Data Sheet

Cisco Router and Security Device Manager

®
This data sheet provides an overview of features, benefits, and product availability of the Cisco Router and Security
Device Manager (SDM).

The Cisco SDM is an intuitive, Web-based device-management tool for Cisco IOS® Software–based routers. The Cisco SDM simplifies router and
security configuration through smart wizards, which help customers and Cisco partners quickly and easily deploy, configure, and monitor a Cisco
Systems® router without requiring knowledge of the command-line interface (CLI). The Cisco SDM is supported on a wide range of Cisco routers
and Cisco IOS Software releases. Refer to Table 3 for specific model numbers supported by the Cisco SDM.

EASE OF USE AND BUILT-IN APPLICATION INTELLIGENCE

The Cisco SDM allows users to easily configure routing, switching, security, and quality-of-service (QoS) services on Cisco routers while enabling
proactive management through performance monitoring (Figure 1). Cisco SDM users can now remotely configure and monitor their Cisco routers
without using the Cisco IOS Software CLI. The Cisco SDM GUI aids nonexpert users of Cisco IOS Software in their day-to-day operations, provides
easy-to-use smart wizards, automates router security management, and assists users through comprehensive online help and tutorials.

Figure 1. Cisco SDM Homepage

Cisco SDM smart wizards guide users step by step through router and security configuration workflow by systematically configuring LAN, WLAN,
and WAN interfaces; firewalls; intrusion prevention systems (IPS); and IP Security (IPSec) VPNs. Cisco SDM smart wizards can intelligently detect
incorrect configurations and propose fixes, such as allowing Dynamic Host Configuration Protocol (DHCP) traffic through a firewall if the WAN
interface is DHCP-addressed. Online help embedded within the Cisco SDM contains appropriate background information, in addition to step-by-step

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 1
procedures to help users enter correct data in the Cisco SDM. Networking and security terms and definitions that users might encounter are
included in an online glossary.

For network professionals familiar with Cisco IOS Software and its security features, the Cisco SDM offers advanced configuration tools to
quickly configure and fine-tune router security features, allowing network professionals to review the commands generated by the Cisco SDM
before delivering the configuration changes to the router.

The Cisco SDM helps administrators configure and monitor routers from remote locations using Secure Sockets Layer (SSL) and Secure Shell
(SSHv2) Protocol connections (Figure 2). This technology helps enable a secure connection over the Internet between the user’s browser and the
router. When deployed at a branch office, a Cisco SDM–enabled router can be configured and monitored from corporate headquarters, reducing
the need for experienced network administrators at the branch office.

Figure 2. Connecting to a Cisco SDM-Enabled Router Using SSL for Secure Remote Connectivity

INTEGRATED SECURITY CONFIGURATION

When deploying a new router, Cisco SDM can be used to configure a Cisco IOS Software firewall quickly using best practices recommended by
the International Computer Security Association (ICSA) and the Cisco Technical Assistance Center (TAC). An advanced firewall wizard allows
a single-step deployment of high, medium, or low application firewall policy settings. Cisco SDM users can configure the strongest VPN defaults
and automatically perform security audits (Figure 3). In addition, Cisco SDM users can perform one-step router lockdown for firewalls and one-step
VPN for quick deployment of secure site-to-site connections. A recommended list of IPS signatures bundled with Cisco SDM allows quick
deployment of worm, virus, and protocol exploit mitigation. The Cisco SDM Network Admission Control (NAC) wizard enables simple and
fast integration of NAC and client security posture management into an existing network infrastructure.

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 2 of 16
Figure 3. Router Security Audit

When invoked on an already-configured router, Cisco SDM allows users to perform one-step security audits to evaluate the strengths and weaknesses
of their router configurations against common security vulnerabilities. Administrators can fine-tune their existing router security configurations to
better suit their business needs. The Cisco SDM also can be used for day-to-day operations such as monitoring, fault management, and
troubleshooting.

ROUTER CONFIGURATION
In addition to security configuration, Cisco SDM helps users quickly and easily perform router services configuration, such as LAN, WLAN, and
WAN interface configuration; dynamic routing; DHCP server; QoS policy; and so on.

