Quick Start Guide
Page 4
... the Startup Wizard in ASDM 6-2 (Optional) Making Internal Services Accessible from the Internet (ASDM 6.2 and Later) 6-3 (Optional) Running the VPN Wizards for Remote Access Connectivity (ASDM 6.0 or Later) 6-4 (Optional) Running the VPN Wizards to Configure VPN Tunnels 6-6 (Optional) Other Wizards in ASDM 6-7 Related Documentation 6-7 Cisco ASA 5500 Series Quick Start Guide iv 78-19753-01
... the Startup Wizard in ASDM 6-2 (Optional) Making Internal Services Accessible from the Internet (ASDM 6.2 and Later) 6-3 (Optional) Running the VPN Wizards for Remote Access Connectivity (ASDM 6.0 or Later) 6-4 (Optional) Running the VPN Wizards to Configure VPN Tunnels 6-6 (Optional) Other Wizards in ASDM 6-7 Related Documentation 6-7 Cisco ASA 5500 Series Quick Start Guide iv 78-19753-01
Quick Start Guide
Page 12
... 1 SPD LINK 0 SPD FLASH POWER STATUS ACTIVE VPN FLASH 3 2 5 4 6 7 8 PrAodAduapcppttliiCCvaenDiscSceoecAuSriAty SPerCocdiusurcicotyt ACASapArpdliAadnacpetive QGuSueiCcicdikuserciotSyAtAaSpArptliAadnacpetive 9 10 300006 1 ASA 5510, 20, or 40 Chassis 3 2 Yellow Ethernet Cables 5 Blue Console Cable PC Terminal Adapter 7 Cable Holder 9 4 Rubber Feet 2 Rack-mounting Brackets 4 2 Long Cap Screws 6 4 Flathead Screws 8 4 Cap Screws 10 Documentation Cisco ASA 5580 Series Quick Start Guide 2-2 78-19753...
... 1 SPD LINK 0 SPD FLASH POWER STATUS ACTIVE VPN FLASH 3 2 5 4 6 7 8 PrAodAduapcppttliiCCvaenDiscSceoecAuSriAty SPerCocdiusurcicotyt ACASapArpdliAadnacpetive QGuSueiCcicdikuserciotSyAtAaSpArptliAadnacpetive 9 10 300006 1 ASA 5510, 20, or 40 Chassis 3 2 Yellow Ethernet Cables 5 Blue Console Cable PC Terminal Adapter 7 Cable Holder 9 4 Rubber Feet 2 Rack-mounting Brackets 4 2 Long Cap Screws 6 4 Flathead Screws 8 4 Cap Screws 10 Documentation Cisco ASA 5580 Series Quick Start Guide 2-2 78-19753...
Quick Start Guide
Page 14
Cisco ASA 5580 Series Quick Start Guide 2-4 78-19753-01 What to verify interface connectivity. What to Do Next Chapter 2 Installing the ASA 5510, ASA 5520, or ASA 5540 300007 CONSOLE AUX MGMT USB2 USB1 Management PC FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Unsecured Network Secured Network Step 3 Check the LINK/ACT indicators to Do Next Continue with Chapter 6, "Configuring the ASA."
Cisco ASA 5580 Series Quick Start Guide 2-4 78-19753-01 What to verify interface connectivity. What to Do Next Chapter 2 Installing the ASA 5510, ASA 5520, or ASA 5540 300007 CONSOLE AUX MGMT USB2 USB1 Management PC FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Unsecured Network Secured Network Step 3 Check the LINK/ACT indicators to Do Next Continue with Chapter 6, "Configuring the ASA."
