Configuration Guide
Page 1
Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators Software Release 3.1.1 October 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8607-02
Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators Software Release 3.1.1 October 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8607-02
Configuration Guide
Page 2
... actual addresses. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0609R) Any Internet Protocol (IP) addresses used in illustrative content is unintentional and coincidental. Cisco Secure Desktop Configuration Guide © 2006 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT...
... actual addresses. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0609R) Any Internet Protocol (IP) addresses used in illustrative content is unintentional and coincidental. Cisco Secure Desktop Configuration Guide © 2006 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT...
Configuration Guide
Page 3
... C H A P T E R 4 C H A P T E R OL-8607-02 CONTENTS About This Guide vii Audience and Scope vii Organization and Use vii Conventions viii Related Documentation viii Obtaining Documentation ix Cisco.com ix Product Documentation DVD ix Ordering Documentation ix Documentation Feedback x Cisco Product Security Overview x Reporting Security Problems in Cisco Products x Product Alerts and Field Notices xi Obtaining Technical Assistance...Configuration 3-5 Tutorial 4-1 Step One: Define Windows Locations 4-1 Step Two: Define Windows Location Identification 4-3 Cisco Secure Desktop Configuration Guide iii
... C H A P T E R 4 C H A P T E R OL-8607-02 CONTENTS About This Guide vii Audience and Scope vii Organization and Use vii Conventions viii Related Documentation viii Obtaining Documentation ix Cisco.com ix Product Documentation DVD ix Ordering Documentation ix Documentation Feedback x Cisco Product Security Overview x Reporting Security Problems in Cisco Products x Product Alerts and Field Notices xi Obtaining Technical Assistance...Configuration 3-5 Tutorial 4-1 Step One: Define Windows Locations 4-1 Step Two: Define Windows Location Identification 4-3 Cisco Secure Desktop Configuration Guide iii
Configuration Guide
Page 4
... a Certificate File to Specify Certificate Criteria 5-5 Using a Signed File to Specify Certificate Criteria 5-6 Using the Certificates in Your Store to Specify Certificate Criteria 5-7 IP Criteria 5-7 Registry and File Criteria 5-8 Registry Criteria 5-9 File Criteria 5-11 Configuring the Secure Desktop for Clients that Match Location Criteria 5-13 Configuring a VPN ... 5-22 Configuring Secure Desktop General for a Location 5-23 Configuring Secure Desktop Settings for a Location 5-25 Configuring Secure Desktop Browser for a Location 5-27 Cisco Secure Desktop Configuration Guide iv OL-8607-02
... a Certificate File to Specify Certificate Criteria 5-5 Using a Signed File to Specify Certificate Criteria 5-6 Using the Certificates in Your Store to Specify Certificate Criteria 5-7 IP Criteria 5-7 Registry and File Criteria 5-8 Registry Criteria 5-9 File Criteria 5-11 Configuring the Secure Desktop for Clients that Match Location Criteria 5-13 Configuring a VPN ... 5-22 Configuring Secure Desktop General for a Location 5-23 Configuring Secure Desktop Settings for a Location 5-25 Configuring Secure Desktop Browser for a Location 5-27 Cisco Secure Desktop Configuration Guide iv OL-8607-02
Configuration Guide
Page 5
..., either by the Secure Desktop and the Cache Cleaner? A-6 How long can the password be left behind on the Secure Desktop? A-6 OL-8607-02 Cisco Secure Desktop Configuration Guide v A-2 What does transparent handling of encryption do the Secure Desktop and Cache Cleaner use Fast User Switching on user computers? A-5 Security Questions A-5 What...
..., either by the Secure Desktop and the Cache Cleaner? A-6 How long can the password be left behind on the Secure Desktop? A-6 OL-8607-02 Cisco Secure Desktop Configuration Guide v A-2 What does transparent handling of encryption do the Secure Desktop and Cache Cleaner use Fast User Switching on user computers? A-5 Security Questions A-5 What...
Configuration Guide
Page 7
Introduction Describes CSD capabilities, how to access the Secure Desktop Manager (the browser-enabled interface for network managers and administrators, this guide describes how to install, configure, and enable Cisco Secure Desktop (CSD) on a Cisco ASA 5500 Series security appliance to provide a safe computing environment through an example configuration to provide an overview of this...
Introduction Describes CSD capabilities, how to access the Secure Desktop Manager (the browser-enabled interface for network managers and administrators, this guide describes how to install, configure, and enable Cisco Secure Desktop (CSD) on a Cisco ASA 5500 Series security appliance to provide a safe computing environment through an example configuration to provide an overview of this...
