Step 4: Configure Your Router with Security Device Manager for ASA

Step 1:   SMB Support Assistant Site Survey     Step 2:   Set Up Your 800 or SB 100 Router Hardware                   Set Up Your 1700 Series Router Hardware                   Set Up Your 1800 Series Router Hardware                   Set Up Your 2600 Series Router Hardware                   Set Up Your 2800 Series Router Hardware                   Set Up Your 3800 Series Router Hardware     Step 3:   Download and Install Security Device Manager     Step 4:  Configure Your Router with Security Device Manager for ASA                       Introduction                       Requirements                       Launch SDM                       Reset the Router to the Default Configuration                       Record Interfaces                       Complete the Startup Wizard                       Perform Additional Configurations                            Configure a Time Server                            Apply an ACL Rule to the Outgoing WAN Interface                       Next Step                       Troubleshoot the Procedure                       Related Information     Step 5:   Configure Wireless Security on an Integrated Services Router (ISR Only)     Step 6:   Add or Remove a Wireless User on an Integrated Services Router (ISR Only)     Step 7:   Set Up an ADSL Internet Connection                   Set Up an Ethernet Internet Connection                   Set Up an ISDN Internet Connection                   Set Up a T1, E1, or Serial Internet Connection     Step 8:   Set Up Internet Security on a Cisco Router

Download PDF   Step 4: Configure Your Router with Security Device Manager for ASA    Set Up Your Cisco Router

Introduction

This document explains how to configure and manage your router with Cisco Security Device Manager (SDM).

Note: This document assumes that you are using a Cisco ASA 5500 Series Security Appliance in your network. If you do not have a a Cisco ASA 5500 Security Appliance, refer to Configure Your Router with Security Device Manager.

Note: If you have a wireless router and a Cisco ASA 5500 Series Security Appliance, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Requirements

To perform the steps described in this document, you need to have these items:

• A router with Cisco Security Device Manager (SDM) installed. If your router does not come with SDM installed, refer to Download and Install Security Device Manager.

• A crossover Ethernet cable

• A console cable

• A PC with a Pentium III or higher processor

• Windows 2000 or XP

  Note: Windows 2000 Advanced Server is not supported.

• One of these web browsers:

  • Netscape version 7.1 or later.

  • Internet Explorer version 5.5 or later.

    Note: If you are using the Java plugin, you need to use SUN Java Runtime Environment (JRE) version 1.4.2_05. For information about how to update your version of JRE, refer to Sun Microsystems .

• Completed worksheets as instructed in the Site Survey, which includes the LAN Addressing worksheet.

Back to Top

Launch SDM

To start SDM, follow these steps:

1. Open a web browser and type http://router IP address in the Address field. The router's IP address is the IP address that you entered in the LAN Addressing Worksheet (L6A).

2. At the login prompt, enter the username and password for the privileged (privilege level 15) account on your router. If your router has the default configuration, use the username "cisco" and password "cisco".

   Note: If you are unable to log in, see Troubleshoot the Procedure for assistance.

3. If you see a screen similar to the example, click Security Device Manager (SDM) to launch SDM. If you see a screen labeled Home: Summary Status, continue to the next step.

   

   Note: If you do not see an option for SDM, see Troubleshoot the Procedure for assistance.

4. If the router's home page appears, click Cisco Router and Security Device Manager in the left column.

   

   Note: If you see an option A more secure connection (HTTPS) to this device is available, click Yes.

5. SDM displays a launch page and opens the main interface in a separate window.

   

6. The SDM Java applet loads on your PC. If your browser displays a security warning, click Yes to accept the SDM download.

7. When the application has loaded completely, SDM displays the SDM Home page. If your router has a default configuration, SDM launches a the SDM Express Wizard Wizard.

   

8. If your router loads SDM Express Setup, see Complete the Startup Wizard. Otherwise, proceed to Reset the Router to the Default Configuration.

Back to Top

Reset the Router to the Default Configuration

If you have an existing configuration and want to reconfigure your router, reset your router to a default configuration. To reset your router to a default configuration, follow these steps:

Note: This procedure will delete your current configuration and replace it with a factory default configuration.

1. Click Configure.

   

2. Click Additional Tasks.

   

3. Click Reset to Factory Default.

   

4. Under Step 1 enter the location on your computer where you want to store a backup copy of the current router configuration.

5. Click Reset Router.

   Note: The router requires 1-2 minutes to reset.

6. Change your PC IP address to 10.10.10.2 with a subnet mask of 255.255.255.248. For further information about how to configure an IP address on your PC, refer to the document.

