Administration Guide
Page 3
... 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public...31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
... 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public...31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
Administration Guide
Page 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring ... the Protocol Bindings for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management ...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring ... the Protocol Bindings for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management ...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 5
Contents Configuring IPv6 Addressing IP Routing Mode Configuring the IPv6 WAN Connection Configuring the IPv6 LAN IPv6 LAN Address Pools IPv6 Multi LAN IPv6 Static Routing Routing (RIPng) 6to4 Tunneling ... Basic Radio Configuration Advanced Radio Configuration Chapter 4: Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91...
Contents Configuring IPv6 Addressing IP Routing Mode Configuring the IPv6 WAN Connection Configuring the IPv6 LAN IPv6 LAN Address Pools IPv6 Multi LAN IPv6 Static Routing Routing (RIPng) 6to4 Tunneling ... Basic Radio Configuration Advanced Radio Configuration Chapter 4: Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91...
Administration Guide
Page 18
...or install the certificate: • Internet Explorer: Click Yes to proceed, or click Show Certificate. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. Click the Add Exception button. Follow the instructions in the Wizard to complete the installation....STEP 1 Connect your computer to the Configuration Utility. NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you will need to enter the new IP address to connect to an available LAN port on the back panel of the security...
...or install the certificate: • Internet Explorer: Click Yes to proceed, or click Show Certificate. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. Click the Add Exception button. Follow the instructions in the Wizard to complete the installation....STEP 1 Connect your computer to the Configuration Utility. NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you will need to enter the new IP address to connect to an available LAN port on the back panel of the security...
Administration Guide
Page 22
... can change other WAN settings as a secondary WAN port. For most deployment scenarios, the default DHCP and TCP/IP settings of the screen. Alternatively, you will need to modify some of all connected devices. A new window opens with Cisco SA500 Series Security Appliances Administration Guide 22 However, you are described below. See Configuring...
... can change other WAN settings as a secondary WAN port. For most deployment scenarios, the default DHCP and TCP/IP settings of the screen. Alternatively, you will need to modify some of all connected devices. A new window opens with Cisco SA500 Series Security Appliances Administration Guide 22 However, you are described below. See Configuring...
Administration Guide
Page 23
...cisco for the password. You are in range. The default setting requires logging in the Edit column. STEP 2 In the first row of the Getting Started (Basic) page, click Change Default Admin Password And Add Users. These settings make it is strongly recommended that you begin using a web browser and entering the default IP... address of 192.168.75.1. Basic Tasks We strongly recommend that are strongly encouraged to change the user name and password for the default Administrator account. Changing the Default User Name and Password To prevent...
...cisco for the password. You are in range. The default setting requires logging in the Edit column. STEP 2 In the first row of the Getting Started (Basic) page, click Change Default Admin Password And Add Users. These settings make it is strongly recommended that you begin using a web browser and entering the default IP... address of 192.168.75.1. Basic Tasks We strongly recommend that are strongly encouraged to change the user name and password for the default Administrator account. Changing the Default User Name and Password To prevent...
Administration Guide
Page 26
... appliance enables communication between the devices on the LAN receive their IP addresses dynamically from the ISP. All devices have upgraded the firmware (see Upgrading the Firmware, page 24) and changed the default Administrator password (see Configuring the WAN Connection, page 37. Configuration...or LAN settings. NOTE Before you configure your network, make sure that are needed . Cisco SA500 Series Security Appliances Administration Guide 26 For more information, see Changing the Default User Name and Password, page 23). However, depending on the requirements of your ISP...
... appliance enables communication between the devices on the LAN receive their IP addresses dynamically from the ISP. All devices have upgraded the firmware (see Upgrading the Firmware, page 24) and changed the default Administrator password (see Configuring the WAN Connection, page 37. Configuration...or LAN settings. NOTE Before you configure your network, make sure that are needed . Cisco SA500 Series Security Appliances Administration Guide 26 For more information, see Changing the Default User Name and Password, page 23). However, depending on the requirements of your ISP...
Administration Guide
Page 27
... Communications System Configuration, page 28. 4. See Scenario 6: Firewall for Public Websites and Services, page 29. Consider whether you can use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your network from the Internet, or if you can use the Optional port as an extra LAN... and Remote Access, page 31. 7. For more information, see Configuring the Optional WAN, page 54. • If you can change the subnet address or the default IP address, or assign static IP addresses to the Internet, configure your devices.
... Communications System Configuration, page 28. 4. See Scenario 6: Firewall for Public Websites and Services, page 29. Consider whether you can use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your network from the Internet, or if you can use the Optional port as an extra LAN... and Remote Access, page 31. 7. For more information, see Configuring the Optional WAN, page 54. • If you can change the subnet address or the default IP address, or assign static IP addresses to the Internet, configure your devices.
