Go to page of
Similar user manuals
-
Home Security System
Cisco Systems 4300E
86 pages 2.87 mb -
Home Security System
Cisco Systems OL-24281-01
84 pages 5.63 mb -
Home Security System
Cisco Systems ASA 5505BUNK9
52 pages 1.66 mb -
Home Security System
Cisco Systems 15454-FTF2
828 pages 19.19 mb -
Home Security System
Cisco Systems ASA5505K8RF
52 pages 1.66 mb -
Home Security System
Cisco Systems VC-289
76 pages 0.72 mb -
Home Security System
Cisco Systems OL-5742-01
42 pages 0.41 mb -
Home Security System
Cisco Systems IPS4510K9
854 pages 8.58 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems ASA 5500, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems ASA 5500 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems ASA 5500. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Cisco Systems ASA 5500 should contain:
- informations concerning technical data of Cisco Systems ASA 5500
- name of the manufacturer and a year of construction of the Cisco Systems ASA 5500 item
- rules of operation, control and maintenance of the Cisco Systems ASA 5500 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems ASA 5500 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems ASA 5500, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems ASA 5500.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems ASA 5500 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 C i s c o ASA 5 5 0 0 Se r i e s Ad a p t i ve S ecurity Appliance Get ting Star ted Guide For t he Cisco AS A 551 0, A SA 5520 , and AS A 5540 Customer Order Number: DO C-7817611=[...]
-
Page 2
THE SPECIFICA TIONS AND IN FORMA TION REGARDING THE PRODUCTS IN THIS MAN U AL ARE SUBJECT TO CHANGE WITHOUT NO TICE. ALL ST A TEMENTS, INFORMA TION, AND RECOMMEND A TION S IN THIS MANU AL ARE BELIEVED TO BE A CCURA TE BUT ARE PRESENTED WITHOUT W ARRANTY OF ANY KIN D, EXPRESS OR IMPLIED . USERS MUST T AKE FU LL RESPONSIBILITY FO R THEIR APPLICA TION[...]
-
Page 3
iii Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 CONTENTS CHAPTER 1 Before You Begin 1-1 ASA 5500 1-1 ASA 5500 with AIP SSM 1-2 ASA 5500 with CSC SSM 1-3 ASA 5500 with 4GE SSM 1-4 CHAPTER 2 Installing the Cisco ASA 5500 2-1 Verifying the Pack age Contents 2-2 Installing the Chassis 2-3 Rack-Mounting the Chass[...]
-
Page 4
Contents iv Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 CHAPTER 4 Connecting Interfa ce Cables 4-1 Connecting Cable s to Interfaces 4-2 What to Do Nex t 4-10 CHAPTER 5 Configuring the Adaptiv e Security Appliance 5-1 About the Factory-Default Configuratio n 5-1 About the Ad aptive Secu rity Device Manager 5-2[...]
-
Page 5
v Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Contents Starting ASDM 7-4 Configuring the FWSM for an IPsec Remote-Access VPN 7-5 Selecting VP N Client Types 7-6 Specifying the VPN Tunnel Group Name and Authentication Method 7-7 Specifying a User Authentication Method 7-8 (Optional) Configuring User Accounts [...]
-
Page 6
Contents vi Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 CHAPTER 9 Configuring the AIP SSM 9-1 AIP SSM Configuration 9-1 Overview of Configuration Process 9-2 Configuring the ASA 5500 to Divert Traffic to the AIP SSM 9-2 Sessioning to the AIP SSM and Running Setup 9-5 What to Do Nex t 9-7 CHAPTER 10 Configurin[...]
-
Page 7
CH A P T E R 1-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 1 Before You Begin Use the follo wing table to f ind the instal lation and configuration steps that are required for your impl ementation of the adapti ve security appliance. The adaptiv e security appliance implementa tions included in this docume[...]
-
Page 8
Chapter 1 Be fore You Begin ASA 5500 with AIP SSM 1-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ASA 5500 with AIP SSM Conf igure the adapti ve security ap pliance for your implementation Chapter 6, “Scenario: DMZ Conf iguration” Chapter 7, “Scenario: Remote-Access VPN Conf iguration” Chapter 8, “S[...]