Configuration Guide
Page 8
... data. Notes contain helpful suggestions, or references to ASA for VPN 3000 Concentrator Series Administrators • Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide for the ASA 5510, ASA 5520, and ASA 5540 • Cisco Security Appliance Command Line Configuration Guide • Cisco Security Appliance Command Reference Cisco Secure Desktop Configuration Guide viii OL-8607-02 Related Documentation For more information...
... data. Notes contain helpful suggestions, or references to ASA for VPN 3000 Concentrator Series Administrators • Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide for the ASA 5510, ASA 5520, and ASA 5540 • Cisco Security Appliance Command Line Configuration Guide • Cisco Security Appliance Command Reference Cisco Secure Desktop Configuration Guide viii OL-8607-02 Related Documentation For more information...
Configuration Guide
Page 9
... Product Documentation Store at this URL: http://www.cisco.com/go /marketplace/docstore Ordering Documentation You must be a registered Cisco.com user to access installation, configuration, and command guides for the Cisco ASA 5500 Series • Cisco Security Appliance Logging Configuration and System Log Messages Obtaining Documentation Cisco documentation and additional literature are available singly or by...
... Product Documentation Store at this URL: http://www.cisco.com/go /marketplace/docstore Ordering Documentation You must be a registered Cisco.com user to access installation, configuration, and command guides for the Cisco ASA 5500 Series • Cisco Security Appliance Logging Configuration and System Log Messages Obtaining Documentation Cisco documentation and additional literature are available singly or by...
Configuration Guide
Page 10
... receive security information from Cisco A current list of the Security Cisco Secure Desktop Configuration Guide x OL-8607-02 Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/... Never use in your comments in the feedback form available in Cisco products • Obtain assistance with security incidents that you send to Cisco. Information about Cisco technical documentation on the Cisco Technical Support & Documentation site area by telephone: • ...
... receive security information from Cisco A current list of the Security Cisco Secure Desktop Configuration Guide x OL-8607-02 Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/... Never use in your comments in the feedback form available in Cisco products • Obtain assistance with security incidents that you send to Cisco. Information about Cisco technical documentation on the Cisco Technical Support & Documentation site area by telephone: • ...
Configuration Guide
Page 11
... for troubleshooting and resolving technical issues with Cisco products and technologies. About This Guide Product Alerts and Field Notices Vulnerability Policy page at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html The link on this URL: http://www.cisco.com/techsupport Access to all tools on ...for which you to create a profile and choose those products for service online or by copying and pasting OL-8607-02 Cisco Secure Desktop Configuration Guide xi by product ID or model name; This tool enables you want to or updates about...
... for troubleshooting and resolving technical issues with Cisco products and technologies. About This Guide Product Alerts and Field Notices Vulnerability Policy page at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html The link on this URL: http://www.cisco.com/techsupport Access to all tools on ...for which you to create a profile and choose those products for service online or by copying and pasting OL-8607-02 Cisco Secure Desktop Configuration Guide xi by product ID or model name; This tool enables you want to or updates about...
Configuration Guide
Page 12
... business hours to resolve the situation. Cisco Secure Desktop Configuration Guide xii OL-8607-02 To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at this URL: http://www.cisco.com/techsupport/contacts Definitions of Service Request...location highlighted. Submitting a Service Request Using the online TAC Service Request Tool is located at the top of Cisco products. Obtaining Technical Assistance About This Guide show an illustration of your search to open a service request by telephone, use one of the following numbers:...
... business hours to resolve the situation. Cisco Secure Desktop Configuration Guide xii OL-8607-02 To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at this URL: http://www.cisco.com/techsupport/contacts Definitions of Service Request...location highlighted. Submitting a Service Request Using the online TAC Service Request Tool is located at the top of Cisco products. Obtaining Technical Assistance About This Guide show an illustration of your search to open a service request by telephone, use one of the following numbers:...
Configuration Guide
Page 13
...questions, suggestions, and information about the Cisco Product Quick Reference Guide, go to this URL: http://www.cisco.com/go to this URL: http://www.cisco.com/offer/subscribe • The Cisco Product Quick Reference Guide is a handy, compact reference tool that...and abbreviated technical specifications for Cisco products. To visit the Cisco Online Subscription Center, go /guide • Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go to receive. ...
...questions, suggestions, and information about the Cisco Product Quick Reference Guide, go to this URL: http://www.cisco.com/go to this URL: http://www.cisco.com/offer/subscribe • The Cisco Product Quick Reference Guide is a handy, compact reference tool that...and abbreviated technical specifications for Cisco products. To visit the Cisco Online Subscription Center, go /guide • Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go to receive. ...
