Ir para a página of
Manuais similares
-
Home Security System
Cisco Systems WVC80N
66 páginas 2.94 mb -
Home Security System
Cisco Systems ASA5505K8RF
52 páginas 1.66 mb -
Home Security System
Cisco Systems OL-5742-01
42 páginas 0.41 mb -
Home Security System
Cisco Systems 4300E
86 páginas 2.87 mb -
Home Security System
Cisco Systems ASA5505BUNK9
52 páginas 1.66 mb -
Home Security System
Cisco Systems OL-24281-01
84 páginas 5.63 mb -
Home Security System
Cisco Systems ONS 15454 SDH
20 páginas 0.37 mb -
Home Security System
Cisco Systems ASA 5505
52 páginas 1.66 mb
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Cisco Systems ASA 5500. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoCisco Systems ASA 5500 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Cisco Systems ASA 5500 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual Cisco Systems ASA 5500, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual Cisco Systems ASA 5500 deve conte:
- dados técnicos do dispositivo Cisco Systems ASA 5500
- nome do fabricante e ano de fabricação do dispositivo Cisco Systems ASA 5500
- instruções de utilização, regulação e manutenção do dispositivo Cisco Systems ASA 5500
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Cisco Systems ASA 5500 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Cisco Systems ASA 5500 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Cisco Systems na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Cisco Systems ASA 5500, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Cisco Systems ASA 5500, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Cisco Systems ASA 5500. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 C i s c o ASA 5 5 0 0 Se r i e s Ad a p t i ve S ecurity Appliance Get ting Star ted Guide For t he Cisco AS A 551 0, A SA 5520 , and AS A 5540 Customer Order Number: DO C-7817611=[...]
-
Página 2
THE SPECIFICA TIONS AND IN FORMA TION REGARDING THE PRODUCTS IN THIS MAN U AL ARE SUBJECT TO CHANGE WITHOUT NO TICE. ALL ST A TEMENTS, INFORMA TION, AND RECOMMEND A TION S IN THIS MANU AL ARE BELIEVED TO BE A CCURA TE BUT ARE PRESENTED WITHOUT W ARRANTY OF ANY KIN D, EXPRESS OR IMPLIED . USERS MUST T AKE FU LL RESPONSIBILITY FO R THEIR APPLICA TION[...]
-
Página 3
iii Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 CONTENTS CHAPTER 1 Before You Begin 1-1 ASA 5500 1-1 ASA 5500 with AIP SSM 1-2 ASA 5500 with CSC SSM 1-3 ASA 5500 with 4GE SSM 1-4 CHAPTER 2 Installing the Cisco ASA 5500 2-1 Verifying the Pack age Contents 2-2 Installing the Chassis 2-3 Rack-Mounting the Chass[...]
-
Página 4
Contents iv Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 CHAPTER 4 Connecting Interfa ce Cables 4-1 Connecting Cable s to Interfaces 4-2 What to Do Nex t 4-10 CHAPTER 5 Configuring the Adaptiv e Security Appliance 5-1 About the Factory-Default Configuratio n 5-1 About the Ad aptive Secu rity Device Manager 5-2[...]
-
Página 5
v Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Contents Starting ASDM 7-4 Configuring the FWSM for an IPsec Remote-Access VPN 7-5 Selecting VP N Client Types 7-6 Specifying the VPN Tunnel Group Name and Authentication Method 7-7 Specifying a User Authentication Method 7-8 (Optional) Configuring User Accounts [...]
-
Página 6
Contents vi Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 CHAPTER 9 Configuring the AIP SSM 9-1 AIP SSM Configuration 9-1 Overview of Configuration Process 9-2 Configuring the ASA 5500 to Divert Traffic to the AIP SSM 9-2 Sessioning to the AIP SSM and Running Setup 9-5 What to Do Nex t 9-7 CHAPTER 10 Configurin[...]
-
Página 7
CH A P T E R 1-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 1 Before You Begin Use the follo wing table to f ind the instal lation and configuration steps that are required for your impl ementation of the adapti ve security appliance. The adaptiv e security appliance implementa tions included in this docume[...]
-
Página 8
Chapter 1 Be fore You Begin ASA 5500 with AIP SSM 1-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ASA 5500 with AIP SSM Conf igure the adapti ve security ap pliance for your implementation Chapter 6, “Scenario: DMZ Conf iguration” Chapter 7, “Scenario: Remote-Access VPN Conf iguration” Chapter 8, “S[...]
