Administration Guide
Page 3
...Using the Help System 22 About the Default Settings 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling...Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
...Using the Help System 22 About the Default Settings 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling...Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
Administration Guide
Page 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring ... the Protocol Bindings for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management ...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring ... the Protocol Bindings for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management ...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 5
Contents Configuring IPv6 Addressing IP Routing Mode Configuring the IPv6 WAN Connection Configuring the IPv6 LAN IPv6 LAN Address Pools IPv6 Multi LAN IPv6 Static Routing Routing (RIPng) 6to4 Tunneling ... Basic Radio Configuration Advanced Radio Configuration Chapter 4: Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91...
Contents Configuring IPv6 Addressing IP Routing Mode Configuring the IPv6 WAN Connection Configuring the IPv6 LAN IPv6 LAN Address Pools IPv6 Multi LAN IPv6 Static Routing Routing (RIPng) 6to4 Tunneling ... Basic Radio Configuration Advanced Radio Configuration Chapter 4: Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91...
Administration Guide
Page 18
.... STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. For more information, see : www.cisco.com/go/configassist. Getting ...Started Getting Started with a CCA-supported device, such as the UC500. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default...The Getting Started (Basic) window opens. Cisco SA500 Series Security Appliances Administration Guide 18 NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the...
.... STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. For more information, see : www.cisco.com/go/configassist. Getting ...Started Getting Started with a CCA-supported device, such as the UC500. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default...The Getting Started (Basic) window opens. Cisco SA500 Series Security Appliances Administration Guide 18 NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the...
Administration Guide
Page 22
...ISP) and the needs of these settings. If your business, you will need to configure it. If you to obtain an IP address from your ISP by using the device with Internet Access, page 26. • LAN Configuration: By default, the LAN interface acts as a DHCP server for use... needed . To view a Help page, click the Help link in IPv4 Only mode. A new window opens with Cisco SA500 Series Security Appliances Administration Guide 22 For most deployment scenarios, the default DHCP and TCP/IP settings of the security appliance. However, you can change other WAN settings as well.
...ISP) and the needs of these settings. If your business, you will need to configure it. If you to obtain an IP address from your ISP by using the device with Internet Access, page 26. • LAN Configuration: By default, the LAN interface acts as a DHCP server for use... needed . To view a Help page, click the Help link in IPv4 Only mode. A new window opens with Cisco SA500 Series Security Appliances Administration Guide 22 For most deployment scenarios, the default DHCP and TCP/IP settings of the security appliance. However, you can change other WAN settings as well.
Administration Guide
Page 23
... you begin using a web browser and entering the default IP address of 192.168.75.1. Changing the Default User Name and Password To prevent unauthorized access, immediately change the default Idle Timeout setting. The access point is enabled by entering cisco for the username and cisco for the default Administrator account. You are in the Edit column...
... you begin using a web browser and entering the default IP address of 192.168.75.1. Changing the Default User Name and Password To prevent unauthorized access, immediately change the default Idle Timeout setting. The access point is enabled by entering cisco for the username and cisco for the default Administrator account. You are in the Edit column...
Administration Guide
Page 26
...Started (Basic) page, click the WAN settings link. However, depending on the LAN receive their IP addresses dynamically from the security appliance. For more information, see Changing the Default User Name and Password, page 23). All devices have upgraded the firmware (see Upgrading the Firmware...deployment for many small businesses, and you might not need to change any of the WAN or LAN settings. Consider the following first steps: 1. With the default settings, the security appliance gets its WAN address dynamically from the Internet to any LAN devices. Cisco SA500 Series Security...
...Started (Basic) page, click the WAN settings link. However, depending on the LAN receive their IP addresses dynamically from the security appliance. For more information, see Changing the Default User Name and Password, page 23). All devices have upgraded the firmware (see Upgrading the Firmware...deployment for many small businesses, and you might not need to change any of the WAN or LAN settings. Consider the following first steps: 1. With the default settings, the security appliance gets its WAN address dynamically from the Internet to any LAN devices. Cisco SA500 Series Security...
Administration Guide
Page 27
...Guide 27 If you want to restrict some types of outbound traffic to enable features such as an extra LAN port. See Scenario 8: Cisco Smart Business Communications System Configuration, page 28. 4. For more information, see Configuring the Optional Port as a LAN Port, page 53. •...If you can change the subnet address or the default IP address, or assign static IP addresses to host public services such as websites, you need a DMZ or a secondary WAN, you can use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your devices...