Using the LAN configuration wizard, users can assign IP addresses and subnet masks to Ethernet interfaces and can enable or disable the DHCP
server. Using the WAN configuration wizard, users can configure xDSL, T1/E1, Ethernet, and ISDN interfaces for WAN and Internet access.
Additionally, for serial connections, users can implement Frame Relay, Point-to-Point Protocol (PPP), and High-Level Data Link Control (HDLC)
encapsulation. Cisco SDM also allows configuration of static routing and common dynamic routing protocols such as Open Shortest Path First
(OSPF), Routing Information Protocol (RIP) Version 2, and Enhanced Interior Gateway Routing Protocol (EIGRP).

QoS policies can now easily be applied to any WAN or VPN tunnel interface using Cisco SDM. The QoS policy wizard automates the Cisco
architecture guidelines for QoS Policies to effectively prioritize the traffic between real-time applications (voice or video), business-critical
applications (Structured Query Language [SQL], Oracle, Citrix, routing protocols, etc), and the rest of network traffic (Web, e-mail, etc.).
Network-based application recognition (NBAR)–based monitoring in the Cisco SDM allows users to visually inspect the application layer
traffic in real time and confirms the effect of QoS policies on different classes of application traffic.

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 3 of 16
MONITORING AND TROUBLESHOOTING
In monitor mode, Cisco SDM provides a quick, graphical status of important router resources and performance measurements such as the interface
status (up or down), CPU, and memory usage (see Figure 4). For wireless models Cisco SDM provides comprehensive support for real-time 802.11
a/b/g interface statistics. Cisco SDM takes advantage of integrated routing and security features on routers to provide in-depth diagnostics and
troubleshooting of WAN and VPN connections. For example, while troubleshooting a failed VPN connection, the Cisco SDM verifies the router
configurations and connectivity from the WAN interface layer to the IPSec Crypto Map layer. While testing configuration and remote-peer
connectivity at each layer, Cisco SDM provides pass or fail status, possible reasons of failure, and Cisco TAC–recommended actions for recovery.

Figure 4. VPN Troubleshooting and Recovery

Cisco SDM monitor mode also allows users to view the number of network access attempts that were denied by the Cisco IOS Software firewall,
and it provides easy access to the firewall log. Users also can monitor detailed VPN status, such as the number of packets encrypted or decrypted
by IPSec tunnels, and Easy VPN client session details.

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 4 of 16
Table 1. Cisco SDMv2.3 Features

Feature Benefit
Integrated Cisco IOS WebVPN Management
• Wizard based configuration and real time monitoring of WebVPN • Rapid and easy to manage deployment of secure remote access
features connectivity for teleworkers and small office branch routers
• Persistent self signed certificates
Real Time Threat Alerts
• Network and Application Level Monitoring • Easy to comprehend performance monitoring for day to day operations
and troubleshooting
– Netflow based Top N statistics, Application traffic monitoring,
search operations on event tables • Better visibility into network and application performance
• Easy to identify unusual traffic patterns and application usage
Real Time Performance Monitoring
• IPS Security Dashboard • Real-Time updates on top threats from MySDN site
– Integration with Cisco IPS alert center • Enables easier and more intelligent IPS signature selection and
updates based on top threats
– IPS Signature import UI
Application Level Security
• URL Filtering • Rapid deployment and customization of on-box URL filtering
– Configure and manage Black and White list of URLs • Easy and cost-effective solution to control web-access for employees
based on corporate policies
Usability Enhancements
• Launch Point for High Volume Deployments • Enables Zero Touch Provisioning for rapid deployment of managed
CPE devices and services
– Integration with SDP, CNS and eToken device provisioning

• Cisco IOS Router Image Management • Reduce cost of operations and improve router uptime for IOS image
upgrade and maintenance
– Easy to use UI for router image upgrades
– Validation and Conformance of IOS image with router hardware
• VPN Design Wizard • Quick and easy selection of VPN technology based on deployment
model

COST SAVINGS
Cisco SDM is ideal for enterprise branch offices and small and medium-sized businesses that are sensitive to device deployment and network
management costs and have limited access to skilled technicians. Cisco SDM allows businesses and Cisco channel partners to implement router
security and network configurations easily and confidently. Cisco IOS Software configurations generated by Cisco SDM are approved by the
Cisco TAC. Cisco SDM enhances the productivity of network and security administrators through built-in configuration checks, configuration
editor for experts, and meaningful defaults. Cisco SDM features provide an additional advantage of improved network availability through reduced
instances of configuration errors.

For businesses with larger networks, Cisco SDM helps enable easy and highly scalable deployment of routers through integration with the Cisco
CNS Configuration Engine. Cisco IOS Software configuration generated by Cisco SDM can be imported into the Cisco CNS Configuration Engine
to be deployed across thousands of Cisco routers in a cookie-cutter fashion.

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 5 of 16
MANAGED CPE SERVICES
Cisco SDM provides a highly cost-effective solution for service providers to offer a read-only, graphical view of Cisco router services (firewall,
IPSec VPNs, intrusion prevention, WAN access, QoS, etc.). This allows for faster provisioning of value-added customer-premises-equipment (CPE)
services without requiring investment in complex operations-support-system (OSS) software to provide end-customer views.

Additionally, this solution provides the service provider end customers a local tool they can use to quickly troubleshoot any CPE-related issues,
thus reducing the support burden on the network help desk.

Cisco resellers can take advantage of Cisco SDM to offer value-added security, traffic shaping, or managed CPE services to the installed base of
Cisco access routers or to new Cisco router customers.

CISCO SDM AND OTHER CISCO MANAGEMENT APPLICATIONS

Cisco offers additional device and network management applications that can be used in conjunction with Cisco SDM. CiscoView, a Web-based
management application, can be installed on a dedicated CiscoWorks server to display and monitor the physical view of Cisco devices. Cisco SDM
and CiscoView client interfaces can coexist on the same workstation: Cisco SDM can be used primarily for router and security feature configuration,
and CiscoView can be used for real-time display of the physical router status and for Simple Network Management Protocol (SNMP)–based device
monitoring.

APPLICATIONS

Cisco Router Initial Deployment

Cisco SDM helps Cisco partners and customers deploy Cisco routers quickly and securely using the Cisco SDM Express (Figure 5) and several other
task-based smart wizards. The one-step router lockdown feature helps ensure that all nonessential services in Cisco IOS Software are shut off before
the Cisco router is connected to the public Internet or a WAN.

Figure 5. Cisco SDM Express

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 6 of 16
Cisco Router Mass Deployments
Cisco SDM is integrated with the Cisco CNS 2100 Series Intelligence Engine to help enable fast and cost-effective mass deployments of Cisco
routers with factory default configurations. Service providers and large enterprises have the flexibility to use the Cisco SDM and Cisco CNS 2100
Series combination during staging or allow an untrained, onsite administrator to download the final Cisco IOS Software configuration without using
the Cisco IOS Software CLI.

Cisco Router Security Management

Cisco SDM helps Cisco partners and customers easily deploy Cisco IOS Software security features—NAT, access control lists (ACLs), firewalls,
IPS, and IPSec VPNs—and integrate these security features into existing router configuration and network architectures. Smart wizards in the Cisco
SDM understand the interaction of routing and security features and guide the user to a final configuration that is approved and tested by the Cisco
TAC from end to end. The CLI preview mode in the Cisco SDM allows expert users to manually validate the final configuration before it is delivered
to the router.

Cisco Router Operational Management

Cisco SDM helps Cisco partners and customers securely (using SSL and SSH) and remotely manage all critical aspects of router operations:
hardware and software inventory status, interface status, firewall and ACL logs, VPN tunnel status, and most recent syslog messages.

Figure 6. Cisco Router Hardware and Software Inventory

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 7 of 16
CONCLUSION
The Cisco SDM is a valuable productivity-enhancing tool for network and security administrators. Cisco partners can use the Cisco SDM for
faster and easier deployment of Cisco routers for both WAN access and network security features.

Cisco customers can use the Cisco SDM for reducing the total cost of ownership of their Cisco routers by relying on Cisco SDM–generated
configurations that are tested end to end by Cisco engineers and approved by the Cisco TAC. Configuration checks built into Cisco SDM
reduce the instances of configuration errors.

PRODUCT SPECIFICATIONS
Table 2 and 3 shows primary features and benefits of the Cisco SDM. Table 4 shows product specifications for the Cisco SDM.

