Configuration Guide
Page 1
Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators Software Release 3.1.1 October 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8607-02
Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators Software Release 3.1.1 October 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8607-02
Configuration Guide
Page 2
..., GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to be actual addresses. Cisco Secure Desktop Configuration Guide © 2006 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION...
..., GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to be actual addresses. Cisco Secure Desktop Configuration Guide © 2006 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION...
Configuration Guide
Page 3
... CSD 2-1 Using CLI to Enable or Disable CSD 2-1 Using ASDM to Enable or Disable CSD 2-3 Introduction 3-1 CSD Capabilities 3-1 Navigation 3-2 Saving and Resetting the Running CSD Configuration 3-5 Tutorial 4-1 Step One: Define Windows Locations 4-1 Step Two: Define Windows Location Identification 4-3 Cisco Secure Desktop Configuration Guide iii
... CSD 2-1 Using CLI to Enable or Disable CSD 2-1 Using ASDM to Enable or Disable CSD 2-3 Introduction 3-1 CSD Capabilities 3-1 Navigation 3-2 Saving and Resetting the Running CSD Configuration 3-5 Tutorial 4-1 Step One: Define Windows Locations 4-1 Step Two: Define Windows Location Identification 4-3 Cisco Secure Desktop Configuration Guide iii
Configuration Guide
Page 4
... for a Location 5-13 Configuring Web Browsing, File Access, Port Forwarding, and Full Tunneling VPN Policies for a Location 5-16 Configuring Keystroke Logger for a Location 5-19 Configuring Cache Cleaner for a Location 5-22 Configuring Secure Desktop General for a Location 5-23 Configuring Secure Desktop Settings for a Location 5-25 Configuring Secure Desktop Browser for a Location 5-27 Cisco Secure Desktop Configuration Guide iv OL-8607...
... for a Location 5-13 Configuring Web Browsing, File Access, Port Forwarding, and Full Tunneling VPN Policies for a Location 5-16 Configuring Keystroke Logger for a Location 5-19 Configuring Cache Cleaner for a Location 5-22 Configuring Secure Desktop General for a Location 5-23 Configuring Secure Desktop Settings for a Location 5-25 Configuring Secure Desktop Browser for a Location 5-27 Cisco Secure Desktop Configuration Guide iv OL-8607...
Configuration Guide
Page 5
... end user use the CSD features? A-4 Which antivirus applications does System Detection support? A-4 Which personal firewall applications does System Detection support? A-6 OL-8607-02 Cisco Secure Desktop Configuration Guide v A-1 Do I need to access the network? A-3 If I enable Vault reuse, how large is cleaned, either by the Secure Desktop and the Cache Cleaner? A-6 What...
... end user use the CSD features? A-4 Which antivirus applications does System Detection support? A-4 Which personal firewall applications does System Detection support? A-6 OL-8607-02 Cisco Secure Desktop Configuration Guide v A-1 Do I need to access the network? A-3 If I enable Vault reuse, how large is cleaned, either by the Secure Desktop and the Cache Cleaner? A-6 What...
Configuration Guide
Page 7
...browser-enabled interface for network managers and administrators, this guide describes how to install, configure, and enable Cisco Secure Desktop (CSD) on a Cisco ASA 5500 Series security appliance to provide a safe computing environment through an example configuration to provide an overview of related documents. Tutorial Steps...decisions that match the location criteria. Subsequent sections describe how to CSD. OL-8607-02 Cisco Secure Desktop Configuration Guide vii Audience and Scope Written for CSD administrators), how to navigate the Secure Desktop Manager, and how to ...
...browser-enabled interface for network managers and administrators, this guide describes how to install, configure, and enable Cisco Secure Desktop (CSD) on a Cisco ASA 5500 Series security appliance to provide a safe computing environment through an example configuration to provide an overview of related documents. Tutorial Steps...decisions that match the location criteria. Subsequent sections describe how to CSD. OL-8607-02 Cisco Secure Desktop Configuration Guide vii Audience and Scope Written for CSD administrators), how to navigate the Secure Desktop Manager, and how to ...
Configuration Guide
Page 8
... Organization (continued) Topic Purpose Setting Up CSD for Microsoft Describes how to configure Secure Desktop and Cache Cleaner support Windows Clients for the ASA 5510, ASA 5520, and ASA 5540 • Cisco Security Appliance Command Line Configuration Guide • Cisco Security Appliance Command Reference Cisco Secure Desktop Configuration Guide viii OL-8607-02 Frequently Asked Questions Provides questions and answers on a broad...
... Organization (continued) Topic Purpose Setting Up CSD for Microsoft Describes how to configure Secure Desktop and Cache Cleaner support Windows Clients for the ASA 5510, ASA 5520, and ASA 5540 • Cisco Security Appliance Command Line Configuration Guide • Cisco Security Appliance Command Reference Cisco Secure Desktop Configuration Guide viii OL-8607-02 Frequently Asked Questions Provides questions and answers on a broad...
