
| Welcome to the Easy VPN Server Wizard |
340 |
| Interface and Authentication |
340 |
| Group Authorization and Group Policy Lookup |
341 |
| User Authentication (XAuth) |
342 |
| User Accounts for XAuth |
343 |
| Add RADIUS Server |
344 |
| Group Authorization: User Group Policies |
345 |
| General Group Information |
346 |
| DNS and WINS Configuration |
347 |
| Split Tunneling |
347 |
| Client Settings |
348 |
| Choose Browser Proxy Settings |
351 |
| Add or Edit Browser Proxy Settings |
352 |
| User Authentication (XAuth) |
353 |
| Client Update |
354 |
| Add or Edit Client Update Entry |
355 |
| Cisco Tunneling Control Protocol |
356 |
| Summary |
357 |
| Browser Proxy Settings |
357 |
| Editing Easy VPN Server Connections |
359 |
| Edit Easy VPN Server Reference |
359 |
| Edit Easy VPN Server |
360 |
| Add or Edit Easy VPN Server Connection |
361 |
| Restrict Access |
362 |
| Group Policies Configuration |
362 |
| IP Pools |
365 |
| Add or Edit IP Local Pool |
365 |
| Add IP Address Range |
366 |
| Enhanced Easy VPN |
367 |
| Interface and Authentication |
367 |
| RADIUS Servers |
368 |
| Group Authorization and Group User Policies |
370 |
| Add or Edit Easy VPN Server: General Tab |
371 |
| Add or Edit Easy VPN Server: IKE Tab |
372 |
| Add or Edit Easy VPN Server: IPSec Tab |
374 |
| Create Virtual Tunnel Interface |
376 |
| DMVPN |
377 |
| Dynamic Multipoint VPN |
377 |
| Dynamic Multipoint VPN (DMVPN) Hub Wizard |
378 |
| Type of Hub |
379 |
| Configure Pre-Shared Key |
379 |
| Hub GRE Tunnel Interface Configuration |
380 |
| Advanced Configuration for the Tunnel Interface |
381 |
| Primary Hub |
382 |
| Select Routing Protocol� |
383 |
| Routing Information |
383 |
| Dynamic Multipoint VPN (DMVPN) Spoke Wizard |
385 |
| DMVPN Network Topology |
385 |
| Specify Hub Information |
386 |
| Spoke GRE Tunnel Interface Configuration |
386 |
| Cisco SDM Warning: DMVPN Dependency |
387 |
| Edit Dynamic Multipoint VPN (DMVPN) |
388 |
| General Panel |
390 |
| NHRP Panel |
391 |
| NHRP Map Configuration |
392 |
| Routing Panel |
393 |
| How Do I Configure a DMVPN Manually? |
395 |
| VPN Global Settings |
397 |
| VPN Global Settings |
397 |
| VPN Global Settings: IKE |
399 |
| VPN Global Settings: IPSec |
400 |
| VPN Global Settings: Easy VPN Server |
401 |
| VPN Key Encryption Settings |
402 |
| IP Security |
405 |
| IPSec Policies |
405 |
| Add or Edit IPSec Policy |
407 |
| Add or Edit Crypto Map: General� |
409 |
| Add or Edit Crypto Map: Peer Information� |
410 |
| Add or Edit Crypto Map: Transform Sets� |
411 |
| Add or Edit Crypto Map: Protecting Traffic� |
413 |
| Dynamic Crypto Map Sets |
415 |
| Add or Edit Dynamic Crypto Map Set |
415 |
| Associate Crypto Map with this IPSec Policy |
416 |
| IPSec Profiles |
416 |
| Add or Edit IPSec Profile |
417 |
| Add or Edit IPSec Profile and Add Dynamic Crypto Map |
418 |
| Transform Set |
419 |
| Add or Edit Transform Set |
422 |
| IPSec Rules |
424 |
| Internet Key Exchange |
427 |
| Internet Key Exchange (IKE) |
427 |
| IKE Policies |
428 |
| Add or Edit IKE Policy |
430 |
| IKE Pre-shared Keys |
432 |
| Add or Edit Pre Shared Key |
433 |
| IKE Profiles |
434 |
| Add or Edit an IKE Profile |
435 |