-
Page 9
1-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 1 Before You Begin ASA 5500 with CSC SSM ASA 5500 with CSC SSM Configure IPS soft ware for intrusion pre vention Conf iguring the Cisco Intrusi on Pr evention System Sensor Using the Command Line Interface Cisco Intrusi on Pr eventi on System Command Re[...]
-
Page 10
Chapter 1 Be fore You Begin ASA 5500 with 4GE SSM 1-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ASA 5500 with 4GE SSM Conf igure the CSC SSM Ci sco Content Security and Contr ol SSM Administrator Guide Refine con figurati on and config ure optional and advanced features Cisco Security Applia nce Command Lin[...]
-
Page 11
CH A P T E R 2-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 2 Installing the Cisco ASA 5500 War ni ng Only trained and qualified pe rsonnel should be allowed to in stall, replace, or service this equipment. Caution Read the safety warnings in the Re gulatory Compliance a nd Safety Informatio n for the Cisco[...]
-
Page 12
Chapter 2 Installing the Cisco ASA 5500 Verifying the Package Contents 2-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Verifying the Package Contents V erify the contents of the packing box t o ensure that you have received all items necessary to install your Cisco ASA 5500 se ries adaptive security appliance[...]
-
Page 13
2-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Installing the Chassis Installing the Chassis This section descri bes how to rack-mou nt and install the adapti ve security appliance. Y ou can mount the adaptiv e security applian ce in a 19-inch rack (with a 17.5- or 17[...]
-
Page 14
Chapter 2 Installing the Cisco ASA 5500 Installing the Chassis 2-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Rack-Mounting the Chassis T o rack-mount the chassis, perform the following steps: Step 1 Attach the rack-mount brackets to the ch assis using the supplied screws. Attach the brackets to the holes as[...]
-
Page 15
2-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs Figur e 2-3 Rack-Mounting the Chassis T o remov e the chassis from the rack, remove the screws that a ttach the chassis to the rack, and then remov e the chassis. Ports and LEDs This section descri bes the [...]
-
Page 16
Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs 2-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 2-4 F ront P anel LEDs LED Color State Description 1 Power Green On The system has po wer . 2 Status Green Flashing The po wer-up d iagnostics are running or the system is bo oting. Solid The system [...]
-
Page 17
2-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs Figure 2-5 sho ws the rear panel features fo r the adapti ve security appliance. Figur e 2-5 Rear P anel LEDs and P orts (A C P ow er Supply Mode l Shown) For more inf ormation on the Management Port, see t[...]
-
Page 18
Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs 2-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figure 2-6 sho ws the adaptive security appliance rear panel LEDs. Figur e 2-6 Rear Pa nel Link and Speed Indicator LEDs Ta b l e 2 - 1 lists the rear MGMT and Network interface LEDs. Note The ASA 5510 adapt[...]
-
Page 19
2-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 What to Do Next What to Do Next Continue w ith one of the f ollowing chapters: T o Do This ... See ... Install SSMs you purch ased bu t that hav e not yet been installed Chapter 3, “Install ing Optional SSMs” Continue[...]
-
Page 20
Chapter 2 Installing the Cisco ASA 5500 What to D o Next 2-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Page 21
CH A P T E R 3-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 3 Installing Optional SSMs This chapter pro vides information about installing optional SSMs (Secu rity Services Modules) and their com ponents. Y ou only need to use the procedures in this chapter if you purchased an opti onal SSM b ut it is not y[...]
-
Page 22
Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 4GE SSM Components Figure 3-1 lists the Cisco 4GE SSM ports and LEDs. Figur e 3-1 Cisco 4GE SSM P orts and LEDs Note Figure 3-1 sho ws SFP modules installed in the port slots. Y ou must order and install the SFP m[...]
-
Page 23
3-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM Installing the Ci sc o 4 GE S SM T o install a new C isc o 4 GE S SM for the f irst time, perform the foll owing steps: Step 1 Po wer of f the adapti ve security appliance. Step 2 Locate the grounding strap fr o[...]
-
Page 24
Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Insert the C isc o 4 GE S SM through the slot openin g as shown i n Figure 3-3 . Figur e 3-3 Inser ting the Cisco 4GE SSM into the Slot Step 5 Attach the screws to secure the C is co 4GE S SM to the chassis[...]
-
Page 25
3-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM SFP Module The adapti ve securi ty appliance uses a field-replaceable SFP module to establish Gigabit connect ions. Note I f you install an SFP mo dule after the switch has powered on, you must reload the adapti[...]
-
Page 26
Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Use only Cisco-certif ied SFP modules on th e adapti ve security appliance. Each SFP module has an internal serial EEP R OM that is encode d with security information. Thi s encoding pro vides a way for Cisco to i[...]
-
Page 27
3-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM Figure 3-4 Installing an SFP Module Caution Do not remov e the optical port plugs fro m the SFP until you are ready t o connect the cables . Step 2 Re m ove t he O pt ic a l p o rt pl ug ; th e n connect the net[...]
-
Page 28
Chapter 3 Installing Optional SSMs Cisco AIP SSM and CSC SSM 3-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Cisco AIP SSM and CSC SSM The ASA 5500 series adapti ve security appliance su pports the AIP SSM (Adv anced Inspection and Pre vention Secu ri ty Services Module) and the CSC SSM (Content Security Cont[...]
-
Page 29
3-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco AIP SSM and CSC SSM Figur e 3-5 SSM LEDs Ta b l e 3 - 5 describes the SSM LEDs. Installing an SSM T o install a ne w SSM, perform the follo wing steps: Step 1 Po wer of f the adapti ve security appliance. Step 2 Locate [...]
-
Page 30
Chapter 3 Installing Optional SSMs What to D o Next 3-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 3-6 Removing the Scr ews from the Slot Co ver Step 4 Insert the SSM into the slot opening as sho wn in Figure 3-7 . Figur e 3-7 Inserting the SSM int o the Slot Step 5 Attach the screws to secure the S[...]
-
Page 31
CH A P T E R 4-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 4 Connecting Interface Cables This chapter d escribes ho w to connect the cables to the Console, Auxiliary , Management, Cisco 4GE SSM , and SSM ports . In this document, SSM refers to an intelligent SSM, the AIP SSM, or the CSC SSM. This chapter i[...]
-
Page 32
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Connecting Cables to Interfaces T o connect cables to the interf aces, perform the follo wing steps: Step 1 Place the chassis on a flat, stable surface, or in a rack (i f you are rack-mount[...]
-
Page 33
4-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces Figur e 4-1 Connecting t o the Management P ort 1 Management port 2 RJ-45 to RJ-45 Ethernet cable USB2 USB1 LNK SPD 3 LNK SPD 2 LNK SPD 1 LNK SPD 0 MGMT 92684 2 1[...]
-
Page 34
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 b. Console port – Connect the serial console cable as shown in Figure 4-2 . The console cable has a DB-9 connector on one end for the seri al port on your computer , and the other end is [...]
-
Page 35
4-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces c. Auxiliary port – Connect the serial console cable as shown in Figure 4-2 . The console cable has a DB-9 connector on one end for the seri al port on your computer , and the other end is [...]
-
Page 36
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 d. Cisco 4GE SSM • Ethernet port – Connect one RJ-45 connecto r to the Ethernet port of the Cisco 4GE SSM as sho wn in Figure 4-4 . – Connect the other end of the Ethernet cable to yo[...]
-
Page 37
4-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces • SFP modules – Insert and slide the SFP module into the SFP port until you hear a click. The click indicates that the SFP m odule is lock ed into the port. – Remov e the optical port p[...]
-
Page 38
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 4-6 Connecting the LC Connector – Connect the other end to your networ k de vices, suc h as routers, switches, or hubs. e. SSM – Connect one RJ-45 connector to th e management p[...]
-
Page 39
4-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces Figure 4-7 Connecting to the M an a gem e nt Port 1 SSM management port 2 RJ-4 5 to RJ-45 cable 143149 USB1 MGMT USB2 MGMT USB2 PO W ER STA TUS USB1 2 LINK?ACT SPEED 1[...]
-
Page 40
Chapter 4 Conn ecting Interface Cables What to D o Next 4-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 f. Ethernet port s – Connect the RJ-4 5 connector to the Et hernet port as sho wn in Figur e 4-8 . – Connect the other end of the Ethernet cable to your network de vice, such as a router , switch or hu[...]
-
Page 41
CH A P T E R 5-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 5 Configuring the Adaptive Security Appliance This chapter describes t he initial conf iguration of the ad ap ti v e sec ur it y a ppl ia nc e. Y ou can perform th e configuration steps using either the bro wser-b ased Cisco Adapti ve Security De v[...]