-
Página 9
1-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 1 Before You Begin ASA 5500 with CSC SSM ASA 5500 with CSC SSM Configure IPS soft ware for intrusion pre vention Conf iguring the Cisco Intrusi on Pr evention System Sensor Using the Command Line Interface Cisco Intrusi on Pr eventi on System Command Re[...]
-
Página 10
Chapter 1 Be fore You Begin ASA 5500 with 4GE SSM 1-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ASA 5500 with 4GE SSM Conf igure the CSC SSM Ci sco Content Security and Contr ol SSM Administrator Guide Refine con figurati on and config ure optional and advanced features Cisco Security Applia nce Command Lin[...]
-
Página 11
CH A P T E R 2-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 2 Installing the Cisco ASA 5500 War ni ng Only trained and qualified pe rsonnel should be allowed to in stall, replace, or service this equipment. Caution Read the safety warnings in the Re gulatory Compliance a nd Safety Informatio n for the Cisco[...]
-
Página 12
Chapter 2 Installing the Cisco ASA 5500 Verifying the Package Contents 2-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Verifying the Package Contents V erify the contents of the packing box t o ensure that you have received all items necessary to install your Cisco ASA 5500 se ries adaptive security appliance[...]
-
Página 13
2-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Installing the Chassis Installing the Chassis This section descri bes how to rack-mou nt and install the adapti ve security appliance. Y ou can mount the adaptiv e security applian ce in a 19-inch rack (with a 17.5- or 17[...]
-
Página 14
Chapter 2 Installing the Cisco ASA 5500 Installing the Chassis 2-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Rack-Mounting the Chassis T o rack-mount the chassis, perform the following steps: Step 1 Attach the rack-mount brackets to the ch assis using the supplied screws. Attach the brackets to the holes as[...]
-
Página 15
2-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs Figur e 2-3 Rack-Mounting the Chassis T o remov e the chassis from the rack, remove the screws that a ttach the chassis to the rack, and then remov e the chassis. Ports and LEDs This section descri bes the [...]
-
Página 16
Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs 2-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 2-4 F ront P anel LEDs LED Color State Description 1 Power Green On The system has po wer . 2 Status Green Flashing The po wer-up d iagnostics are running or the system is bo oting. Solid The system [...]
-
Página 17
2-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs Figure 2-5 sho ws the rear panel features fo r the adapti ve security appliance. Figur e 2-5 Rear P anel LEDs and P orts (A C P ow er Supply Mode l Shown) For more inf ormation on the Management Port, see t[...]
-
Página 18
Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs 2-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figure 2-6 sho ws the adaptive security appliance rear panel LEDs. Figur e 2-6 Rear Pa nel Link and Speed Indicator LEDs Ta b l e 2 - 1 lists the rear MGMT and Network interface LEDs. Note The ASA 5510 adapt[...]
-
Página 19
2-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 What to Do Next What to Do Next Continue w ith one of the f ollowing chapters: T o Do This ... See ... Install SSMs you purch ased bu t that hav e not yet been installed Chapter 3, “Install ing Optional SSMs” Continue[...]
-
Página 20
Chapter 2 Installing the Cisco ASA 5500 What to D o Next 2-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Página 21
CH A P T E R 3-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 3 Installing Optional SSMs This chapter pro vides information about installing optional SSMs (Secu rity Services Modules) and their com ponents. Y ou only need to use the procedures in this chapter if you purchased an opti onal SSM b ut it is not y[...]
-
Página 22
Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 4GE SSM Components Figure 3-1 lists the Cisco 4GE SSM ports and LEDs. Figur e 3-1 Cisco 4GE SSM P orts and LEDs Note Figure 3-1 sho ws SFP modules installed in the port slots. Y ou must order and install the SFP m[...]
-
Página 23
3-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM Installing the Ci sc o 4 GE S SM T o install a new C isc o 4 GE S SM for the f irst time, perform the foll owing steps: Step 1 Po wer of f the adapti ve security appliance. Step 2 Locate the grounding strap fr o[...]
-
Página 24
Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Insert the C isc o 4 GE S SM through the slot openin g as shown i n Figure 3-3 . Figur e 3-3 Inser ting the Cisco 4GE SSM into the Slot Step 5 Attach the screws to secure the C is co 4GE S SM to the chassis[...]
