fixes
  • Providing strong security and verifying configuration entries
  • Using device and interface-specific defaults
    • Examples of SDM wizards include the following: Use the SDM wizards to provide quick deployment. A suggested workflow is given in the lower part of each wizard screen to guide untrained users through the process. Begin with configuring LAN, WAN, firewall, intrusion prevention system (IPS), and VPN, and finish with performing a security audit. SDM is embedded and factory-installed within the Cisco IOS 800–3800 Series routers and available for download for select router platforms. Figure displays a table of platforms capable of supporting SDM version 2.3. Note
    This course focuses specifically on SDM version 2.2a. Due to the nature of the software, changes must be expected with new revisions of the software. Although the features and screens may vary between versions of SDM, the concepts learned in this section are applicable to all versions. Note
    Although the emphasis of this section is exclusively on using SDM to configure VPNs, it is important to capture and analyze CLI running-configurations of VPN installations.
    Content 3.4 Configuring IPsec Site-to-Site VPN Using SDM 3.4.2 Introducing the SDM VPN Wizard Interface Figure shows the main page of the Cisco SDM consisting of two sections: There are two important icons in the top horizontal navigation bar: Figure is the VPN configuration page that lists the VPN wizards that help implement different types of IPsec VPNs. To select and start a VPN wizard, follow this procedure: Step 1 Click the Configure icon in the top horizontal navigation bar of the Cisco SDM main page to enter the configuration page. Step 2 Click the VPN icon in the left vertical navigation bar to open the VPN page. Step 3 Choose one of the available VPN wizards from the list. The example in Figure shows the screen that appears when you choose the Site to Site VPN wizard from the list. Here you can create two types of site-to-site VPNs: classic and generic routing encapsulation (GRE) over IPsec.
    Content 3.4 Configuring IPsec Site-to-Site VPN Using SDM 3.4.3 Site-to-Site VPN Components The VPN wizards of the SDM use two sources to create a VPN connection: The SDM provides some default VPN components: Other components are created by the VPN wizards during the step-by-step configuration process. Some components must be configured before the wizards can be used (for example, Public Key Infrastructure [PKI]). Figure illustrates the VPN navigation bar, which contains two major sections: Using the VPN wizards simplifies the configuration of individual VPN components. The individual IPsec components section can be used later to modify some parameters that may have been misconfigured during the VPN wizard step-by-step configuration.
    Content 3.4 Configuring IPsec Site-to-Site VPN Using SDM 3.4.4 Launching the Site-to-Site VPN Wizard Starting SDM
    Follow these steps to start SDM: Step 1 The method to start SDM depends on where SDM is installed as follows: Step 2 Enter the appropriate username and password. When certificate windows appear, click Yes or click Grant to accept the certificates. Step 3 When the Launch page has loaded, SDM displays the SDM Home page, shown in . The SDM Home page gives you a snapshot of the router configuration and the features that the Cisco IOS image supports. Step 4 From the SDM Homepage, select the VPN wizard by choosing Configure > VPN. Creating and Configuring a Site-to-Site VPN
    There are three steps to creating and configuring a classic site-to-site VPN: Step 1 Click the Create a Site to Site VPN radio button, and then click the Launch the selected task button. Step 2 A window opens, asking you which wizard mode to use: Step 3 Choose which wizard mode to use, and then click the Next button to configure the parameters of the VPN connection you chose. Using Quick Setup
    The first of the two wizard modes is the quick setup mode shown in Figure . Quick setup only needs a single window to complete the configuration of the VPN. Using the quick setup, you will configure these parameters: When you are finished selecting the parameters, click the Next button to proceed. A summary of the configuration appears. This provides you with an option to review the actual CLI commands which will be configured on the router if you choose Finish. Otherwise, you could choose Back to change a setting, or Cancel should you wish to abort the configuration. Using the Step-by-Step Wizard
    The second of the two wizard modes is the Step by step wizard. This wizard includes a number of screens to configure the VPN connection as listed in Figure . Specifically it will permit you to configure the following parameters: