Configuration Guide
Page 3
... software written by Tim J. Hudson. All rights reserved. and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, LightStream...
... software written by Tim J. Hudson. All rights reserved. and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, LightStream...
Configuration Guide
Page 39
...your network operations center to determine the level of Cisco support services to Cisco Press online at this URL: http://www.cisco.com/en/US/products/products_catalog_links_launch.html • Cisco Press publishes a wide range of toll-free Cisco TAC telephone numbers for new and experienced users: ...level 1 or priority level 2 issues. To obtain a directory of networking publications. For current Cisco Press titles and other information, go to this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with the latest information about ...
...your network operations center to determine the level of Cisco support services to Cisco Press online at this URL: http://www.cisco.com/en/US/products/products_catalog_links_launch.html • Cisco Press publishes a wide range of toll-free Cisco TAC telephone numbers for new and experienced users: ...level 1 or priority level 2 issues. To obtain a directory of networking publications. For current Cisco Press titles and other information, go to this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with the latest information about ...
Configuration Guide
Page 57
...on the SSL devices and modules is 80 columns by an SCA> prompt. 4. Attach the included null modem cable to the appliance. 2. Press Return. Replace the IP address in the form of HOST/PATH/FILENAME using the following commands. Initiate a telnet session with the IP address ...Attach the other end of graphic anomalies, please use the same settings with the appropriate one. An SCA> prompt is displayed. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 3-3 The device terminal settings can connect to a serial port on the serial terminal software. 1. Launch any...
...on the SSL devices and modules is 80 columns by an SCA> prompt. 4. Attach the included null modem cable to the appliance. 2. Press Return. Replace the IP address in the form of HOST/PATH/FILENAME using the following commands. Initiate a telnet session with the IP address ...Attach the other end of graphic anomalies, please use the same settings with the appropriate one. An SCA> prompt is displayed. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 3-3 The device terminal settings can connect to a serial port on the serial terminal software. 1. Launch any...
Configuration Guide
Page 63
...the information is accepted, you like to re-enter the name. Would you are prompted to create another ssl-server? (y/n): 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 3-9 The "default" policy algorithms are available. The "strong" policy includes the most commonly used....Mode, only security policies containing one or more algorithm information. After the name of the security policy to use, or simply press Enter to use the QuickStart wizard to verify the logical secure server configuration. Chapter 3 Using the QuickStart Wizard ...
...the information is accepted, you like to re-enter the name. Would you are prompted to create another ssl-server? (y/n): 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 3-9 The "default" policy algorithms are available. The "strong" policy includes the most commonly used....Mode, only security policies containing one or more algorithm information. After the name of the security policy to use, or simply press Enter to use the QuickStart wizard to verify the logical secure server configuration. Chapter 3 Using the QuickStart Wizard ...
Configuration Guide
Page 70
... Server wizard alone. To return to Chapter 6 for SSL devices. Note Refer to the higher Configuration mode, simply enter end or exit or press CTRL+D. Cisco 11000 Series Secure Content Accelerator Configuration Guide 4-2 78-13124-06 Appendix C lists all commands for FIPS Mode instructions. Figure 4-1 Configuration Manager Hierarchy...
... Server wizard alone. To return to Chapter 6 for SSL devices. Note Refer to the higher Configuration mode, simply enter end or exit or press CTRL+D. Cisco 11000 Series Secure Content Accelerator Configuration Guide 4-2 78-13124-06 Appendix C lists all commands for FIPS Mode instructions. Figure 4-1 Configuration Manager Hierarchy...
Configuration Guide
Page 73
...3. Launch any terminal emulation application that communicates with the serial port connected to initiate a management session with the Secure Content Accelerator. Press Return. Replace the IP address in FIPS Mode, only serial management is allowed. Chapter 4 Using the Configuration Manager Initiating a Management...software. SCA> enable SCA# configure (config[SCA])# ip address 10.1.2.5 netmask 255.255.255.0 (config[SCA])# 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 4-5 Attach the included null modem cable to a serial port on the configuring...