-
Página 25
3-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM SFP Module The adapti ve securi ty appliance uses a field-replaceable SFP module to establish Gigabit connect ions. Note I f you install an SFP mo dule after the switch has powered on, you must reload the adapti[...]
-
Página 26
Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Use only Cisco-certif ied SFP modules on th e adapti ve security appliance. Each SFP module has an internal serial EEP R OM that is encode d with security information. Thi s encoding pro vides a way for Cisco to i[...]
-
Página 27
3-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM Figure 3-4 Installing an SFP Module Caution Do not remov e the optical port plugs fro m the SFP until you are ready t o connect the cables . Step 2 Re m ove t he O pt ic a l p o rt pl ug ; th e n connect the net[...]
-
Página 28
Chapter 3 Installing Optional SSMs Cisco AIP SSM and CSC SSM 3-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Cisco AIP SSM and CSC SSM The ASA 5500 series adapti ve security appliance su pports the AIP SSM (Adv anced Inspection and Pre vention Secu ri ty Services Module) and the CSC SSM (Content Security Cont[...]
-
Página 29
3-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco AIP SSM and CSC SSM Figur e 3-5 SSM LEDs Ta b l e 3 - 5 describes the SSM LEDs. Installing an SSM T o install a ne w SSM, perform the follo wing steps: Step 1 Po wer of f the adapti ve security appliance. Step 2 Locate [...]
-
Página 30
Chapter 3 Installing Optional SSMs What to D o Next 3-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 3-6 Removing the Scr ews from the Slot Co ver Step 4 Insert the SSM into the slot opening as sho wn in Figure 3-7 . Figur e 3-7 Inserting the SSM int o the Slot Step 5 Attach the screws to secure the S[...]
-
Página 31
CH A P T E R 4-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 4 Connecting Interface Cables This chapter d escribes ho w to connect the cables to the Console, Auxiliary , Management, Cisco 4GE SSM , and SSM ports . In this document, SSM refers to an intelligent SSM, the AIP SSM, or the CSC SSM. This chapter i[...]
-
Página 32
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Connecting Cables to Interfaces T o connect cables to the interf aces, perform the follo wing steps: Step 1 Place the chassis on a flat, stable surface, or in a rack (i f you are rack-mount[...]
-
Página 33
4-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces Figur e 4-1 Connecting t o the Management P ort 1 Management port 2 RJ-45 to RJ-45 Ethernet cable USB2 USB1 LNK SPD 3 LNK SPD 2 LNK SPD 1 LNK SPD 0 MGMT 92684 2 1[...]
-
Página 34
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 b. Console port – Connect the serial console cable as shown in Figure 4-2 . The console cable has a DB-9 connector on one end for the seri al port on your computer , and the other end is [...]
-
Página 35
4-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces c. Auxiliary port – Connect the serial console cable as shown in Figure 4-2 . The console cable has a DB-9 connector on one end for the seri al port on your computer , and the other end is [...]
-
Página 36
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 d. Cisco 4GE SSM • Ethernet port – Connect one RJ-45 connecto r to the Ethernet port of the Cisco 4GE SSM as sho wn in Figure 4-4 . – Connect the other end of the Ethernet cable to yo[...]
-
Página 37
4-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces • SFP modules – Insert and slide the SFP module into the SFP port until you hear a click. The click indicates that the SFP m odule is lock ed into the port. – Remov e the optical port p[...]
-
Página 38
Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 4-6 Connecting the LC Connector – Connect the other end to your networ k de vices, suc h as routers, switches, or hubs. e. SSM – Connect one RJ-45 connector to th e management p[...]
-
Página 39
4-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces Figure 4-7 Connecting to the M an a gem e nt Port 1 SSM management port 2 RJ-4 5 to RJ-45 cable 143149 USB1 MGMT USB2 MGMT USB2 PO W ER STA TUS USB1 2 LINK?ACT SPEED 1[...]
-
Página 40
Chapter 4 Conn ecting Interface Cables What to D o Next 4-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 f. Ethernet port s – Connect the RJ-4 5 connector to the Et hernet port as sho wn in Figur e 4-8 . – Connect the other end of the Ethernet cable to your network de vice, such as a router , switch or hu[...]
