Getting Started Guide
Page 3
... E R 2 C H A P T E R 78-17645-01 CONTENTS Installing and Setting Up the PIX 515E Security Appliance 1-1 Verifying the Package Contents 1-2 Installing the PIX 515E Security Appliance 1-3 Front and Back Panel Components 1-4 Setting Up the Security Appliance 1-5 About the Factory-Default ...Scenario: DMZ Configuration 2-1 Example DMZ Network Topology 2-1 Configuring the Security Appliance for a DMZ Deployment 2-4 Configuration Requirements 2-5 Starting ASDM 2-6 Creating IP Pools for Network Address Translation 2-7 Configuring NAT for Inside Clients to Communicate with the DMZ Web Server 2-12...
... E R 2 C H A P T E R 78-17645-01 CONTENTS Installing and Setting Up the PIX 515E Security Appliance 1-1 Verifying the Package Contents 1-2 Installing the PIX 515E Security Appliance 1-3 Front and Back Panel Components 1-4 Setting Up the Security Appliance 1-5 About the Factory-Default ...Scenario: DMZ Configuration 2-1 Example DMZ Network Topology 2-1 Configuring the Security Appliance for a DMZ Deployment 2-4 Configuration Requirements 2-5 Starting ASDM 2-6 Creating IP Pools for Network Address Translation 2-7 Configuring NAT for Inside Clients to Communicate with the DMZ Web Server 2-12...
Getting Started Guide
Page 4
... Example IPsec Remote-Access VPN Network Topology 3-1 Implementing the IPsec Remote-Access VPN Scenario 3-2 Information to Have Available 3-3 Starting ASDM 3-3 Configuring the PIX 515E for an IPsec Remote-Access VPN 3-5 Selecting VPN Client Types 3-6 Specifying the VPN Tunnel Group Name and Authentication Method 3-7... Topology 4-1 Implementing the Site-to-Site Scenario 4-2 Information to Have Available 4-2 Configuring the Site-to-Site VPN 4-3 Starting ASDM 4-3 Configuring the Security Appliance at the Local Site 4-4 Providing Information About the Remote VPN Peer 4-6 Configuring the IKE Policy ...
... Example IPsec Remote-Access VPN Network Topology 3-1 Implementing the IPsec Remote-Access VPN Scenario 3-2 Information to Have Available 3-3 Starting ASDM 3-3 Configuring the PIX 515E for an IPsec Remote-Access VPN 3-5 Selecting VPN Client Types 3-6 Specifying the VPN Tunnel Group Name and Authentication Method 3-7... Topology 4-1 Implementing the Site-to-Site Scenario 4-2 Information to Have Available 4-2 Configuring the Site-to-Site VPN 4-3 Starting ASDM 4-3 Configuring the Security Appliance at the Local Site 4-4 Providing Information About the Remote VPN Peer 4-6 Configuring the IKE Policy ...
Getting Started Guide
Page 11
...the procedures in this chapter refer to the method using either the browser-based Cisco Adaptive Security Device Manager (ASDM) or the command-line interface (CLI). You can perform the configuration steps using ASDM. For more information, see Appendix A, "Obtaining a DES License or a 3DES...To use ASDM, you must have a DES license or a 3DES-AES license. This section includes the following topics: • About the Factory-Default Configuration, page 1-6 • About the Adaptive Security Device Manager, page 1-6 • Using the Startup Wizard, page 1-7 78-17645-01 PIX 515E Security ...
...the procedures in this chapter refer to the method using either the browser-based Cisco Adaptive Security Device Manager (ASDM) or the command-line interface (CLI). You can perform the configuration steps using ASDM. For more information, see Appendix A, "Obtaining a DES License or a 3DES...To use ASDM, you must have a DES license or a 3DES-AES license. This section includes the following topics: • About the Factory-Default Configuration, page 1-6 • About the Adaptive Security Device Manager, page 1-6 • Using the Startup Wizard, page 1-7 78-17645-01 PIX 515E Security ...
Getting Started Guide
Page 12
...connect to complete your configuration. Administrators can quickly connect to the device and use ASDM to the appliance. About the Adaptive Security Device Manager PIX 515E Security Appliance Getting Started Guide 1-6 78-17645-01 The factory-default configuration automatically ...using ASDM. By default, the security appliance management interface is configured with a factory-default configuration that enables quick startup. Setting Up the Security Appliance Chapter 1 Installing and Setting Up the PIX 515E Security Appliance About the Factory-Default Configuration Cisco security...
...connect to complete your configuration. Administrators can quickly connect to the device and use ASDM to the appliance. About the Adaptive Security Device Manager PIX 515E Security Appliance Getting Started Guide 1-6 78-17645-01 The factory-default configuration automatically ...using ASDM. By default, the security appliance management interface is configured with a factory-default configuration that enables quick startup. Setting Up the Security Appliance Chapter 1 Installing and Setting Up the PIX 515E Security Appliance About the Factory-Default Configuration Cisco security...