Configuration Guide
Page 9
....do not have access to access installation, configuration, and command guides for the Cisco ASA 5500 Series • Cisco Security Appliance Logging Configuration and System Log Messages Obtaining Documentation Cisco documentation and additional literature are available singly or by subscription. Registered Cisco.com users can register at this URL: http://www.cisco.com/univercd/home/home.htm The Product...
....do not have access to access installation, configuration, and command guides for the Cisco ASA 5500 Series • Cisco Security Appliance Logging Configuration and System Log Messages Obtaining Documentation Cisco documentation and additional literature are available singly or by subscription. Registered Cisco.com users can register at this URL: http://www.cisco.com/univercd/home/home.htm The Product...
Configuration Guide
Page 10
... or a condition for example, GnuPG) to encrypt any sensitive information that you have identified a vulnerability in a Cisco product, contact PSIRT: • For emergencies only - We test our products internally before we release them, and...Guide Documentation Feedback You can provide feedback about how to do the following: • Report security vulnerabilities in Cisco products • Obtain assistance with security incidents that involve Cisco products • Register to receive security information from Cisco A current list of the Security Cisco Secure Desktop Configuration Guide...
... or a condition for example, GnuPG) to encrypt any sensitive information that you have identified a vulnerability in a Cisco product, contact PSIRT: • For emergencies only - We test our products internally before we release them, and...Guide Documentation Feedback You can provide feedback about how to do the following: • Report security vulnerabilities in Cisco products • Obtain assistance with security incidents that involve Cisco products • Register to receive security information from Cisco A current list of the Security Cisco Secure Desktop Configuration Guide...
Configuration Guide
Page 11
... products for service online or by copying and pasting OL-8607-02 Cisco Secure Desktop Configuration Guide xi The website is available 24 hours a day at this URL: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. You can...
... products for service online or by copying and pasting OL-8607-02 Cisco Secure Desktop Configuration Guide xi The website is available 24 hours a day at this URL: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. You can...
Configuration Guide
Page 12
... TAC Service Request Tool is not resolved using the recommended resources, your situation, the TAC Service Request Tool provides recommended solutions. Cisco Secure Desktop Configuration Guide xii OL-8607-02 On the Cisco.com home page, click the Advanced Search link under the Search box and then click the Technical Support & Documentation radio button...
... TAC Service Request Tool is not resolved using the recommended resources, your situation, the TAC Service Request Tool provides recommended solutions. Cisco Secure Desktop Configuration Guide xii OL-8607-02 On the Cisco.com home page, click the Advanced Search link under the Search box and then click the Technical Support & Documentation radio button...
Configuration Guide
Page 13
... designing, developing, and operating public and private internets and intranets. Updated monthly, this URL: http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm OL-8607-02 Cisco Secure Desktop Configuration Guide xiii Severity 4 (S4)-You require information or assistance with Cisco experts and other communications. To order and find out more about the...
... designing, developing, and operating public and private internets and intranets. Updated monthly, this URL: http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm OL-8607-02 Cisco Secure Desktop Configuration Guide xiii Severity 4 (S4)-You require information or assistance with Cisco experts and other communications. To order and find out more about the...
Configuration Guide
Page 14
You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html Cisco Secure Desktop Configuration Guide xiv OL-8607-02 Obtaining Additional Publications and Information About This Guide • World-class networking training is available from Cisco.
You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html Cisco Secure Desktop Configuration Guide xiv OL-8607-02 Obtaining Additional Publications and Information About This Guide • World-class networking training is available from Cisco.
Configuration Guide
Page 15
Note You do not need to ASDM. Choose Configuration > CSD Setup. OL-8607-02 Cisco Secure Desktop Configuration Guide 1-1 Install or upgrade the Cisco Secure Desktop (CSD) software as follows: Step 1 Step 2 Step 3 Use your Internet browser to access the following URL and download....pl/securedesktop Use your Internet browser to log in to boot the security appliance after you install ASA Release 7.1.1 and ASDM Release 5.1.1 or later. The pane displays the message "Please install and/or enable Cisco Secure Desktop" if CSD is not installed (Figure 1-1). CH A P T E R 1 Installing or...
Note You do not need to ASDM. Choose Configuration > CSD Setup. OL-8607-02 Cisco Secure Desktop Configuration Guide 1-1 Install or upgrade the Cisco Secure Desktop (CSD) software as follows: Step 1 Step 2 Step 3 Use your Internet browser to access the following URL and download....pl/securedesktop Use your Internet browser to log in to boot the security appliance after you install ASA Release 7.1.1 and ASDM Release 5.1.1 or later. The pane displays the message "Please install and/or enable Cisco Secure Desktop" if CSD is not installed (Figure 1-1). CH A P T E R 1 Installing or...
Configuration Guide
Page 16
Cisco Secure Desktop Configuration Guide 1-2 OL-8607-02 ASDM opens the Configuration > VPN > WebVPN > CSD Setup pane (Figure 1-2). Figure 1-1 CSD Manager Not Installed Chapter 1 Installing or Upgrading the CSD Software Step 4 Click the "Cisco Secure Desktop" link.