-
Página 41
CH A P T E R 5-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 5 Configuring the Adaptive Security Appliance This chapter describes t he initial conf iguration of the ad ap ti v e sec ur it y a ppl ia nc e. Y ou can perform th e configuration steps using either the bro wser-b ased Cisco Adapti ve Security De v[...]
-
Página 42
Chapter 5 Co nfiguring the Adaptive Secu rity Appliance About the Adaptive Security Device Manager 5-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 By default, the adapti ve security appliance Management interface is conf igured with a default DHCP address pool. This configuration enables a client on the insid[...]
-
Página 43
5-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 5 Con figuring the Adaptive Security A ppliance Before Launching the Startup Wizard In addition to it s complete conf iguration and management capabili ty , ASDM features intelligent wi zards to simplify and accelerate the deployment of th e adapti ve s[...]
-
Página 44
Chapter 5 Co nfiguring the Adaptive Secu rity Appliance Using the Startup Wizard 5-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Using the Startup Wizard ASDM includes a Startup W izard to simplify the initial conf iguration of your adaptiv e security appliance. W ith a fe w steps, the Startup W izard enables[...]
-
Página 45
5-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 5 Con figuring the Adaptive Security A ppliance What to Do Next b. In the address field of the bro wser, enter this URL: https://192 .168.1.1/ . Note T he adapti ve security appliance shi ps w it h a d ef au lt I P a dd r es s of 192.168.1.1. Remember t[...]
-
Página 46
Chapter 5 Co nfiguring the Adaptive Secu rity Appliance What to D o Next 5-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Conf igure the AIP SSM for intrusion pre vention Chapter 9, “Conf iguring the AIP SSM” Conf igure the CSC SSM for content security Chapter 10, “Con figur ing the CSC SSM” T o Do Thi[...]
-
Página 47
CH A P T E R 6-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 6 Scenario: DMZ Configuration This chapter descri bes a configuration s cenario in whic h the adaptiv e sec urity appliance is used to protect network re sources located in a demilitari zed zone (DMZ). A DMZ is a se parate network l o cated in the [...]
-
Página 48
Chapter 6 Scen ario: DMZ Configuration Example DMZ Network Topology 6-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figure 6-1 Networ k Layo ut for DMZ Configuration Scenar io This exampl e scenario has the follo wing characteristics: • The web server is on the DMZ interface of the adaptive security applian[...]
-
Página 49
6-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Example DMZ Network Topology Figur e 6-2 Outg oing HT TP T r affi c Flow fr om the Pr iv ate Networ k In Figure 6-2 , the adaptiv e sec urity appliance permits HTTP traf fic or iginating from inside clients and desti ned f[...]
-
Página 50
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 6-3 Incomi ng HTTP T raf fic Flow F rom the Int er net T o permit incoming traf fic to access the DMZ web serv er , the adaptive security appliance conf igur[...]
-
Página 51
6-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt This confi guration procedure assumes th at the adapti ve security appliance already has interfaces configured for the inside interface, the DMZ interface, and the [...]
-
Página 52
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 • For the internal clients to hav e a cce ss to HTTP and HTTPS resources on the Internet, you must create a rule that transl ates the real IP ad dresses of interna[...]
-
Página 53
6-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Creating IP Pools for Ne twork Address Translation The adaptiv e se curity appliance uses Network Address T ranslation (N A T) and Port Address T ranslation (P A T)[...]
-
Página 54
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o configure a pool of IP addresses that can be used for netw ork address translation, perform t he follo wing steps: Step 1 In the ASDM windo w , click the Conf ig[...]
-
Página 55
6-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt d. From the Interf aces drop-do wn list, choose DMZ. e. T o create a ne w IP pool, enter a unique Po ol ID. In this scenario, the Pool ID is 200. f. In the IP Addr [...]
-
Página 56
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 g. Click Add to add this range of IP ad dresses to the Address Pool. The Add Global Pool dialog box config uration should be similar to th e follo wing: h. Click OK[...]
-
Página 57
6-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt e. Click the Port Address T ranslation (P A T) using the IP addr ess of the interfac e radio b utton. If you select the option Po rt Address T r anslati on using t[...]
-
Página 58
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The displayed conf iguration should be similar to the follo wing: Step 3 Confirm that the conf iguration values are correct. Step 4 Click Apply in the main ASDM win[...]
