Cisco Systems ASA 5500の取扱説明書

144ページ 3.21 mb
ダウンロード

ページに移動 of 144

Summary
  • Cisco Systems ASA 5500 - page 1

    Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 C i s c o ASA 5 5 0 0 Se r i e s Ad a p t i ve S ecurity Appliance Get ting Star ted Guide For t he Cisco AS A 551 0, A SA 5520 , and AS A 5540 Customer Order Number: DO C-7817611= ...

  • Cisco Systems ASA 5500 - page 2

    THE SPECIFICA TIONS AND IN FORMA TION REGARDING THE PRODUCTS IN THIS MAN U AL ARE SUBJECT TO CHANGE WITHOUT NO TICE. ALL ST A TEMENTS, INFORMA TION, AND RECOMMEND A TION S IN THIS MANU AL ARE BELIEVED TO BE A CCURA TE BUT ARE PRESENTED WITHOUT W ARRANTY OF ANY KIN D, EXPRESS OR IMPLIED . USERS MUST T AKE FU LL RESPONSIBILITY FO R THEIR APPLICA TION ...

  • Cisco Systems ASA 5500 - page 3

    iii Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 CONTENTS CHAPTER 1 Before You Begin 1-1 ASA 5500 1-1 ASA 5500 with AIP SSM 1-2 ASA 5500 with CSC SSM 1-3 ASA 5500 with 4GE SSM 1-4 CHAPTER 2 Installing the Cisco ASA 5500 2-1 Verifying the Pack age Contents 2-2 Installing the Chassis 2-3 Rack-Mounting the Chass ...

  • Cisco Systems ASA 5500 - page 4

    Contents iv Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 CHAPTER 4 Connecting Interfa ce Cables 4-1 Connecting Cable s to Interfaces 4-2 What to Do Nex t 4-10 CHAPTER 5 Configuring the Adaptiv e Security Appliance 5-1 About the Factory-Default Configuratio n 5-1 About the Ad aptive Secu rity Device Manager 5-2 ...

  • Cisco Systems ASA 5500 - page 5

    v Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Contents Starting ASDM 7-4 Configuring the FWSM for an IPsec Remote-Access VPN 7-5 Selecting VP N Client Types 7-6 Specifying the VPN Tunnel Group Name and Authentication Method 7-7 Specifying a User Authentication Method 7-8 (Optional) Configuring User Accounts ...

  • Cisco Systems ASA 5500 - page 6

    Contents vi Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 CHAPTER 9 Configuring the AIP SSM 9-1 AIP SSM Configuration 9-1 Overview of Configuration Process 9-2 Configuring the ASA 5500 to Divert Traffic to the AIP SSM 9-2 Sessioning to the AIP SSM and Running Setup 9-5 What to Do Nex t 9-7 CHAPTER 10 Configurin ...

  • Cisco Systems ASA 5500 - page 7

    CH A P T E R 1-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 1 Before You Begin Use the follo wing table to f ind the instal lation and configuration steps that are required for your impl ementation of the adapti ve security appliance. The adaptiv e security appliance implementa tions included in this docume ...

  • Cisco Systems ASA 5500 - page 8

    Chapter 1 Be fore You Begin ASA 5500 with AIP SSM 1-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ASA 5500 with AIP SSM Conf igure the adapti ve security ap pliance for your implementation Chapter 6, “Scenario: DMZ Conf iguration” Chapter 7, “Scenario: Remote-Access VPN Conf iguration” Chapter 8, “S ...

  • Cisco Systems ASA 5500 - page 9

    1-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 1 Before You Begin ASA 5500 with CSC SSM ASA 5500 with CSC SSM Configure IPS soft ware for intrusion pre vention Conf iguring the Cisco Intrusi on Pr evention System Sensor Using the Command Line Interface Cisco Intrusi on Pr eventi on System Command Re ...

  • Cisco Systems ASA 5500 - page 10

    Chapter 1 Be fore You Begin ASA 5500 with 4GE SSM 1-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ASA 5500 with 4GE SSM Conf igure the CSC SSM Ci sco Content Security and Contr ol SSM Administrator Guide Refine con figurati on and config ure optional and advanced features Cisco Security Applia nce Command Lin ...

  • Cisco Systems ASA 5500 - page 11

    CH A P T E R 2-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 2 Installing the Cisco ASA 5500 War ni ng Only trained and qualified pe rsonnel should be allowed to in stall, replace, or service this equipment. Caution Read the safety warnings in the Re gulatory Compliance a nd Safety Informatio n for the Cisco ...

  • Cisco Systems ASA 5500 - page 12

    Chapter 2 Installing the Cisco ASA 5500 Verifying the Package Contents 2-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Verifying the Package Contents V erify the contents of the packing box t o ensure that you have received all items necessary to install your Cisco ASA 5500 se ries adaptive security appliance ...

  • Cisco Systems ASA 5500 - page 13

    2-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Installing the Chassis Installing the Chassis This section descri bes how to rack-mou nt and install the adapti ve security appliance. Y ou can mount the adaptiv e security applian ce in a 19-inch rack (with a 17.5- or 17 ...

  • Cisco Systems ASA 5500 - page 14

    Chapter 2 Installing the Cisco ASA 5500 Installing the Chassis 2-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Rack-Mounting the Chassis T o rack-mount the chassis, perform the following steps: Step 1 Attach the rack-mount brackets to the ch assis using the supplied screws. Attach the brackets to the holes as ...