-
Page 42
Chapter 5 Co nfiguring the Adaptive Secu rity Appliance About the Adaptive Security Device Manager 5-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 By default, the adapti ve security appliance Management interface is conf igured with a default DHCP address pool. This configuration enables a client on the insid[...]
-
Page 43
5-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 5 Con figuring the Adaptive Security A ppliance Before Launching the Startup Wizard In addition to it s complete conf iguration and management capabili ty , ASDM features intelligent wi zards to simplify and accelerate the deployment of th e adapti ve s[...]
-
Page 44
Chapter 5 Co nfiguring the Adaptive Secu rity Appliance Using the Startup Wizard 5-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Using the Startup Wizard ASDM includes a Startup W izard to simplify the initial conf iguration of your adaptiv e security appliance. W ith a fe w steps, the Startup W izard enables[...]
-
Page 45
5-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 5 Con figuring the Adaptive Security A ppliance What to Do Next b. In the address field of the bro wser, enter this URL: https://192 .168.1.1/ . Note T he adapti ve security appliance shi ps w it h a d ef au lt I P a dd r es s of 192.168.1.1. Remember t[...]
-
Page 46
Chapter 5 Co nfiguring the Adaptive Secu rity Appliance What to D o Next 5-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Conf igure the AIP SSM for intrusion pre vention Chapter 9, “Conf iguring the AIP SSM” Conf igure the CSC SSM for content security Chapter 10, “Con figur ing the CSC SSM” T o Do Thi[...]
-
Page 47
CH A P T E R 6-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 6 Scenario: DMZ Configuration This chapter descri bes a configuration s cenario in whic h the adaptiv e sec urity appliance is used to protect network re sources located in a demilitari zed zone (DMZ). A DMZ is a se parate network l o cated in the [...]
-
Page 48
Chapter 6 Scen ario: DMZ Configuration Example DMZ Network Topology 6-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figure 6-1 Networ k Layo ut for DMZ Configuration Scenar io This exampl e scenario has the follo wing characteristics: • The web server is on the DMZ interface of the adaptive security applian[...]
-
Page 49
6-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Example DMZ Network Topology Figur e 6-2 Outg oing HT TP T r affi c Flow fr om the Pr iv ate Networ k In Figure 6-2 , the adaptiv e sec urity appliance permits HTTP traf fic or iginating from inside clients and desti ned f[...]
-
Page 50
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 6-3 Incomi ng HTTP T raf fic Flow F rom the Int er net T o permit incoming traf fic to access the DMZ web serv er , the adaptive security appliance conf igur[...]
-
Page 51
6-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt This confi guration procedure assumes th at the adapti ve security appliance already has interfaces configured for the inside interface, the DMZ interface, and the [...]
-
Page 52
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 • For the internal clients to hav e a cce ss to HTTP and HTTPS resources on the Internet, you must create a rule that transl ates the real IP ad dresses of interna[...]
-
Page 53
6-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Creating IP Pools for Ne twork Address Translation The adaptiv e se curity appliance uses Network Address T ranslation (N A T) and Port Address T ranslation (P A T)[...]
-
Page 54
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o configure a pool of IP addresses that can be used for netw ork address translation, perform t he follo wing steps: Step 1 In the ASDM windo w , click the Conf ig[...]
-
Page 55
6-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt d. From the Interf aces drop-do wn list, choose DMZ. e. T o create a ne w IP pool, enter a unique Po ol ID. In this scenario, the Pool ID is 200. f. In the IP Addr [...]
-
Page 56
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 g. Click Add to add this range of IP ad dresses to the Address Pool. The Add Global Pool dialog box config uration should be similar to th e follo wing: h. Click OK[...]
-
Page 57
6-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt e. Click the Port Address T ranslation (P A T) using the IP addr ess of the interfac e radio b utton. If you select the option Po rt Address T r anslati on using t[...]
-
Page 58
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The displayed conf iguration should be similar to the follo wing: Step 3 Confirm that the conf iguration values are correct. Step 4 Click Apply in the main ASDM win[...]
-
Page 59
6-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt In this procedure, you conf igure a Network Address T ranslation (N A T) rule that associates IP addresses from this pool with the inside clients so they can commu[...]