...3. Launch any terminal emulation application that communicates with the serial port connected to initiate a management session with the Secure Content Accelerator. Press Return. Replace the IP address in FIPS Mode, only serial management is allowed. Chapter 4 Using the Configuration Manager Initiating a Management...software. SCA> enable SCA# configure (config[SCA])# ip address 10.1.2.5 netmask 255.255.255.0 (config[SCA])# 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 4-5 Attach the included null modem cable to a serial port on the configuring...
Configuration Guide
Page 103
...Launch the Web browser. 2. If no enable password has been configured, the GUI starts at the General content area. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 5-3 Web Management: enabled on the device, you are prompted for the user name. If an enable password ... CLI (see "Example: Restricting Access using an Access List" in Chapter 4) or the GUI (as shown in the Address text box and press Return or Enter. Restricting Access to Web Management We recommend that port to Web Management The default TCP service port is 80. Chapter 5 Graphical...
...Launch the Web browser. 2. If no enable password has been configured, the GUI starts at the General content area. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 5-3 Web Management: enabled on the device, you are prompted for the user name. If an enable password ... CLI (see "Example: Restricting Access using an Access List" in Chapter 4) or the GUI (as shown in the Address text box and press Return or Enter. Restricting Access to Web Management We recommend that port to Web Management The default TCP service port is 80. Chapter 5 Graphical...
Configuration Guide
Page 105
...content area Administrative Time Out If the device senses no activity on page 4-31 for an example using the Passwords tab of the browser, and press Enter. Click Yes to configure port access. Figure 5-2 shows an example of the device. This value can proceed with the screen... layout. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 5-5 You receive a security alert dialog. Note Do not create an SSL server pointing to the IP ...
...content area Administrative Time Out If the device senses no activity on page 4-31 for an example using the Passwords tab of the browser, and press Enter. Click Yes to configure port access. Figure 5-2 shows an example of the device. This value can proceed with the screen... layout. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 5-5 You receive a security alert dialog. Note Do not create an SSL server pointing to the IP ...
Configuration Guide
Page 157
...reboot the Secure Content Accelerator. When the password is accepted, the "[FIPS]" portion of the Secure Content Accelerator. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 6-9 however, if non-FIPS-compliant security policies are assigned, the server is marked as...non-FIPS-compliant security policies are assigned, the backend server is marked as "FIPS suspended" upon exiting Reverse-Proxy Server Configuration mode. Press y when prompted to the device using a serial management session and enter Privileged Mode. [FIPS] SCA> enable [FIPS] SCA# 2. You ...
...reboot the Secure Content Accelerator. When the password is accepted, the "[FIPS]" portion of the Secure Content Accelerator. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 6-9 however, if non-FIPS-compliant security policies are assigned, the server is marked as...non-FIPS-compliant security policies are assigned, the backend server is marked as "FIPS suspended" upon exiting Reverse-Proxy Server Configuration mode. Press y when prompted to the device using a serial management session and enter Privileged Mode. [FIPS] SCA> enable [FIPS] SCA# 2. You ...
Configuration Guide
Page 200
... data and configure the device. For example, to the higher Configuration mode, simply enter end or exit or press CTRL+D. The finished command returns to the Top Level from any mode. and enable-level. and enable-level passwords. Configuration...a command in Appendix C. SSL devices are shipped without compromising the security of password protection: access- Cisco 11000 Series Secure Content Accelerator Configuration Guide C-6 78-13124-06 Passwords Cisco Secure Content Accelerator devices use two levels of your network or their own configuration. For...
... data and configure the device. For example, to the higher Configuration mode, simply enter end or exit or press CTRL+D. The finished command returns to the Top Level from any mode. and enable-level. and enable-level passwords. Configuration...a command in Appendix C. SSL devices are shipped without compromising the security of password protection: access- Cisco 11000 Series Secure Content Accelerator Configuration Guide C-6 78-13124-06 Passwords Cisco Secure Content Accelerator devices use two levels of your network or their own configuration. For...