Getting Started Guide
Page 13
... wizards to simplify the initial configuration of the security appliance. Using the Startup Wizard ASDM includes a Startup Wizard to simplify and accelerate the deployment of your web browser. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 1-7 For more information, see Appendix A, "Obtaining ..., the Startup Wizard enables you to the ASDM web configuration tool, you did not purchase one of these licenses with the security appliance, see the Cisco Security Appliance Command Line Configuration Guide and the Cisco Security Appliance Command Reference. Its web-based design...
... wizards to simplify the initial configuration of the security appliance. Using the Startup Wizard ASDM includes a Startup Wizard to simplify and accelerate the deployment of your web browser. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 1-7 For more information, see Appendix A, "Obtaining ..., the Startup Wizard enables you to the ASDM web configuration tool, you did not purchase one of these licenses with the security appliance, see the Cisco Security Appliance Command Line Configuration Guide and the Cisco Security Appliance Command Reference. Its web-based design...
Getting Started Guide
Page 14
... your PC to the inside port (Ethernet 1) on the rear panel of the PIX 515E. a. On the PC connected to the inside interface of the PIX 515E. In the address field of 192.168.1.1. Start ASDM. Running the Startup Wizard To use the Startup Wizard to set up a basic ... Started Guide 1-8 78-17645-01 Configure your browser and the security appliance. Setting Up the Security Appliance Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Step 3 Gather the following information: • A unique hostname to identify the security appliance on your network. • The IP...
... your PC to the inside port (Ethernet 1) on the rear panel of the PIX 515E. a. On the PC connected to the inside interface of the PIX 515E. In the address field of 192.168.1.1. Start ASDM. Running the Startup Wizard To use the Startup Wizard to set up a basic ... Started Guide 1-8 78-17645-01 Configure your browser and the security appliance. Setting Up the Security Appliance Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Step 3 Gather the following information: • A unique hostname to identify the security appliance on your network. • The IP...
Getting Started Guide
Page 15
...bottom of the following chapters: 78-17645-01 To Do This ... For more of the window. What to run the ASDM software as a Java applet. Configure the security appliance to protect a DMZ web server Configure the security appliance for remote...information about the icmp command, see the Cisco Security Appliance Command Reference. Click Yes for Site-to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 Chapter 1 Installing and Setting Up the PIX 515E Security Appliance What to accept the certificates. ASDM starts. Chapter 2, "Scenario: DMZ ...
...bottom of the following chapters: 78-17645-01 To Do This ... For more of the window. What to run the ASDM software as a Java applet. Configure the security appliance to protect a DMZ web server Configure the security appliance for remote...information about the icmp command, see the Cisco Security Appliance Command Reference. Click Yes for Site-to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 Chapter 1 Installing and Setting Up the PIX 515E Security Appliance What to accept the certificates. ASDM starts. Chapter 2, "Scenario: DMZ ...
Getting Started Guide
Page 20
Configuring the Security Appliance for a DMZ Deployment This section describes how to use ASDM to the private IP address of DMZ web server. Internet HTTP client 3 Destination IP address translated to configure the security appliance for the configuration scenario ... is destined for content. HTTP client 153779 4 Web server receives request for the DMZ web server. The procedure uses sample parameters based on the scenario. PIX 515E Security Appliance Getting Started Guide 2-4 78-17645-01 DMZ Web Private IP address: 10.30.30.30 Server Public IP address: 209.165.200.226...
Configuring the Security Appliance for a DMZ Deployment This section describes how to use ASDM to the private IP address of DMZ web server. Internet HTTP client 3 Destination IP address translated to configure the security appliance for the configuration scenario ... is destined for content. HTTP client 153779 4 Web server receives request for the DMZ web server. The procedure uses sample parameters based on the scenario. PIX 515E Security Appliance Getting Started Guide 2-4 78-17645-01 DMZ Web Private IP address: 10.30.30.30 Server Public IP address: 209.165.200.226...
Getting Started Guide
Page 21
...should configure the following: - In this scenario, the IP pool is 50.) For more information about using the Startup Wizard in ASDM. To accomplish this task, you must create a rule that translates the real IP addresses of internal clients to the DMZ web server...to an external address that can be used as the source address. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-5 The section includes the following topics: • Configuration Requirements, page 2-5 • Starting ASDM, page 2-6 • Creating IP Pools for Network Address Translation, page 2-7 •...