-
Page 60
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 c. Click OK to add the Dynamic N A T Rule and return to the Conf iguration > NA T w i n do w . Re view the conf iguration sc r een to verify that the tran slatio[...]
-
Page 61
6-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt The displayed conf iguration should be similar to the follo wing: Step 6 Click Apply to complete the adaptiv e security applia nce configuration changes. Configuri[...]
-
Page 62
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 For man y conf igurations, yo u would also need to create a N A T rule between the inside interface and the outside interface to enable inside cl ients to communica[...]
-
Page 63
6-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Step 5 In the Static T ranslation area , specify the public IP address to be used for the web server: a. From the Interf ace drop-do wn list, choose Outside. b. Fr[...]
-
Page 64
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The displayed conf iguration should be similar to the follo wing: Step 7 Click Apply to complete the adaptiv e security applia nce configuration changes. Providing [...]
-
Page 65
6-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt appliance that processes the traff ic, whet her the traff ic is incoming or outgoing, the origin and destinati on of the traf fic, and the t ype of traff ic protoc[...]
-
Page 66
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 2 In the Interface and Action area: a. From the Interf ace drop-do wn list, choose Outside. b. From the Direction drop-do wn list, choose Incoming. c. From the[...]
-
Page 67
6-21 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Alternati vely , if the address of th e source host or netw ork is preconf igured, choose the source IP address from the IP A ddress drop-do wn list. c. Enter the [...]
-
Page 68
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-22 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 At this point, the entries in the Add Access Rule dialog box should be similar to the following: d. Click OK . Step 6 The displayed conf iguration should be similar[...]
-
Page 69
6-23 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Step 7 Click Apply to sav e the configuration changes t o the conf iguration that the adapti ve secur ity appliance is current ly running. Clients on both the pri [...]
-
Page 70
Chapter 6 Scen ario: DMZ Configuration What to D o Next 6-24 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 8 If you want the conf iguration changes to be sav ed to the startup configurati on so that they are applied t he next time the de vice starts, from the File menu, click Sa ve . Alternati vely , ASDM [...]
-
Page 71
6-25 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration What to Do Next T o Do This ... See ... Conf igure a remote-access VPN Chapter 7, “Scenario: Remote-Access VPN Conf iguratio n” Conf igure a site-to-site VPN Chapter 8, “Scenario: Site-to-Site VPN Conf iguratio n”[...]
-
Page 72
Chapter 6 Scen ario: DMZ Configuration What to D o Next 6-26 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Page 73
CH A P T E R 7-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 7 Scenario: Remote-Access VPN Configuration This chapter descri bes how to use the adapti ve security appliance to accept remote-access IPsec VPN c onnections. A remote-access VPN enables you to create secure connections, or tunnels, across the Int[...]
-
Page 74
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 7 -1 Netw or k Layout f or Remote A ccess VPN Scenario Implementing the IPsec Remote-Access VPN Scenario This section describes how to conf igure the a[...]
-
Page 75
7-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario • Specifying the VPN T unnel Group Name and Authentication Method, page 7-7 • Specifying a User Authenticatio n Method, page 7-8 • (Optional) Conf igur[...]
-
Page 76
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Starting ASDM T o run ASDM in a web browser , enter the f actory defaul t IP address in the address fie l d : https://192.168.1.1/admin/ . Note Remember to add[...]
-
Page 77
7-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring the FWSM for an IPsec Remote-Access VPN T o begin the process for configuring a remote-access VPN, perform the following steps: Step 1 In the mai[...]
-
Page 78
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Selecting VPN Client Types In Step 2 of the VPN W izard, perform the follo wing steps: Step 1 Specify the type of VPN cl ient that will enable remote users to [...]
-
Page 79
7-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Specifying the VPN Tunnel Group Name and Authentication Method In Step 3 of the VPN W izard, perform the follo wing steps: Step 1 Specify the type of authent[...]
-
Page 80
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 2 Enter a T unnel Group Name (such as “C isco”) for the set of users that use common connection parameters and client at tributes to con nect to this [...]
-
Page 81
7-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario In Step 4 of the VPN W izard , perform the following steps: Step 1 If you want to authenticate users by cr eating a user database on the adaptive security ap[...]