Table 2. Cisco SDM Primary Features and Benefits

Feature Benefit
Embedded Web-Based • Turns the router into a complete security and remote-access solution with its own management tool
Management Tool
• Does not require a dedicated management station
• Allows remote management from any supported desktop or laptop
SSL- and SSHv2-Based • Provides for secure management across the WAN
Secure Remote Access
At-a-Glance Router • Offers quick graphical summary of router hardware, software, and primary router services such as VPN, firewall,
Status Views QoS, etc.
Router Security Audit • Assesses vulnerability of existing router
• Provides quick compliance to best-practices (Cisco TAC, ICSA recommendations) security policies for routers
One-Step Router • Simplifies firewall and Cisco IOS Software configuration without requiring expertise about security or Cisco IOS
Lockdown Software
Smart Wizards for Most • Generates Cisco TAC–approved configurations
Frequent Router and
Security Configuration • Averts misconfigurations with integrated routing and security knowledge
Tasks • Reduces network administrators’ training needs for new Cisco IOS Software security features
• Secures the existing network infrastructure easily and cost-effectively
Policy-Based Firewall • Allows security administrators to easily and quickly manage ACLs and packet-inspection rules through a graphical
and ACL Management and intuitive policy table
(Firewall Policy)
IPS • Allows easy and quick provisioning of Cisco tuned and recommended high-fidelity attack signatures on any router
interface for inbound and outbound traffic
• Allows dynamic update of new IPS signatures without impacting basic router operations
• Allows graphical customization of IPS signatures for immediate response to new worm or virus variants
• Allows filtering of signatures and mass configuration changes (action or severity) for the selected signatures
• Shows real-time status and error messages from IPS engine
Cisco Easy VPN Server • Offers wizard-based configuration and real-time monitoring of remote-access VPN users
• Provides integration with on-router or remote authentication, authorization, and accounting (AAA) server

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 8 of 16
Feature Benefit
Role-Based Access • Offers logical separation of router between different router administrators and users
• Provides for secure access to Cisco SDM user interface and Telnet interface specific to each administrator’s
profile
• Helps enable Cisco value-added resellers and service providers to offer a graphical, read-only view of the
CPE services to end customers
• Offers factory-default profiles:
– Administrator
– Firewall administrator
– Easy VPN client user
– Read-only user
WAN and VPN • Reduces mean time to repair (MTTR) by taking advantage of the integration of routing, LAN, WAN, and security
Troubleshooting features on the router for detailed troubleshooting
• Takes advantage of integration of routing, LAN, WAN, and security features on the router for detailed
troubleshooting of IPSec VPNs or WAN links
• Integrates Layer 2 and above troubleshooting with Cisco TAC knowledge base of recovery actions
QoS Policy • Easily and effectively optimizes WAN and VPN bandwidth and application performance for different business
needs (voice and video, enterprise applications, Web, etc.)
• Three predefined categories: real time, business critical, and best effort
NBAR • Provides real-time validation of application usage of WAN and VPN bandwidth against predefined service policies
• Provides for traffic performance monitoring
SSHv2 • Provides for secure management between PC and Cisco router
• Automatically uses SSHv2 for all encrypted communication between Cisco SDM and router
Real-Time Monitoring • Allows administrators to proactively manage router resources and security before they affect mission-critical
and Logging applications on the network
Digital Certificates • Offers highly scalable and more secure solution than preshared keys
• Now easy to use and deploy with the combination of Cisco SDM, Cisco IOS Certificate Authority Server,
and Easy Secure Device Deployment (EzSDD)
Real-Time Network • Offers faster and easier analysis of router resource and network resource usage
and Router Resource
Monitoring • Offers graphical charts for LAN and WAN traffic and bandwidth usage

Task-Based Cisco • Provides for faster and easier configuration of security configurations—IPSec VPNs, firewall, ACLs, IPS, etc.
SDM User Interface
• Offers quick snapshot of router services configuration through dashboard view on the homepage
Cisco SDM Express • Offers quick and easy router deployment for basic WAN access configurations
Wizard-Based • Ideal router deployment tool for non-expert users
Deployment of Router
PC-Based SDM • No extra Flash memory space required on router for Cisco SDM
Cisco SDM Installed • Great tool to manage the installed base of Cisco routers
on Windows-Based PC
Instead of Router Flash
Memory

