Manualshelf

User guide

ManualsBrandsCisco ManualsComputer equipmentROUTER-SDM-CD
21222324252627282930
30
Release Notes for Cisco Router and Security Device Manager 2.5
OL-5009-20
Caveats
Turn on firewall logging for IM applications. The names of the servers that the IM applications
connect to will be revealed in the log.
Use the CLI to block the new servers. The following example uses the server
newserver.yahoo.com:
router# config t
router(config)# appfw policy-name SDM_HIGH
router(cfg-appfw-policy)# application im yahoo
router(cfg-appfw-policy-ymsgr)# server deny name newserver.yahoo.com
router(cfg-appfw-policy-ymsgr)# end
router#
Note IM applications are able to communicate over nonnative protocol ports, such as HTTP, and through
their native TCP and UDP ports. Cisco SDM configures block and permit actions based on the native
port for the application, and always blocks communication conducted over HTTP ports.
Some IM applications, such as MSN Messenger 7.0, use HTTP ports by default. To permit these
applications, configure the IM application to use its native port.
CSCei84100
When the applications security policy blocks some Peer-to-Peer (P2P) applications, but permits
others, blocked applications may be able to download files.
Workaround: Instead of permitting some P2P applications and blocking others, exclude the
applications that you want to permit from the application security policy by unchecking the box next
to the application name.
CSCej07924
Because of a problem with the Cisco IOS NBAR feature, some Peer-to-Peer applications are able to
download files even when application security is configured to block them. When the Cisco IOS
NBAR feature is used to block Peer-to-Peer applications, only those applications and protocols
supported by the NBAR feature will be successfully blocked.
Workaround: None
CSCsb26386
Because of a problem with Cisco IOS (CSCin92327
), a connection between an Easy VPN Remote
client and an Easy VPN Server may timeout before the user has time to enter the credentials.
Workaround: None
CSCsb59200
Due to a JVM bug (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4110094)
Cisco SDM
IPS may crash when large Signature Definition Files (SDF) are imported. When Cisco SDM is used
to import large SDFs such as virtualsensor.xml or IOS-S178.zip, Cisco SDM crashes when
dismissing the Import Signature dialog. This problem does not always occur.
Workaround: Set the java heap size to -Xmx256m and try to import the file again. If you need to
use Cisco SDM to perform a critical operation, complete that operation before reattempting to
import the file.