  • Cisco Systems ASA 5500 - page 15

    2-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs Figur e 2-3 Rack-Mounting the Chassis T o remov e the chassis from the rack, remove the screws that a ttach the chassis to the rack, and then remov e the chassis. Ports and LEDs This section descri bes the ...

  • Cisco Systems ASA 5500 - page 16

    Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs 2-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 2-4 F ront P anel LEDs LED Color State Description 1 Power Green On The system has po wer . 2 Status Green Flashing The po wer-up d iagnostics are running or the system is bo oting. Solid The system ...

  • Cisco Systems ASA 5500 - page 17

    2-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs Figure 2-5 sho ws the rear panel features fo r the adapti ve security appliance. Figur e 2-5 Rear P anel LEDs and P orts (A C P ow er Supply Mode l Shown) For more inf ormation on the Management Port, see t ...

  • Cisco Systems ASA 5500 - page 18

    Chapter 2 Installing the Cisco ASA 5500 Ports and LEDs 2-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figure 2-6 sho ws the adaptive security appliance rear panel LEDs. Figur e 2-6 Rear Pa nel Link and Speed Indicator LEDs Ta b l e 2 - 1 lists the rear MGMT and Network interface LEDs. Note The ASA 5510 adapt ...

  • Cisco Systems ASA 5500 - page 19

    2-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 2 Installing the Cisco ASA 5500 What to Do Next What to Do Next Continue w ith one of the f ollowing chapters: T o Do This ... See ... Install SSMs you purch ased bu t that hav e not yet been installed Chapter 3, “Install ing Optional SSMs” Continue ...

  • Cisco Systems ASA 5500 - page 20

    Chapter 2 Installing the Cisco ASA 5500 What to D o Next 2-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ...

  • Cisco Systems ASA 5500 - page 21

    CH A P T E R 3-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 3 Installing Optional SSMs This chapter pro vides information about installing optional SSMs (Secu rity Services Modules) and their com ponents. Y ou only need to use the procedures in this chapter if you purchased an opti onal SSM b ut it is not y ...

  • Cisco Systems ASA 5500 - page 22

    Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 4GE SSM Components Figure 3-1 lists the Cisco 4GE SSM ports and LEDs. Figur e 3-1 Cisco 4GE SSM P orts and LEDs Note Figure 3-1 sho ws SFP modules installed in the port slots. Y ou must order and install the SFP m ...

  • Cisco Systems ASA 5500 - page 23

    3-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM Installing the Ci sc o 4 GE S SM T o install a new C isc o 4 GE S SM for the f irst time, perform the foll owing steps: Step 1 Po wer of f the adapti ve security appliance. Step 2 Locate the grounding strap fr o ...

  • Cisco Systems ASA 5500 - page 24

    Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Insert the C isc o 4 GE S SM through the slot openin g as shown i n Figure 3-3 . Figur e 3-3 Inser ting the Cisco 4GE SSM into the Slot Step 5 Attach the screws to secure the C is co 4GE S SM to the chassis ...

  • Cisco Systems ASA 5500 - page 25

    3-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM SFP Module The adapti ve securi ty appliance uses a field-replaceable SFP module to establish Gigabit connect ions. Note I f you install an SFP mo dule after the switch has powered on, you must reload the adapti ...

  • Cisco Systems ASA 5500 - page 26

    Chapter 3 Installing Optional SSMs Cisco 4GE SSM 3-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Use only Cisco-certif ied SFP modules on th e adapti ve security appliance. Each SFP module has an internal serial EEP R OM that is encode d with security information. Thi s encoding pro vides a way for Cisco to i ...

  • Cisco Systems ASA 5500 - page 27

    3-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco 4GE SSM Figure 3-4 Installing an SFP Module Caution Do not remov e the optical port plugs fro m the SFP until you are ready t o connect the cables . Step 2 Re m ove t he O pt ic a l p o rt pl ug ; th e n connect the net ...

  • Cisco Systems ASA 5500 - page 28

    Chapter 3 Installing Optional SSMs Cisco AIP SSM and CSC SSM 3-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Cisco AIP SSM and CSC SSM The ASA 5500 series adapti ve security appliance su pports the AIP SSM (Adv anced Inspection and Pre vention Secu ri ty Services Module) and the CSC SSM (Content Security Cont ...

  • Cisco Systems ASA 5500 - page 29

    3-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 3 Installing Opti onal SSMs Cisco AIP SSM and CSC SSM Figur e 3-5 SSM LEDs Ta b l e 3 - 5 describes the SSM LEDs. Installing an SSM T o install a ne w SSM, perform the follo wing steps: Step 1 Po wer of f the adapti ve security appliance. Step 2 Locate ...

  • Cisco Systems ASA 5500 - page 30

    Chapter 3 Installing Optional SSMs What to D o Next 3-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 3-6 Removing the Scr ews from the Slot Co ver Step 4 Insert the SSM into the slot opening as sho wn in Figure 3-7 . Figur e 3-7 Inserting the SSM int o the Slot Step 5 Attach the screws to secure the S ...

  • Cisco Systems ASA 5500 - page 31

    CH A P T E R 4-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 4 Connecting Interface Cables This chapter d escribes ho w to connect the cables to the Console, Auxiliary , Management, Cisco 4GE SSM , and SSM ports . In this document, SSM refers to an intelligent SSM, the AIP SSM, or the CSC SSM. This chapter i ...