Cisco Secure Desktop Configuration Guide 1-2 OL-8607-02 ASDM opens the Configuration > VPN > WebVPN > CSD Setup pane (Figure 1-2). Figure 1-1 CSD Manager Not Installed Chapter 1 Installing or Upgrading the CSD Software Step 4 Click the "Cisco Secure Desktop" link.
Configuration Guide
Page 17
ASDM opens the Upload Image dialog box. Chapter 1 Installing or Upgrading the CSD Software Figure 1-2 CSD Setup (Installation) Step 5 Step 6 Click Upload to prepare to the flash card installed in the ASA 5500. Click Browse Local to prepare to select the file on your local PC to transfer a copy of the latest, local folder you accessed (Figure 1-3). OL-8607-02 Cisco Secure Desktop Configuration Guide 1-3 The Selected File Path dialog box displays the contents of the CSD software from your local PC.
ASDM opens the Upload Image dialog box. Chapter 1 Installing or Upgrading the CSD Software Figure 1-2 CSD Setup (Installation) Step 5 Step 6 Click Upload to prepare to the flash card installed in the ASA 5500. Click Browse Local to prepare to select the file on your local PC to transfer a copy of the latest, local folder you accessed (Figure 1-3). OL-8607-02 Cisco Secure Desktop Configuration Guide 1-3 The Selected File Path dialog box displays the contents of the CSD software from your local PC.
Configuration Guide
Page 18
The Browse Flash Dialog box displays the contents of the flash card (Figure 1-4). Cisco Secure Desktop Configuration Guide 1-4 OL-8607-02 Chapter 1 Installing or Upgrading the CSD Software Figure 1-3 Select File Path (Upload Image) Step 7 Step 8 Step 9 Choose the securedesktop_asa__*.pkg you downloaded in the Local File Path field. ASDM closes the Select File Path dialog box and displays the file in Step 1 and click Open. Click Browse Flash to specify the target directory for the file.
The Browse Flash Dialog box displays the contents of the flash card (Figure 1-4). Cisco Secure Desktop Configuration Guide 1-4 OL-8607-02 Chapter 1 Installing or Upgrading the CSD Software Figure 1-3 Select File Path (Upload Image) Step 7 Step 8 Step 9 Choose the securedesktop_asa__*.pkg you downloaded in the Local File Path field. ASDM closes the Select File Path dialog box and displays the file in Step 1 and click Open. Click Browse Flash to specify the target directory for the file.
Configuration Guide
Page 19
... Dialog Note The File Name field at the bottom of the file to flash successfully. Step 13 Step 14 Click OK. OL-8607-02 Cisco Secure Desktop Configuration Guide 1-5 We recommend that you selected on your local PC. Step 11 Click OK. Step 12 Click Upload File and click OK. ASDM closes the...
... Dialog Note The File Name field at the bottom of the file to flash successfully. Step 13 Step 14 Click OK. OL-8607-02 Cisco Secure Desktop Configuration Guide 1-5 We recommend that you selected on your local PC. Step 11 Click OK. Step 12 Click Upload File and click OK. ASDM closes the...
Configuration Guide
Page 20
... the dialog box, revealing the installed image in the Secure Desktop Image field. Refer to "Enabling and Disabling CSD" to install the CSD software. Cisco Secure Desktop Configuration Guide 1-6 OL-8607-02 Step 15 Click OK to continue. The Uninstall CSD dialog box opens if you upgraded from an earlier version of CSD...
... the dialog box, revealing the installed image in the Secure Desktop Image field. Refer to "Enabling and Disabling CSD" to install the CSD software. Cisco Secure Desktop Configuration Guide 1-6 OL-8607-02 Step 15 Click OK to continue. The Uninstall CSD dialog box opens if you upgraded from an earlier version of CSD...
Configuration Guide
Page 21
....bin 10 4634 Sep 17 2004 15:32:48 first-backup 11 4096 Sep 21 2004 10:55:02 fsck-2451 OL-8607-02 Cisco Secure Desktop Configuration Guide 2-1 Enter webvpn to enable or disable CSD. CH A P T E R 2 Enabling and Disabling CSD You can enter the following command to load the file. For ...• Using ASDM to Enable or Disable CSD Using CLI to Enable or Disable CSD Enabling CSD loads the CSD configuration file (data.xml) from the flash device to the running configuration. If you transfer or replace the data.xml file, disable and then enable CSD to identify the disk that contains...
....bin 10 4634 Sep 17 2004 15:32:48 first-backup 11 4096 Sep 21 2004 10:55:02 fsck-2451 OL-8607-02 Cisco Secure Desktop Configuration Guide 2-1 Enter webvpn to enable or disable CSD. CH A P T E R 2 Enabling and Disabling CSD You can enter the following command to load the file. For ...• Using ASDM to Enable or Disable CSD Using CLI to Enable or Disable CSD Enabling CSD loads the CSD configuration file (data.xml) from the flash device to the running configuration. If you transfer or replace the data.xml file, disable and then enable CSD to identify the disk that contains...