-
Página 59
6-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt In this procedure, you conf igure a Network Address T ranslation (N A T) rule that associates IP addresses from this pool with the inside clients so they can commu[...]
-
Página 60
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 c. Click OK to add the Dynamic N A T Rule and return to the Conf iguration > NA T w i n do w . Re view the conf iguration sc r een to verify that the tran slatio[...]
-
Página 61
6-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt The displayed conf iguration should be similar to the follo wing: Step 6 Click Apply to complete the adaptiv e security applia nce configuration changes. Configuri[...]
-
Página 62
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 For man y conf igurations, yo u would also need to create a N A T rule between the inside interface and the outside interface to enable inside cl ients to communica[...]
-
Página 63
6-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Step 5 In the Static T ranslation area , specify the public IP address to be used for the web server: a. From the Interf ace drop-do wn list, choose Outside. b. Fr[...]
-
Página 64
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The displayed conf iguration should be similar to the follo wing: Step 7 Click Apply to complete the adaptiv e security applia nce configuration changes. Providing [...]
-
Página 65
6-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt appliance that processes the traff ic, whet her the traff ic is incoming or outgoing, the origin and destinati on of the traf fic, and the t ype of traff ic protoc[...]
-
Página 66
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 2 In the Interface and Action area: a. From the Interf ace drop-do wn list, choose Outside. b. From the Direction drop-do wn list, choose Incoming. c. From the[...]
-
Página 67
6-21 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Alternati vely , if the address of th e source host or netw ork is preconf igured, choose the source IP address from the IP A ddress drop-do wn list. c. Enter the [...]
-
Página 68
Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-22 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 At this point, the entries in the Add Access Rule dialog box should be similar to the following: d. Click OK . Step 6 The displayed conf iguration should be similar[...]
-
Página 69
6-23 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Step 7 Click Apply to sav e the configuration changes t o the conf iguration that the adapti ve secur ity appliance is current ly running. Clients on both the pri [...]
-
Página 70
Chapter 6 Scen ario: DMZ Configuration What to D o Next 6-24 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 8 If you want the conf iguration changes to be sav ed to the startup configurati on so that they are applied t he next time the de vice starts, from the File menu, click Sa ve . Alternati vely , ASDM [...]
-
Página 71
6-25 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration What to Do Next T o Do This ... See ... Conf igure a remote-access VPN Chapter 7, “Scenario: Remote-Access VPN Conf iguratio n” Conf igure a site-to-site VPN Chapter 8, “Scenario: Site-to-Site VPN Conf iguratio n”[...]
-
Página 72
Chapter 6 Scen ario: DMZ Configuration What to D o Next 6-26 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Página 73
CH A P T E R 7-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 7 Scenario: Remote-Access VPN Configuration This chapter descri bes how to use the adapti ve security appliance to accept remote-access IPsec VPN c onnections. A remote-access VPN enables you to create secure connections, or tunnels, across the Int[...]
-
Página 74
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 7 -1 Netw or k Layout f or Remote A ccess VPN Scenario Implementing the IPsec Remote-Access VPN Scenario This section describes how to conf igure the a[...]
-
Página 75
7-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario • Specifying the VPN T unnel Group Name and Authentication Method, page 7-7 • Specifying a User Authenticatio n Method, page 7-8 • (Optional) Conf igur[...]
-
Página 76
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Starting ASDM T o run ASDM in a web browser , enter the f actory defaul t IP address in the address fie l d : https://192.168.1.1/admin/ . Note Remember to add[...]
-
Página 77
7-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring the FWSM for an IPsec Remote-Access VPN T o begin the process for configuring a remote-access VPN, perform the following steps: Step 1 In the mai[...]
-
Página 78
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Selecting VPN Client Types In Step 2 of the VPN W izard, perform the follo wing steps: Step 1 Specify the type of VPN cl ient that will enable remote users to [...]
-
Página 79
7-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Specifying the VPN Tunnel Group Name and Authentication Method In Step 3 of the VPN W izard, perform the follo wing steps: Step 1 Specify the type of authent[...]
-
Página 80
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 2 Enter a T unnel Group Name (such as “C isco”) for the set of users that use common connection parameters and client at tributes to con nect to this [...]
-
Página 81
7-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario In Step 4 of the VPN W izard , perform the following steps: Step 1 If you want to authenticate users by cr eating a user database on the adaptive security ap[...]
