Cisco Security GUI Updates – Part I

Unfortunately, one of the characteristics of any training class is that the course developers are aiming at a “moving target”. What I mean is that by the time the courseware goes to print, there has either been newer hardware or software released – or both. This blog post will be Part I in a series examining newer GUI management options for Cisco security hardware, beyond what the courseware discusses, in this case Cisco Configuration Professional (CCP) vs the older Security Device Manager (SDM).

Currently both the Cisco CCNA and CCSP track curriculum execute the lab exercises using SDM. This product has not been modified since version 2.5, a release dated February of 2010. When a download attempt is made of this product, a pop-up warning indicates that the product will soon be declared end-of-life. The note further adds that it is being replaced by CCP. The current version of CCP (2.2) is a hefty download, more than 100MB! Like its predecessor, flash memory needs to be populated with key files for the CCP GUI to function properly.

The release notes for SDM2.5 were published 4Q2008; by contrast only the initial two releases of CCP were posted before this date. A number of desirable features have been added to CCP in 2009 and 2010, including support for GET-VPN, AnyConnect, and router modules, as well as object-group containing access-lists. The last feature has exclusively been on the PIX and ASA platforms since 2002! CCP PC platform support is more versatile as well with the addition of MacOS (version 1.3) and Windows 7 (version 2.0).

Now that the features have been highlighted, for those that have taken Cisco training courses in the past two years, the “disconnect” becomes apparent. In the SNRS class especially, there is no GUI used to configure the advanced VPN features of Dynamic Multipoint VPN and Group Encrypted Transport (GET) VPN.

Author: Doug McKillip

In this article

Join the Conversation