Release Notes for Cisco Router and Security Device Manager 2.5 January 21, 2008 These release notes support Cisco Router and Security Device Manager (Cisco SDM) version 2.5. They should be used with the documents listed in the “Related Documentation” section. These release notes are updated as needed.
System Requirements Cisco SDM Express allows you to give a router a basic LAN, WAN, firewall and NAT configuration. It is installed in router memory. System Requirements This section contains Cisco SDM system requirements. Memory Requirements Table 1 shows how much memory is required to support Cisco SDM and related applications. Table 1 Cisco SDM Memory Requirements Application Minimum Memory Required Cisco SDM 7.63 MB (8,008,718 bytes) Cisco SDM Express 2.
System Requirements • Cisco 876 • Cisco 877 • Cisco 877-M • Cisco 877W-M • Cisco 878 Cisco SDM is supported on the following Cisco 1700 series routers: • Cisco 1701 • Cisco 1710 • Cisco 1711 • Cisco 1712 • Cisco 1721 • Cisco 1751 • Cisco 1751-v • Cisco 1760 • Cisco 1760-v Cisco SDM is supported on the following Cisco 1800 series routers: • Cisco 1801 • Cisco 1801W-M • Cisco 1801M • Cisco 1802 • Cisco 1803 • Cisco 1811 • Cisco 1812 • Cisco 1841 Cisco SDM is suppor
System Requirements • Cisco 3620 • Cisco 3640 • Cisco 3640A • Cisco 3661 • Cisco 3662 Cisco SDM is supported on the following Cisco 3700 series routers: • Cisco 3725 • Cisco 3745 Cisco SDM is supported on the following Cisco 3800 series routers: • Cisco 3825 • Cisco 3845 Cisco SDM is supported on the following Cisco 7000 series routers: • Cisco 7204VXR • Cisco 7206VXR • Cisco 7301 Supported Adapters, Cards and Network Modules Cisco SDM supports the following network modules: • NM-1
System Requirements • NM-16ESW-PWR-1GIG • NM-36ESW • NMD-36ESW-2GIG • NMD-36ESW-PWR • NMD-36ESW-PWR-2GIG Cisco SDM supports only Ethernet configuration on the following network modules: • NM-1E1R2W • NM-1FE1R2W • NM-1FE1CE1U • NM-1FE2CE1B • NM-1FE1CE1B • NM-1FE2CE1U • NM-1FE1CT1 • NM-1FE2CT1 • NM-1FE1CT1-CSU • NM-1FE2CT1-CSU Cisco SDM supports the following EtherSwitch Service Network Modules: • NME-16ES-1G-P • NME-X-23ES-1G-P • NME-XD-24ES-1S-P • NME-XD-48ES-2S-P Cisc
System Requirements • WIC-4ESW • WIC-1SHDSL-V2 • WIC-1SHDSL-V3 • WIC 1ADSL-DG • WIC 1ADSL-I-DG Cisco SDM supports the following high-speed WAN interface cards (HWICs): • HWIC-4T • HWIC-4A/S • HWIC-8A/S-232 • HWIC-4ESW • HWICD-9ESW • HWIC-AP-G-X • HWIC-AP-AG-X • HWIC-ADSL-B/ST • HWIC-ADSLI-B/ST • HWIC-1ADSL • HWIC-1ADSLI • HWIC1-ADSL-M • HWIC-1CABLE-D • HWIC-1CABLE-E/J • HWIC-1FE • HWIC-2FE Cisco SDM supports the following advanced integration modules (AIMs): • AIM
System Requirements • PA-8E • PA-4E Cisco SDM supports the following Network Processing Engines and Network Service Engines on Cisco 7000 family routers. • NPE-225 • NPE-400 • NPE-G1 • NPE-G2 • NSE-1 Cisco SDM supports the following service adapters on Cisco 7000 family routers: • SA-VAM • SA-VAM2 • SA-VAM2+ • C7200-VSA Cisco SDM also supports the MOD-1700VPN. PC System Requirements Cisco SDM is designed to run on a personal computer that has a Pentium III or faster processor.