| Public Key Infrastructure |
439 |
| Certificate Wizards |
439 |
| Welcome to the SCEP Wizard |
440 |
| Certificate Authority (CA) Information |
441 |
| Advanced Options |
442 |
| Certificate Subject Name Attributes |
442 |
| Other Subject Attributes |
444 |
| RSA Keys |
445 |
| Summary |
446 |
| CA Server Certificate |
447 |
| Enrollment Status |
447 |
| Cut and Paste Wizard Welcome |
447 |
| Enrollment Task |
448 |
| Enrollment Request |
448 |
| Continue with Unfinished Enrollment |
449 |
| Import CA certificate |
450 |
| Import Router Certificate(s) |
450 |
| Digital Certificates |
451 |
| Trustpoint Information |
453 |
| Certificate Details |
453 |
| Revocation Check |
453 |
| Revocation Check, CRL Only |
454 |
| RSA Keys Window |
454 |
| Generate RSA Key Pair |
455 |
| USB Token Credentials |
456 |
| USB Tokens |
457 |
| Add or Edit USB Token |
458 |
| Open Firewall |
460 |
| Open Firewall Details |
461 |
| Certificate Authority Server |
463 |
| Create CA Server |
463 |
| Prerequisite Tasks for PKI Configurations |
464 |
| CA Server Wizard: Welcome |
465 |
| CA Server Wizard: Certificate Authority Information |
465 |
| Advanced Options |
467 |
| CA Server Wizard: RSA Keys |
469 |
| Open Firewall |
470 |
| CA Server Wizard: Summary |
470 |
| Manage CA Server |
471 |
| Backup CA Server |
473 |
| Manage CA Server Restore Window |
473 |
| Restore CA Server |
473 |
| Edit CA Server Settings: General Tab |
474 |
| Edit CA Server Settings: Advanced Tab |
475 |
| Manage CA Server: CA Server Not Configured |
475 |
| Manage Certificates |
475 |
| Pending Requests |
475 |
| Revoked Certificates |
477 |
| Revoke Certificate |
478 |
| Cisco�IOS SSL�VPN |
479 |
| Cisco�IOS SSL�VPN links on Cisco.com |
480 |
| Creating an SSL VPN Connection |
480 |
| Create an SSL VPN Connection Reference |
481 |
| Create SSL VPN |
482 |
| Persistent Self-Signed Certificate |
484 |
| Welcome |
485 |
| SSL VPN Gateways |
485 |
| User Authentication |
486 |
| Configure Intranet Websites |
488 |
| Add or Edit URL |
488 |
| Customize SSL VPN Portal |
489 |
| SSL VPN Passthrough Configuration |
489 |
| User Policy |
490 |
| Details of SSL VPN Group Policy: Policyname |
490 |
| Select the SSL VPN User Group |
491 |
| Select Advanced Features |
491 |
| Thin Client (Port Forwarding) |
491 |
| Add or Edit a Server |
492 |
| Full Tunnel |
493 |
| Locating the Install Bundle for Cisco SDM |
494 |
| Enable Cisco Secure Desktop |
496 |
| Common Internet File System |
497 |
| Enable Clientless Citrix |
497 |
| Summary |
498 |
| Editing SSL VPN Connections |
498 |
| Editing SSL VPN Connection Reference |
499 |
| Edit SSL VPN |
500 |
| SSL VPN Context |
501 |
| Designate Inside and Outside Interfaces |
503 |
| Select a Gateway |
503 |
| Context: Group Policies |
504 |
| Group Policy: General Tab |
504 |
| Group Policy: Clientless Tab |
505 |
| Group Policy: Thin Client Tab |
507 |
| Group Policy: SSL VPN Client (Full Tunnel) Tab |
507 |
| Advanced Tunnel Options |
509 |
| DNS and WINS Servers |
511 |
| Context: HTML Settings |
511 |
| Select Color |
513 |
| Context: NetBIOS Name Server Lists |
513 |
| Add or Edit a NBNS Server List |
513 |
| Add or Edit an NBNS Server |
514 |
| Context: Port Forward Lists |
514 |