  • Cisco Systems ASA 5500 - page 32

    Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Connecting Cables to Interfaces T o connect cables to the interf aces, perform the follo wing steps: Step 1 Place the chassis on a flat, stable surface, or in a rack (i f you are rack-mount ...

  • Cisco Systems ASA 5500 - page 33

    4-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces Figur e 4-1 Connecting t o the Management P ort 1 Management port 2 RJ-45 to RJ-45 Ethernet cable USB2 USB1 LNK SPD 3 LNK SPD 2 LNK SPD 1 LNK SPD 0 MGMT 92684 2 1 ...

  • Cisco Systems ASA 5500 - page 34

    Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 b. Console port – Connect the serial console cable as shown in Figure 4-2 . The console cable has a DB-9 connector on one end for the seri al port on your computer , and the other end is ...

  • Cisco Systems ASA 5500 - page 35

    4-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces c. Auxiliary port – Connect the serial console cable as shown in Figure 4-2 . The console cable has a DB-9 connector on one end for the seri al port on your computer , and the other end is ...

  • Cisco Systems ASA 5500 - page 36

    Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 d. Cisco 4GE SSM • Ethernet port – Connect one RJ-45 connecto r to the Ethernet port of the Cisco 4GE SSM as sho wn in Figure 4-4 . – Connect the other end of the Ethernet cable to yo ...

  • Cisco Systems ASA 5500 - page 37

    4-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces • SFP modules – Insert and slide the SFP module into the SFP port until you hear a click. The click indicates that the SFP m odule is lock ed into the port. – Remov e the optical port p ...

  • Cisco Systems ASA 5500 - page 38

    Chapter 4 Conn ecting Interface Cables Connecting Cab l es to Interfaces 4-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 4-6 Connecting the LC Connector – Connect the other end to your networ k de vices, suc h as routers, switches, or hubs. e. SSM – Connect one RJ-45 connector to th e management p ...

  • Cisco Systems ASA 5500 - page 39

    4-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 4 Connecting Interface Cables Connecting Cables to Interfaces Figure 4-7 Connecting to the M an a gem e nt Port 1 SSM management port 2 RJ-4 5 to RJ-45 cable 143149 USB1 MGMT USB2 MGMT USB2 PO W ER STA TUS USB1 2 LINK?ACT SPEED 1 ...

  • Cisco Systems ASA 5500 - page 40

    Chapter 4 Conn ecting Interface Cables What to D o Next 4-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 f. Ethernet port s – Connect the RJ-4 5 connector to the Et hernet port as sho wn in Figur e 4-8 . – Connect the other end of the Ethernet cable to your network de vice, such as a router , switch or hu ...

  • Cisco Systems ASA 5500 - page 41

    CH A P T E R 5-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 5 Configuring the Adaptive Security Appliance This chapter describes t he initial conf iguration of the ad ap ti v e sec ur it y a ppl ia nc e. Y ou can perform th e configuration steps using either the bro wser-b ased Cisco Adapti ve Security De v ...

  • Cisco Systems ASA 5500 - page 42

    Chapter 5 Co nfiguring the Adaptive Secu rity Appliance About the Adaptive Security Device Manager 5-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 By default, the adapti ve security appliance Management interface is conf igured with a default DHCP address pool. This configuration enables a client on the insid ...

  • Cisco Systems ASA 5500 - page 43

    5-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 5 Con figuring the Adaptive Security A ppliance Before Launching the Startup Wizard In addition to it s complete conf iguration and management capabili ty , ASDM features intelligent wi zards to simplify and accelerate the deployment of th e adapti ve s ...

  • Cisco Systems ASA 5500 - page 44

    Chapter 5 Co nfiguring the Adaptive Secu rity Appliance Using the Startup Wizard 5-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Using the Startup Wizard ASDM includes a Startup W izard to simplify the initial conf iguration of your adaptiv e security appliance. W ith a fe w steps, the Startup W izard enables ...

  • Cisco Systems ASA 5500 - page 45

    5-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 5 Con figuring the Adaptive Security A ppliance What to Do Next b. In the address field of the bro wser, enter this URL: https://192 .168.1.1/ . Note T he adapti ve security appliance shi ps w it h a d ef au lt I P a dd r es s of 192.168.1.1. Remember t ...

  • Cisco Systems ASA 5500 - page 46

    Chapter 5 Co nfiguring the Adaptive Secu rity Appliance What to D o Next 5-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Conf igure the AIP SSM for intrusion pre vention Chapter 9, “Conf iguring the AIP SSM” Conf igure the CSC SSM for content security Chapter 10, “Con figur ing the CSC SSM” T o Do Thi ...

  • Cisco Systems ASA 5500 - page 47

    CH A P T E R 6-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 6 Scenario: DMZ Configuration This chapter descri bes a configuration s cenario in whic h the adaptiv e sec urity appliance is used to protect network re sources located in a demilitari zed zone (DMZ). A DMZ is a se parate network l o cated in the ...

  • Cisco Systems ASA 5500 - page 48

    Chapter 6 Scen ario: DMZ Configuration Example DMZ Network Topology 6-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figure 6-1 Networ k Layo ut for DMZ Configuration Scenar io This exampl e scenario has the follo wing characteristics: • The web server is on the DMZ interface of the adaptive security applian ...