Configuration Guide
Page 203
Use these steps to initiate a management session via a serial connection and set the IP address using the following commands. Press Return. Enter Privileged and Configuration modes and set an IP address for the device. Attach the included null modem cable to the appliance. ... the SSL devices and modules is displayed followed by 25 lines. SCA> enable SCA# configure (config[SCA])# ip address 10.1.2.5 (config[SCA])# 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-9
Use these steps to initiate a management session via a serial connection and set the IP address using the following commands. Press Return. Enter Privileged and Configuration modes and set an IP address for the device. Attach the included null modem cable to the appliance. ... the SSL devices and modules is displayed followed by 25 lines. SCA> enable SCA# configure (config[SCA])# ip address 10.1.2.5 (config[SCA])# 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-9
Configuration Guide
Page 205
...device. help, page 32 Displays help information for the device. paws, page 33 Pauses the configuration manager until a key is pressed. show date, page 36 Displays current date and time settings on the device. monitor, page 33 Displays the results of seconds between ... exit, page 32 Quits the configuration manager. ping, page 33 Sends ICMP packets to the specified IP address. Cisco 11000 Series Secure Content Accelerator Configuration Guide C-11 show history, page 37 Displays the last commands executed. show device, page 36 Displays ...
...device. help, page 32 Displays help information for the device. paws, page 33 Pauses the configuration manager until a key is pressed. show date, page 36 Displays current date and time settings on the device. monitor, page 33 Displays the results of seconds between ... exit, page 32 Quits the configuration manager. ping, page 33 Sends ICMP packets to the specified IP address. Cisco 11000 Series Secure Content Accelerator Configuration Guide C-11 show history, page 37 Displays the last commands executed. show device, page 36 Displays ...
Configuration Guide
Page 227
FIPS Mode (serial only) If no command is specified, help information is pressed. monitor Displays the results of the command. FIPS Mode (serial only) The interval between refreshes is set using the set monitor-interval (Non-Privileged Command ... Usage Guidelines Availability: Serial, Telnet; monitor Syntax Description command The name of the specified command at one second intervals. ping 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-33 paws Usage Guidelines Availability: Serial, Telnet;
FIPS Mode (serial only) If no command is specified, help information is pressed. monitor Displays the results of the command. FIPS Mode (serial only) The interval between refreshes is set using the set monitor-interval (Non-Privileged Command ... Usage Guidelines Availability: Serial, Telnet; monitor Syntax Description command The name of the specified command at one second intervals. ping 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-33 paws Usage Guidelines Availability: Serial, Telnet;
Configuration Guide
Page 230
... continuously, updated at one -second intervals. show device Usage Guidelines Availability: Serial, Telnet; FIPS Mode (serial only) C-36 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 The interval in seconds. Press any key to specify an interval for display updates. Usage Guidelines Availability: Serial, Telnet; Specifies an...
... continuously, updated at one -second intervals. show device Usage Guidelines Availability: Serial, Telnet; FIPS Mode (serial only) C-36 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 The interval in seconds. Press any key to specify an interval for display updates. Usage Guidelines Availability: Serial, Telnet; Specifies an...
Configuration Guide
Page 233
Use the interval option to stop displaying statistics. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-39 Displays information for display updates. Displays statistics continuously. Press any key to specify an interval for the "Server" interface. FIPS Mode (serial... only) If a single interface is not specified, statistics are displayed for both interfaces. Press any key to specify an interval for the "Network" interface. show interface statistics (Non-Privileged Command Set) interface (Con...
Use the interval option to stop displaying statistics. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-39 Displays information for display updates. Displays statistics continuously. Press any key to specify an interval for the "Server" interface. FIPS Mode (serial... only) If a single interface is not specified, statistics are displayed for both interfaces. Press any key to specify an interval for the "Network" interface. show interface statistics (Non-Privileged Command Set) interface (Con...