| Add or Edit a Port Forward List |
514 |
| Context: URL Lists |
514 |
| Add or Edit a URL List |
515 |
| Context: Cisco Secure Desktop |
515 |
| SSL VPN Gateways |
515 |
| Add or Edit a SSL VPN Gateway |
516 |
| Packages |
517 |
| Install Package |
518 |
| Additional Help Topics |
518 |
| Cisco�IOS SSL�VPN Contexts, Gateways, and Policies |
518 |
| Learn More about Port Forwarding Servers |
524 |
| Learn More About Group Policies |
525 |
| Learn More About Split Tunneling |
526 |
| How do I verify that my Cisco�IOS SSL�VPN is working? |
527 |
| How do I configure a Cisco�IOS SSL�VPN after I have configured a firewall? |
528 |
| How do I associate a VRF instance with a Cisco�IOS SSL�VPN context? |
528 |
| SSL VPN Enhancements |
529 |
| SSL VPN Reference |
529 |
| SSL VPN Context: Access Control Lists |
529 |
| Add or Edit Application ACL |
530 |
| Add ACL Entry |
531 |
| Action URL Time Range |
532 |
| Add or Edit Action URL Time Range Dialog |
533 |
| Add or Edit Absolute Time Range Entry |
534 |
| Add or Edit Periodic Time Range Entry |
535 |
| VPN Troubleshooting |
537 |
| VPN Troubleshooting���� |
537 |
| VPN Troubleshooting: Specify Easy VPN Client |
539 |
| VPN Troubleshooting: Generate Traffic |
540 |
| VPN Troubleshooting: Generate GRE Traffic |
541 |
| Cisco SDM Warning: SDM will enable router debugs... |
542 |
| Security Audit |
543 |
| Welcome Page |
546 |
| Interface Selection Page |
546 |
| Report Card Page |
547 |
| Fix It Page |
547 |
| Disable Finger Service |
548 |
| Disable PAD Service |
549 |
| Disable TCP Small Servers Service |
549 |
| Disable UDP Small Servers Service |
550 |
| Disable IP BOOTP Server Service |
550 |
| Disable IP Identification Service |
551 |
| Disable CDP |
551 |
| Disable IP Source Route |
552 |
| Enable Password Encryption Service |
552 |
| Enable TCP Keepalives for Inbound Telnet Sessions |
553 |
| Enable TCP Keepalives for Outbound Telnet Sessions |
553 |
| Enable Sequence Numbers and Time Stamps on Debugs |
553 |
| Enable IP CEF |
554 |
| Disable IP Gratuitous ARPs |
554 |
| Set Minimum Password Length to Less Than 6 Characters |
554 |
| Set Authentication Failure Rate to Less Than 3 Retries |
555 |
| Set TCP Synwait Time |
555 |
| Set Banner |
556 |
| Enable Logging |
556 |
| Set Enable Secret Password |
557 |
| Disable SNMP |
557 |
| Set Scheduler Interval |
558 |
| Set Scheduler Allocate |
558 |
| Set Users |
559 |
| Enable Telnet Settings |
559 |
| Enable NetFlow Switching |
559 |
| Disable IP Redirects |
560 |
| Disable IP Proxy ARP |
560 |
| Disable IP Directed Broadcast |
561 |
| Disable MOP Service |
562 |
| Disable IP Unreachables |
562 |
| Disable IP Mask Reply |
562 |
| Disable IP Unreachables on NULL Interface |
563 |
| Enable Unicast RPF on Outside Interfaces |
564 |
| Enable Firewall on All of the Outside Interfaces |
564 |
| Set Access Class on HTTP Server Service |
565 |
| Set Access Class on VTY Lines |
565 |
| Enable SSH for Access to the Router |
566 |
| Enable AAA |
566 |
| Configuration Summary Screen |
567 |
| Cisco SDM and Cisco IOS AutoSecure |
567 |
| Security Configurations Cisco SDM Can Undo |
569 |
| Undoing Security Audit Fixes |
570 |
| Add or Edit Telnet/SSH Account Screen |
570 |