System Requirements Table 2 Cisco SDM-Supported Routers and Cisco IOS Releases (continued) Cisco SDM-Supported Routers Cisco 831 Cisco 837 Cisco SDM-Supported Cisco IOS Releases • 12.2(13)ZH or later releases • 12.3(2)XA or later releases • 12.3(2)T or later releases • 12.4(2)T or later releases • 12.2(13)ZH or later releases • 12.3(2)XA or later releases • 12.3(4)T or later releases • 12.4(2)T or later releases Cisco 851 Cisco 857 • 12.3(8)YI • 12.
System Requirements Table 2 Cisco SDM-Supported Routers and Cisco IOS Releases (continued) Cisco SDM-Supported Routers Cisco 1841 Cisco SDM-Supported Cisco IOS Releases • 12.3(8)T4 or later releases • 12.4(2)T or later releases • 12.2(11)T6 or later releases • 12.3(2)T or later releases • 12.3(1)M or later releases • 12.3(4)XD • 12.2(15)ZJ3 • 12.4(2)T or later releases Cisco 2801 Cisco 2811 Cisco 2821 Cisco 2851 • 12.3(8)T4 or later releases • 12.
System Requirements Table 2 Cisco SDM-Supported Routers and Cisco IOS Releases (continued) Cisco SDM-Supported Routers Cisco 7204VXR Cisco 7206VXR Cisco SDM-Supported Cisco IOS Releases • 12.3(2)T or later releases • 12.3(1)M or later releases • 12.4(2)T or later releases Cisco SDM does not support B, E, or S train releases on the Cisco 7000 routers. Cisco 7301 • 12.3(2)T or later releases • 12.3(3)M or later releases • 12.
System Requirements Table 3 Feature History of Cisco IOS IPS Cisco IOS Release Cisco IOS IPS Features or Improvements 12.3(14)T Support for three string engines (STRING.TCP, STRING.UDP, and STRING.ICMP) Support for two new local shunning event actions: denyAttackerInline and denyFlowInline 12.3(8)T Support for Security Device Event Exchange (SDEE) protocol Support for ATOMIC.IP, ATOMIC.ICMP, ATOMIC.IPOPTIONS, ATOMIC.UDP, ATOMIC.TCP, SERVICE.DNS, SERVICE.RPC, SERVICE.SMTP, SERVICE.HTTP, SERVICE.
New and Changed Information Note • Microsoft Windows 2003 Server (Standard Edition) • Microsoft Windows 2000 Professional with Service Pack 4 Windows 2000 Advanced Server is not supported. Cisco SDM 2.5 is available only in English. Cisco SDM 2.4.1 is available in six additional languages: French, German, Italian, Japanese, Simplified Chinese, and Spanish. Cisco SDM 2.4.1 supports full Cisco SDM functionality released prior to Cisco SDM 2.5. If you want to use Cisco SDM 2.4.
New and Changed Information – For more information on QoS policing, refer to http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html – For more information on QoS queuing, refer to http://www.cisco.com/en/US/tech/tk543/tk544/tsd_technology_support_protocol_home.html – For more information on QoS shaping, refer to http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a008 022136e.
New and Changed Information – VLAN assignment by name – Wi-Fi Multimedia (WMM) elements. • Cisco IOS Intrusion Prevention System (IPS) user interface enhancements—The following enhancements are now supported: – Total compiled signatures are now displayed in the Signatures screen. – The SDM and CLI signature packages can now be downloaded in one operation. – Downloaded signature packages are automatically pushed to the router.
Installation Notes Table 4 Cisco SDM File List (continued) Filename Size Description 128MB.sdf 515 KB (527, 849 bytes) Signature Definition File (SDF) used by Cisco IOS IPS 256MB.sdf 775 KB (793, 739 bytes Signature Definition File (SDF) used by Cisco IOS IPS Installation Notes This section contains important information regarding installation and upgrades to Cisco SDM 2.5. Cisco 1700 Routers Running Cisco ITS/Cisco CallManager Express and Cisco IOS Release 12.
Limitations and Restrictions http://www.cisco.com/go/sdm In the Support box, click Install and Upgrade. Then click Install and Upgrade Guides > Downloading and Installing Cisco Router and Security Device Manager. Uninstalling Cisco SDM Files If you want to remove Cisco SDM from flash memory or from a router disk file system, you can do so by logging onto the router and completing the following steps in EXEC mode: Step 1 Change to the directory in which the Cisco SDM files are located.
