User Manual
Page 1
...) and an Inside interface configured for links to verify interface connectivity. LINK/ACT Indicator Power Indicator LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance If a LINK/ACT LED is not already running the wizard, you can set the following URL: https://192.168.1.1/admin The...
...) and an Inside interface configured for links to verify interface connectivity. LINK/ACT Indicator Power Indicator LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance If a LINK/ACT LED is not already running the wizard, you can set the following URL: https://192.168.1.1/admin The...
User Manual
Page 2
..., phone numbers, and fax numbers are listed on recycled paper containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance The use ASDM to set up the SSC and configure the Intrusion Prevention System (IPS) application to remote users when they ...SSL VPN lets users establish a secure, remote-access VPN tunnel to the ASA for the Cisco AnyConnect VPN client. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The server appears in the USA on the Cisco Website at www.cisco.com/go /trademarks. The Startup...
..., phone numbers, and fax numbers are listed on recycled paper containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance The use ASDM to set up the SSC and configure the Intrusion Prevention System (IPS) application to remote users when they ...SSL VPN lets users establish a secure, remote-access VPN tunnel to the ASA for the Cisco AnyConnect VPN client. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The server appears in the USA on the Cisco Website at www.cisco.com/go /trademarks. The Startup...
Administration Guide
Page 7
...GUI application. ASDM includes configuration wizards to guide you configure the Cisco AnyConnect VPN Client parameters on the security appliance. The PIX family of security appliances is for less common scenarios. Audience This guide is not supported...Cisco AnyConnect VPN Client Administrator Guide, and includes the following tasks: • Manage network security • Install and configuresecurity appliances • Configure VPNs OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7 Throughout this guide is to the Cisco ASA 5500 series security appliances (ASA 5505...
...GUI application. ASDM includes configuration wizards to guide you configure the Cisco AnyConnect VPN Client parameters on the security appliance. The PIX family of security appliances is for less common scenarios. Audience This guide is not supported...Cisco AnyConnect VPN Client Administrator Guide, and includes the following tasks: • Manage network security • Install and configuresecurity appliances • Configure VPNs OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7 Throughout this guide is to the Cisco ASA 5500 series security appliances (ASA 5505...
Administration Guide
Page 8
... the following documentation: • Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators •...
... the following documentation: • Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators •...
Administration Guide
Page 11
...-only connections and improves the performance of real-time applications that are displayed in this context, PC refers generically to the Cisco 5500 Series Adaptive Security Appliance running on your remote users' PCs. DTLS is primarily on PCs. It does not connect with a PIX device nor with... secure VPN connections to Windows, Mac, and Linux devices, but the focus in the user interface and define the names and addresses of host computers. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM...
...-only connections and improves the performance of real-time applications that are displayed in this context, PC refers generically to the Cisco 5500 Series Adaptive Security Appliance running on your remote users' PCs. DTLS is primarily on PCs. It does not connect with a PIX device nor with... secure VPN connections to Windows, Mac, and Linux devices, but the focus in the user interface and define the names and addresses of host computers. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM...
Administration Guide
Page 18
... and Importing Configurations. The 5.x export files are AnyConnect-CSA.zip and CSD-for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Cisco AnyConnect VPN Client Administrator Guide 1-8 OL-12950-012 The filenames are for Cisco Security Agents 5.2. You can get the files from: • The CD shipped with the...
... and Importing Configurations. The 5.x export files are AnyConnect-CSA.zip and CSD-for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Cisco AnyConnect VPN Client Administrator Guide 1-8 OL-12950-012 The filenames are for Cisco Security Agents 5.2. You can get the files from: • The CD shipped with the...
Administration Guide
Page 19
... CLI command interface. It also describes how to accept clientless SSL VPN connections. Unless the security appliance is configured to redirect http:// requests to do on the ASA5500 using Transport Layer Security (TLS). OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-1 Note A user with a clientless SSL VPN connection can...https://. 2 C H A P T E R Common AnyConnect VPN Client Installation and Configuration Procedures Installing the AnyConnect Client The installation and configuration consists of the ASA Release 8.0(1) and later and ASDM Release 6.0 and later.
... CLI command interface. It also describes how to accept clientless SSL VPN connections. Unless the security appliance is configured to redirect http:// requests to do on the ASA5500 using Transport Layer Security (TLS). OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-1 Note A user with a clientless SSL VPN connection can...https://. 2 C H A P T E R Common AnyConnect VPN Client Installation and Configuration Procedures Installing the AnyConnect Client The installation and configuration consists of the ASA Release 8.0(1) and later and ASDM Release 6.0 and later.
Administration Guide
Page 20
... 8.0 or later. For detailed descriptions of Trusted Sites (Internet Explorer), page 2-3 • Adding a Security Certificate in Cisco Security Appliance Command Line Configuration Guide. You can configure it as a trusted root certificate on the security appliance, see the Cisco ASA 5500 Command Reference Guide for certificates on the security appliance, choose one that is installed manually. If you can configure the...