...should configure the following: - In this scenario, the IP pool is 50.) For more information about using the Startup Wizard in ASDM. To accomplish this task, you must create a rule that translates the real IP addresses of internal clients to the DMZ web server...to an external address that can be used as the source address. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-5 The section includes the following topics: • Configuration Requirements, page 2-5 • Starting ASDM, page 2-6 • Creating IP Pools for Network Address Translation, page 2-7 •...
Getting Started Guide
Page 22
... HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. Create a static NAT rule. Starting ASDM To run ASDM in a web browser, enter the factory-default IP address in "https" or the connection fails. Note Remember to be translated... the Security Appliance for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration To accomplish this task, you should configure the following: - PIX 515E Security Appliance Getting Started Guide 2-6 78-17645-01 In this task, you should configure a PAT translation rule (port address translation rule...
... HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. Create a static NAT rule. Starting ASDM To run ASDM in a web browser, enter the factory-default IP address in "https" or the connection fails. Note Remember to be translated... the Security Appliance for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration To accomplish this task, you should configure the following: - PIX 515E Security Appliance Getting Started Guide 2-6 78-17645-01 In this task, you should configure a PAT translation rule (port address translation rule...
Getting Started Guide
Page 24
...To configure a pool of IP addresses that can be used for the DMZ interface. In the right pane, click the Global Pools tab. PIX 515E Security Appliance Getting Started Guide 2-8 78-17645-01 In the Features pane, click NAT. Note For most configurations, IP pools are added to ...create a new global pool for network address translation, perform the following steps: Step 1 In the ASDM window, click the Configuration tool. The NAT Configuration screen appears. c. The Add Global Address Pool dialog box appears. b. Click Add to the ...
...To configure a pool of IP addresses that can be used for the DMZ interface. In the right pane, click the Global Pools tab. PIX 515E Security Appliance Getting Started Guide 2-8 78-17645-01 In the Features pane, click NAT. Note For most configurations, IP pools are added to ...create a new global pool for network address translation, perform the following steps: Step 1 In the ASDM window, click the Configuration tool. The NAT Configuration screen appears. c. The Add Global Address Pool dialog box appears. b. Click Add to the ...
Getting Started Guide
Page 28
Configuring NAT for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration The displayed configuration should be similar to mask the private IP addresses of IP addresses that could be used by the security appliance to the following: Step 3 Confirm that the configuration values are correct. Step 4 Click Apply in the main ASDM window. Configuring the Security Appliance for Inside Clients to Communicate with the DMZ Web Server In the previous procedure, you created a pool of inside clients. 2-12 PIX 515E Security Appliance Getting Started Guide 78-17645-01
Configuring NAT for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration The displayed configuration should be similar to mask the private IP addresses of IP addresses that could be used by the security appliance to the following: Step 3 Confirm that the configuration values are correct. Step 4 Click Apply in the main ASDM window. Configuring the Security Appliance for Inside Clients to Communicate with the DMZ Web Server In the previous procedure, you created a pool of inside clients. 2-12 PIX 515E Security Appliance Getting Started Guide 78-17645-01
Getting Started Guide
Page 29
...: Step 1 Step 2 Step 3 In the main ASDM window, click the Configuration tool. In the Features pane, click NAT. The Add Dynamic NAT Rule dialog box appears. For this Dynamic NAT rule, check the Select check box next to create a new IP pool. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-13...
...: Step 1 Step 2 Step 3 In the main ASDM window, click the Configuration tool. In the Features pane, click NAT. The Add Dynamic NAT Rule dialog box appears. For this Dynamic NAT rule, check the Select check box next to create a new IP pool. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-13...
Getting Started Guide
Page 30
... OK to add the Dynamic NAT Rule and return to be used for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration c. ASDM is able to create both in the same IP pool. 2-14 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Review the configuration screen to be used when inside and DMZ interfaces...
... OK to add the Dynamic NAT Rule and return to be used for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration c. ASDM is able to create both in the same IP pool. 2-14 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Review the configuration screen to be used when inside and DMZ interfaces...
Getting Started Guide
Page 32
In the Features pane, click NAT. From the Interface drop-down list, choose the Netmask 255.255.255.255. 2-16 PIX 515E Security Appliance Getting Started Guide 78-17645-01 However, in this scenario you do not need to create a NAT rule between the inside ...the Internet. From the Netmask drop-down list, choose the DMZ interface. c. This enables ASDM to a public IP address (209.165.200.226), perform the following steps: Step 1 Step 2 Step 3 Step 4 In the ASDM window, click the Configuration tool. This configuration requires translating the private IP address of the DMZ...
In the Features pane, click NAT. From the Interface drop-down list, choose the Netmask 255.255.255.255. 2-16 PIX 515E Security Appliance Getting Started Guide 78-17645-01 However, in this scenario you do not need to create a NAT rule between the inside ...the Internet. From the Netmask drop-down list, choose the DMZ interface. c. This enables ASDM to a public IP address (209.165.200.226), perform the following steps: Step 1 Step 2 Step 3 Step 4 In the ASDM window, click the Configuration tool. This configuration requires translating the private IP address of the DMZ...
