SDM Testing

clikcspeedclikcspeed Member Posts: 29 ■□□□□□□□□□
in CCNA Security
Hi guys I'm preparing for the CCNA Sec, I've gone through most of the stuff and I am feeling 'okay.' My biggest concern however is the SDM, I know its all point and click (next next finish) but I haven't spent a long time on it.

I need to know how the SDM questions are structured, are there testlets and simlets and or what?
-clikc-
· Share on FacebookShare on Twitter

Comments

  • SteveO86SteveO86 Member Posts: 1,423
    I had quite a bit of the SDM on my CCNA: Security exam.. I would say load it up and give it a whirl.. It's not overly complex to understand since everything is spelt out for you and you just need to look around but if you never seen it before it can throw you off.

    If you have access to the CCP the interface is similar to the SDM. (But it is the SDM you will in the exam.. and of course their probably is a high chance your exam will differ from mine, so it's also luck of the draw)
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
    · Share on FacebookShare on Twitter
  • QHaloQHalo Member Posts: 1,488
    I took the exam last year, got a 753 so frustrating but didn't pass mostly because I didn't focus on the conceptual areas of the exam, but from experience and to avoid stepping on the NDA I will tell you this. Know how and where to find anything in SDM. Be able to do it in your sleep, blindfolded, or tell someone how to do it without looking at the screen yourself. Did I mention know SDM inside and out? icon_lol.gif

    I'm going to retake it soon and kill it, I owe that exam one. My CCNA expires in December of this year. Good luck, it's not a hard test but don't underestimate it or end up retaking it like me.
    http://vwilmo.wordpress.com

    · Share on FacebookShare on Twitter
  • powerfoolpowerfool Member Posts: 1,668 ■■■■■■■■□□
    QHalo wrote: »
    I took the exam last year, got a 753 so frustrating but didn't pass mostly because I didn't focus on the conceptual areas of the exam, but from experience and to avoid stepping on the NDA I will tell you this. Know how and where to find anything in SDM. Be able to do it in your sleep, blindfolded, or tell someone how to do it without looking at the screen yourself. Did I mention know SDM inside and out? icon_lol.gif

    I'm going to retake it soon and kill it, I owe that exam one. My CCNA expires in December of this year. Good luck, it's not a hard test but don't underestimate it or end up retaking it like me.

    I felt the same way after my CCNA, which is going to expire this year, as well. I didn't explicitly study for the exam because of my experience (although I had studied extensively a few years before). Cisco exams are not exactly experienced based... which is sad, because Microsoft exams are becoming more so.
    2024 Renew: [X] AZ-204 [X] AZ-305 [X] AZ-400 [X] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [X] Terraform Auth/Ops Pro
    · Share on FacebookShare on Twitter
  • AkiiiAkiii Member Posts: 80 ■■□□□□□□□□
    You must have a good knowledge about SDM, where to find the buttons for example setting up vpn, zone based firewalls, acls, etc.

    Grab some 800 series router and go for it!
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    Hi guys I am currently configuring a Cisco 850 any idea where the SDM software is? people lost it at work, and I cannot find the software on Cisco's website.


    Thanks!
    · Share on FacebookShare on Twitter
  • clikcspeedclikcspeed Member Posts: 29 ■□□□□□□□□□
    Thanks a lot guys! Exam is scheduled for Wednesday, feeling comfortable with almost everything now - including SDM. I hope to do well...
    -clikc-
    · Share on FacebookShare on Twitter
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    BroadcastStorm wrote: »
    Hi guys I am currently configuring a Cisco 850 any idea where the SDM software is? people lost it at work, and I cannot find the software on Cisco's website.


    Thanks!

    Nobody has been able to find it on Cisco's site since they moved it around. The best that anyone has come up with is a few questionable sites that have a copy.
    Facebook LinkedIn Twitter
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    BroadcastStorm wrote: »
    Hi guys I am currently configuring a Cisco 850 any idea where the SDM software is? people lost it at work, and I cannot find the software on Cisco's website.


    Thanks!