  • Cisco Systems ASA 5500 - page 49

    6-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Example DMZ Network Topology Figur e 6-2 Outg oing HT TP T r affi c Flow fr om the Pr iv ate Networ k In Figure 6-2 , the adaptiv e sec urity appliance permits HTTP traf fic or iginating from inside clients and desti ned f ...

  • Cisco Systems ASA 5500 - page 50

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 6-3 Incomi ng HTTP T raf fic Flow F rom the Int er net T o permit incoming traf fic to access the DMZ web serv er , the adaptive security appliance conf igur ...

  • Cisco Systems ASA 5500 - page 51

    6-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt This confi guration procedure assumes th at the adapti ve security appliance already has interfaces configured for the inside interface, the DMZ interface, and the ...

  • Cisco Systems ASA 5500 - page 52

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 • For the internal clients to hav e a cce ss to HTTP and HTTPS resources on the Internet, you must create a rule that transl ates the real IP ad dresses of interna ...

  • Cisco Systems ASA 5500 - page 53

    6-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Creating IP Pools for Ne twork Address Translation The adaptiv e se curity appliance uses Network Address T ranslation (N A T) and Port Address T ranslation (P A T) ...

  • Cisco Systems ASA 5500 - page 54

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o configure a pool of IP addresses that can be used for netw ork address translation, perform t he follo wing steps: Step 1 In the ASDM windo w , click the Conf ig ...

  • Cisco Systems ASA 5500 - page 55

    6-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt d. From the Interf aces drop-do wn list, choose DMZ. e. T o create a ne w IP pool, enter a unique Po ol ID. In this scenario, the Pool ID is 200. f. In the IP Addr ...

  • Cisco Systems ASA 5500 - page 56

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 g. Click Add to add this range of IP ad dresses to the Address Pool. The Add Global Pool dialog box config uration should be similar to th e follo wing: h. Click OK ...

  • Cisco Systems ASA 5500 - page 57

    6-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt e. Click the Port Address T ranslation (P A T) using the IP addr ess of the interfac e radio b utton. If you select the option Po rt Address T r anslati on using t ...

  • Cisco Systems ASA 5500 - page 58

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The displayed conf iguration should be similar to the follo wing: Step 3 Confirm that the conf iguration values are correct. Step 4 Click Apply in the main ASDM win ...

  • Cisco Systems ASA 5500 - page 59

    6-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt In this procedure, you conf igure a Network Address T ranslation (N A T) rule that associates IP addresses from this pool with the inside clients so they can commu ...

  • Cisco Systems ASA 5500 - page 60

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 c. Click OK to add the Dynamic N A T Rule and return to the Conf iguration > NA T w i n do w . Re view the conf iguration sc r een to verify that the tran slatio ...

  • Cisco Systems ASA 5500 - page 61

    6-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt The displayed conf iguration should be similar to the follo wing: Step 6 Click Apply to complete the adaptiv e security applia nce configuration changes. Configuri ...

  • Cisco Systems ASA 5500 - page 62

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 For man y conf igurations, yo u would also need to create a N A T rule between the inside interface and the outside interface to enable inside cl ients to communica ...

  • Cisco Systems ASA 5500 - page 63

    6-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Step 5 In the Static T ranslation area , specify the public IP address to be used for the web server: a. From the Interf ace drop-do wn list, choose Outside. b. Fr ...

  • Cisco Systems ASA 5500 - page 64

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The displayed conf iguration should be similar to the follo wing: Step 7 Click Apply to complete the adaptiv e security applia nce configuration changes. Providing ...

  • Cisco Systems ASA 5500 - page 65

    6-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt appliance that processes the traff ic, whet her the traff ic is incoming or outgoing, the origin and destinati on of the traf fic, and the t ype of traff ic protoc ...

  • Cisco Systems ASA 5500 - page 66

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 2 In the Interface and Action area: a. From the Interf ace drop-do wn list, choose Outside. b. From the Direction drop-do wn list, choose Incoming. c. From the ...

  • Cisco Systems ASA 5500 - page 67

    6-21 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Alternati vely , if the address of th e source host or netw ork is preconf igured, choose the source IP address from the IP A ddress drop-do wn list. c. Enter the ...

  • Cisco Systems ASA 5500 - page 68

    Chapter 6 Scen ario: DMZ Configuration Configuring the Se curity Appliance for a D MZ Deployment 6-22 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 At this point, the entries in the Add Access Rule dialog box should be similar to the following: d. Click OK . Step 6 The displayed conf iguration should be similar ...

  • Cisco Systems ASA 5500 - page 69

    6-23 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration Configuring the Security Applia nce for a DMZ Deployme nt Step 7 Click Apply to sav e the configuration changes t o the conf iguration that the adapti ve secur ity appliance is current ly running. Clients on both the pri ...

  • Cisco Systems ASA 5500 - page 70

    Chapter 6 Scen ario: DMZ Configuration What to D o Next 6-24 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 8 If you want the conf iguration changes to be sav ed to the startup configurati on so that they are applied t he next time the de vice starts, from the File menu, click Sa ve . Alternati vely , ASDM ...

  • Cisco Systems ASA 5500 - page 71

    6-25 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 6 Scenario: DMZ Configu ration What to Do Next T o Do This ... See ... Conf igure a remote-access VPN Chapter 7, “Scenario: Remote-Access VPN Conf iguratio n” Conf igure a site-to-site VPN Chapter 8, “Scenario: Site-to-Site VPN Conf iguratio n” ...

