Administration Guide
Page 3
... 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and Services 29 Configuring ProtectLink Web & Email Security 31 Site-to-Site Networking and Remote Access 31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing...
... 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and Services 29 Configuring ProtectLink Web & Email Security 31 Site-to-Site Networking and Remote Access 31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing...
Administration Guide
Page 6
... Firewall Rules 113 Firewall Rule Configuration Examples 114 Using Other Tools to Prevent Attacks, Restrict Access, and Control Inbound Traffic 117 Configuring Attack Checks 118 Configuring MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other Tools to Control Access to the Internet 124...
... Firewall Rules 113 Firewall Rule Configuration Examples 114 Using Other Tools to Prevent Attacks, Restrict Access, and Control Inbound Traffic 117 Configuring Attack Checks 118 Configuring MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other Tools to Control Access to the Internet 124...
Administration Guide
Page 7
... Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for VeriSign Service Chapter 8: Administration Users Domains Groups Adding or Editing User Settings Adding or Editing User Login Policies Firmware and Configuration Upgrading Firmware and Working with Configuration Files Maintaining the USB Device Using the Secondary Firmware Diagnostics Measuring and Limiting Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging...
... Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for VeriSign Service Chapter 8: Administration Users Domains Groups Adding or Editing User Settings Adding or Editing User Login Policies Firmware and Configuration Upgrading Firmware and Working with Configuration Files Maintaining the USB Device Using the Secondary Firmware Diagnostics Measuring and Limiting Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging...
Administration Guide
Page 11
... factory default settings, press and hold the Reset button for the associated port. When off, indicates the appliance has booted properly. • POWER LED-(Green) When lit, indicates the appliance is powered on. • DMZ LED-(Green) When lit, indicates the Optional port is configured as a Demilitarized Zone or Demarcation Zone, which allows public services such as web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate...
... factory default settings, press and hold the Reset button for the associated port. When off, indicates the appliance has booted properly. • POWER LED-(Green) When lit, indicates the appliance is powered on. • DMZ LED-(Green) When lit, indicates the Optional port is configured as a Demilitarized Zone or Demarcation Zone, which allows public services such as web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate...
Administration Guide
Page 12
... store configuration files for the antennas. When flashing, the port is active. • WLAN LED-(Green) When lit, indicates that a connection is enabled (SA520W). A DMZ (Demilitarized Zone or Demarcation Zone) can use a USB device to a USB device. Cisco SA500 Series Security Appliances Administration Guide 12 Rear Panel • POWER Switch-Turns the security appliance on or off. • POWER Connector-Connects the security appliance to power using the supplied power cable. • LAN Ports-Connect computers...
... store configuration files for the antennas. When flashing, the port is active. • WLAN LED-(Green) When lit, indicates that a connection is enabled (SA520W). A DMZ (Demilitarized Zone or Demarcation Zone) can use a USB device to a USB device. Cisco SA500 Series Security Appliances Administration Guide 12 Rear Panel • POWER Switch-Turns the security appliance on or off. • POWER Connector-Connects the security appliance to power using the supplied power cable. • LAN Ports-Connect computers...
Administration Guide
Page 18
... Wizard to the Configuration Utility. The Getting Started (Basic) window opens. Cisco SA500 Series Security Appliances Administration Guide 18 STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you will need to enter the new IP address to connect to complete the installation. STEP 3 When the...
... Wizard to the Configuration Utility. The Getting Started (Basic) window opens. Cisco SA500 Series Security Appliances Administration Guide 18 STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you will need to enter the new IP address to connect to complete the installation. STEP 3 When the...
Administration Guide
Page 23
... Add Users. STEP 3 Click the button in again after 10 minutes of inactivity. The access point is strongly recommended that you begin using a web browser and entering the default IP address of Cisco_1. You can log on by default. Basic Tasks We strongly recommend that you to change the user name and password for the password. These settings make it is enabled by entering cisco for the username...
... Add Users. STEP 3 Click the button in again after 10 minutes of inactivity. The access point is strongly recommended that you begin using a web browser and entering the default IP address of Cisco_1. You can log on by default. Basic Tasks We strongly recommend that you to change the user name and password for the password. These settings make it is enabled by entering cisco for the username...
Administration Guide
Page 24
... abandon, you are using the latest version. Later, if you make changes that you easily can upgrade from 0 to 999. Cisco SA500 Series Security Appliances Administration Guide 24 It can include any other tasks, you should upgrade your configuration. The default password for the user. STEP 1 In the Upgrade Firmware section of the Getting Started (Basic) page, click the Install the updated firmware link. The User Type and Group cannot...
