[c-nsp] SDM & advanced ACLs

Garry Glendown gkg at gmx.de
Fri May 26 17:42:55 EDT 2006


After deciding to set up a router w/ FW-IOS as replacement for a central
PIX (as it still can't handle VRFs/overlapping IP ranges), I've been
playing around with SDM a bit ... while I prefer using the command line,
manipulating access lists with it is kind of a PITA - using the GUI to
update/insert/delete rules is quite a bit more comfortable.

anyway, while the ASDM of PixOS 7 seems quite advanced, SDM seems to
just not cut it yet - I'm using the current 2.3.1 version, but it does
not seem to support decent editing of advanced features, like SYN etc. -
 even worse, once I add such features for one ACL rule, the whole access
list can't be edited through SDM anymore.

Also, compared to Pix, it would be nice to be able to define host groups
 or service groups to make administration easier.

While the FW IOS on the router does cover all the features we require,
administration seems to be a year or so behind ..

Is there something I missed, or is SDM/IOS just not that far yet? Any
chance of seeing those features any time soon?

tnx, -garry


More information about the cisco-nsp mailing list