  • Cisco Systems ASA 5500 - page 72

    Chapter 6 Scen ario: DMZ Configuration What to D o Next 6-26 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ...

  • Cisco Systems ASA 5500 - page 73

    CH A P T E R 7-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 7 Scenario: Remote-Access VPN Configuration This chapter descri bes how to use the adapti ve security appliance to accept remote-access IPsec VPN c onnections. A remote-access VPN enables you to create secure connections, or tunnels, across the Int ...

  • Cisco Systems ASA 5500 - page 74

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 7 -1 Netw or k Layout f or Remote A ccess VPN Scenario Implementing the IPsec Remote-Access VPN Scenario This section describes how to conf igure the a ...

  • Cisco Systems ASA 5500 - page 75

    7-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario • Specifying the VPN T unnel Group Name and Authentication Method, page 7-7 • Specifying a User Authenticatio n Method, page 7-8 • (Optional) Conf igur ...

  • Cisco Systems ASA 5500 - page 76

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Starting ASDM T o run ASDM in a web browser , enter the f actory defaul t IP address in the address fie l d : https://192.168.1.1/admin/ . Note Remember to add ...

  • Cisco Systems ASA 5500 - page 77

    7-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring the FWSM for an IPsec Remote-Access VPN T o begin the process for configuring a remote-access VPN, perform the following steps: Step 1 In the mai ...

  • Cisco Systems ASA 5500 - page 78

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Selecting VPN Client Types In Step 2 of the VPN W izard, perform the follo wing steps: Step 1 Specify the type of VPN cl ient that will enable remote users to ...

  • Cisco Systems ASA 5500 - page 79

    7-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Specifying the VPN Tunnel Group Name and Authentication Method In Step 3 of the VPN W izard, perform the follo wing steps: Step 1 Specify the type of authent ...

  • Cisco Systems ASA 5500 - page 80

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 2 Enter a T unnel Group Name (such as “C isco”) for the set of users that use common connection parameters and client at tributes to con nect to this ...

  • Cisco Systems ASA 5500 - page 81

    7-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario In Step 4 of the VPN W izard , perform the following steps: Step 1 If you want to authenticate users by cr eating a user database on the adaptive security ap ...

  • Cisco Systems ASA 5500 - page 82

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 (Optional) Configuring User Accounts If you ha ve chosen t o authenticate user s with the local user database, you can create new user accounts here. Y ou can ...

  • Cisco Systems ASA 5500 - page 83

    7-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring Address Pools For remo te clients to gain access to your network, y ou must config ure a pool of IP addresse s that can be as signed to remo te ...

  • Cisco Systems ASA 5500 - page 84

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 3 Click Next to continue. Configuring Client Attributes T o a ccess your network, each remote access client needs basic network configuration information ...

  • Cisco Systems ASA 5500 - page 85

    7-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario In Step 7 of the VPN W izard, perform the follo wing steps: Step 1 Enter the netw ork conf iguration informat ion to be pushed to remote clien ts. Step 2 Cl ...

  • Cisco Systems ASA 5500 - page 86

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o specify the IKE policy in Step 8 of the VPN W izard, perform the follo wing steps: Step 1 Click the Encryption (DES/3DES/AES), authentication algori thms ...

  • Cisco Systems ASA 5500 - page 87

    7-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Configuring IPsec Encryption and Authentication Parameters In Step 9 of the VPN W izard, perform the follo wing steps: Step 1 Click the Encryption algorith ...

  • Cisco Systems ASA 5500 - page 88

    Chapter 7 Scenario : Remote-Access VPN Configuration Implementing the IPsec Remote-Access VPN Scenario 7-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Specifying Address Translation Exception and Split Tunneling Split tunneling lets a remote-access IPsec client condition ally direct packet s ov er an IPsec t ...

  • Cisco Systems ASA 5500 - page 89

    7-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration Implementing the IPse c Remote-Access VPN Scenario Note Enable split tunnelin g b y checking the Enable Split T unneling check box at the bottom of the screen. Split tunneling allo ws traffic ou tside the co ...

  • Cisco Systems ASA 5500 - page 90

    Chapter 7 Scenario : Remote-Access VPN Configuration What to D o Next 7-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you are satisf ied with the configuration, click Finish to apply the changes to the adaptiv e se curity appliance. If you want the conf iguration changes to be sav ed to the startup config ...

  • Cisco Systems ASA 5500 - page 91

    7-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 7 Sce nario: Remote-Access VPN Configuration What to Do Next T o Do This ... See ... Conf igure the adaptive security appliance to protect a W eb server in a DMZ Chapter 6, “Scenario: DMZ Conf iguration” Conf igure a site-to-site VPN Chapter 8, “ ...

  • Cisco Systems ASA 5500 - page 92

    Chapter 7 Scenario : Remote-Access VPN Configuration What to D o Next 7-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ...

  • Cisco Systems ASA 5500 - page 93

    CH A P T E R 8-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 8 Scenario: Site-to-Site VPN Configuration This chapter descri bes how to use the ad apti ve security appliance to create a site-to-site VPN. Site-to-site VPN features pro vided by the adapti ve security appliance enable businesses to extend their ...