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 9 of 16
Feature Benefit
Localized in • Simplifies router management for national language users
Six Languages
• Cisco SDM user interface and online help translated in Japanese, Simplified Chinese, French, German, Spanish,
and Italian (available from Sep 2005)
• MS Windows OS support for these languages (available now)
Integrated Wireless • • Express Setup wizard simplifies the first-time setup of wireless interface
Management
• Advanced Web-based configuration and monitoring available
• Reduces time and skill set required to bring-up wireless interfaces
• Flexibility to customize wireless configuration and security based on site-specific needs
IPS Provisioning • Allows rapid deployment of IPS signatures specific to router model
Improvement
New Hardware Support
• EtherSwitch service modules: NME-16ES-1G-P, NME-X-23ES-1G- • Automatically recognizes, configures, and monitors the new hardware
1P, NME-XD-24ES-1S-P, NME-XD-48ES-2S-P
• USB flash filesystem management, digital certificate storage,
• USB Flash keys and USB eTokens (Aladdin’s eToken) and secure credentials with USB tokens
• ADSL 2/2+ and ISDN HWICs • VLAN trunking and Ethernet sub-interface configuration support
• NM-1FE-FX-V2 and NM-1FE2W-V2
Cisco Incident Control Services (ICS)
• Support Trend Micro signatures • Rapid deployment and customization of signatures for day-zero
protection against new attacks
Network Admission Control (NAC)
• Configuration wizard and client security posture management on • Simple and fast integration of NAC into existing network infrastructure
routers
Application Firewall
• Advanced firewall wizards, policy views, inspection rule editors, • Delivers application-level control and unified threat management for
and log views accelerated security solutions deployment
• Peer-to-peer (P2P) applications: BitTorrent, Kazaa, Gnutella, • Protocol anomaly detection services
eDonkey
• High, medium, and low security levels for firewall policy settings
• Instant Messaging: Yahoo, MSN, AOL to enable accelerated and easy deployment
• Protocol conformance: HTTP and e-mail (Simple Mail Transfer – Low—for business environments that do not need to track P2P and
Protocol [SMTP], ESMTP, POP3, and Internet Message Access IM applications on the network or check for protocol conformance
Protocol [IMAP])
– Medium—for business environments where security is important
and need to track the use of IM and P2P applications and check for
HTTP and Email protocol conformance
– High—for business environments where security is critical;
need protocol anomaly detection services to drop non conformant
HTTP and email traffic and prevent use of P2P and IM applications
Granular Protocol Inspection
• User-customizable application to port (or port range) mapping over • Menu of applications for easy and granular protocol selection in
TCP and UDP ports policies

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 10 of 16
 Feature Benefit
Threat-Based Intrusion Protection
• Threat-based signature categories to ease IPS deployments • Easier and more intelligent signature selection based on available
resources and attack categories (Viruses/Worms/Trojans,
• IPS configuration wizards, event viewer
DoS/DDos etc.)
• Real-time reporting of signature engine status
Easy VPN Server and Remote Enhancements
• Advanced wizards, remote configuration update, Web intercept, dial • Scalable, easy-to-manage, secure remote access for teleworkers or
backup, and QoS support small offices on hub routers or branch office access routers
Dynamic DNS
• HTTP-based and IETF-based updates • Scalable, remote management of dynamically addressed routers
• Integration with existing WAN interface configuration wizard • Run business services without dedicated and expensive static IP
addresses
Usability Improvements • Real time viewer for Security Device Event Exchange (SDEE) alarms
from IPS signature engines
• Layer 3 and above firewall policy templates
• Application firewall alarm log
• Network Address Translation (NAT) wizards to simplify IP
address management
• Search toolbar for Cisco SDM UI pages, features, and wizards

Table 3. Product Specifications for Cisco SDM (Minimum Cisco IOS Software Release Supported)

Feature Benefit
Supported Platforms • Cisco Small Business 101, Cisco Small Business 106, Cisco Small Business 107:
– Cisco IOS Software Release 12.3(8)YG
• Cisco 831 Ethernet Broadband Router, Cisco 836 ADSL over ISDN Broadband Router, and Cisco 837 ADSL
Broadband Router:
– Cisco IOS Software Release 12.2(13)ZH or 12.3(2)T
• Cisco 851, 856, 871, 876, 877, and 878 integrated services routers:
– Cisco IOS Software Release 12.3(8)YI
• Cisco 1701 ADSL Security Access Router; Cisco 1710, 1711, and 1712 security access routers; and Cisco 1721,
1751, 1751-V, 1760, and 1760-V modular access routers:
– Cisco IOS Software Release 12.2(13)ZH, 12.2(13)T3, or 12.3(1)M
• Cisco 1801, 1802, 1803, 1811, and 1812 integrated services routers:
– Cisco IOS Software Release 12.3(8)YI
• Cisco 1841 Integrated Services Router:
– Cisco IOS Software Release 12.3(8)T4
• Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, and 2651XM and Cisco 2691 multiservice platforms:
– Cisco IOS Software Release 12.2(15)ZJ3, 12.2(11)T6, or 12.3(1)M
• Cisco 2801, 2811, 2821, and 2851 integrated services routers:
– Cisco IOS Software Release 12.3(8)T4