| Configure User Accounts for Telnet/SSH Page |
571 |
| Enable Secret and Banner Page |
572 |
| Logging Page |
573 |
| Routing |
575 |
| Add or Edit IP Static Route |
577 |
| Add or Edit an RIP Route |
579 |
| Add or Edit an OSPF Route |
579 |
| Add or Edit EIGRP Route |
581 |
| Network Address Translation |
583 |
| Network Address Translation Wizards |
583 |
| Basic NAT Wizard: Welcome |
584 |
| Basic NAT Wizard: Connection |
584 |
| Summary |
585 |
| Advanced NAT Wizard: Welcome |
585 |
| Advanced NAT Wizard: Connection |
586 |
| Add IP Address |
586 |
| Advanced NAT Wizard: Networks |
586 |
| Add Network |
587 |
| Advanced NAT Wizard: Server Public IP Addresses |
587 |
| Add or Edit Address Translation Rule |
588 |
| Advanced NAT Wizard: ACL Conflict � |
589 |
| Details |
590 |
| Network Address Translation Rules |
590 |
| Designate NAT Interfaces |
594 |
| Translation Timeout Settings |
594 |
| Edit Route Map |
595 |
| Edit Route Map Entry |
596 |
| Address Pools |
597 |
| Add or Edit Address Pool |
598 |
| Add or Edit Static Address Translation Rule: Inside to Outside |
599 |
| Add or Edit Static Address Translation Rule: Outside to Inside |
602 |
| Add or Edit Dynamic Address Translation Rule: Inside to Outside |
605 |
| Add or Edit Dynamic Address Translation Rule: Outside to Inside |
608 |
| How Do I . . . |
610 |
| How do I Configure Address Translation for Outside to Inside |
610 |
| How Do I Configure NAT With One LAN and Multiple WANs? |
611 |
| Cisco IOS IPS |
613 |
| Create IPS |
614 |
| Create IPS: Welcome |
615 |
| Create IPS: Select Interfaces |
615 |
| Create IPS: SDF Location |
615 |
| Create IPS: Signature File |
616 |
| Create IPS: Configuration File Location and Category |
617 |
| Add or Edit a Config Location |
618 |
| Directory Selection |
619 |
| Signature File |
619 |
| Create IPS: Summary |
620 |
| Create IPS: Summary |
620 |
| Edit IPS |
621 |
| Edit IPS: IPS Policies |
622 |
| Enable or Edit IPS on an Interface |
625 |
| Edit IPS: Global Settings |
626 |
| Edit Global Settings |
628 |
| Add or Edit a Signature Location |
629 |
| Edit IPS: SDEE Messages |
630 |
| SDEE Message Text |
631 |
| Edit IPS: Global Settings |
634 |
| Edit Global Settings |
635 |
| Edit IPS Prerequisites |
636 |
| Add Public Key |
637 |
| Edit IPS: Auto Update |
637 |
| Edit IPS: SEAP Configuration |
639 |
| Edit IPS: SEAP Configuration: Target Value Rating |
640 |
| Add Target Value Rating |
641 |
| Edit IPS: SEAP Configuration: Event Action Overrides |
641 |
| Add or Edit an Event Action Override |
643 |
| Edit IPS: SEAP Configuration: Event Action Filters |
644 |
| Add or Edit an Event Action Filter |
646 |
| Edit IPS: Signatures |
648 |
| Edit IPS: Signatures |
654 |
| Edit Signature |
658 |
| File Selection |
661 |
| Assign Actions |
662 |
| Import Signatures |
663 |
| Add, Edit, or Clone Signature |
665 |
| Cisco Security Center |
667 |
| IPS-Supplied Signature Definition Files |
667 |
| Security Dashboard |
668 |
| IPS Migration |
671 |
| Migration Wizard: Welcome |
671 |
| Migration Wizard: Choose the IOS IPS Backup Signature File |
672 |
| Signature File |
672 |
| Java Heap Size |
672 |
| Network Module Management |
675 |
| IDS Network Module Management |