  • Cisco Systems ASA 5500 - page 94

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Figur e 8-1 Networ k Lay out fo r Site-t o-Site VPN Configuration Scenar io Creating a VPN site-to-site de ployment such as the one in Figure 8-1 r equires you to configu ...

  • Cisco Systems ASA 5500 - page 95

    8-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Configuring the Site-to-Site VPN This section describes how to use the ASDM VPN W izard to configure the adaptiv e se curity appliance for a site-to-site VPN. This secti ...

  • Cisco Systems ASA 5500 - page 96

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Configuring the Security Ap pliance at the Local Site Note The adaptiv e security appliance at the first site is referred to as Security Appliance 1 from this point forwa ...

  • Cisco Systems ASA 5500 - page 97

    8-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario In Step 1 of the VPN W izard , perform the following steps: a. Click the Site-to -Site VP N radio button. Note The Site-to-Site VPN option connects two IPSec security ga ...

  • Cisco Systems ASA 5500 - page 98

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Providing Information A bout the Remote VPN Peer The VPN peer is the system on the othe r end of the connection that you are confi guring, usually at a remote site. Note ...

  • Cisco Systems ASA 5500 - page 99

    8-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Step 3 Click Next to continue. Configuring the IKE Policy IKE is a negotiation prot ocol that includ e s an encryption method to p rotect data and ensure pri v acy; it i ...

  • Cisco Systems ASA 5500 - page 100

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note When configuri ng Security Appliance 2 , enter the e xact values for each of the options that you cho se for Security Appliance 1. Encryption mismatches are a common ...

  • Cisco Systems ASA 5500 - page 101

    8-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Configuring IPSec Encryption and Authentication Parameters In Step 4 of the VPN W izard, perform the follo wing steps: Step 1 Choose the Encryption algorit hm (DES/3DES/ ...

  • Cisco Systems ASA 5500 - page 102

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Specifying Hosts and Networks Identify hosts and netw orks at the local site that are permitted to use th is IPSec tunnel to communi cate with the remote-site p eer . Ad ...

  • Cisco Systems ASA 5500 - page 103

    8-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Implementing the Site-to-Site Scenario Step 5 Click Next to continue. Viewing VPN Attributes and Completing the Wizard In Step 6 of the V PN W izard, re view the conf iguration list for the VPN tunnel you ju ...

  • Cisco Systems ASA 5500 - page 104

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration Implementing the Site-to-Site Scenario 8-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you want the conf iguration changes to be sav ed to the startup configurati on so that they are applied t he next time the de vice starts, from the File menu, click S ...

  • Cisco Systems ASA 5500 - page 105

    8-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 8 Sce nario: S ite-to-Site VPN Configuration Configuring the Other Sid e of the VPN Connection Configuring the Other Side of the VPN Connection Y ou ha ve just conf igured th e local adaptive security a ppliance. No w you need to configure the adapti v ...

  • Cisco Systems ASA 5500 - page 106

    Chapter 8 Sc enario: Si te-to-Site VPN Configuration What to D o Next 8-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Y o u can configure the adapti ve security appliance for more than one application. The follo wing sections p rovide conf iguration procedures for oth er common applications of the adap tiv e ...

  • Cisco Systems ASA 5500 - page 107

    CH A P T E R 9-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 9 Configuring the AIP SSM The optional AIP SSM runs advanced IPS so ftw are that pro vides further security inspection either in inline mode or p romiscuous mode. The adapti ve security appliance di verts packets to the AIP SSM just before the pack ...

  • Cisco Systems ASA 5500 - page 108

    Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 This section includes the following topics: • Overvie w of Configuration Process, pag e 9-2 • Config uring the ASA 5500 to Di vert T raff ic to the AIP SSM, page 9-2 • Sessioning to the AIP SSM and Ru ...

  • Cisco Systems ASA 5500 - page 109

    9-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM AIP SSM Configuration T o identify traffic to div ert from the adap ti ve security a ppliance t o the AIP SSM, perform the follo wing steps: Step 1 Create an access list that matches all t raf fic: hostname(config)# access-list ...

  • Cisco Systems ASA 5500 - page 110

    Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 The inline and promiscuous k eyw ords control the operating mode of the AIP SSM. The fail-close and fail-open keywords control ho w the adaptiv e security appliance treats traff ic when the AI P SSM is una ...

  • Cisco Systems ASA 5500 - page 111

    9-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM AIP SSM Configuration Sessioning to the AIP SSM and Running Setup After you ha ve complet ed conf iguration of the ASA 5500 series adapti ve security appliance to di vert traff ic to the AIP SSM, session to the AIP SSM and run ...

  • Cisco Systems ASA 5500 - page 112

    Chapter 9 Configuring the AIP SSM AIP SSM Configuration 9-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 this product you agree to comply with applicab le laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptogr ...

  • Cisco Systems ASA 5500 - page 113

    9-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 9 Configuring the AIP SSM What to Do Next What to Do Next Y ou are now ready to co nfig ure the adapti ve security appliance for intrusion pre vention. Use th e follow ing documents to continu e conf iguring the adapti ve security appliance for your imp ...

  • Cisco Systems ASA 5500 - page 114

    Chapter 9 Configuring the AIP SSM What to D o Next 9-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Y o u can configure the adapti ve security appliance for more than one application. The follo wing sections p rovide conf iguration procedures for oth er common applications of the adap tiv e security appliance. ...