-
Página 82
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 (Optional) Configuring User Accounts If you ha ve chosen t o authenticate user s with the local user database, you can create new user accounts here. Y ou can[...]
-
Página 83
7-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring Address Pools For remo te clients to gain access to your network, y ou must config ure a pool of IP addresse s that can be as signed to remo te [...]
-
Página 84
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 3 Click Next to continue. Configuring Client Attributes T o a ccess your network, each remote access client needs basic network configuration information[...]
-
Página 85
7-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario In Step 7 of the VPN W izard, perform the follo wing steps: Step 1 Enter the netw ork conf iguration informat ion to be pushed to remote clien ts. Step 2 Cl[...]
-
Página 86
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o specify the IKE policy in Step 8 of the VPN W izard, perform the follo wing steps: Step 1 Click the Encryption (DES/3DES/AES), authentication algori thms [...]
-
Página 87
7-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring IPsec Encryption and Authentication Parameters In Step 9 of the VPN W izard, perform the follo wing steps: Step 1 Click the Encryption algorith [...]
-
Página 88
Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Specifying Address Translation Exception and Split Tunneling Split tunneling lets a remote-access IPsec client condition ally direct packet s ov er an IPsec t[...]
-
Página 89
7-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Note Enable split tunnelin g b y checking the Enable Split T unneling check box at the bottom of the screen. Split tunneling allo ws traffic ou tside the co[...]
-
Página 90
Chapter 7 Scenario : Remote-Access VPN Configuration What to D o Next 7-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you are satisf ied with the configuration, click Finish to apply the changes to the adaptiv e se curity appliance. If you want the conf iguration changes to be sav ed to the startup config[...]
-
Página 91
7-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration What to Do Next T o Do This ... See ... Conf igure the adaptive security appliance to protect a W eb server in a DMZ Chapter 6, “Scenario: DMZ Conf iguration” Conf igure a site-to-site VPN Chapter 8, “[...]
-
Página 92
Chapter 7 Scenario : Remote-Access VPN Configuration What to D o Next 7-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Página 93
CH A P T E R 8-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 8 Scenario: Site-to-Site VPN Configuration This chapter descri bes how to use the ad apti ve security appliance to create a site-to-site VPN. Site-to-site VPN features pro vided by the adapti ve security appliance enable businesses to extend their [...]
-
Página 94
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 8-1 Networ k Lay out fo r Site-t o-Site VPN Configuration Scenar io Creating a VPN site-to-site de ployment such as the one in Figure 8-1 r equires you to configu[...]
-
Página 95
8-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Configuring the Site-to-Site VPN This section describes how to use the ASDM VPN W izard to configure the adaptiv e se curity appliance for a site-to-site VPN. This secti[...]
-
Página 96
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Configuring the Security Ap pliance at the Local Site Note The adaptiv e security appliance at the first site is referred to as Security Appliance 1 from this point forwa[...]
-
Página 97
8-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario In Step 1 of the VPN W izard , perform the following steps: a. Click the Site-to -Site VP N radio button. Note The Site-to-Site VPN option connects two IPSec security ga[...]
-
Página 98
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Providing Information A bout the Remote VPN Peer The VPN peer is the system on the othe r end of the connection that you are confi guring, usually at a remote site. Note [...]
-
Página 99
8-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Step 3 Click Next to continue. Configuring the IKE Policy IKE is a negotiation prot ocol that includ e s an encryption method to p rotect data and ensure pri v acy; it i[...]
-
Página 100
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note When configuri ng Security Appliance 2 , enter the e xact values for each of the options that you cho se for Security Appliance 1. Encryption mismatches are a common[...]
-
Página 101
8-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Configuring IPSec Encryption and Authentication Parameters In Step 4 of the VPN W izard, perform the follo wing steps: Step 1 Choose the Encryption algorit hm (DES/3DES/[...]
-
Página 102
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Specifying Hosts and Networks Identify hosts and netw orks at the local site that are permitted to use th is IPSec tunnel to communi cate with the remote-site p eer . Ad[...]
-
Página 103
8-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Step 5 Click Next to continue. Viewing VPN Attributes and Completing the Wizard In Step 6 of the V PN W izard, re view the conf iguration list for the VPN tunnel you ju[...]
