Administration Guide
Page 26
Cisco SA500 Series Security Appliances Administration Guide 26 Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop ..., you configure your network, make any LAN devices. In the WAN & LAN Connectivity section of your ISP, as well your preferences for your Internet connection. Review the WAN configuration and make sure that are needed to the Internet, but no inbound traffic is sufficient for a small business, the security appliance enables...
Cisco SA500 Series Security Appliances Administration Guide 26 Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop ..., you configure your network, make any LAN devices. In the WAN & LAN Connectivity section of your ISP, as well your preferences for your Internet connection. Review the WAN configuration and make sure that are needed to the Internet, but no inbound traffic is sufficient for a small business, the security appliance enables...
Administration Guide
Page 27
...DMZ, you can use the Optional port as a LAN Port, page 53. 5. See Scenario 6: Firewall for Public Websites and Services, page 29. Cisco SA500 Series Security Appliances Administration Guide 27 For more information, see Configuring the LAN, page 43. 3. For more information, see Scenario 7: DMZ for ...to your network. However, you want to the Internet, configure your devices. If you want to use the links in most cases. Review the LAN configuration and make any changes that are going to host public services such as logging or remote access to -Site Networking and...
...DMZ, you can use the Optional port as a LAN Port, page 53. 5. See Scenario 6: Firewall for Public Websites and Services, page 29. Cisco SA500 Series Security Appliances Administration Guide 27 For more information, see Configuring the LAN, page 43. 3. For more information, see Scenario 7: DMZ for ...to your network. However, you want to the Internet, configure your devices. If you want to use the links in most cases. Review the LAN configuration and make any changes that are going to host public services such as logging or remote access to -Site Networking and...
Administration Guide
Page 32
...Tunnel for Site-to-Site VPN For site-to-site VPN, you can configure an IPsec tunnel with a VPN Client, page 139. Cisco SA500 Series Security Appliances Administration Guide 32 Getting Started Common Configuration Scenarios 1 IPsec VPN for Remote Access with advanced encryption to maintain network ... 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 Configuration tasks for this scenario: In the Site-to review and modify the policies that were created by the Wizard. When the VPN Wizard appears, choose the Site-to-Site option and enter...
...Tunnel for Site-to-Site VPN For site-to-site VPN, you can configure an IPsec tunnel with a VPN Client, page 139. Cisco SA500 Series Security Appliances Administration Guide 32 Getting Started Common Configuration Scenarios 1 IPsec VPN for Remote Access with advanced encryption to maintain network ... 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 Configuration tasks for this scenario: In the Site-to review and modify the policies that were created by the Wizard. When the VPN Wizard appears, choose the Site-to-Site option and enter...
Administration Guide
Page 33
... and complete the fields on the Getting Started (Advanced) page to add your VPN users. Cisco SA500 Series Security Appliances Administration Guide 33 Return to the Getting Started (Advanced) page and click Add Users to review and modify the policies that were created by users who have an IPsec VPN client on...
... and complete the fields on the Getting Started (Advanced) page to add your VPN users. Cisco SA500 Series Security Appliances Administration Guide 33 Return to the Getting Started (Advanced) page and click Add Users to review and modify the policies that were created by users who have an IPsec VPN client on...
Administration Guide
Page 34
... For more information, see Configuring SSL VPN for different user groups, if needed. Create new portals for Browser-Based Remote Access, page 154. Cisco SA500 Series Security Appliances Administration Guide 34 You are not responsible for the user portal. Getting Started Common Configuration Scenarios 1 SSL VPN Remote Access With... for this scenario: In the SSL VPN Remote Access section of your network resources, SSL VPN is a flexible and secure way to review the default settings for any VPN client software, since the VPN tunnel can use other links to add your SSL VPN.
... For more information, see Configuring SSL VPN for different user groups, if needed. Create new portals for Browser-Based Remote Access, page 154. Cisco SA500 Series Security Appliances Administration Guide 34 You are not responsible for the user portal. Getting Started Common Configuration Scenarios 1 SSL VPN Remote Access With... for this scenario: In the SSL VPN Remote Access section of your network resources, SSL VPN is a flexible and secure way to review the default settings for any VPN client software, since the VPN tunnel can use other links to add your SSL VPN.