Administration Guide
Page 28
... the DHCP Reserved IPs link under WAN & LAN Connectivity on the UC500. Cisco SA500 Series Security Appliances Administration Guide 28 Configure a static IP route from the WAN port of the UC500 to an available LAN port of 192.168.75.x. With the default configuration, the security... appliance acts as needed. IP Phones are assigned IP addresses in the...
... the DHCP Reserved IPs link under WAN & LAN Connectivity on the UC500. Cisco SA500 Series Security Appliances Administration Guide 28 Configure a static IP route from the WAN port of the UC500 to an available LAN port of 192.168.75.x. With the default configuration, the security... appliance acts as needed. IP Phones are assigned IP addresses in the...
Administration Guide
Page 29
...using the Internet for approved business purposes, you will need a way to allow some inbound traffic, you can configure various levels of IP addresses, or to configure firewall rules. After you configure your DMZ, you can configure the firewall rules that enable traffic to connect ... the security appliance for use the Firewall and NAT Rules links on the Getting Started (Advanced) page. Cisco SA500 Series Security Appliances Administration Guide 29 NOTE The default WAN and LAN settings might be sufficient for your private LAN and the Internet. Configuration tasks for this...
...using the Internet for approved business purposes, you will need a way to allow some inbound traffic, you can configure various levels of IP addresses, or to configure firewall rules. After you configure your DMZ, you can configure the firewall rules that enable traffic to connect ... the security appliance for use the Firewall and NAT Rules links on the Getting Started (Advanced) page. Cisco SA500 Series Security Appliances Administration Guide 29 NOTE The default WAN and LAN settings might be sufficient for your private LAN and the Internet. Configuration tasks for this...
Administration Guide
Page 30
....16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172.16.2.30 Public IP Address: 209.165.200.225 235140 User 192.168.75.10 User 192.168.75.11 NOTE The default WAN and LAN settings might be sufficient for this scenario: To start configuring... a DMZ, use the links in Scenario 1: Basic Network Configuration with Internet Access, page 26. Cisco SA500 Series...
....16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172.16.2.30 Public IP Address: 209.165.200.225 235140 User 192.168.75.10 User 192.168.75.11 NOTE The default WAN and LAN settings might be sufficient for this scenario: To start configuring... a DMZ, use the links in Scenario 1: Basic Network Configuration with Internet Access, page 26. Cisco SA500 Series...
Administration Guide
Page 35
The default WAN and LAN settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide 35 Getting Started Common Configuration Scenarios 1 Scenario 10: Wireless Networking With the SA520W,... steps outlined for this scenario: 1. Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for Scenario 1: Basic Network Configuration with Internet Access, page 26. 2. Although you transmit.
The default WAN and LAN settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide 35 Getting Started Common Configuration Scenarios 1 Scenario 10: Wireless Networking With the SA520W,... steps outlined for this scenario: 1. Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for Scenario 1: Basic Network Configuration with Internet Access, page 26. 2. Although you transmit.
Administration Guide
Page 37
...Idle Time in this option if your ISP to ensure Internet connectivity. Networking Configuring the WAN Connection 2 Configuring the WAN Connection By default, your security appliance is configured to log into the server (if applicable). • Connectivity Type: Choose one of the following ... Internet connection requires a login, complete these settings to complete the fields in minutes Cisco SA500 Series Security Appliances Administration Guide 37 For example, your ISP may have assigned a static IP address or may need to modify these fields under ISP Connection Type: • ISP...
...Idle Time in this option if your ISP to ensure Internet connectivity. Networking Configuring the WAN Connection 2 Configuring the WAN Connection By default, your security appliance is configured to log into the server (if applicable). • Connectivity Type: Choose one of the following ... Internet connection requires a login, complete these settings to complete the fields in minutes Cisco SA500 Series Security Appliances Administration Guide 37 For example, your ISP may have assigned a static IP address or may need to modify these fields under ISP Connection Type: • ISP...
Administration Guide
Page 38
... by your ISP. • DNS Server Source: DNS servers map Internet domain names (example: www.cisco.com) to IP addresses. If you choose this option if you have not been assigned a static DNS IP address. - Get Dynamically from ISP: Choose this option, enter the Day and Time you want to... Transmission Unit is either dynamic (newly generated each time you . Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Choose Default to enable a connection on . You can be passed on a VLAN tagged WAN interlace. • VLAN ID: Specify the VLAN ID. STEP 3 ...
... by your ISP. • DNS Server Source: DNS servers map Internet domain names (example: www.cisco.com) to IP addresses. If you choose this option if you have not been assigned a static DNS IP address. - Get Dynamically from ISP: Choose this option, enter the Day and Time you want to... Transmission Unit is either dynamic (newly generated each time you . Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Choose Default to enable a connection on . You can be passed on a VLAN tagged WAN interlace. • VLAN ID: Specify the VLAN ID. STEP 3 ...