-
Página 104
Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you want the conf iguration changes to be sav ed to the startup configurati on so that they are applied t he next time the de vice starts, from the File menu, click S[...]
-
Página 105
8-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Configuring the Other Sid e of the VPN Connection Configuring the Other Side of the VPN Connection Y ou ha ve just conf igured th e local adaptive security a ppliance. No w you need to configure the adapti v[...]
-
Página 106
Chapter 8 Sc enario: Si te-to-Site VPN Configuration What to D o Next 8-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Y o u can configure the adapti ve security appliance for more than one application. The follo wing sections p rovide conf iguration procedures for oth er common applications of the adap tiv e[...]
-
Página 107
CH A P T E R 9-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 9 Configuring the AIP SSM The optional AIP SSM runs advanced IPS so ftw are that pro vides further security inspection either in inline mode or p romiscuous mode. The adapti ve security appliance di verts packets to the AIP SSM just before the pack[...]
-
Página 108
Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 This section includes the following topics: • Overvie w of Configuration Process, pag e 9-2 • Config uring the ASA 5500 to Di vert T raff ic to the AIP SSM, page 9-2 • Sessioning to the AIP SSM and Ru[...]
-
Página 109
9-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM AIP SSM Configuration T o identify traffic to div ert from the adap ti ve security a ppliance t o the AIP SSM, perform the follo wing steps: Step 1 Create an access list that matches all t raf fic: hostname(config)# access-list[...]
-
Página 110
Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The inline and promiscuous k eyw ords control the operating mode of the AIP SSM. The fail-close and fail-open keywords control ho w the adaptiv e security appliance treats traff ic when the AI P SSM is una [...]
-
Página 111
9-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM AIP SSM Configuration Sessioning to the AIP SSM and Running Setup After you ha ve complet ed conf iguration of the ASA 5500 series adapti ve security appliance to di vert traff ic to the AIP SSM, session to the AIP SSM and run [...]
-
Página 112
Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 this product you agree to comply with applicab le laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptogr[...]
-
Página 113
9-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM What to Do Next What to Do Next Y ou are now ready to co nfig ure the adapti ve security appliance for intrusion pre vention. Use th e follow ing documents to continu e conf iguring the adapti ve security appliance for your imp[...]
-
Página 114
Chapter 9 Configuring the AIP SSM What to D o Next 9-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Y o u can configure the adapti ve security appliance for more than one application. The follo wing sections p rovide conf iguration procedures for oth er common applications of the adap tiv e security appliance.[...]
-
Página 115
CH A P T E R 10-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 10 Configuring the CSC SSM The ASA 5500 series adaptiv e security appliance supports the CSC SSM, which runs Content Security and Control software. The CS C SSM provides protectio n against viruses, spyware, spam, and other unwanted traf fic. It a[...]
-
Página 116
Chapter 10 Configuring the CSC SSM About Deploying the Secur ity Appliance with the CSC SSM 10-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 In addition to o btaining content prof iles from T rend Micro, system administrators can also customize the conf igurat ion so that the CSC SSM scans for additional traf[...]
-
Página 117
10-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM About Deploying the Sec urity Appliance with the CSC SSM Figur e 1 0-1 CSC SSM T raffic Flo w In this e xample, clients could be network u sers who are accessing a website, do wnloading f iles from an FTP serv er , or retriev[...]
-
Página 118
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note The CSC SSM handles SMTP traff ic some what dif ferently than other content types. After the CSC SSM recei ves SMTP tr af fic and scans it, it doe[...]
-
Página 119
10-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security In this scenari o, the customer has deployed an adapti ve security appliance with a CSC SSM for content security . Of particular interest are the follo [...]
-
Página 120
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you follo wed the procedures in earlier chapters of this document, at this po int you ha ve an ASA syst em running with licensed soft ware, and you [...]
-
Página 121
10-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Note The SSM management port IP address must be accessible by the hosts used to run ASDM. The IP addre sses for the SSM ma nagement port and the adapti [...]
-
Página 122
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Click Ye s to accept the certificates. Click Ye s for all subsequent authenti cation and certif icate dialog bo xes. The ASDM Main window appear[...]
-
Página 123
10-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security • If you are using NTP to control time settings, v erify the NTP configurati on. In ASDM, click Configuration > Pr operties > Device Administrat[...]
