IOS Feature Set?

emsrescueemsrescue Member Posts: 97 ■■□□□□□□□□
Hi Folks,

I am looking through the IOS Feature Selector and wanted peoples thoughts on the best feature set to get for CCNA Security.

I assume that the latest 12.4 release would be best but stumped on the features.

Cheers

Jon

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    http://www.cisco.com/web/partners/downloads/765/tools/quickreference/ciscoiospackaging-eng.pdf

    You probably want a minimum of Advanced Security feature set....

    Advanced IP Services and Advanced Enterprise Services would include the Advanced Security features.

    You probably want at least version 12.4(9)T
    :mike: Cisco Certifications -- Collect the Entire Set!
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    Well i tried c7200-adventerprisek9-mz.124-22.T , c3725-adventerprisek9-mz.124-15.T5 and a few others, and none of them seem to have ZoneFirewall(i cannot see ZonePair on SDM,it says it is not supported)
    Can someone who passed CCNA:Security say the version he used?!
    Thx,
    NullCode
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    NullCode wrote: »
    i cannot see ZonePair on SDM
    What version of SDM are you using?

    Did you create zones or have the option to?
    :mike: Cisco Certifications -- Collect the Entire Set!
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    No i did not create zones, i did the Basic Firewall Wizard, and i DO NOT GET this: http://filedb.experts-exchange.com/incoming/2008/12_w51/87623/Firewall-Config.png , i get this http://www.3cx.com/support/images/cisco4.png.
    I cannot select the security LVL(Low,High,Medium), all it does is SDM_LOW.
    And when i try Firewall with DMZ wizard, i cannot change the LOW security lvl( in basic, it doesn't show).
    SDM: 2.5, 2002-2007
    Any ideea? Can you suggest an IOS?( c7200advent should have worked). Thx for help mikej412
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    I checked an unpacked version of c7200-adventerprisek9-mz.124-11.T.bin with Dynamips and zone firewalls are supported (at least via the CLI).... so I guess the next question is -- Real hardware? Dynamips/Dynagen? Dynamips/GNS3?
    :mike: Cisco Certifications -- Collect the Entire Set!
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    Gns3 Dynamips.icon_neutral.gif.
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    Yea i can configure it from CLI too, but SDM says it does not suppor, strange thingsicon_neutral.gif
  • NetwurkNetwurk Member Posts: 1,155 ■■■■■□□□□□
    Dynamips as your only lab can be problematic

    It doesn't behave like real gear

    Currently, I'm using GNS3 to do a simple GLBP lab for my CCNP studies. It sometimes takes several minutes for the lab to notice a topology change. With real equipment it would take seconds. My point is that anything you see happening with these virtual routers has to be taken with a grain of salt - it ain't the real thing.

    I will admit that I am running GNS3 on an XP box with a P4 and 1GB mem. So if you are running GNS3 on a highspeed rig, you might get results that get closer to real equipment. Otherwise I highly recommend you get at least a small lab with real Cisco gear.
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    Well i have Intel Cor2Duo, 2.5GHZ and 3 mbRam, so it is fast enough(on a Dell Vostro).
    The things is that, i can configure zones/zone-pair/zone-members on CLI, but on SDM it says that the IOS does not support it.
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    I don't remember SDM coming with a 7200 configuration file..... did you use/do the copy and rename the 3800 sdm configuration file to 7200 trick if you're running SDM off the 7200?

    I guess that's another question -- are you running SDM from your PC or did you copy the files to your "7200?"

    Another option would be to test SDM and Zone firewalls with GNS3 using one of the platforms that has a configuration file that comes with SDM.

    Another option would be to have someone with a real 7200 and proper IOS give SDM a try and let us know if it's supported by the real hardware.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    just tryed it now, but no use, maybe i'm doing it wrong?!
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    Router#show zone security INSIDE
    zone INSIDE
    Member Interfaces:
    FastEthernet0/0

    Router#show zone security INTERNET
    zone INTERNET
    Member Interfaces:
    FastEthernet0/1

    But in SDM it show: "Zones Unavailabe" The IOS image in your router does not support the requested feature.
    IOS: ROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)

    Any ideea about the problem?! Anyone?
    I'm running Windows Vista.GNS3

    LE: I think i'm gonna try in Linux, and see how it goes. Will post back!
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    SDM was not initially designed to be supported on such high end routers and probably with good reason.

    You'd never want anyone configuring a company 7200VXR boarder router with SDM, that just shows pure laziness or lack of CLI knowledge. In either case they should not even be touching it.

    But as far as lab use goes, the 3725 will support 99% of all SDM features running dynamips.
    There is no place like 127.0.0.1
  • tierstentiersten Member Posts: 4,505
    NullCode wrote: »
    LE: I think i'm gonna try in Linux, and see how it goes. Will post back!
    The OS you run Dynamips on won't affect how IOS inside Dynamips behaves.

    It is what mgeorge said anyway. You're not really supposed to use SDM for a 7200. It does have some support for things but not to the level of the smaller ISRs.
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    As i last posted, it seems that the problem is with SDM, any hints?
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    FIXED IT.
    Well not really fixed it, but i got a good IOS(c1700-advsecurityk9-mz.124-15.T8 ), and it worked like a charm. Thanks for all your help, i'm planning to give the EXAM in a few days.(Playing with ZBF was my only issue)
Sign In or Register to comment.