Quick Start Guide
Page 16
...-4GE 0 SPD MGMT USB2 USB1 LINK 3 SPD LINK 2 SPD LINK 1 SPD LINK 0 SPD FLASH POWER STATUS ACTIVE VPN FLASH 3 2 5 4 6 7 8 9 ProAdAdupacpptltiiCCavneDisccSeoecAuSriAty SPerCocdiusurcicotyt ACASapArpdliAadnacpetive QGuSueiCcicdikuserciotSyAtAaSpArptliAadnacpetive 10 1 ASA 5550 Chassis 3 2 Yellow Ethernet Cables 5 Blue Console Cable PC Terminal Adapter 2 Rack-mounting brackets 4 2 Long Cap Screws 6 4 Flathead Screws Cisco ASA 5500 Series Quick Start Guide 3-2 78-19753-01
...-4GE 0 SPD MGMT USB2 USB1 LINK 3 SPD LINK 2 SPD LINK 1 SPD LINK 0 SPD FLASH POWER STATUS ACTIVE VPN FLASH 3 2 5 4 6 7 8 9 ProAdAdupacpptltiiCCavneDisccSeoecAuSriAty SPerCocdiusurcicotyt ACASapArpdliAadnacpetive QGuSueiCcicdikuserciotSyAtAaSpArptliAadnacpetive 10 1 ASA 5550 Chassis 3 2 Yellow Ethernet Cables 5 Blue Console Cable PC Terminal Adapter 2 Rack-mounting brackets 4 2 Long Cap Screws 6 4 Flathead Screws Cisco ASA 5500 Series Quick Start Guide 3-2 78-19753-01
Quick Start Guide
Page 18
Maximizing Throughput The ASA has two internal buses providing copper Gigabit Ethernet and fiber Gigabit Ethernet connectivity. Cisco ASA 5500 Series Quick Start Guide 3-4 78-19753-01 Maximizing Throughput Chapter 3 Installing the ASA 5550 PWR STATUS 300009 LNK 3 2 1 0 SPD CONSOLE AUX MGMT USB2 USB1 Management PC FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Unsecured Network Secured Network Step 3 Check the LINK/ACT indicators to verify interface connectivity.
Maximizing Throughput The ASA has two internal buses providing copper Gigabit Ethernet and fiber Gigabit Ethernet connectivity. Cisco ASA 5500 Series Quick Start Guide 3-4 78-19753-01 Maximizing Throughput Chapter 3 Installing the ASA 5550 PWR STATUS 300009 LNK 3 2 1 0 SPD CONSOLE AUX MGMT USB2 USB1 Management PC FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Unsecured Network Secured Network Step 3 Check the LINK/ACT indicators to verify interface connectivity.
Quick Start Guide
Page 19
...network flows through interface 0/0 on Bus 0 to hosts on the secure network. 78-19753-01 Cisco ASA 5500 Series Quick Start Guide 3-5 Chapter 3 Installing the ASA 5550 Figure 3-1 Embedded Ports on the ASA 5550 Slot 1 (Bus 1) Slot 0 (Bus 0) Maximizing Throughput CONSOLE AUX MGMT USB2 USB1 PWR...FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Copper Gigabit Fiber Gigabit Ethernet Ethernet Copper Gigabit Ethernet For maximum throughput, configure the ASA so that traffic enters through one bus and exiting through the other . Traffic from ...
...network flows through interface 0/0 on Bus 0 to hosts on the secure network. 78-19753-01 Cisco ASA 5500 Series Quick Start Guide 3-5 Chapter 3 Installing the ASA 5550 Figure 3-1 Embedded Ports on the ASA 5550 Slot 1 (Bus 1) Slot 0 (Bus 0) Maximizing Throughput CONSOLE AUX MGMT USB2 USB1 PWR...FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Copper Gigabit Fiber Gigabit Ethernet Ethernet Copper Gigabit Ethernet For maximum throughput, configure the ASA so that traffic enters through one bus and exiting through the other . Traffic from ...
Quick Start Guide
Page 20
What to Do Next Chapter 3 Installing the ASA 5550 Figure 3-2 Traffic Evenly Distributed for Maximum Throughput (Copper to Copper) Slot 1 Slot 0 CONSOLE AUX MGMT USB2 USB1 PWR STATUS 300010 LNK 3 2 1 0 SPD Incoming and outgoing traffic Unsecured Network FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 ER POW STATUS ACTIVE VPN FLASH Incoming and outgoing traffic Secured Network What to Do Next Continue with Chapter 6, "Configuring the ASA." Cisco ASA 5500 Series Quick Start Guide 3-6 78-19753-01
What to Do Next Chapter 3 Installing the ASA 5550 Figure 3-2 Traffic Evenly Distributed for Maximum Throughput (Copper to Copper) Slot 1 Slot 0 CONSOLE AUX MGMT USB2 USB1 PWR STATUS 300010 LNK 3 2 1 0 SPD Incoming and outgoing traffic Unsecured Network FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 ER POW STATUS ACTIVE VPN FLASH Incoming and outgoing traffic Secured Network What to Do Next Continue with Chapter 6, "Configuring the ASA." Cisco ASA 5500 Series Quick Start Guide 3-6 78-19753-01
Quick Start Guide
Page 28
...-60, ships with one power supply module installed and one power cable. Cisco ASA 5580 Series Quick Start Guide 5-2 78-19753-01 The Cisco ASA 5585-X ASAships with two power supply modules installed and two power cables. Powering On the ASA Chapter 5 Installing the ASA 5585-X 1 SFP1 SFP0 SFP1 SFP0 7 6 5 4 3 2 1 0 7 ...6 5 4 3 2 1 0 1 MGMT 0 1 MGMT 0 0 1 USB 0 1 USB PWR BOOT ALARM ACT VPN...