-
Página 124
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Click Next . Step 5 In Step 2 of the CSC W izard, en ter the follo wing information: • IP address, netmask and gate way IP address for the CS[...]
-
Página 125
10-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security • Domain name used by the local mail serv er as the incoming domain. Note Anti-SP AM policies are applied only to email traff ic coming into this dom[...]
-
Página 126
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 By default, all net works ha ve managemen t access to the CSC SSM. For securit y purposes, we recommend th at you rest rict access to specific subnets[...]
-
Página 127
10-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Step 11 In Step 5 of the CSC Setup W izard, enter a new password for management access. Enter the fact ory default passw ord, “ci sco,” in the Old [...]
-
Página 128
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 13 In Step 6 of the CSC Setup W izard, re view conf iguration settings you just entered for the CSC SSM. If you are satisf ied with these setting[...]
-
Página 129
10-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security T o simplify the initial configurati on process, this procedure creates a global service polic y that di verts all traf fic for the supported proto col[...]
-
Página 130
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 5 Click Next. The T raffic Classif ication Criteria page appears. Step 6 In the T raff ic Cla ssificati on Criteria page, click the User class-de[...]
-
Página 131
10-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Step 8 In the Service Polic y Rule W izard, click the CSC Scan tab . Step 9 On the CSC Scan tab page, check the Enable CSC scan f or this traff ic flow[...]
-
Página 132
Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 10 Click Finish .[...]
-
Página 133
10-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security The new service polic y appears in the Service Policy Rules pane. Step 11 Click Apply . By default, the CSC SSM is conf igured to perform content secu [...]
-
Página 134
Chapter 10 Configuring the CSC SSM What to D o Next 10-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If included in the license you purchased, you can create custom settings fo r URL blocking and URL f iltering, as well as email an d FTP parameters. For more informatio n, see the Cisco Content Security and C[...]
-
Página 135
10-21 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM What to Do Next After you have conf igured the CSC SSM software, you may want to cons ider performing some of the follo wing additional step s: Y o u can configure the adapti ve security appliance for more than one applicati[...]
-
Página 136
Chapter 10 Configuring the CSC SSM What to D o Next 10-22 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Página 137
CH A P T E R 11-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 11 Configuring the 4GE SSM for Fiber The 4GE Security Services Module (SSM) has four Ethernet ports, and each port has two media type options: SFP (Small Form-F actor Pluggable) f iber or RJ 35. Y ou can mix the copper and f iber ports using the s[...]
-
Página 138
Chapter 11 Configuring the 4GE SSM for Fiber Cabling 4GE SSM Interfaces 11-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Cabling 4GE SSM Interfaces T o ca ble 4GE SSM interfaces, perform the follo wing steps for each port you want to connect to a netw ork de vice: Step 1 T o connect an RJ-45 (Ethernet) interf[...]
-
Página 139
11-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 11 Configuring the 4G E SSM for Fiber Setting the 4GE SSM Media Type for Fib er Interfaces (Optional) Figur e 1 1 -2 Connecting the LC Conn ector e. Connect the other end of t he LC connector to your netw ork de vice. After you hav e attached any SFP p[...]
-
Página 140
Chapter 11 Configuring the 4GE SSM for Fiber Setting the 4GE SSM Media Type for Fiber Interfaces (Optio nal) 11-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note Because the default media ty pe setting is Ethernet, y ou do not need to change the media type setting for Ethernet int erfaces you use. T o set th[...]
-
Página 141
11-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 11 Configuring the 4G E SSM for Fiber What to Do Next What to Do Next Y ou have co mpleted the initial conf iguration. Y ou may want to consider performing some of the follo wing additional step s: T o Do This ... See ... Refine con figurati on and con[...]
-
Página 142
Chapter 11 Configuring the 4GE SSM for Fiber What to D o Next 11-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01[...]
-
Página 143
CH A P T E R A-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 A Obtaining a DES License or a 3DES-AES License Cisco adapti ve security appl iances are av ailable either with a DES or 3DES-ASE license that pr ovides encrypti on technology to enable specific features, suc h as secure remote management (SSH, ASD[...]
-
Página 144
Chapter A Obtaining a DE S License o r a 3DES-AES License A-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o use the activ ation ke y , perform the foll owing steps: Command Purpose Step 1 hostname# show version Sho ws the software release, hardware conf iguration, license k ey , and related uptime data. Ste[...]