7. Open http://10.10.10.1 in a web browser.

8. Log into SDM with the username cisco and password cisco.

   Note: If you want to modify an existing configuration on the router, refer to Modify Your Router Configuration with Security Device Manager.

Back to Top

Record Interfaces

Follow these steps to record the available interfaces on your router:

1. Click Configure.

   

2. Click Interfaces and Connections.

3. Click Edit Interface/Connection.

   

4. Record the interfaces listed in fields B35-B38 of the Router Worksheet.

Back to Top

Complete the Startup Wizard

If your router has a default configuration, SDM runs the Startup Wizard. To complete the wizard, follow these steps:

1. On the Welcome screen, click Next.

   

2. At the Basic Configuration screen, enter your new username and password. Use the administrative account and password that you entered in the Internet Worksheet (B10, B11). Next to Enable Secret Password, type the enable secret password that you entered in the Internet Worksheet (B12). Click Next.

   Note: For recommendations on how to implement strong passwords, refer to Password Security.

   

3. On the LAN Interface Configuration screen, enter the IP address and subnet mask for the router (from fields B46 and B41 of the Internet Worksheet). Click Next.

   Note: This address should be a public IP address assigned by your Internet Service Provider from the address pool in field B40.

   

4. Ensure that Enable DHCP server on the LAN interface is not checked, and click Next.

   

5. On the WAN Configuration screen, click Next, and click No to skip WAN Configuration.

   

6. On the Security Configuration screen, check all of the check boxes, and then click Next.

   

7. On the Wizard Summary screen, review your configuration to ensure that it is accurate, and then click Finish.

8. When the Reconnection Instructions screen appears, click OK to save the new configuration. To reconnect to SDM, open the new router IP address (from Step 5) in a web browser and log in with the new password (from Step 4).

   Note: Since the router IP address has changed, you will lose your connection to the router. To reconnect to the router with SDM, configure your PC with an IP address to match the IP address for your Ethernet interface. For example, if you configured your router Ethernet interface with the address 192.168.10.1 with a subnet mask of 255.255.255.0, your PC must have an IP address from 192.168.10.2-254 with the same subnet mask. For more information on how to configure an IP address on your PC, refer to Configure an IP Address on Your PC.

Back to Top

Perform Additional Configurations

When you have completed configuration with the wizard, you need to add these configurations to the router manually.

Configure a Time Server

A time server ensures that your router has the correct time. To configure a time server, follow these steps:

1. Click Configure.

   

2. Click Additional Tasks.

   

3. Double-click Router Properties, and then click NTP/SNTP.

   

4. Click Add.

5. Choose SNTP Server IP Address and enter 192.43.244.18.

   

   Note: You can also choose SNTP Server Hostname and enter time.nist.gov. Your router must have an active Internet connection to use a host name.

6. Click OK.

Apply an ACL Rule to the Outgoing WAN Interface

To apply an Access Control List (ACL) rule to the outgoing WAN interface, follow these steps:

1. Click the Firewall and ACL tab.

   

2. Click Edit Firewall Policy/ACL.

3. In the From interface, select your LAN interface and click Go. In the To interface select your WAN interface.

   

4. Click Originating Traffic.

5. Create an ACL rule to block outbound traffic that does not originate from the router WAN IP address.

   1. Click Edit Firewall Policy/ACL.

   2. Next to Services, click Add > Insert After.

      

   3. Next to Select an action, choose Permit.

      

   4. Under Source Host/Network, choose A Host Name or IP Address.

      

   5. Next to Hostname/IP, enter the Router IP address you entered in the Internet Worksheet (B46).

      

   6. Under Destination Host/Network, choose Any IP Address.

      

   7. Under Protocol and Service, choose IP.

      

   8. Under IP Protocol, click the details button (...) and select any. Click OK to select the service, then click OK to confirm the rule.

      

6. Click File > Write to Startup Config to save your configuration.

Back to Top

Next Step

You have now configured your router with SDM.

If you want to configure an Internet connection, refer to the appropriate document for your connection. If you are not sure what connection type you have, refer to your Internet Worksheet.

• Set Up an Ethernet Connection
• Set Up an ADSL Connection
• Set up a T1/E1/Serial Connection
• Set up an ISDN Connection

Note: If you can currently connect to the Internet, refer to Set Up Internet Security on a Cisco ASA 5500 Security Appliance.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Related Information

• Site Survey
• Download and Install Security Device Manager
• Cable Descriptions
• Configure an IP Address on Your PC