-
Page 82
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 (Optional) Configuring User Accounts If you ha ve chosen t o authenticate user s with the local user database, you can create new user accounts here. Y ou can[...]
-
Page 83
7-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring Address Pools For remo te clients to gain access to your network, y ou must config ure a pool of IP addresse s that can be as signed to remo te [...]
-
Page 84
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 3 Click Next to continue. Configuring Client Attributes T o a ccess your network, each remote access client needs basic network configuration information[...]
-
Page 85
7-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario In Step 7 of the VPN W izard, perform the follo wing steps: Step 1 Enter the netw ork conf iguration informat ion to be pushed to remote clien ts. Step 2 Cl[...]
-
Page 86
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o specify the IKE policy in Step 8 of the VPN W izard, perform the follo wing steps: Step 1 Click the Encryption (DES/3DES/AES), authentication algori thms [...]
-
Page 87
7-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring IPsec Encryption and Authentication Parameters In Step 9 of the VPN W izard, perform the follo wing steps: Step 1 Click the Encryption algorith [...]
-
Page 88
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Specifying Address Translation Exception and Split Tunneling Split tunneling lets a remote-access IPsec client condition ally direct packet s ov er an IPsec t[...]
-
Page 89
7-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Note Enable split tunnelin g b y checking the Enable Split T unneling check box at the bottom of the screen. Split tunneling allo ws traffic ou tside the co[...]
-
Page 90
Chapter 7 Scenario : Remote-Access VPN Configuration What to D o Next 7-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you are satisf ied with the configuration, click Finish to apply the changes to the adaptiv e se curity appliance. If you want the conf iguration changes to be sav ed to the startup config[...]
-
Page 91
7-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration What to Do Next T o Do This ... See ... Conf igure the adaptive security appliance to protect a W eb server in a DMZ Chapter 6, “Scenario: DMZ Conf iguration” Conf igure a site-to-site VPN Chapter 8, “[...]
-
Page 92
Chapter 7 Scenario : Remote-Access VPN Configuration What to D o Next 7-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Page 93
CH A P T E R 8-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 8 Scenario: Site-to-Site VPN Configuration This chapter descri bes how to use the ad apti ve security appliance to create a site-to-site VPN. Site-to-site VPN features pro vided by the adapti ve security appliance enable businesses to extend their [...]
-
Page 94
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 8-1 Networ k Lay out fo r Site-t o-Site VPN Configuration Scenar io Creating a VPN site-to-site de ployment such as the one in Figure 8-1 r equires you to configu[...]
-
Page 95
8-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Configuring the Site-to-Site VPN This section describes how to use the ASDM VPN W izard to configure the adaptiv e se curity appliance for a site-to-site VPN. This secti[...]
-
Page 96
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Configuring the Security Ap pliance at the Local Site Note The adaptiv e security appliance at the first site is referred to as Security Appliance 1 from this point forwa[...]
-
Page 97
8-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario In Step 1 of the VPN W izard , perform the following steps: a. Click the Site-to -Site VP N radio button. Note The Site-to-Site VPN option connects two IPSec security ga[...]
-
Page 98
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Providing Information A bout the Remote VPN Peer The VPN peer is the system on the othe r end of the connection that you are confi guring, usually at a remote site. Note [...]
-
Page 99
8-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Step 3 Click Next to continue. Configuring the IKE Policy IKE is a negotiation prot ocol that includ e s an encryption method to p rotect data and ensure pri v acy; it i[...]
-
Page 100
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note When configuri ng Security Appliance 2 , enter the e xact values for each of the options that you cho se for Security Appliance 1. Encryption mismatches are a common[...]
-
Page 101
8-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Configuring IPSec Encryption and Authentication Parameters In Step 4 of the VPN W izard, perform the follo wing steps: Step 1 Choose the Encryption algorit hm (DES/3DES/[...]
-
Page 102
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Specifying Hosts and Networks Identify hosts and netw orks at the local site that are permitted to use th is IPSec tunnel to communi cate with the remote-site p eer . Ad[...]
-
Page 103
8-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Step 5 Click Next to continue. Viewing VPN Attributes and Completing the Wizard In Step 6 of the V PN W izard, re view the conf iguration list for the VPN tunnel you ju[...]
-
Page 104
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you want the conf iguration changes to be sav ed to the startup configurati on so that they are applied t he next time the de vice starts, from the File menu, click S[...]