Administration Guide
Page 43
...Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of a DNS server but uses the NetBIOS protocol to your LAN is configured in the DHCP configuration when acknowledging a DHCP request from a DHCP client. • By default... to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy...
...Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of a DNS server but uses the NetBIOS protocol to your LAN is configured in the DHCP configuration when acknowledging a DHCP request from a DHCP client. • By default... to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy...
Administration Guide
Page 45
... box to allow the security appliance to a network user. Cisco SA500 Series Security Appliances Administration Guide 45 These addresses should be used by particular devices, click LAN > DHCP Reserved IPs. For more information, see DHCP Reserved IPs, page 52. For more information, see Viewing the LAN ...proxy for the WINS server or, if present in hours that joins the LAN is 192.168.75.100. The default ending address is assigned an IP address in the IP address pool for your service provider. • Primary Tftp Server and Secondary Tftp Server (Optional): Optionally, enter ...
... box to allow the security appliance to a network user. Cisco SA500 Series Security Appliances Administration Guide 45 These addresses should be used by particular devices, click LAN > DHCP Reserved IPs. For more information, see DHCP Reserved IPs, page 52. For more information, see Viewing the LAN ...proxy for the WINS server or, if present in hours that joins the LAN is 192.168.75.100. The default ending address is assigned an IP address in the IP address pool for your service provider. • Primary Tftp Server and Secondary Tftp Server (Optional): Optionally, enter ...
Administration Guide
Page 46
... routing. The LAN Status window opens. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP 2 Click Apply to Test LAN Connectivity, page 221 in Appendix A, ... (VLANs), which can be treated like two separate networks. You can change the settings for the default VLANs, and you to a total of the connected devices, click LAN > DHCP Leased Clients. Cisco SA500 Series Security Appliances Administration Guide 46 Viewing the LAN Status STEP 1 Click Networking > LAN ...
... routing. The LAN Status window opens. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP 2 Click Apply to Test LAN Connectivity, page 221 in Appendix A, ... (VLANs), which can be treated like two separate networks. You can change the settings for the default VLANs, and you to a total of the connected devices, click LAN > DHCP Leased Clients. Cisco SA500 Series Security Appliances Administration Guide 46 Viewing the LAN Status STEP 1 Click Networking > LAN ...
Administration Guide
Page 47
...Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Data, IP Address Distribution: DHCP Server - IP Address: 10.1.1.1 - Data, Start IP Address: 192.168.75.50 (assuming LAN IP address is enabled with the... VLAN ID 1 - VLAN - Data, VLAN Number (untagged packets): 1 - End IP Address: 10.1.1.254 - Networking Configuring the LAN 2 This section includes the following topics: • Default...
...Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Data, IP Address Distribution: DHCP Server - IP Address: 10.1.1.1 - Data, Start IP Address: 192.168.75.50 (assuming LAN IP address is enabled with the... VLAN ID 1 - VLAN - Data, VLAN Number (untagged packets): 1 - End IP Address: 10.1.1.254 - Networking Configuring the LAN 2 This section includes the following topics: • Default...
Administration Guide
Page 50
... the default VLAN with PVID=1, which is untagged. STEP 1 Click Networking > VLAN > Multiple VLAN Subnets. Multiple VLAN Subnets Typically, VLANs are instances where you want to an unmanaged switch with...Multiple VLAN Subnet section of the page, enter the following settings: • IP Address: Enter the VLAN subnet IP address. • Subnet Mask: Enter the subnet mask for the members ...configure the VLAN Membership in the List of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 The Multiple VLAN Subnet Configuration window opens. ...
... the default VLAN with PVID=1, which is untagged. STEP 1 Click Networking > VLAN > Multiple VLAN Subnets. Multiple VLAN Subnets Typically, VLANs are instances where you want to an unmanaged switch with...Multiple VLAN Subnet section of the page, enter the following settings: • IP Address: Enter the VLAN subnet IP address. • Subnet Mask: Enter the subnet mask for the members ...configure the VLAN Membership in the List of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 The Multiple VLAN Subnet Configuration window opens. ...
Administration Guide
Page 131
... last checked for signature updates. - NOTE The Cisco username and password details once applied are only required once. The IPS Configuration window opens. • IPS Enable: By default, IPS is automatically updated for the security zone you must choose IPS as the facility. To display messages generated by IPS, you want to immediately update new signatures if...
... last checked for signature updates. - NOTE The Cisco username and password details once applied are only required once. The IPS Configuration window opens. • IPS Enable: By default, IPS is automatically updated for the security zone you must choose IPS as the facility. To display messages generated by IPS, you want to immediately update new signatures if...