Important Notes Cisco SDM Minimum Screen Resolution Cisco SDM requires a screen resolution of at least 1024 x 768. Restrictions for Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers The following restrictions apply to Cisco SDM running on Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers: • The Cisco SDM Express application is not supported. You must use the Cisco IOS CLI to give the router an initial configuration that will enable you to connect to the router using a browser.
Important Notes • Unable to Perform “squeeze flash:” Operation, page 19 • Security Alert Dialog May Remain After Cisco SDM Launches, page 21 Cisco IOS Enforces One-Time Use of Default Credentials To address CSCsm25466, Cisco IOS images included with recent shipments of Cisco 800, Cisco 1800, Cisco 2800, and Cisco 3800 routers, enforce the one-time use of the default username and password provided in the Cisco SDM configuration file.
Important Notes yourname# configure terminal Step 6 Create a new username and password by entering the following command: yourname(config)# username username privilege 15 secret 0 password Replace username and password with the username and password that you want to use.
Important Notes ! ip domain-name yourdomain.com ! interface FastEthernet0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-10/100 Ethernet$ ip address 10.10.10.1 255.255.255.
Important Notes For example, if you have configured a SSL VPN connection on the interface Fe 0/0 with the gateway IP address 10.10.10.1, and the gateway name MySSLVPN, you may not be able to launch Cisco SDM using that IP address.
Important Notes Cisco SDM on PC May Not Launch under Windows XP with Service Pack 2 When Cisco SDM is installed on a PC running Windows XP with Service Pack 2, Internet Explorer may display HTML source code when you attempt to launch Cisco SDM. To fix this problem, go to Tools > Internet Options > Advanced. Then scroll to the Security section, check Allow active content to run in files on my computer, and click Apply. Then relaunch Cisco SDM.
Important Notes Step 4 At the prompt, enter the enable command, and enter the password cisco. yourname> enable Password: cisco yourname# Step 5 Enter the erase startup-config command. yourname# erase startup-config Step 6 Confirm the command by pressing Enter. Step 7 Enter the reload command. yourname# reload Step 8 Confirm the command by pressing Enter. After the router completes the reload operation, it enters into the standard Cisco IOS startup sequence.
Important Notes Table 4 on page 12 lists the files Cisco SDM uses. Tip If you prefer to download a Cisco IOS image, and the SDM-Vnn.zip file, follow these instructions to use an Internet connection to download an SDM-supported Cisco IOS image, and the SDM-Vnn.zip file. a. Click the following link to obtain a Cisco IOS image from the Cisco Software Center: http://www.cisco.com/kobayashi/sw-center b. Obtain an image that supports the features you want on the Cisco 12.2(11)T release or later.
Caveats Caveats Caveats describe unexpected behavior in Cisco SDM. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels. Open Caveats—Cisco SDM 2.5 This section lists caveats that are open in Cisco SDM 2.5. • CSCsk51555 This caveat is caused by Cisco IOS caveat CSCsl42697.
Caveats • 5. Click the Java tab. Locate the Java Runtime Settings dialog. Click the View button if necessary to display the dialog, and proceed to 6. 6. In the Java Runtime Parameters column, remove the value -Xmx256m from the Java runtime parameters column. If this statement is found in other rows, remove the statement from those rows as well. 7. Click OK in the Java Runtime Settings dialog. 8. Click Apply in the Java Control Panel, and then click OK. 9. Restart Cisco SDM.
Caveats • CSCsh31616 Because of Cisco IOS caveat CSCsh32935, when reordering class maps in the Edit Inspection Policy Map dialog, the Cisco SDM-defined class map sdm-protocol-p2p may be removed if it was included in the policy map being edited. • CSCsh39685 Because of Cisco IOS caveat CSCek68311, a Certificate Authority (CA) server created using the Cisco SDM CA Server wizard will be shown as stopped. This problem occurs when the router is running a Cisco IOS 12.4(11)T image.