675 |
| IDS Sensor Interface IP Address |
677 |
| IP Address Determination |
678 |
| IDS NM Configuration Checklist |
679 |
| IDS NM Interface Monitoring Configuration |
681 |
| Network Module Login |
681 |
| Feature Unavailable� |
681 |
| Switch Module Interface Selection |
681 |
| Quality of Service |
683 |
| Creating a QoS Policy |
683 |
| Create a QoS Policy Reference |
684 |
| Create QoS Policy |
684 |
| QoS Wizard |
685 |
| Interface Selection�� |
685 |
| Queuing for Outbound Traffic |
686 |
| Add a New Traffic Class |
687 |
| Policing for Outbound Traffic |
689 |
| QoS Policy Generation |
689 |
| QoS Configuration Summary |
690 |
| Editing QoS Policies |
691 |
| Edit QoS Policy Reference |
692 |
| Edit QoS Policy |
692 |
| Add Class for the New Policy |
695 |
| Add Service Policy to Class |
696 |
| Associate or Disassociate the QoS Policy |
697 |
| Add or Edit a QoS Class |
697 |
| Edit Match DSCP Values |
700 |
| Edit Match Protocol Values |
701 |
| Add Custom Protocols�� |
701 |
| Edit Match ACL |
701 |
| Configure Policing |
701 |
| Configure Shaping |
702 |
| Configure Queuing |
703 |
| Network Admission Control |
705 |
| Create NAC Tab |
705 |
| Other Tasks in a NAC Implementation |
706 |
| Welcome |
707 |
| NAC Policy Servers |
708 |
| Interface Selection |
710 |
| NAC Exception List |
711 |
| Add or Edit an Exception List Entry |
711 |
| Choose an Exception Policy |
712 |
| Add Exception Policy |
713 |
| Agentless Host Policy |
714 |
| Configuring NAC for Remote Access |
714 |
| Modify Firewall |
715 |
| Details Window |
715 |
| Summary of the configuration |
716 |
| Edit NAC Tab |
717 |
| NAC Components |
718 |
| Exception List Window |
718 |
| Exception Policies Window |
719 |
| NAC Timeouts |
719 |
| Configure a NAC Policy |
721 |
| How Do I... |
722 |
| How Do I Configure a NAC Policy Server? |
722 |
| How Do I Install and Configure a Posture Agent on a Host? |
722 |
| Router Properties |
723 |
| Device Properties |
723 |
| Date and Time: Clock Properties |
724 |
| Date and Time Properties |
725 |
| NTP |
726 |
| Add or Edit NTP Server Details |
727 |
| SNTP |
728 |
| Add an NTP Server |
729 |
| Logging |
730 |
| SNMP |
731 |
| Netflow |
732 |
| Netflow Talkers |
732 |
| Router Access |
733 |
| User Accounts: Configure User Accounts for Router Access |
733 |
| Add or Edit a Username |
734 |
| View Password |
736 |
| vty Settings |
737 |
| Edit vty Lines |
737 |
| Configure Management Access Policies |
739 |
| Add or Edit a Management Policy |
741 |
| Management Access Error Messages |
742 |
| SSH |
744 |
| DHCP Configuration |
745 |
| DHCP Pools |
745 |
| Add or Edit DHCP Pool |
747 |
| DHCP Bindings |
748 |
| Add or Edit DHCP Binding |
749 |
| DNS Properties |
750 |
| Dynamic DNS Methods |
750 |
| Add or Edit Dynamic DNS Method |
751 |
| ACL Editor |
753 |
| Useful Procedures for Access Rules and Firewalls |
755 |
| Rules Windows� � � � � ������ |
755 |
| Add or Edit a Rule |
759 |
| Associate with an Interface |
762 |
| Add a Standard Rule Entry |
763 |
| Add an Extended Rule Entry |
765 |
| Select a Rule |
768 |
| Port-to-Application Mapping |
771 |
| Port-to-Application Mappings |
771 |
| Add or Edit Port Map Entry |
773 |