Administration Guide
Page 139
... key, which greatly simplifies setup For information about the VPNC recommendations, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. Configuring an IPsec VPN Tunnel for Remote Access with a VPN Client This... The settings are using the Getting Started (Advanced) page, click Getting Started > Advanced to return to the list of 255.0.0.0. Cisco SA500 Series Security Appliances Administration Guide 139 The VPN Wizard helps you are not saved on your settings. Configuring VPN Configuring an IPsec...
... key, which greatly simplifies setup For information about the VPNC recommendations, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. Configuring an IPsec VPN Tunnel for Remote Access with a VPN Client This... The settings are using the Getting Started (Advanced) page, click Getting Started > Advanced to return to the list of 255.0.0.0. Cisco SA500 Series Security Appliances Administration Guide 139 The VPN Wizard helps you are not saved on your settings. Configuring VPN Configuring an IPsec...
Administration Guide
Page 141
...49 characters and must provide to the list of configuration tasks for IPsec Remote Access VPN. • Required: Configure the VPN users. - Cisco SA500 Series Security Appliances Administration Guide 141 To add users to save your settings. NOTE Do not use for this VPN tunnel. Then enter ...Started > Advanced to return to establish a connection. For more information, see Configuring the IKE Policies for IPsec VPN, page 144. • To review or update the configured VPN policy click IPsec > VPN Policies. The length of the pre-shared key is the pre-shared Key?: Enter the ...
...49 characters and must provide to the list of configuration tasks for IPsec Remote Access VPN. • Required: Configure the VPN users. - Cisco SA500 Series Security Appliances Administration Guide 141 To add users to save your settings. NOTE Do not use for this VPN tunnel. Then enter ...Started > Advanced to return to establish a connection. For more information, see Configuring the IKE Policies for IPsec VPN, page 144. • To review or update the configured VPN policy click IPsec > VPN Policies. The length of the pre-shared key is the pre-shared Key?: Enter the ...
Administration Guide
Page 142
...the box in this page to manage the users (both XAUTH and Cisco QuickVPN). STEP 3 Enter the following information: • User Name: Enter a unique identifier for Remote Access with a VPN Client 7 • To review or update the configured IKE policy, click IPsec > IKE Policies.... Standard IPsec (XAuth) Cisco SA500 Series Security Appliances Administration Guide 142 STEP 1 Click VPN > IPsec > IPsec Users. Other options:...
...the box in this page to manage the users (both XAUTH and Cisco QuickVPN). STEP 3 Enter the following information: • User Name: Enter a unique identifier for Remote Access with a VPN Client 7 • To review or update the configured IKE policy, click IPsec > IKE Policies.... Standard IPsec (XAuth) Cisco SA500 Series Security Appliances Administration Guide 142 STEP 1 Click VPN > IPsec > IPsec Users. Other options:...
Administration Guide
Page 143
...native IPsec to provide user credentials. STEP 4 Click Apply to the list of configuration tasks for IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. See RMON (Remote Management), page 197. XAUTH can check this user. • Confirm Password: ... Advanced to return to save your settings. This option should be used when additional client security is specific only to Quick VPN. Cisco SA500 Series Security Appliances Administration Guide 143 See Advanced Configuration of the LAN or VLAN IP addresses. • Subnet Mask: Enter the...
...native IPsec to provide user credentials. STEP 4 Click Apply to the list of configuration tasks for IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. See RMON (Remote Management), page 197. XAUTH can check this user. • Confirm Password: ... Advanced to return to save your settings. This option should be used when additional client security is specific only to Quick VPN. Cisco SA500 Series Security Appliances Administration Guide 143 See Advanced Configuration of the LAN or VLAN IP addresses. • Subnet Mask: Enter the...
Administration Guide
Page 144
Cisco SA500 Series Security Appliances Administration Guide 144 Configuring the IKE Policies for IPsec VPN The Internet Key Exchange (IKE) protocol is a negotiation protocol that includes ... for users who want to define the security parameters such as needed. to protect data and ensure privacy. Advanced users can create IKE policies to review and modify the settings that are created by the VPN Wizard. • Viewing the Basic Setting Defaults for IPsec VPN • Configuring the IKE Policies...