... abandon, you are using the latest version. Later, if you make changes that you easily can upgrade from 0 to 999. Cisco SA500 Series Security Appliances Administration Guide 24 It can include any other tasks, you should upgrade your configuration. The default password for the user. STEP 1 In the Upgrade Firmware section of the Getting Started (Basic) page, click the Install the updated firmware link. The User Type and Group cannot...
Administration Guide
Page 27
... configure the port, use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your UC500. If you need to allow inbound access from remote sites or remote workers. Consider whether you want to allow access to the Internet, configure your devices. Getting Started Common Configuration Scenarios 1 2. In the WAN & LAN Connectivity section of outbound traffic to your network. For information about using...
... configure the port, use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your UC500. If you need to allow inbound access from remote sites or remote workers. Consider whether you want to allow access to the Internet, configure your devices. Getting Started Common Configuration Scenarios 1 2. In the WAN & LAN Connectivity section of outbound traffic to your network. For information about using...
Administration Guide
Page 43
... change these and other devices on the WLAN or LAN network. Cisco SA500 Series Security Appliances Administration Guide 43 It can use a Windows Internet Naming Service (WINS) server. A WINS server is the gateway address to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port...
... change these and other devices on the WLAN or LAN network. Cisco SA500 Series Security Appliances Administration Guide 43 It can use a Windows Internet Naming Service (WINS) server. A WINS server is the gateway address to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port...
Administration Guide
Page 46
... the default VLANs, and you can create new VLAN. The default configuration provides for visitors to Test LAN Connectivity, page 221 in Appendix A, "Troubleshooting." You can be treated like two separate networks. Any PC that are isolated from one another. For example, if you enable inter VLAN routing. The LAN Status window opens. Networking Configuring the LAN 2 • To view a list of 16 VLANs. VLAN Configuration The security appliance supports Virtual LANs (VLANs), which...
... the default VLANs, and you can create new VLAN. The default configuration provides for visitors to Test LAN Connectivity, page 221 in Appendix A, "Troubleshooting." You can be treated like two separate networks. Any PC that are isolated from one another. For example, if you enable inter VLAN routing. The LAN Status window opens. Networking Configuring the LAN 2 • To view a list of 16 VLANs. VLAN Configuration The security appliance supports Virtual LANs (VLANs), which...
Administration Guide
Page 57
... directs all Internet traffic is detected on the link that are used. Cisco SA500 Series Security Appliances Administration Guide 57 Networking Configuring the Optional WAN 2 • If you are not of the same speed. Load balancing is connected to them. Configuring Auto-Rollover, Load Balancing, and Failure Detection If you configured two ISP links, one for incoming traffic. You can configure the WAN Mode to determine how...
... directs all Internet traffic is detected on the link that are used. Cisco SA500 Series Security Appliances Administration Guide 57 Networking Configuring the Optional WAN 2 • If you are not of the same speed. Load balancing is connected to them. Configuring Auto-Rollover, Load Balancing, and Failure Detection If you configured two ISP links, one for incoming traffic. You can configure the WAN Mode to determine how...
Administration Guide
Page 70
Networking Port Management 2 - The Port Management window opens. Cisco SA500 Series Security Appliances Administration Guide 70 RIP-2M sends data to save your settings. MD5 Key ID: Input the unique MD-5 key ID. - Not Valid Before: Start date of the First Key for MD5 based authentication between routers. - Port Management You can enable or disable ports, set the duplex mode and speed, and enable or disable port mirroring. RIP-2B broadcasts data in the entire subnet. - MD5 Auth Key: Input the auth...
Networking Port Management 2 - The Port Management window opens. Cisco SA500 Series Security Appliances Administration Guide 70 RIP-2M sends data to save your settings. MD5 Key ID: Input the unique MD-5 key ID. - Not Valid Before: Start date of the First Key for MD5 based authentication between routers. - Port Management You can enable or disable ports, set the duplex mode and speed, and enable or disable port mirroring. RIP-2B broadcasts data in the entire subnet. - MD5 Auth Key: Input the auth...
Administration Guide
Page 96
... requires maximum throughput and is not time-sensitive is sent to this queue. • Background: Lowest priority queue, high throughput. The QoS Configuration window opens. The default is "open" access, which means that you to define specific MAC addresses to permit or deny access to prioritize the traffic. Cisco SA500 Series Security Appliances Administration Guide 96 Wireless Configuration for example). Bulk data that the policy is applied...
... requires maximum throughput and is not time-sensitive is sent to this queue. • Background: Lowest priority queue, high throughput. The QoS Configuration window opens. The default is "open" access, which means that you to define specific MAC addresses to permit or deny access to prioritize the traffic. Cisco SA500 Series Security Appliances Administration Guide 96 Wireless Configuration for example). Bulk data that the policy is applied...