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 11 of 16
Feature Benefit
• Cisco 3725 and 3745 multiservice access routers:
– Cisco IOS Software Release 12.2(15)ZJ3, 12.2(11)T6, or 12.3(1)M
• Cisco 3825 and 3845 integrated services routers:
– Cisco IOS Software Release 12.3(11)T
• Cisco 7204VXR, 7206VXR, and 7301 routers:
– Cisco IOS Software Release 12.3(2)T or 12.3(3)M; no support for B, E, and S trains
Software Compatibility • Compatible with all Cisco IOS Software feature sets for the previously mentioned Cisco SDM–supported releases
of Cisco IOS Software
Connectivity • HTTP and HTTPS; Telnet, SSH, and SSHv2
Basic Router • Users with different access profiles
Configuration
Parameters • Domain Name System (DNS)
• DHCP server and client
• SNMP
• Telnet, SSH, SSHv2, and vty
• Date and time, Network Time Protocol (NTP)
• Syslog
• Reset to factory defaults
• Host name, domain name, and banner
Advanced Router • Routing protocols: static, RIP Versions 1 and 2, OSPF, and EIGRP
Configuration
Parameters • NAT (static and dynamic)
• ACLs
• QoS policies, NBAR
• VLANs on Cisco EtherSwitch® ports
• IP proxy Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP) redirects, ICMP
unreachable, ICMP mask reply, and directed broadcasts
• AAA local or remote configuration
Configurable Router • Ethernet (10, 10/100, and 10/100/1000 Mbps)
Interfaces
• 802.11 a, 802.11 b/g
• xDSL (asymmetric DSL [ADSL] and G.SHDSL)
• T1/E1 (serial)
• ISDN Basic Rate Interface (BRI; with multilevel precedence and preemption)
• Analog modem
Supported WAN • Frame Relay
Encapsulations
• PPP
• PPP over Ethernet (PPPoE)
• PPP over ATM (PPPoA)
• RFC 1483 routing
• HDLC
• ADSL autodetect

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 12 of 16
 Feature Benefit
Configurable • Internet Key Exchange (IKE), digital certificates, Data Encryption Standard (DES), Triple DES (3DES),
VPN Parameters Advanced Encryption Standard (AES), and compression
• IPSec site to site
• Cisco Easy VPN Server
• Cisco Easy VPN Remote
• Generic-routing-encapsulation (GRE) tunnel
• Dynamic Multipoint VPN (DMVPN; both hub and spoke), including dynamic spoke to spoke with redundant hubs
Supported Firewall • Context-based access control (CBAC), DMZ, firewall log, firewall and ACL policy view, secure management access
Parameters
Supported IPS Features • IPS rules for inbound or outbound traffic inspection, signature fine-tuning, signature customization, and SDEE error
message display
CiscoView • Usable with Cisco SDM
Compatibility
Cisco CallManager • Usable with Cisco SDM
Express Compatibility
Performance • Cisco SDM has negligible impact on router DRAM or CPU

SYSTEM REQUIREMENTS
Table 4 lists the system requirements for the Cisco SDM.

Table 4. System Requirements

Feature Description
Router Flash Memory • Minimum of 6 MB of free Flash memory on the router for Cisco SDM files
• Minimum of 2 MB of free Flash memory on the router for Cisco SDM Express. Wireless Management file requires
additional 1.7 MB. Rest of the SDM files can be installed on PC hard disk
PC Hardware • Pentium III or later series processor
PC Operating System • Windows XP Professional
• Windows 2003 Server (Standard Edition)
• Windows 2000 Professional
• Windows NT 4.0 Workstation (Service Pack 4)
• Windows ME
• Japanese, Simplified Chinese, French, German, Spanish, and Italian language OS support
– Windows XP Professional
– Windows 2000 Professional
Browser Software • Microsoft Internet Explorer 5.5 or later
• Netscape Navigator 7.1 and 7.2
• Firefox 1.0.5
Java Software • Java Virtual Machine (JVM) built-in browsers required
• Java plug-in (Java Runtime Environment Version 1.4.2_05 or later)

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 13 of 16
ORDERING INFORMATION
Table 5 lists ordering and factory shipping options for the Cisco SDM.