Caveats Workaround: This may be addressed in a future release of Cisco IOS. • CSCsh44720 When Cisco SDM installed on a PC is invoked in Internet Explorer 7.0 using either HTTP or HTTPS, the popup window asking for the IP address of the router appears again after the IP address has been entered in the first popup window. When Cisco SDM installed on router flash memory nvoked in Internet Explorer 7.0 using HTTPS, a certification error is displayed.
Caveats If you prefer to use the Cisco IOS CLI, enter the following commands to remove the loopback interface and NAT rule that were added to allow Cisco SDM access. In these steps, Loopback 0 with an IP address of 192.168.1.1, and FastEthernet 0/0 with an IP address of 10.20.30.40 are used as examples.
Caveats – Turn on firewall logging for IM applications. The names of the servers that the IM applications connect to will be revealed in the log. – Use the CLI to block the new servers. The following example uses the server newserver.yahoo.com: router# config t router(config)# appfw policy-name SDM_HIGH router(cfg-appfw-policy)# application im yahoo router(cfg-appfw-policy-ymsgr)# server deny name newserver.yahoo.
Caveats • CSCsa40535 VPN status in the Monitor windows do not show IPsec security association (SA) parameters for DMVPN when CLI status commands report that the crypto tunnels are up and traffic is passing through. The DMVPN tunnel is shown as established in the IKE SA tab. Workaround: Use the CLI to view DMVPN status. • CSCef34056 If multiple instances of Cisco SDM are run under Netscape version 7.
Caveats • CSCef53222 Cisco SDM filenames are case sensitive. If the Cisco SDM files are copied from the PC hard disk to a flash card, File Explorer changes the names to uppercase. When this happens, Cisco SDM cannot be invoked from this flash card. Workaround: Before removing the flash card from the PC, restore the filenames to lowercase.
Caveats • CSCec31789 When you update Cisco SDM, if any of the uploaded files shows a size of zero bytes when show flash is invoked, no operations such as copy or delete can be performed on flash memory. This problem rarely occurs. Workaround: Restart the router to be able to perform operations on flash memory. If files of zero bytes are shown in a show flash display, restart the router before starting Cisco SDM.
Caveats • CSCin44119 When an Easy VPN tunnel is active, using Cisco SDM to apply a NAT configuration to the Easy VPN inside and outside interfaces will deliver ip nat inside and ip nat outside commands to the router, but the running configuration will not be changed. Cisco SDM displays no error message when this is attempted.
Caveats memory. The Cisco SDM Update feature uses RCP protocol to upload the new Cisco SDM files to the router, but the RCP Server misinterprets the “flag” sent by the RCP Client for the above mentioned file systems. Workaround: If the current Cisco SDM files were loaded into flash memory, update to the new Cisco SDM version by manually copying the new Cisco SDM files to the file system of the router using a TFTP server.
Caveats – The interface used for the primary backup connection is configured with an Cisco SDM-supported IP address type. – The asynchronous interface is configured as the backup for a primary interface. – The IP address of the primary interface is changed. When the IP address of the primary interface is changed, Cisco SDM displays a Yes or No warning popup asking if you want to remove the backup configuration.
Caveats • CSCed91235 The router reloads when an NHRP tunnel interface is removed. This is a Cisco IOS caveat which you may encounter when deleting a DMVPN tunnel. This caveat duplicates CSCed41641. Workaround: There is no workaround for this problem. • CSCin68829 If an Analog Modem or ISDN connection is deleted using Cisco SDM, the dialer interface may not be deleted from the configuration and the router may reload. This is due to a Cisco IOS caveat, CSCin69090.
Caveats • CSCef89472 A download exception message may appear in the Java console when Cisco SDM is launched on a PC running Japanese Windows 2000, or Japanese Windows XP. This problem does not prevent Cisco SDM from starting or from being used. • CSCeg40910 The Cisco SDM installation program does not use HTTPS to back up files from the router.
Related Documentation Related Documentation This section lists other documents with information on Cisco SDM. Platform-Specific Documents See the quick start guide for the router, available on http://www.cisco.com, to learn how to set up the router hardware connections. Software Documents These documents are available on http://www.cisco.com/go/sdm. Note • Cisco Router and Security Device Manager Q&A. Click Product Literature, and then click Q&A.
Related Documentation Release Notes for Cisco Router and Security Device Manager 2.