Configuration Guide
Page 243
...: Serial, Telnet; FIPS Mode (serial only) (This command must be given on one line.) Displays SSL errors reported on the device. Press any key to specify an interval for display updates, where value is the interval in seconds. Table C-16 displays output descriptions. show ssl errors... Connections Rejected The number of SSL connections rejected when the pre-defined limit of connections has been exceeded 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-49 Use the interval keyword to stop displaying errors. Appendix C Command Summary Top Level...
...: Serial, Telnet; FIPS Mode (serial only) (This command must be given on one line.) Displays SSL errors reported on the device. Press any key to specify an interval for display updates, where value is the interval in seconds. Table C-16 displays output descriptions. show ssl errors... Connections Rejected The number of SSL connections rejected when the pre-defined limit of connections has been exceeded 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-49 Use the interval keyword to stop displaying errors. Appendix C Command Summary Top Level...
Configuration Guide
Page 250
Specifies an interval for statistics display. Press any key to specify an interval for statistics. Usage Guidelines Availability: Serial, Telnet; show ssl session-stats [server ] [continuous] [interval ] Syntax Description ...statistics summed over a single or all secure logical servers on a single line.) Use the continuous keyword to update the statistics every second. C-56 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 Displays statistics continuously. Top Level Command Set Appendix C Command Summary show ssl errors (Non-Privileged...
Specifies an interval for statistics display. Press any key to specify an interval for statistics. Usage Guidelines Availability: Serial, Telnet; show ssl session-stats [server ] [continuous] [interval ] Syntax Description ...statistics summed over a single or all secure logical servers on a single line.) Use the continuous keyword to update the statistics every second. C-56 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 Displays statistics continuously. Top Level Command Set Appendix C Command Summary show ssl errors (Non-Privileged...
Configuration Guide
Page 253
Usage Guidelines Availability: Serial, Telnet; Press any key to update the statistics every second. FIPS Mode (serial only) Use the continuous keyword to stop displaying information. Use the interval keyword to ... of SSL connections rejected when the pre-defined limit of connections has been exceeded The number of client connections accepted 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-59 Table C-19 displays output descriptions. The interval in seconds. Appendix C Command Summary Top Level Command Set Syntax...
Usage Guidelines Availability: Serial, Telnet; Press any key to update the statistics every second. FIPS Mode (serial only) Use the continuous keyword to stop displaying information. Use the interval keyword to ... of SSL connections rejected when the pre-defined limit of connections has been exceeded The number of client connections accepted 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-59 Table C-19 displays output descriptions. The interval in seconds. Appendix C Command Summary Top Level Command Set Syntax...
Configuration Guide
Page 255
... are sent. The interval in seconds. FIPS Mode (serial only) Use the continuous option to stop displaying information. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-61 Press any key to update the information every second. Appendix C Command Summary Top Level Command Set Usage Guidelines Availability: Serial, Telnet; show...
... are sent. The interval in seconds. FIPS Mode (serial only) Use the continuous option to stop displaying information. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide C-61 Press any key to update the information every second. Appendix C Command Summary Top Level Command Set Usage Guidelines Availability: Serial, Telnet; show...
Configuration Guide
Page 332
...Command Summary Certificate Configuration Command Set Use Certificate Configuration commands to >. After the certificate is entered, you must press Enter twice to paste the certificate from a file. FIPS Mode (serial only) After the command is pasted, you are... prompted for it. der Loads a DER-encoded X509 certificate file into the configuration manager. C-138 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 der [url] Syntax Description url The location of the file. You can ...
...Command Summary Certificate Configuration Command Set Use Certificate Configuration commands to >. After the certificate is entered, you must press Enter twice to paste the certificate from a file. FIPS Mode (serial only) After the command is pasted, you are... prompted for it. der Loads a DER-encoded X509 certificate file into the configuration manager. C-138 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 der [url] Syntax Description url The location of the file. You can ...