... 8.0 or later. For detailed descriptions of Trusted Sites (Internet Explorer), page 2-3 • Adding a Security Certificate in Cisco Security Appliance Command Line Configuration Guide. You can configure it as a trusted root certificate on the security appliance, see the Cisco ASA 5500 Command Reference Guide for certificates on the security appliance, choose one that is installed manually. If you can configure the...
Administration Guide
Page 22
... as https://*.yourcompany.com to allow all ASA 5500s within the yourcompany.com domain to be used to support multiple sites. When a user gets the server certificate for the security appliance from a globally trusted certificate authority-for example, Verisign or Cisco-the user never sees a Security Alert pop-up Security Alert dialog box. The following examples...
... as https://*.yourcompany.com to allow all ASA 5500s within the yourcompany.com domain to be used to support multiple sites. When a user gets the server certificate for the security appliance from a globally trusted certificate authority-for example, Verisign or Cisco-the user never sees a Security Alert pop-up Security Alert dialog box. The following examples...
Administration Guide
Page 64
... use dynamic access policies. There is no specific configuration of Cisco Secure Desktop for Cisco ASA 5500 Series Administrators (Software Release 3.2). For detailed information about configuring Cisco Secure Desktop, see Cisco ASDM User Guide, Cisco Security Appliance Command Line Configuration Guide, or Cisco Security Appliance Command Reference. The Cisco AnyConnect VPN Client supports the Secure Desktop functions of AnyConnect required to work, both the compression...
... use dynamic access policies. There is no specific configuration of Cisco Secure Desktop for Cisco ASA 5500 Series Administrators (Software Release 3.2). For detailed information about configuring Cisco Secure Desktop, see Cisco ASDM User Guide, Cisco Security Appliance Command Line Configuration Guide, or Cisco Security Appliance Command Reference. The Cisco AnyConnect VPN Client supports the Secure Desktop functions of AnyConnect required to work, both the compression...
Administration Guide
Page 65
... place 30 minutes after the session begins, for the existing group-policy sales: hostname(config)# group-policy sales attributes OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 6-7 Note When using the AnyConnect client with which the client performs DPD. method ssl specifies that SSL ... of minutes from the start of the inline ssl type (CSC93610). To enable DPD on the ASA to allow the AnyConnect client to fall back to renegotiate with which the security appliance (gateway) performs DPD. client seconds enable DPD performed by the client, and specifies the frequency,...
... place 30 minutes after the session begins, for the existing group-policy sales: hostname(config)# group-policy sales attributes OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 6-7 Note When using the AnyConnect client with which the client performs DPD. method ssl specifies that SSL ... of minutes from the start of the inline ssl type (CSC93610). To enable DPD on the ASA to allow the AnyConnect client to fall back to renegotiate with which the security appliance (gateway) performs DPD. client seconds enable DPD performed by the client, and specifies the frequency,...
Installation Guide
Page 1
... P T E R Installing the ASA 5505 This chapter describes how to install your Cisco Cisco ASA 5505 adaptive security appliance, as shown in Figure 4-1. 78-18003-02 ASA 5505 Getting Started Guide 4-1 This chapter... includes the following sections: • Verifying the Package Contents, page 4-1 • PoE Ports and Devices, page 4-3 • Installing the Chassis, page 4-4 • Connecting to Network Interfaces, page 4-4 • Powering on the Cisco ASA 5505...
... P T E R Installing the ASA 5505 This chapter describes how to install your Cisco Cisco ASA 5505 adaptive security appliance, as shown in Figure 4-1. 78-18003-02 ASA 5505 Getting Started Guide 4-1 This chapter... includes the following sections: • Verifying the Package Contents, page 4-1 • PoE Ports and Devices, page 4-3 • Installing the Chassis, page 4-4 • Connecting to Network Interfaces, page 4-4 • Powering on the Cisco ASA 5505...
Installation Guide
Page 3
... case, power is attached. If a PoE device is not attached, power is always in low-power mode when drawing power from the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-3 If you install a non-PoE device or do not connect to these ports are not restricted to the port. ... phones or other PoE devices. Using crossover cable does not enable the Cisco ASA 5505 to provide power to the ports and the device must be used as IP phones and wireless access points. However, these switch ports, the adaptive security appliance does not supply power to the PoE ports. • Do not...
... case, power is attached. If a PoE device is not attached, power is always in low-power mode when drawing power from the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-3 If you install a non-PoE device or do not connect to these ports are not restricted to the port. ... phones or other PoE devices. Using crossover cable does not enable the Cisco ASA 5505 to provide power to the ports and the device must be used as IP phones and wireless access points. However, these switch ports, the adaptive security appliance does not supply power to the PoE ports. • Do not...