| Zone-Based Policy Firewall |
775 |
| Zone Window |
776 |
| Add or Edit a Zone |
777 |
| Zone-Based Policy General Rules |
777 |
| Zone Pairs |
779 |
| Add or Edit a Zone Pair |
779 |
| Add a Zone |
780 |
| Select a Zone |
781 |
| Authentication, Authorization, and Accounting |
783 |
| Configuring AAA |
784 |
| AAA Screen Reference |
784 |
| AAA Root Screen |
785 |
| AAA Servers and Server Groups |
786 |
| AAA Servers |
786 |
| Add or Edit a TACACS+ Server |
787 |
| Add or Edit a RADIUS Server |
788 |
| Edit Global Settings |
789 |
| AAA Server Groups |
790 |
| Add or Edit AAA Server Group |
791 |
| Authentication and Authorization Policies |
792 |
| Authentication and Authorization |
792 |
| Authentication NAC |
793 |
| Authentication 802.1x |
794 |
| Add or Edit a Method List for Authentication or Authorization |
795 |
| Router Provisioning |
799 |
| Secure Device Provisioning |
799 |
| Router Provisioning from USB |
800 |
| Router Provisioning from USB (Load File) |
800 |
| SDP Troubleshooting Tips |
800 |
| Cisco Common Classification Policy Language |
803 |
| Policy Map |
803 |
| Policy Map Windows |
803 |
| Add or Edit a QoS Policy Map |
805 |
| Associate a Policy Map to Interface |
805 |
| Add an Inspection Policy Map |
807 |
| Layer 7 Policy Map |
807 |
| Application Inspection |
807 |
| Configure Deep Packet Inspection |
808 |
| Class Maps |
808 |
| Associate Class Map |
809 |
| Class Map Advanced Options |
809 |
| QoS Class Map |
810 |
| Add or Edit a QoS Class Map |
811 |
| Add or Edit a QoS Class Map � |
811 |
| Select a Class Map |
811 |
| Deep Inspection |
811 |
| Class Map and Application Service Group Windows |
811 |
| Add or Edit an Inspect Class Map |
814 |
| Associate Parameter Map |
814 |
| Add an HTTP Inspection Class Map |
815 |
| HTTP Request Header |
815 |
| HTTP Request Header Fields |
816 |
| HTTP Request Body |
817 |
| HTTP Request Header Arguments |
817 |
| HTTP Method |
818 |
| Request Port Misuse |
818 |
| Request URI |
818 |
| Response Header |
819 |
| Response Header Fields |
820 |
| HTTP Response Body |
821 |
| HTTP Response Status Line |
821 |
| Request/Response Header Criteria |
822 |
| HTTP Request/Response Header Fields |
822 |
| Request/Response Body |
823 |
| Request/Response Protocol Violation |
824 |
| Add or Edit an IMAP Class Map |
824 |
| Add or Edit an SMTP Class Map |
824 |
| Add or Edit a SUNRPC Class Map |
825 |
| Add or Edit an Instant Messaging Class Map |
825 |
| Add or Edit a Point-to-Point Class Map |
825 |
| Add P2P Rule |
826 |
| Add or Edit a POP3 Class Map |
826 |
| Parameter Maps |
827 |
| Parameter Map Windows |
827 |
| Add or Edit a Parameter Map for Protocol Information |
827 |
| Add or Edit a Server Entry |
828 |
| Add or Edit Regular Expression |
828 |
| Add a Pattern |
829 |
| Build Regular Expression |
830 |
| Regular Expression Metacharacters |
832 |
| URL Filtering |
835 |
| URL Filtering Window |
836 |
| Edit Global Settings |
836 |
| General Settings for URL Filtering |
837 |
| Local URL List� |
839 |
| Add or Edit Local URL |
840 |
| Import URL List |
841 |
| URL Filter Servers� |
841 |
| Add or Edit a URL Filter Server�� |
842 |
| URL Filtering Precedence |
843 |
| Configuration Management |
845 |