Cisco SA500 Series Security Appliances Administration Guide 144 Configuring the IKE Policies for IPsec VPN The Internet Key Exchange (IKE) protocol is a negotiation protocol that includes ... for users who want to define the security parameters such as needed. to protect data and ensure privacy. Advanced users can create IKE policies to review and modify the settings that are created by the VPN Wizard. • Viewing the Basic Setting Defaults for IPsec VPN • Configuring the IKE Policies...
Administration Guide
Page 148
... policies that are configured as a backup policy. For more information, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. Cisco SA500 Series Security Appliances Administration Guide 148 Configuring VPN Advanced Configuration of IPsec VPN 7 STEP 8 Click Apply to save your... you create an Auto Policy, first create an IKE policy. Configuring the IPsec VPN Policies You can use this page. NOTE Next Steps • To review or update the configured VPN policy click IPsec > VPN Policies.
... policies that are configured as a backup policy. For more information, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. Cisco SA500 Series Security Appliances Administration Guide 148 Configuring VPN Advanced Configuration of IPsec VPN 7 STEP 8 Click Apply to save your... you create an Auto Policy, first create an IKE policy. Configuring the IPsec VPN Policies You can use this page. NOTE Next Steps • To review or update the configured VPN policy click IPsec > VPN Policies.
Administration Guide
Page 156
... • Portal: To access your network, user starts a web browser and then enters the URL for different groups of resources. You can review the default settings and modify, as the User Type. On each user record, be sufficient for all users. IMPORTANT: If you plan to ... you can configure port forwarding to allow access to create different portal layouts, you could create two portal layouts for the portal users. Cisco SA500 Series Security Appliances Administration Guide 156 See Configuring SSL VPN Port Forwarding, page 163. If an SSL-enabled site is pre-configured...
... • Portal: To access your network, user starts a web browser and then enters the URL for different groups of resources. You can review the default settings and modify, as the User Type. On each user record, be sufficient for all users. IMPORTANT: If you plan to ... you can configure port forwarding to allow access to create different portal layouts, you could create two portal layouts for the portal users. Cisco SA500 Series Security Appliances Administration Guide 156 See Configuring SSL VPN Port Forwarding, page 163. If an SSL-enabled site is pre-configured...
Administration Guide
Page 189
...but significant condition. Logs Facility and Severity A variety of the server in the SysLog Server field. STEP 3 Check the box for review. These logs can also specify which system messages are to be sent on the facility that you want to display in the Log ... day when logs should be captured and logged for each event that generated the message and its severity level. Syslog definition is LOG_EMERG. Cisco SA500 Series Security Appliances Administration Guide 189 Syslog definition is LOG_ERR. Warning (level 4) Warning conditions. Alert (level 1) Immediate action needed....
...but significant condition. Logs Facility and Severity A variety of the server in the SysLog Server field. STEP 3 Check the box for review. These logs can also specify which system messages are to be sent on the facility that you want to display in the Log ... day when logs should be captured and logged for each event that generated the message and its severity level. Syslog definition is LOG_EMERG. Cisco SA500 Series Security Appliances Administration Guide 189 Syslog definition is LOG_ERR. Warning (level 4) Warning conditions. Alert (level 1) Immediate action needed....
Administration Guide
Page 220
STEP 2 Review the settings for Daylight Savings Time. Troubleshooting Date and Time A Date and Time Symptom: Date shown is off by one hour. Recommended action: STEP 1 Click ... Zone. STEP 2 Check or uncheck Automatically adjust for the date and time. Possible cause: The security appliance does not automatically adjust for Daylight Savings Time. Cisco SA500 Series Security Appliances Administration Guide 220 Symptom: The time is January 1, 2000. Possible cause: The security appliance has not yet successfully reached a network time...
STEP 2 Review the settings for Daylight Savings Time. Troubleshooting Date and Time A Date and Time Symptom: Date shown is off by one hour. Recommended action: STEP 1 Click ... Zone. STEP 2 Check or uncheck Automatically adjust for the date and time. Possible cause: The security appliance does not automatically adjust for Daylight Savings Time. Cisco SA500 Series Security Appliances Administration Guide 220 Symptom: The time is January 1, 2000. Possible cause: The security appliance has not yet successfully reached a network time...