-
Page 105
8-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Configuring the Other Sid e of the VPN Connection Configuring the Other Side of the VPN Connection Y ou ha ve just conf igured th e local adaptive security a ppliance. No w you need to configure the adapti v[...]
-
Page 106
Chapter 8 Sc enario: Si te-to-Site VPN Configuration What to D o Next 8-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Y o u can configure the adapti ve security appliance for more than one application. The follo wing sections p rovide conf iguration procedures for oth er common applications of the adap tiv e[...]
-
Page 107
CH A P T E R 9-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 9 Configuring the AIP SSM The optional AIP SSM runs advanced IPS so ftw are that pro vides further security inspection either in inline mode or p romiscuous mode. The adapti ve security appliance di verts packets to the AIP SSM just before the pack[...]
-
Page 108
Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 This section includes the following topics: • Overvie w of Configuration Process, pag e 9-2 • Config uring the ASA 5500 to Di vert T raff ic to the AIP SSM, page 9-2 • Sessioning to the AIP SSM and Ru[...]
-
Page 109
9-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM AIP SSM Configuration T o identify traffic to div ert from the adap ti ve security a ppliance t o the AIP SSM, perform the follo wing steps: Step 1 Create an access list that matches all t raf fic: hostname(config)# access-list[...]
-
Page 110
Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The inline and promiscuous k eyw ords control the operating mode of the AIP SSM. The fail-close and fail-open keywords control ho w the adaptiv e security appliance treats traff ic when the AI P SSM is una [...]
-
Page 111
9-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM AIP SSM Configuration Sessioning to the AIP SSM and Running Setup After you ha ve complet ed conf iguration of the ASA 5500 series adapti ve security appliance to di vert traff ic to the AIP SSM, session to the AIP SSM and run [...]
-
Page 112
Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 this product you agree to comply with applicab le laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptogr[...]
-
Page 113
9-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM What to Do Next What to Do Next Y ou are now ready to co nfig ure the adapti ve security appliance for intrusion pre vention. Use th e follow ing documents to continu e conf iguring the adapti ve security appliance for your imp[...]
-
Page 114
Chapter 9 Configuring the AIP SSM What to D o Next 9-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Y o u can configure the adapti ve security appliance for more than one application. The follo wing sections p rovide conf iguration procedures for oth er common applications of the adap tiv e security appliance.[...]
-
Page 115
CH A P T E R 10-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 10 Configuring the CSC SSM The ASA 5500 series adaptiv e security appliance supports the CSC SSM, which runs Content Security and Control software. The CS C SSM provides protectio n against viruses, spyware, spam, and other unwanted traf fic. It a[...]
-
Page 116
Chapter 10 Configuring the CSC SSM About Deploying the Secur ity Appliance with the CSC SSM 10-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 In addition to o btaining content prof iles from T rend Micro, system administrators can also customize the conf igurat ion so that the CSC SSM scans for additional traf[...]
-
Page 117
10-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM About Deploying the Sec urity Appliance with the CSC SSM Figur e 1 0-1 CSC SSM T raffic Flo w In this e xample, clients could be network u sers who are accessing a website, do wnloading f iles from an FTP serv er , or retriev[...]
-
Page 118
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note The CSC SSM handles SMTP traff ic some what dif ferently than other content types. After the CSC SSM recei ves SMTP tr af fic and scans it, it doe[...]
-
Page 119
10-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security In this scenari o, the customer has deployed an adapti ve security appliance with a CSC SSM for content security . Of particular interest are the follo [...]
-
Page 120
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you follo wed the procedures in earlier chapters of this document, at this po int you ha ve an ASA syst em running with licensed soft ware, and you [...]
-
Page 121
10-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Note The SSM management port IP address must be accessible by the hosts used to run ASDM. The IP addre sses for the SSM ma nagement port and the adapti [...]
-
Page 122
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Click Ye s to accept the certificates. Click Ye s for all subsequent authenti cation and certif icate dialog bo xes. The ASDM Main window appear[...]
-
Page 123
10-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security • If you are using NTP to control time settings, v erify the NTP configurati on. In ASDM, click Configuration > Pr operties > Device Administrat[...]