| Manually Editing the Configuration File |
845 |
| Config Editor |
846 |
| Reset to Factory Defaults |
847 |
| This Feature Not Supported |
850 |
| More About.... |
851 |
| IP Addresses and Subnet Masks |
851 |
| Host and Network Fields |
853 |
| Available Interface Configurations |
854 |
| DHCP Address Pools |
855 |
| Meanings of the Permit and Deny Keywords |
856 |
| Services and Ports |
856 |
| More About NAT |
863 |
| Static Address Translation Scenarios |
863 |
| Dynamic Address Translation Scenarios |
866 |
| Reasons that Cisco SDM Cannot Edit a NAT Rule |
867 |
| More About VPN |
868 |
| Cisco.com Resources |
868 |
| More about VPN Connections and IPSec Policies |
869 |
| More About IKE |
871 |
| More About IKE Policies |
872 |
| Allowable Transform Combinations |
873 |
| Reasons Why a Serial Interface or Subinterface Configuration May Be Read-Only |
874 |
| Reasons Why an ATM Interface or Subinterface Configuration May Be Read-Only |
875 |
| Reasons Why an Ethernet Interface Configuration May Be Read-Only |
876 |
| Reasons Why an ISDN BRI Interface Configuration May Be Read-Only |
877 |
| Reasons Why an Analog Modem Interface Configuration May Be Read-Only |
878 |
| Firewall Policy Use Case Scenario |
879 |
| DMVPN Configuration Recommendations |
879 |
| Cisco SDM White Papers |
881 |
| Getting Started |
883 |
| What’s New in this Release? |
884 |
| Cisco IOS Versions Supported |
886 |
| Viewing Router Information |
887 |
| Overview |
888 |
| Interface Status |
892 |
| Firewall Status |
895 |
| Zone-Based Policy Firewall Status |
896 |
| VPN Status |
898 |
| IPSec Tunnels |
898 |
| DMVPN Tunnels |
900 |
| Easy VPN Server |
901 |
| IKE SAs |
903 |
| SSL VPN Components |
904 |
| SSL VPN Context |
905 |
| User Sessions |
905 |
| URL Mangling |
906 |
| Port Forwarding |
906 |
| CIFS |
906 |
| Full Tunnel |
907 |
| User List |
907 |
| Traffic Status |
909 |
| Netflow Top Talkers |
909 |
| Top Protocols |
909 |
| Top Talkers |
910 |
| QoS |
911 |
| Application/Protocol Traffic |
913 |
| NAC Status |
914 |
| Logging |
915 |
| Syslog |
915 |
| Firewall Log |
918 |
| Application Security Log |
920 |
| SDEE Message Log |
921 |
| IPS Status |
923 |
| IPS Signature Statistics |
924 |
| IPS Alert Statistics |
925 |
| 802.1x Authentication Status |
926 |
| File Menu Commands |
927 |
| Save Running Config to PC |
927 |
| Deliver Configuration to Router |
927 |
| Write to Startup Config |
928 |
| Reset to Factory Defaults |
928 |
| File Management |
928 |
| Rename |
931 |
| New Folder |
931 |
| Save SDF to PC |
932 |
| Exit |
932 |
| Unable to perform squeeze flash |
932 |
| Edit Menu Commands |
935 |
| Preferences |
935 |
| View Menu Commands |
937 |
| Home |
937 |
| Configure |
937 |
| Monitor |
937 |
| Running Config |
938 |
| Show Commands |
938 |
| Cisco SDM Default Rules |
939 |
| Refresh |
940 |
| Tools Menu Commands |
941 |
| Ping |
941 |
| Telnet |
941 |
| Security Audit |
941 |
| USB Token PIN Settings |
942 |
| Wireless Application |
943 |
| Update Cisco SDM |
943 |
| CCO Login |
944 |
| Help Menu Commands |
947 |
| Help Topics |
947 |
| Cisco SDM on CCO |
947 |
| Hardware/Software Matrix |
947 |
| About this router... |
948 |
1
10
11
12
13
14
15
16
17
18
19
20