  • Cisco Systems ASA 5500 - page 115

    CH A P T E R 10-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 10 Configuring the CSC SSM The ASA 5500 series adaptiv e security appliance supports the CSC SSM, which runs Content Security and Control software. The CS C SSM provides protectio n against viruses, spyware, spam, and other unwanted traf fic. It a ...

  • Cisco Systems ASA 5500 - page 116

    Chapter 10 Configuring the CSC SSM About Deploying the Secur ity Appliance with the CSC SSM 10-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 In addition to o btaining content prof iles from T rend Micro, system administrators can also customize the conf igurat ion so that the CSC SSM scans for additional traf ...

  • Cisco Systems ASA 5500 - page 117

    10-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM About Deploying the Sec urity Appliance with the CSC SSM Figur e 1 0-1 CSC SSM T raffic Flo w In this e xample, clients could be network u sers who are accessing a website, do wnloading f iles from an FTP serv er , or retriev ...

  • Cisco Systems ASA 5500 - page 118

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note The CSC SSM handles SMTP traff ic some what dif ferently than other content types. After the CSC SSM recei ves SMTP tr af fic and scans it, it doe ...

  • Cisco Systems ASA 5500 - page 119

    10-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security In this scenari o, the customer has deployed an adapti ve security appliance with a CSC SSM for content security . Of particular interest are the follo ...

  • Cisco Systems ASA 5500 - page 120

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If you follo wed the procedures in earlier chapters of this document, at this po int you ha ve an ASA syst em running with licensed soft ware, and you ...

  • Cisco Systems ASA 5500 - page 121

    10-7 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Note The SSM management port IP address must be accessible by the hosts used to run ASDM. The IP addre sses for the SSM ma nagement port and the adapti ...

  • Cisco Systems ASA 5500 - page 122

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-8 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Click Ye s to accept the certificates. Click Ye s for all subsequent authenti cation and certif icate dialog bo xes. The ASDM Main window appear ...

  • Cisco Systems ASA 5500 - page 123

    10-9 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security • If you are using NTP to control time settings, v erify the NTP configurati on. In ASDM, click Configuration > Pr operties > Device Administrat ...

  • Cisco Systems ASA 5500 - page 124

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-10 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 4 Click Next . Step 5 In Step 2 of the CSC W izard, en ter the follo wing information: • IP address, netmask and gate way IP address for the CS ...

  • Cisco Systems ASA 5500 - page 125

    10-11 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security • Domain name used by the local mail serv er as the incoming domain. Note Anti-SP AM policies are applied only to email traff ic coming into this dom ...

  • Cisco Systems ASA 5500 - page 126

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-12 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 By default, all net works ha ve managemen t access to the CSC SSM. For securit y purposes, we recommend th at you rest rict access to specific subnets ...

  • Cisco Systems ASA 5500 - page 127

    10-13 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Step 11 In Step 5 of the CSC Setup W izard, enter a new password for management access. Enter the fact ory default passw ord, “ci sco,” in the Old ...

  • Cisco Systems ASA 5500 - page 128

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-14 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 13 In Step 6 of the CSC Setup W izard, re view conf iguration settings you just entered for the CSC SSM. If you are satisf ied with these setting ...

  • Cisco Systems ASA 5500 - page 129

    10-15 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security T o simplify the initial configurati on process, this procedure creates a global service polic y that di verts all traf fic for the supported proto col ...

  • Cisco Systems ASA 5500 - page 130

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-16 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 5 Click Next. The T raffic Classif ication Criteria page appears. Step 6 In the T raff ic Cla ssificati on Criteria page, click the User class-de ...

  • Cisco Systems ASA 5500 - page 131

    10-17 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security Step 8 In the Service Polic y Rule W izard, click the CSC Scan tab . Step 9 On the CSC Scan tab page, check the Enable CSC scan f or this traff ic flow ...

  • Cisco Systems ASA 5500 - page 132

    Chapter 10 Configuring the CSC SSM Scenario: Security Ap pliance with CSC SSM Depl oyed for C ontent Security 10-18 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Step 10 Click Finish . ...

  • Cisco Systems ASA 5500 - page 133

    10-19 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM Scenario: Security Appliance with CSC SSM D eployed for Content Security The new service polic y appears in the Service Policy Rules pane. Step 11 Click Apply . By default, the CSC SSM is conf igured to perform content secu ...

  • Cisco Systems ASA 5500 - page 134

    Chapter 10 Configuring the CSC SSM What to D o Next 10-20 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 If included in the license you purchased, you can create custom settings fo r URL blocking and URL f iltering, as well as email an d FTP parameters. For more informatio n, see the Cisco Content Security and C ...

  • Cisco Systems ASA 5500 - page 135

    10-21 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 10 Configuring the CSC SSM What to Do Next After you have conf igured the CSC SSM software, you may want to cons ider performing some of the follo wing additional step s: Y o u can configure the adapti ve security appliance for more than one applicati ...

  • Cisco Systems ASA 5500 - page 136

    Chapter 10 Configuring the CSC SSM What to D o Next 10-22 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ...

  • Cisco Systems ASA 5500 - page 137

    CH A P T E R 11-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 11 Configuring the 4GE SSM for Fiber The 4GE Security Services Module (SSM) has four Ethernet ports, and each port has two media type options: SFP (Small Form-F actor Pluggable) f iber or RJ 35. Y ou can mix the copper and f iber ports using the s ...