...Guide 27 If you want to restrict some types of outbound traffic to enable features such as an extra LAN port. See Scenario 8: Cisco Smart Business Communications System Configuration, page 28. 4. For more information, see Configuring the Optional Port as a LAN Port, page 53. •...If you can change the subnet address or the default IP address, or assign static IP addresses to host public services such as websites, you need a DMZ or a secondary WAN, you can use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your devices...
Administration Guide
Page 28
... 1: Basic Network Configuration with Internet Access, page 26. 2. With the default configuration, the security appliance acts as needed. For more information, see DHCP Reserved IPs, page 52. 4. Configure a static IP route from the WAN port of the UC500 to protect your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet...
... 1: Basic Network Configuration with Internet Access, page 26. 2. With the default configuration, the security appliance acts as needed. For more information, see DHCP Reserved IPs, page 52. 4. Configure a static IP route from the WAN port of the UC500 to protect your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet...
Administration Guide
Page 29
... Rules to configure a firewall rule. Scenario 7: DMZ for Public Websites and Services If your business hosts public services such as a separate network between your private LAN and the Internet. This ...; Configure advanced NAT routing For these scenarios and all inbound traffic is denied. Cisco SA500 Series Security Appliances Administration Guide 29 You can configure various levels of the ... connect only to your LAN. Consider the following examples of IP addresses, or to configure firewall rules. NOTE The default WAN and LAN settings might be sufficient for your deployment, ...
... Rules to configure a firewall rule. Scenario 7: DMZ for Public Websites and Services If your business hosts public services such as a separate network between your private LAN and the Internet. This ...; Configure advanced NAT routing For these scenarios and all inbound traffic is denied. Cisco SA500 Series Security Appliances Administration Guide 29 You can configure various levels of the ... connect only to your LAN. Consider the following examples of IP addresses, or to configure firewall rules. NOTE The default WAN and LAN settings might be sufficient for your deployment, ...
Administration Guide
Page 30
....2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172.16.2.30 Public IP Address: 209.165.200.225 235140 User 192.168.75.10 User 192.168.75.11 NOTE The default WAN and LAN settings might be sufficient for this scenario: To start configuring... a DMZ, use the links in Scenario 1: Basic Network Configuration with Internet Access, page 26. Cisco SA500 Series...
....2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172.16.2.30 Public IP Address: 209.165.200.225 235140 User 192.168.75.10 User 192.168.75.11 NOTE The default WAN and LAN settings might be sufficient for this scenario: To start configuring... a DMZ, use the links in Scenario 1: Basic Network Configuration with Internet Access, page 26. Cisco SA500 Series...
Administration Guide
Page 35
...your deployment, but consider the steps outlined for Scenario 1: Basic Network Configuration with Internet Access, page 26. 2. The default WAN and LAN settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for this scenario: 1. ...Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide 35 Although you can begin using your wireless network right away, you ...
...your deployment, but consider the steps outlined for Scenario 1: Basic Network Configuration with Internet Access, page 26. 2. The default WAN and LAN settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for this scenario: 1. ...Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide 35 Although you can begin using your wireless network right away, you ...
Administration Guide
Page 37
Networking Configuring the WAN Connection 2 Configuring the WAN Connection By default, your security appliance is configured to receive a public IP address from the Getting Started (Basic) page, under WAN & LAN Connectivity, click WAN settings. If a login is always on, regardless ... in • Password: Enter the password required to log in • Secret (Optional): Enter the secret phrase to complete the fields in minutes Cisco SA500 Series Security Appliances Administration Guide 37 STEP 1 Click Networking > WAN > IPv4 Config, or from your Internet service. - Idle Time: The ...
Networking Configuring the WAN Connection 2 Configuring the WAN Connection By default, your security appliance is configured to receive a public IP address from the Getting Started (Basic) page, under WAN & LAN Connectivity, click WAN settings. If a login is always on, regardless ... in • Password: Enter the password required to log in • Secret (Optional): Enter the secret phrase to complete the fields in minutes Cisco SA500 Series Security Appliances Administration Guide 37 STEP 1 Click Networking > WAN > IPv4 Config, or from your Internet service. - Idle Time: The ...
Administration Guide
Page 38
... size, in bytes, of the PPTP, PPPoE, or other server. Choose Default to restart the WAN connection. Get Dynamically from ISP: Choose this option if your ISP assigned a static DNS IP address. Cisco SA500 Series Security Appliances Administration Guide 38 Use Static IP Address: Choose this option if your ISP, configure the following information...
... size, in bytes, of the PPTP, PPPoE, or other server. Choose Default to restart the WAN connection. Get Dynamically from ISP: Choose this option if your ISP assigned a static DNS IP address. Cisco SA500 Series Security Appliances Administration Guide 38 Use Static IP Address: Choose this option if your ISP, configure the following information...