Installation Guide
Page 5
... to an inside port on the rear panel of the adaptive security appliance, use a straight through cable because ports 0 through 5 are switched ports and ports 6 and 7 are PoE ports and both require that you connect a straight through cable. 78-18003-02 ASA 5505 Getting Started Guide 4-5 Note When connecting a computer to a device, such as...
... to an inside port on the rear panel of the adaptive security appliance, use a straight through cable because ports 0 through 5 are switched ports and ports 6 and 7 are PoE ports and both require that you connect a straight through cable. 78-18003-02 ASA 5505 Getting Started Guide 4-5 Note When connecting a computer to a device, such as...
Installation Guide
Page 6
... connector of the power supply input cable to an electrical outlet. Powering on the Cisco ASA 5505 Chapter 4 Installing the ASA 5505 Powering on the Cisco ASA 5505 To power on the Cisco ASA 5505, perform the following steps: Step 1 Make sure that the speed of the PC...manage the Cisco ASA 5505, perform the following steps: Step 1 Step 2 Step 3 Connect the power supply with the Adaptive Security Device Manager (ASDM) application, which provides an intuitive graphical user interface (GUI). For more information, see Chapter 1, "Configuring the Adaptive Security Appliance." For...
... connector of the power supply input cable to an electrical outlet. Powering on the Cisco ASA 5505 Chapter 4 Installing the ASA 5505 Powering on the Cisco ASA 5505 To power on the Cisco ASA 5505, perform the following steps: Step 1 Make sure that the speed of the PC...manage the Cisco ASA 5505, perform the following steps: Step 1 Step 2 Step 3 Connect the power supply with the Adaptive Security Device Manager (ASDM) application, which provides an intuitive graphical user interface (GUI). For more information, see Chapter 1, "Configuring the Adaptive Security Appliance." For...
Installation Guide
Page 7
...Security Appliance" for System Administration Step 2 By default, the Cisco ASA 5505 automatically negotiates the inside port on the front panel of the Cisco ASA 5505 lights up solid green. Chapter 4 Installing the ASA 5505 Setting Up a PC for information about how to perform initial setup and configuration of the Cisco ASA 5505. 78-18003-02 ASA 5505...DHCP (to receive an IP address automatically from the Cisco ASA 5505), which enables the PC to communicate with a mask of 255.255.255.0 and default route of the adaptive security appliance is assigned 192.168.1.1 by selecting an address ...
...Security Appliance" for System Administration Step 2 By default, the Cisco ASA 5505 automatically negotiates the inside port on the front panel of the Cisco ASA 5505 lights up solid green. Chapter 4 Installing the ASA 5505 Setting Up a PC for information about how to perform initial setup and configuration of the Cisco ASA 5505. 78-18003-02 ASA 5505...DHCP (to receive an IP address automatically from the Cisco ASA 5505), which enables the PC to communicate with a mask of 255.255.255.0 and default route of the adaptive security appliance is assigned 192.168.1.1 by selecting an address ...
Installation Guide
Page 9
... 1 Step 2 Follow the directions from the manufacturer for securing the adaptive security appliance. To install a cable lock, perform the following topics: • Front Panel Components, page 4-10 • Rear Panel Components, page 4-12 78-18003-02 ASA 5505 Getting Started Guide 4-9 Ports and LEDs This section describes the... desktop cable locks to the lock slot on your PC. Plug the other end of the Cisco ASA 5505. The cable lock is not included. Attach the cable lock to provide physical security for 9600 baud, 8 data bits, no parity, and 1 stop bit. Configure the PC...
... 1 Step 2 Follow the directions from the manufacturer for securing the adaptive security appliance. To install a cable lock, perform the following topics: • Front Panel Components, page 4-10 • Rear Panel Components, page 4-12 78-18003-02 ASA 5505 Getting Started Guide 4-9 Ports and LEDs This section describes the... desktop cable locks to the lock slot on your PC. Plug the other end of the Cisco ASA 5505. The cable lock is not included. Attach the cable lock to provide physical security for 9600 baud, 8 data bits, no parity, and 1 stop bit. Configure the PC...
Installation Guide
Page 10
... the operating speed and the other to indicate whether the physical link is flowing at 100 Mbps. Figure 4-4 ASA 5505 Front Panel 123 4 5678 LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance 153382 Port / LED Color 1 USB Port - 2 Speed Indicators Not lit Green 3 Link Activity Indicators 4 Power 5 Status Green...
... the operating speed and the other to indicate whether the physical link is flowing at 100 Mbps. Figure 4-4 ASA 5505 Front Panel 123 4 5678 LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance 153382 Port / LED Color 1 USB Port - 2 Speed Indicators Not lit Green 3 Link Activity Indicators 4 Power 5 Status Green...