Getting Started Guide
Page 35
... of traffic protocol and service to be permitted. To configure the access control rule, perform the following steps: Step 1 In the ASDM window: a. All other traffic coming in from the public network is incoming or outgoing, the origin and destination of the traffic, and...the web server on the DMZ network. In the Features pane, click Security Policy. The Add Access Rule dialog box appears. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-19 c. b. Click the Configuration tool. Chapter 2 Scenario: DMZ Configuration Configuring the Security Appliance for a DMZ...
... of traffic protocol and service to be permitted. To configure the access control rule, perform the following steps: Step 1 In the ASDM window: a. All other traffic coming in from the public network is incoming or outgoing, the origin and destination of the traffic, and...the web server on the DMZ network. In the Features pane, click Security Policy. The Add Access Rule dialog box appears. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 2-19 c. b. Click the Configuration tool. Chapter 2 Scenario: DMZ Configuration Configuring the Security Appliance for a DMZ...
Getting Started Guide
Page 40
... to protect a web server in a DMZ, you have completed the initial configuration. Cisco Security Appliance Command Line Configuration Guide Cisco Security Appliance Command Reference Cisco Security Appliance Logging Configuration and System Log Messages You can configure the security appliance for...the security appliance. 2-24 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Refine configuration and configure optional and advanced features Learn about daily operations See ... The following additional steps: To Do This ... Alternatively, ASDM prompts you to consider ...
... to protect a web server in a DMZ, you have completed the initial configuration. Cisco Security Appliance Command Line Configuration Guide Cisco Security Appliance Command Reference Cisco Security Appliance Logging Configuration and System Log Messages You can configure the security appliance for...the security appliance. 2-24 PIX 515E Security Appliance Getting Started Guide 78-17645-01 Refine configuration and configure optional and advanced features Learn about daily operations See ... The following additional steps: To Do This ... Alternatively, ASDM prompts you to consider ...
Getting Started Guide
Page 44
...3) 132209 Implementing the IPsec Remote-Access VPN Scenario This section describes how to configure the security appliance to Have Available, page 3-3 • Starting ASDM, page 3-3 • Configuring the PIX 515E for example configuration settings are implementing an Easy VPN solution, this section describes how to configure an Easy VPN server (also known as... Figure 3-1. If you are taken from remote clients and devices. Values for an IPsec Remote-Access VPN, page 3-5 • Selecting VPN Client Types, page 3-6 PIX 515E Security Appliance Getting Started Guide 3-2 78-17645-01
...3) 132209 Implementing the IPsec Remote-Access VPN Scenario This section describes how to configure the security appliance to Have Available, page 3-3 • Starting ASDM, page 3-3 • Configuring the PIX 515E for example configuration settings are implementing an Easy VPN solution, this section describes how to configure an Easy VPN server (also known as... Figure 3-1. If you are taken from remote clients and devices. Values for an IPsec Remote-Access VPN, page 3-5 • Selecting VPN Client Types, page 3-6 PIX 515E Security Appliance Getting Started Guide 3-2 78-17645-01
Getting Started Guide
Page 45
...the security appliance to accept remote access IPsec VPN connections, make sure that should be made accessible to authenticated remote clients Starting ASDM To run ASDM in a web browser, enter the factory default IP address in an IP pool. Default domain name - IP addresses for the... the following information available: • Range of users to be used in the address field: https://192.168.1.1/admin/. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-3 List of IP addresses for local hosts, groups, and networks that you are successfully connected. • List...
...the security appliance to accept remote access IPsec VPN connections, make sure that should be made accessible to authenticated remote clients Starting ASDM To run ASDM in a web browser, enter the factory default IP address in an IP pool. Default domain name - IP addresses for the... the following information available: • Range of users to be used in the address field: https://192.168.1.1/admin/. 78-17645-01 PIX 515E Security Appliance Getting Started Guide 3-3 List of IP addresses for local hosts, groups, and networks that you are successfully connected. • List...
Getting Started Guide
Page 46
The Main ASDM window appears. HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. PIX 515E Security Appliance Getting Started Guide 3-4 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Note Remember to add the "s" in "https" or the connection fails.
The Main ASDM window appears. HTTPS (HTTP over SSL) provides a secure connection between your browser and the security appliance. PIX 515E Security Appliance Getting Started Guide 3-4 78-17645-01 Implementing the IPsec Remote-Access VPN Scenario Chapter 3 Scenario: IPsec Remote-Access VPN Configuration Note Remember to add the "s" in "https" or the connection fails.