Table 5. Ordering and Factory Shipping Options for Cisco SDM

Feature Description
Cisco 831 Ethernet Broadband Router, • Cisco SDM software ships by default from factory.
Cisco 836 ADSL over ISDN Broadband Router,
Cisco 837 ADSL Broadband Router, – SDM Express is factory installed on router Flash memory, and a Cisco SDM CD
Cisco Small Business 100 Series, is bundled with the router.
Cisco 850 Series, and Cisco 870 Series
Cisco 1700 Series Modular Access Routers • Cisco SDM software ships by default on security bundles (k9).
and Cisco 2600XM Series
• Cisco SDM software $0 configuration option (ROUTER-SDM or ROUTER-SDM-NOCF)
is available on all SKUs.
– Cisco SDM Express is factory installed on router Flash memory, and a Cisco SDM
CD is bundled with the router.
Cisco 1800, 2800, and 3800 Series Integrated • Cisco SDM software ships by default from factory.
Services Routers
– Cisco SDM is factory installed on router Flash memory.
Cisco 2691 Multiservice Platform and • Cisco SDM software ships by default on security bundles (k9).
Cisco 3700 Series Multiservice Access Routers
• Cisco SDM software $0 configuration option (part number ROUTER-SDM or
ROUTER-SDM-NOCF) is available on all SKUs.
– Cisco SDM is factory installed on router Flash memory.
Cisco 7204VXR, 7206VXR, and 7301 Routers • Cisco SDM software ships by default on security bundles (k9).
• Cisco SDM software $0 configuration option (part number ROUTER-SDM or
ROUTER-SDM-NOCF) is available on all SKUs.
– Cisco SDM is factory installed on router Flash memory.

For customers who want to use the Auto-Install feature in Cisco IOS Software, two US$0 SKUs are offered: ROUTER-SDM-NOCF and
ROUTER-SDM-CD-NOCF. If either of these SKUs is ordered with a Cisco router, then manufacturing only loads Cisco SDM files on the
router Flash memory, and the default startup configuration is not loaded in the router’s NVRAM.

To place an order, visit the Cisco Direct Order page.

TO DOWNLOAD THE SOFTWARE

Visit the Cisco Software Center to download the latest Cisco SDM software that can be installed on a router Flash memory or on a PC.

SERVICE AND SUPPORT

Cisco offers a wide range of services to accelerate customer success. These innovative services are delivered through a unique combination of people,
processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize
network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For
more information about Cisco services, refer to Cisco Technical Support Services.

FOR MORE INFORMATION

For more information about the Cisco SDM, visit http://www.cisco.com/go/sdm or contact your Cisco account representative.

© 2006 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 14 of 16
Corporate Headquarters European Headquarters Americas Headquarters Asia Pacific Headquarters
Cisco Systems, Inc. Cisco Systems International BV Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive Haarlerbergpark 170 West Tasman Drive 168 Robinson Road
San Jose, CA 95134-1706 Haarlerbergweg 13-19 San Jose, CA 95134-1706 #28-01 Capital Tower
USA 1101 CH Amsterdam USA Singapore 068912
www.cisco.com The Netherlands www.cisco.com www.cisco.com
Tel: 408 526-4000 www-europe.cisco.com Tel: 408 526-7660 Tel: +65 6317 7777
800 553-NETS (6387) Tel: 31 0 20 357 1000 Fax: 408 527-0883 Fax: +65 6317 7799
Fax: 408 526-4100 Fax: 31 0 20 357 1100

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on
the Cisco Website at www.cisco.com/go/offices.

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Cyprus
Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel
Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal
Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan
Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

Copyright 2006 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE,
CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net
Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect,
RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the United States and certain other countries.

© the
All other trademarks mentioned in this document or Website are 2006 Cisco
property of Systems, Inc.owners.
their respective All rights reserved.
The use of the word partner does not imply a partnership relationship between
Cisco and any other company. (0601R) notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Important
Page 15 of 16
Printed in the USA C78-60015-00 01.06
 © 2006 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 16 of 16