...-60, ships with one power supply module installed and one power cable. Cisco ASA 5580 Series Quick Start Guide 5-2 78-19753-01 The Cisco ASA 5585-X ASAships with two power supply modules installed and two power cables. Powering On the ASA Chapter 5 Installing the ASA 5585-X 1 SFP1 SFP0 SFP1 SFP0 7 6 5 4 3 2 1 0 7 ...6 5 4 3 2 1 0 1 MGMT 0 1 MGMT 0 0 1 USB 0 1 USB PWR BOOT ALARM ACT VPN...
Quick Start Guide
Page 30
...-20 include 2 SFP/SFP+ and 8 copper Gigabit Ethernet ports (as the DHCP server for more information. See the Cisco ASA 5585-X Adaptive Security Appliance Hardware Installation Guide for the management PC; Step 2 Connect your networks to the console port and...7 6 5 4 3 2 1 0 1 MGMT 0 0 1 USB PWR BOOT ALARM ACT VPN PS1 PS0 HDD1 HDD0 AUX CONSOLE RESET SFP1 SFP0 7 6 5 4 3 2 1 0 1 MGMT 0 0 1 USB PWR BOOT ALARM ACT VPN PS1 PS0 HDD1 HDD0 AUX CONSOLE RESET 3 Management PC Unsecure Network Secure Network Cisco ASA 5580 Series Quick Start Guide 5-4 78-19753-01
...-20 include 2 SFP/SFP+ and 8 copper Gigabit Ethernet ports (as the DHCP server for more information. See the Cisco ASA 5585-X Adaptive Security Appliance Hardware Installation Guide for the management PC; Step 2 Connect your networks to the console port and...7 6 5 4 3 2 1 0 1 MGMT 0 0 1 USB PWR BOOT ALARM ACT VPN PS1 PS0 HDD1 HDD0 AUX CONSOLE RESET SFP1 SFP0 7 6 5 4 3 2 1 0 1 MGMT 0 0 1 USB PWR BOOT ALARM ACT VPN PS1 PS0 HDD1 HDD0 AUX CONSOLE RESET 3 Management PC Unsecure Network Secure Network Cisco ASA 5580 Series Quick Start Guide 5-4 78-19753-01
Quick Start Guide
Page 36
... the inside network. Users have no direct access to resources by users on your ASA. The ASA downloads the AnyConnect Client to configure an SSL VPN policy on a group basis. After authentication, users access a portal page and can access specific, supported internal resources. Cisco ASA 5580 Series Quick Start Guide 6-4 78-19753-01 Chapter 6 Configuring the...
... the inside network. Users have no direct access to resources by users on your ASA. The ASA downloads the AnyConnect Client to configure an SSL VPN policy on a group basis. After authentication, users access a portal page and can access specific, supported internal resources. Cisco ASA 5580 Series Quick Start Guide 6-4 78-19753-01 Chapter 6 Configuring the...
Quick Start Guide
Page 37
Chapter 6 Configuring the ASA (Optional) Running the VPN Wizards for Remote Access Connectivity (ASDM 6.0 or Later) 300020 To run a VPN Wizard for remote access connectivity, perform the following steps: Step 1 Step 2 In the main ASDM window, choose Wizards > VPN Wizards > AnyConnect VPN Wizard or Clientless VPN Wizard. (In ASDM 6.3 or earlier, choose Wizards > SSL VPN Wizard > SSL VPN connection type-Clientless, Cisco SSL, or both.) Follow the wizard instructions. (For information about any wizard field, click Help in the window.) 78-19753-01 Cisco ASA 5580 Series Quick Start Guide 6-5
Chapter 6 Configuring the ASA (Optional) Running the VPN Wizards for Remote Access Connectivity (ASDM 6.0 or Later) 300020 To run a VPN Wizard for remote access connectivity, perform the following steps: Step 1 Step 2 In the main ASDM window, choose Wizards > VPN Wizards > AnyConnect VPN Wizard or Clientless VPN Wizard. (In ASDM 6.3 or earlier, choose Wizards > SSL VPN Wizard > SSL VPN connection type-Clientless, Cisco SSL, or both.) Follow the wizard instructions. (For information about any wizard field, click Help in the window.) 78-19753-01 Cisco ASA 5580 Series Quick Start Guide 6-5
Quick Start Guide
Page 38
..., choose Wizards > IPSec VPN Wizard > Tunnel type-Site-to -LAN) and remote access VPN connections. (Optional) Running the VPN Wizards to Configure VPN Tunnels Chapter 6 Configuring the ASA (Optional) Running the VPN Wizards to Configure VPN Tunnels The VPN Wizards to configure VPN tunnels help you configure basic site-to-site (LAN-to -Site or Remote Access.) Cisco ASA 5580 Series Quick...