-
Page 124
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Click Next . Step 5 In Step 2 of the CSC W izard, en ter the follo wing information: • IP address, netmask and gate way IP address for the CS[...]
-
Page 125
10-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security • Domain name used by the local mail serv er as the incoming domain. Note Anti-SP AM policies are applied only to email traff ic coming into this dom[...]
-
Page 126
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 By default, all net works ha ve managemen t access to the CSC SSM. For securit y purposes, we recommend th at you rest rict access to specific subnets[...]
-
Page 127
10-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Step 11 In Step 5 of the CSC Setup W izard, enter a new password for management access. Enter the fact ory default passw ord, “ci sco,” in the Old [...]
-
Page 128
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 13 In Step 6 of the CSC Setup W izard, re view conf iguration settings you just entered for the CSC SSM. If you are satisf ied with these setting[...]
-
Page 129
10-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security T o simplify the initial configurati on process, this procedure creates a global service polic y that di verts all traf fic for the supported proto col[...]
-
Page 130
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 5 Click Next. The T raffic Classif ication Criteria page appears. Step 6 In the T raff ic Cla ssificati on Criteria page, click the User class-de[...]
-
Page 131
10-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Step 8 In the Service Polic y Rule W izard, click the CSC Scan tab . Step 9 On the CSC Scan tab page, check the Enable CSC scan f or this traff ic flow[...]
-
Page 132
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 10 Click Finish .[...]
-
Page 133
10-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security The new service polic y appears in the Service Policy Rules pane. Step 11 Click Apply . By default, the CSC SSM is conf igured to perform content secu [...]
-
Page 134
Chapter 10 Configuring the CSC SSM What to D o Next 10-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If included in the license you purchased, you can create custom settings fo r URL blocking and URL f iltering, as well as email an d FTP parameters. For more informatio n, see the Cisco Content Security and C[...]
-
Page 135
10-21 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM What to Do Next After you have conf igured the CSC SSM software, you may want to cons ider performing some of the follo wing additional step s: Y o u can configure the adapti ve security appliance for more than one applicati[...]
-
Page 136
Chapter 10 Configuring the CSC SSM What to D o Next 10-22 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Page 137
CH A P T E R 11-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 11 Configuring the 4GE SSM for Fiber The 4GE Security Services Module (SSM) has four Ethernet ports, and each port has two media type options: SFP (Small Form-F actor Pluggable) f iber or RJ 35. Y ou can mix the copper and f iber ports using the s[...]
-
Page 138
Chapter 11 Configuring the 4GE SSM for Fiber Cabling 4GE SSM Interfaces 11-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Cabling 4GE SSM Interfaces T o ca ble 4GE SSM interfaces, perform the follo wing steps for each port you want to connect to a netw ork de vice: Step 1 T o connect an RJ-45 (Ethernet) interf[...]
-
Page 139
11-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 11 Configuring the 4G E SSM for Fiber Setting the 4GE SSM Media Type for Fib er Interfaces (Optional) Figur e 1 1 -2 Connecting the LC Conn ector e. Connect the other end of t he LC connector to your netw ork de vice. After you hav e attached any SFP p[...]
-
Page 140
Chapter 11 Configuring the 4GE SSM for Fiber Setting the 4GE SSM Media Type for Fiber Interfaces (Optio nal) 11-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note Because the default media ty pe setting is Ethernet, y ou do not need to change the media type setting for Ethernet int erfaces you use. T o set th[...]
-
Page 141
11-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 11 Configuring the 4G E SSM for Fiber What to Do Next What to Do Next Y ou have co mpleted the initial conf iguration. Y ou may want to consider performing some of the follo wing additional step s: T o Do This ... See ... Refine con figurati on and con[...]
-
Page 142
Chapter 11 Configuring the 4GE SSM for Fiber What to D o Next 11-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Page 143
CH A P T E R A-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 A Obtaining a DES License or a 3DES-AES License Cisco adapti ve security appl iances are av ailable either with a DES or 3DES-ASE license that pr ovides encrypti on technology to enable specific features, suc h as secure remote management (SSH, ASD[...]
-
Page 144
Chapter A Obtaining a DE S License o r a 3DES-AES License A-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o use the activ ation ke y , perform the foll owing steps: Command Purpose Step 1 hostname# show version Sho ws the software release, hardware conf iguration, license k ey , and related uptime data. Ste[...]