    Cisco Router and Security Device Manager - Products & Services - Cisco Systems
    · Share on FacebookShare on Twitter
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    phoeneous wrote: »
    Cisco Router and Security Device Manager - Products & Services - Cisco Systems

    Click the download links and see what you get (hint, one is a dead end, one is for CCP). icon_cool.gif
    Facebook LinkedIn Twitter
    · Share on FacebookShare on Twitter
  • tierstentiersten Member Posts: 4,505
    I would say as its for production then just use CCP but CCP requires a fairly high version of 12.4T which isn't a great idea...
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    Thanks I'm installing CCP.

    The C850 used to be connected to a VPN 3002, I'm still new to security, I'm trying to do a persistent VPN connection from the 850 to our ASA Firewall...

    And I was thinking s2s ipsec tunnel would be the easiest way.
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    I'm using this to create a tunnel between our asa and a 1921.

    SDM: Site-to-Site IPsec VPN Between ASA/PIX and an IOS Router Configuration Example - Cisco Systems
    · Share on FacebookShare on Twitter
  • clikcspeedclikcspeed Member Posts: 29 ■□□□□□□□□□
    Thanks for all the info! I passed my exam earlier today.
    -clikc-
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    clikcspeed wrote: »
    Thanks for all the info! I passed my exam earlier today.

    Congrats icon_thumright.gif
    · Share on FacebookShare on Twitter
  • gregorio323gregorio323 Member Posts: 201 ■■■□□□□□□□
    congratz
    · Share on FacebookShare on Twitter
  • powerfoolpowerfool Member Posts: 1,668 ■■■■■■■■□□
    Congrats! What's your next move?
    2024 Renew: [X] AZ-204 [X] AZ-305 [X] AZ-400 [X] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [X] Terraform Auth/Ops Pro
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    Hi Guys everything is good to go between the 850 router and ASA 5520 except for authentication, debug shows the message

    *Mar 1 05:57:17.131: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=EzVPN Group=EzVPN Server_public_addr=deleted by me :P

    Any lead is appreciated thanks :)
    · Share on FacebookShare on Twitter
  • SteveO86SteveO86 Member Posts: 1,423
    I'm not familiar with EzVPN.. So far I've only done GRE/IPSec, S2S, Cisco Client VPN Conns, never EzVPN.

    Are SA's being negotiated successfully? (maybe debugging isakmp or ipsec) Perhaps it's a mis-configured transform set or shared key?
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    SteveO86 wrote: »
    I'm not familiar with EzVPN.. So far I've only done GRE/IPSec, S2S, Cisco Client VPN Conns, never EzVPN.

    Are SA's being negotiated successfully? (maybe debugging isakmp or ipsec) Perhaps it's a mis-configured transform set or shared key?

    I get an IKMP_MODE_FAILURE: Prosessing of Aggressive more then the last log I posted shows too.
    · Share on FacebookShare on Twitter
  • SteveO86SteveO86 Member Posts: 1,423
    That error message is mentioned here not sure if it helps at all.

    Configuring and Troubleshooting Cisco Network-Layer Encryption: IPSec and ISAKMP - Part 2 - Cisco Systems

    Search the page for IKMP_MODE_FAILURE: Pro
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    I got it working, by letting it grab it's ip address to the ASA DHCP pool, now the other issue is I am unable to browse the internet when I am connected to the remote easyvpn router, I might need to also configure split-tunnel...

    FastEthernet4 192.168.1.4 YES DHCP up up
    Vlan1 10.10.10.1 YES NVRAM up down
    Virtual-Access1 unassigned YES unset down down
    Virtual-Access2 192.168.90.24 YES TFTP up up
    Virtual-Template4 unassigned YES unset down down
    Loopback0 192.168.90.24 YES manual up up
    NVI0 unassigned YES unset up up

    Where do I begin with split-tunnel?
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    BroadcastStorm wrote: »
    Where do I begin with split-tunnel?

    ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example - Cisco Systems
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    phoeneous wrote: »
    ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example - Cisco Systems


    Thanks alot everyone, you're all so awesome!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.