Administration Guide
Page 43
... PC on your network to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the..., page 77 and Configuring the IPv6 LAN, page 80. Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of the security appliance are manually configuring the network settings...
... PC on your network to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the..., page 77 and Configuring the IPv6 LAN, page 80. Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of the security appliance are manually configuring the network settings...
Administration Guide
Page 45
...the LAN Status, page 46. • To reserve certain IP addresses always to a network user. Cisco SA500 Series Security Appliances Administration Guide 45 For more information, see DHCP Reserved IPs, page 52. Any new DHCP client that a dynamic IP address is disabled, all DNS requests and to communicate with..., if present in your settings. These addresses should be used by particular devices, click LAN > DHCP Reserved IPs. When the time elapses, the user is 192.168.75.2. The default ending address is 24 hours. • Relay Gateway: If you are using the Getting Started (Basic) page...
...the LAN Status, page 46. • To reserve certain IP addresses always to a network user. Cisco SA500 Series Security Appliances Administration Guide 45 For more information, see DHCP Reserved IPs, page 52. Any new DHCP client that a dynamic IP address is disabled, all DNS requests and to communicate with..., if present in your settings. These addresses should be used by particular devices, click LAN > DHCP Reserved IPs. When the time elapses, the user is 192.168.75.2. The default ending address is 24 hours. • Relay Gateway: If you are using the Getting Started (Basic) page...
Administration Guide
Page 46
...displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP 2 Click Apply to... Port, page 53. • If you need a guest network for the port mode. The default configuration provides for up to Test LAN Connectivity, page 221 in Appendix A, "Troubleshooting." For more ... LAN Status STEP 1 Click Networking > LAN > LAN Status. The LAN Status window opens. Cisco SA500 Series Security Appliances Administration Guide 46 Networking Configuring the LAN 2 • To view a ...
...displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP 2 Click Apply to... Port, page 53. • If you need a guest network for the port mode. The default configuration provides for up to Test LAN Connectivity, page 221 in Appendix A, "Troubleshooting." For more ... LAN Status STEP 1 Click Networking > LAN > LAN Status. The LAN Status window opens. Cisco SA500 Series Security Appliances Administration Guide 46 Networking Configuring the LAN 2 • To view a ...
Administration Guide
Page 47
...IP Address: See Product Tab - VLAN - VLAN - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Networking Configuring the LAN 2 This section includes the following topics: • Default VLAN Settings • Enabling or Disabling VLAN Support • Creating VLAN IDs • Assigning VLANs to LAN Ports Default VLAN Settings By default..., the data VLAN and the voice VLAN are enabled with the following settings: • Data VLAN: The VLAN is enabled with the VLAN ID 1 - Data, IP Address Distribution...
...IP Address: See Product Tab - VLAN - VLAN - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Networking Configuring the LAN 2 This section includes the following topics: • Default VLAN Settings • Enabling or Disabling VLAN Support • Creating VLAN IDs • Assigning VLANs to LAN Ports Default VLAN Settings By default..., the data VLAN and the voice VLAN are enabled with the following settings: • Data VLAN: The VLAN is enabled with the VLAN ID 1 - Data, IP Address Distribution...
Administration Guide
Page 50
...STEP 4 In the VLAN Membership Configuration area, check the box for the default VLAN with this port. STEP 5 Click Apply to forward or filter the ... an unmanaged switch with a mix of the port is untagged. The Multiple VLAN Subnets window opens. STEP 2 In the Multiple VLAN Subnet section of the page, enter the following settings: • IP Address: Enter the VLAN subnet IP address. ...configure the VLAN Membership in the lower half of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 Trunk: The port is not seen by the others. All data going...
...STEP 4 In the VLAN Membership Configuration area, check the box for the default VLAN with this port. STEP 5 Click Apply to forward or filter the ... an unmanaged switch with a mix of the port is untagged. The Multiple VLAN Subnets window opens. STEP 2 In the Multiple VLAN Subnet section of the page, enter the following settings: • IP Address: Enter the VLAN subnet IP address. ...configure the VLAN Membership in the lower half of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 Trunk: The port is not seen by the others. All data going...
Administration Guide
Page 131
... file version, and the date that you must choose IPS as the facility. The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. To display messages generated by IPS, you want to all incoming and outgoing LAN traffic. These credentials are available. NOTE The Cisco username and password details once applied are applicable to...
... file version, and the date that you must choose IPS as the facility. The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. To display messages generated by IPS, you want to all incoming and outgoing LAN traffic. These credentials are available. NOTE The Cisco username and password details once applied are applicable to...