..., choose Wizards > IPSec VPN Wizard > Tunnel type-Site-to -LAN) and remote access VPN connections. (Optional) Running the VPN Wizards to Configure VPN Tunnels Chapter 6 Configuring the ASA (Optional) Running the VPN Wizards to Configure VPN Tunnels The VPN Wizards to configure VPN tunnels help you configure basic site-to-site (LAN-to -Site or Remote Access.) Cisco ASA 5580 Series Quick...
Quick Start Guide
Page 39
... or business-to the Startup Wizard and VPN Wizards, you can run the following wizards in the packet analyzer. Chapter 6 Configuring the ASA (Optional) Other Wizards in ASDM Step 2 Follow the wizard instructions. (For information about ASA licensing.) • Packet Capture Wizard Configure...VPN cluster load balancing. • Unified Communications Wizard Configure a proxy on each of the ingress and egress interfaces. See the CLI configuration guide for examination and replay in ASDM to : http://www.cisco.com/en/US/docs/security/asa/roadmap/asaroadmap.html 78-19753-01 Cisco ASA...
... or business-to the Startup Wizard and VPN Wizards, you can run the following wizards in the packet analyzer. Chapter 6 Configuring the ASA (Optional) Other Wizards in ASDM Step 2 Follow the wizard instructions. (For information about ASA licensing.) • Packet Capture Wizard Configure...VPN cluster load balancing. • Unified Communications Wizard Configure a proxy on each of the ingress and egress interfaces. See the CLI configuration guide for examination and replay in ASDM to : http://www.cisco.com/en/US/docs/security/asa/roadmap/asaroadmap.html 78-19753-01 Cisco ASA...
Getting Started Guide
Page 6
... for a Cisco AnyConnect VPN Client 10-1 About SSL VPN Client Connections 10-1 Obtaining the Cisco AnyConnect VPN Client Software 10-2 Example Topology Using AnyConnect SSL VPN Clients 10-3 Implementing the Cisco SSL VPN Scenario 10-3 Information to Have Available 10-4 Configuring the Adaptive Security Appliance for the Cisco AnyConnect VPN Client 10-5 Specifying the SSL VPN Interface 10-6 Specifying a User Authentication Method 10-7 Cisco ASA 5500 Series...
... for a Cisco AnyConnect VPN Client 10-1 About SSL VPN Client Connections 10-1 Obtaining the Cisco AnyConnect VPN Client Software 10-2 Example Topology Using AnyConnect SSL VPN Clients 10-3 Implementing the Cisco SSL VPN Scenario 10-3 Information to Have Available 10-4 Configuring the Adaptive Security Appliance for the Cisco AnyConnect VPN Client 10-5 Specifying the SSL VPN Interface 10-6 Specifying a User Authentication Method 10-7 Cisco ASA 5500 Series...
Getting Started Guide
Page 7
... the Site-to-Site Scenario 12-2 Information to Have Available 12-3 Configuring the Site-to-Site VPN 12-3 Configuring the Security Appliance at the Local Site 12-3 Providing Information About the Remote VPN Peer 12-5 Configuring the IKE Policy 12-6 Configuring IPsec Encryption and Authentication Parameters 12-8 Cisco ASA 5500 Series Getting Started Guide vii
... the Site-to-Site Scenario 12-2 Information to Have Available 12-3 Configuring the Site-to-Site VPN 12-3 Configuring the Security Appliance at the Local Site 12-3 Providing Information About the Remote VPN Peer 12-5 Configuring the IKE Policy 12-6 Configuring IPsec Encryption and Authentication Parameters 12-8 Cisco ASA 5500 Series Getting Started Guide vii
Getting Started Guide
Page 8
... and Completing the Wizard 12-10 Configuring the Other Side of the VPN Connection 12-12 What to Do Next 12-13 13 C H A P T E R Configuring the AIP SSM 13-1 Understanding the AIP SSM 13-2 How the AIP SSM Works ... Appliance with CSC SSM Deployed for Content Security 14-4 Configuration Requirements 14-5 Configuring the CSC SSM for Content Security 14-6 Obtain Software Activation Key from Cisco.com 14-6 Gather Information 14-7 Verify Time Settings 14-7 Run the CSC Setup Wizard 14-8 What to Do Next 14-17...