  • Cisco Systems ASA 5500 - page 138

    Chapter 11 Configuring the 4GE SSM for Fiber Cabling 4GE SSM Interfaces 11-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Cabling 4GE SSM Interfaces T o ca ble 4GE SSM interfaces, perform the follo wing steps for each port you want to connect to a netw ork de vice: Step 1 T o connect an RJ-45 (Ethernet) interf ...

  • Cisco Systems ASA 5500 - page 139

    11-3 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 11 Configuring the 4G E SSM for Fiber Setting the 4GE SSM Media Type for Fib er Interfaces (Optional) Figur e 1 1 -2 Connecting the LC Conn ector e. Connect the other end of t he LC connector to your netw ork de vice. After you hav e attached any SFP p ...

  • Cisco Systems ASA 5500 - page 140

    Chapter 11 Configuring the 4GE SSM for Fiber Setting the 4GE SSM Media Type for Fiber Interfaces (Optio nal) 11-4 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 Note Because the default media ty pe setting is Ethernet, y ou do not need to change the media type setting for Ethernet int erfaces you use. T o set th ...

  • Cisco Systems ASA 5500 - page 141

    11-5 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 Chapter 11 Configuring the 4G E SSM for Fiber What to Do Next What to Do Next Y ou have co mpleted the initial conf iguration. Y ou may want to consider performing some of the follo wing additional step s: T o Do This ... See ... Refine con figurati on and con ...

  • Cisco Systems ASA 5500 - page 142

    Chapter 11 Configuring the 4GE SSM for Fiber What to D o Next 11-6 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 ...

  • Cisco Systems ASA 5500 - page 143

    CH A P T E R A-1 Cisco ASA 5500 Series Adaptive Securi ty Appliance Getting Started Guide 78-17611-01 A Obtaining a DES License or a 3DES-AES License Cisco adapti ve security appl iances are av ailable either with a DES or 3DES-ASE license that pr ovides encrypti on technology to enable specific features, suc h as secure remote management (SSH, ASD ...

  • Cisco Systems ASA 5500 - page 144

    Chapter A Obtaining a DE S License o r a 3DES-AES License A-2 Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide 78-17611-01 T o use the activ ation ke y , perform the foll owing steps: Command Purpose Step 1 hostname# show version Sho ws the software release, hardware conf iguration, license k ey , and related uptime data. Ste ...

メーカー Cisco Systems カテゴリー Home Security System

Cisco Systems ASA 5500のメーカーから受け取ることができるドキュメントは、いくつかのグループに分けられます。その一部は次の通りです:
- #BRANDの図面#
- ASA 5500の取扱説明書
- Cisco Systemsの製品カード
- パンフレット
- またはCisco Systems ASA 5500の消費電力シール
それらは全部重要ですが、デバイス使用の観点から最も重要な情報は、Cisco Systems ASA 5500の取扱説明書に含まれています。

取扱説明書と呼ばれる文書のグループは、Cisco Systems ASA 5500の取り付け説明書、サービスマニュアル、簡易説明書、またはCisco Systems ASA 5500のユーザーマニュアル等、より具体的なカテゴリーに分類されます。ご必要に応じてドキュメントを検索しましょう。私たちのウェブサイトでは、Cisco Systems ASA 5500の製品を使用するにあたって最も人気のある説明書を閲覧できます。

関連する取扱説明書

Cisco Systems ASA 5500デバイスの取扱説明書はどのようなものですか?
取扱説明書は、ユーザーマニュアル又は単に「マニュアル」とも呼ばれ、ユーザーがCisco Systems ASA 5500を使用するのを助ける技術的文書のことです。説明書は通常、全てのCisco Systems ASA 5500ユーザーが容易に理解できる文章にて書かれており、その作成者はその分野の専門家です。

Cisco Systemsの取扱説明書には、基本的な要素が記載されているはずです。その一部は、カバー/タイトルページ、著作権ページ等、比較的重要度の低いものです。ですが、その他の部分には、ユーザーにとって重要な情報が記載されているはずです。

1. Cisco Systems ASA 5500の説明書の概要と使用方法。説明書にはまず、その閲覧方法に関する手引きが書かれているはずです。そこにははCisco Systems ASA 5500の目次に関する情報やよくある質問、最も一般的な問題に関する情報を見つけられるはずです。つまり、それらはユーザーが取扱説明書に最も期待する情報なのです。
2. 目次。Cisco Systems ASA 5500に関してこのドキュメントで見つけることができる全てのヒントの目次
3. Cisco Systems ASA 5500デバイスの基本機能を使うにあたってのヒント。 Cisco Systems ASA 5500のユーザーが使い始めるのを助けてくれるはずです。
4. トラブルシューティング。Cisco Systems ASA 5500に関する最も重要な問題を診断し、解決するために役立つ体系化された手続き
5. FAQ。よくある質問
6. 連絡先。一人では問題を解決できない場合に、その国におけるCisco Systems ASA 5500のメーカー/サービスへの連絡先に関する情報。

Cisco Systems ASA 5500についてご質問がありますか?

次のフォームを使用してください

見つけた説明書を読んでもCisco Systems ASA 5500の問題を解決できない場合、下記のフォームを使用して質問をしましょう。ユーザーのどなたかがCisco Systems ASA 5500で同様の問題を抱えていた場合、その解決方法を共有したいと考えるかもしれません。

画像のテキストを入力してください

コメント (0)