Administration Guide
Page 131
... LAN traffic. Enter your settings. This option is only active if the Automatically Update Signature box is disabled. Cisco SA500 Series Security Appliances Administration Guide 131 Click Update Now to save your Cisco.com User Name and Password to authenticate to automatically update the IPS signatures when they are available. The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. Intrusion Prevention System Configuring IPS 5 Configuring IPS You configure...
... LAN traffic. Enter your settings. This option is only active if the Automatically Update Signature box is disabled. Cisco SA500 Series Security Appliances Administration Guide 131 Click Update Now to save your Cisco.com User Name and Password to authenticate to automatically update the IPS signatures when they are available. The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. Intrusion Prevention System Configuring IPS 5 Configuring IPS You configure...
Administration Guide
Page 143
... IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. Cisco QuickVPN X-Auth is required with a VPN Client 7 - NOTE Next steps: • If you also must enable Remote Management. See RMON (Remote Management), page 197. The subnet should be part of configuration tasks for Remote Access with IPsec clients such as needed for this box to allow the user to change password?: If you...
... IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. Cisco QuickVPN X-Auth is required with a VPN Client 7 - NOTE Next steps: • If you also must enable Remote Management. See RMON (Remote Management), page 197. The subnet should be part of configuration tasks for Remote Access with IPsec clients such as needed for this box to allow the user to change password?: If you...
Administration Guide
Page 163
... the Edit button to all entries, check the box in the first column of the supported SSL VPN services to associate with this resource. • Service: Choose one of the table heading. This shortcut saves time when creating similar policies for multiple remote SSL VPN users. STEP 1 Click VPN > SSL VPN Server > Resources. The Resources window opens. Port forwarding is used to identify this resource. Configuring VPN Configuring SSL...
... the Edit button to all entries, check the box in the first column of the supported SSL VPN services to associate with this resource. • Service: Choose one of the table heading. This shortcut saves time when creating similar policies for multiple remote SSL VPN users. STEP 1 Click VPN > SSL VPN Server > Resources. The Resources window opens. Port forwarding is used to identify this resource. Configuring VPN Configuring SSL...
Administration Guide
Page 176
... and Working with Configuration Files • Maintaining the USB Device • Using the Secondary Firmware Upgrading Firmware and Working with Configuration Files You can corrupt the flash memory and render the router unusable without a low-level process of restoring the flash firmware (not through the Configuration Utility). Firmware and Configuration This section describes the following tasks: • Upgrade the firmware version and check for new availability. • Backup custom configuration settings for later restoration. • Restore your settings. Cisco SA500 Series...
... and Working with Configuration Files • Maintaining the USB Device • Using the Secondary Firmware Upgrading Firmware and Working with Configuration Files You can corrupt the flash memory and render the router unusable without a low-level process of restoring the flash firmware (not through the Configuration Utility). Firmware and Configuration This section describes the following tasks: • Upgrade the firmware version and check for new availability. • Backup custom configuration settings for later restoration. • Restore your settings. Cisco SA500 Series...
Administration Guide
Page 221
... Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that the IP address for the security appliance and PC are correct and on page B-1 and follow instructions for any hub ports that sends an ICMP echo-request packet to the designated device. Troubleshooting Pinging to Test LAN Connectivity A Pinging to Test LAN Connectivity Most TCP/IP terminal...
... Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that the IP address for the security appliance and PC are correct and on page B-1 and follow instructions for any hub ports that sends an ICMP echo-request packet to the designated device. Troubleshooting Pinging to Test LAN Connectivity A Pinging to Test LAN Connectivity Most TCP/IP terminal...
Administration Guide
Page 232
...Data VLAN subnet mask) Setting enable DHCP client 1500 disable disable disable DHCP client 1500 disable disable disable disable enable / disable on DMS VLAN disable IPv4 Only Automatic enable 192.168.10.0 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 232 Factory Default Settings Router Settings D Feature HTTPS Remote Access WAN1 IP address assignment WAN1 - Signaling Authentication - Local Subnet (Data VLAN subnet) IPSec - Outgoing Traffic Bandwidth Limit Allow ICMP echo replies (good for validating connectivity) HTTPS Remote Access WAN2 IP address...
...Data VLAN subnet mask) Setting enable DHCP client 1500 disable disable disable DHCP client 1500 disable disable disable disable enable / disable on DMS VLAN disable IPv4 Only Automatic enable 192.168.10.0 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 232 Factory Default Settings Router Settings D Feature HTTPS Remote Access WAN1 IP address assignment WAN1 - Signaling Authentication - Local Subnet (Data VLAN subnet) IPSec - Outgoing Traffic Bandwidth Limit Allow ICMP echo replies (good for validating connectivity) HTTPS Remote Access WAN2 IP address...