... and Completing the Wizard 12-10 Configuring the Other Side of the VPN Connection 12-12 What to Do Next 12-13 13 C H A P T E R Configuring the AIP SSM 13-1 Understanding the AIP SSM 13-2 How the AIP SSM Works ... Appliance with CSC SSM Deployed for Content Security 14-4 Configuration Requirements 14-5 Configuring the CSC SSM for Content Security 14-6 Obtain Software Activation Key from Cisco.com 14-6 Gather Information 14-7 Verify Time Settings 14-7 Run the CSC Setup Wizard 14-8 What to Do Next 14-17...
Getting Started Guide
Page 12
... on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms" Perform initial setup of the adaptive security Chapter 7, "Configuring the appliance Adaptive Security Appliance" Configure the adaptive security appliance for Chapter 8, "Scenario: DMZ your implementation Configuration" Chapter 9, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 10, "Scenario: Configuring Connections for a Cisco AnyConnect VPN Client" Chapter 11, "Scenario: SSL VPN Clientless...
... on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms" Perform initial setup of the adaptive security Chapter 7, "Configuring the appliance Adaptive Security Appliance" Configure the adaptive security appliance for Chapter 8, "Scenario: DMZ your implementation Configuration" Chapter 9, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 10, "Scenario: Configuring Connections for a Cisco AnyConnect VPN Client" Chapter 11, "Scenario: SSL VPN Clientless...
Getting Started Guide
Page 13
... 6, "Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms" Perform initial setup the adaptive security appliance Chapter 7, "Configuring the Adaptive Security Appliance" Configure the adaptive security appliance for Chapter 9, "Scenario: IPsec AIP SSM Remote-Access VPN Configuration" Configure IPS software for intrusion prevention Configuring the Cisco Intrusion Prevention System Sensor Using the...
... 6, "Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms" Perform initial setup the adaptive security appliance Chapter 7, "Configuring the Adaptive Security Appliance" Configure the adaptive security appliance for Chapter 9, "Scenario: IPsec AIP SSM Remote-Access VPN Configuration" Configure IPS software for intrusion prevention Configuring the Cisco Intrusion Prevention System Sensor Using the...
Getting Started Guide
Page 16
Related Documents Chapter 1 Before You Begin • Cisco ASA 5500 Series Command Reference • Cisco ASA 5500 Series Configuration Guide using the CLI • Cisco ASA 5500 Series System Log Messages • Migrating to ASA for VPN 3000 Series Concentrator Administrators • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators • Open Source Software Licenses for ASA and PIX Security Appliances Cisco ASA 5500 Series Getting Started Guide 1-6 78-19186-01
Related Documents Chapter 1 Before You Begin • Cisco ASA 5500 Series Command Reference • Cisco ASA 5500 Series Configuration Guide using the CLI • Cisco ASA 5500 Series System Log Messages • Migrating to ASA for VPN 3000 Series Concentrator Administrators • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators • Open Source Software Licenses for ASA and PIX Security Appliances Cisco ASA 5500 Series Getting Started Guide 1-6 78-19186-01
Getting Started Guide
Page 18
... Slot 1 ports at a time. For more information on fiber ports and SFP modules, see the "Installing SFP Modules" section on the Cisco ASA 5550. To achieve this, lay out the network so that traffic is distributed equally between the two buses in the device. For example,... PWR STATUS 153217 LNK 3 2 1 0 SPD Ethernet Fiber FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Ethernet Note Although Slot 1 has four copper Ethernet ports and four fiber Ethernet ports, you can use . Cisco ASA 5500 Series Getting Started Guide 2-2 78-19186-01
... Slot 1 ports at a time. For more information on fiber ports and SFP modules, see the "Installing SFP Modules" section on the Cisco ASA 5550. To achieve this, lay out the network so that traffic is distributed equally between the two buses in the device. For example,... PWR STATUS 153217 LNK 3 2 1 0 SPD Ethernet Fiber FLASH LINK SPD LINK SPD LINK SPD LINK SPD 3 2 1 0 POWER STATUS ACTIVE VPN FLASH Ethernet Note Although Slot 1 has four copper Ethernet ports and four fiber Ethernet ports, you can use . Cisco ASA 5500 Series Getting Started Guide 2-2 78-19186-01