Configuration Guide
Page 14
You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html Cisco Secure Desktop Configuration Guide xiv OL-8607-02 Obtaining Additional Publications and Information About This Guide • World-class networking training is available from Cisco.
You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html Cisco Secure Desktop Configuration Guide xiv OL-8607-02 Obtaining Additional Publications and Information About This Guide • World-class networking training is available from Cisco.
Configuration Guide
Page 15
The pane displays the message "Please install and/or enable Cisco Secure Desktop" if CSD is not installed (Figure 1-1). OL-8607-02 Cisco Secure Desktop Configuration Guide 1-1 Install or upgrade the Cisco Secure Desktop (CSD) software as follows: Step 1 Step 2 Step 3 Use your Internet...and download the securedesktop_asa__*.pkg file to any location on your PC: http://www.cisco.com/cgi-bin/tablebuild.pl/securedesktop Use your Internet browser to log in to boot the security appliance after you install ASA Release 7.1.1 and ASDM Release 5.1.1 or later. Choose Configuration > CSD Setup. ...
The pane displays the message "Please install and/or enable Cisco Secure Desktop" if CSD is not installed (Figure 1-1). OL-8607-02 Cisco Secure Desktop Configuration Guide 1-1 Install or upgrade the Cisco Secure Desktop (CSD) software as follows: Step 1 Step 2 Step 3 Use your Internet...and download the securedesktop_asa__*.pkg file to any location on your PC: http://www.cisco.com/cgi-bin/tablebuild.pl/securedesktop Use your Internet browser to log in to boot the security appliance after you install ASA Release 7.1.1 and ASDM Release 5.1.1 or later. Choose Configuration > CSD Setup. ...
Configuration Guide
Page 16
Cisco Secure Desktop Configuration Guide 1-2 OL-8607-02 Figure 1-1 CSD Manager Not Installed Chapter 1 Installing or Upgrading the CSD Software Step 4 Click the "Cisco Secure Desktop" link. ASDM opens the Configuration > VPN > WebVPN > CSD Setup pane (Figure 1-2).
Cisco Secure Desktop Configuration Guide 1-2 OL-8607-02 Figure 1-1 CSD Manager Not Installed Chapter 1 Installing or Upgrading the CSD Software Step 4 Click the "Cisco Secure Desktop" link. ASDM opens the Configuration > VPN > WebVPN > CSD Setup pane (Figure 1-2).
Configuration Guide
Page 17
OL-8607-02 Cisco Secure Desktop Configuration Guide 1-3 ASDM opens the Upload Image dialog box. Click Browse Local to prepare to the flash card installed in the ASA 5500. Chapter 1 Installing or Upgrading the CSD Software Figure 1-2 CSD Setup (Installation) Step 5 Step 6 Click Upload to prepare to transfer a copy of the latest, local folder you accessed (Figure 1-3). The Selected File Path dialog box displays the contents of the CSD software from your local PC to select the file on your local PC.
OL-8607-02 Cisco Secure Desktop Configuration Guide 1-3 ASDM opens the Upload Image dialog box. Click Browse Local to prepare to the flash card installed in the ASA 5500. Chapter 1 Installing or Upgrading the CSD Software Figure 1-2 CSD Setup (Installation) Step 5 Step 6 Click Upload to prepare to transfer a copy of the latest, local folder you accessed (Figure 1-3). The Selected File Path dialog box displays the contents of the CSD software from your local PC to select the file on your local PC.
Configuration Guide
Page 18
ASDM closes the Select File Path dialog box and displays the file in Step 1 and click Open. Cisco Secure Desktop Configuration Guide 1-4 OL-8607-02 Chapter 1 Installing or Upgrading the CSD Software Figure 1-3 Select File Path (Upload Image) Step 7 Step 8 Step 9 Choose the securedesktop_asa__*.pkg you downloaded in the Local File Path field. Click Browse Flash to specify the target directory for the file. The Browse Flash Dialog box displays the contents of the flash card (Figure 1-4).
ASDM closes the Select File Path dialog box and displays the file in Step 1 and click Open. Cisco Secure Desktop Configuration Guide 1-4 OL-8607-02 Chapter 1 Installing or Upgrading the CSD Software Figure 1-3 Select File Path (Upload Image) Step 7 Step 8 Step 9 Choose the securedesktop_asa__*.pkg you downloaded in the Local File Path field. Click Browse Flash to specify the target directory for the file. The Browse Flash Dialog box displays the contents of the flash card (Figure 1-4).
Configuration Guide
Page 19
... closes the dialog box, transfers a copy of the source file you use the default name. Step 13 Step 14 Click OK. OL-8607-02 Cisco Secure Desktop Configuration Guide 1-5 Chapter 1 Installing or Upgrading the CSD Software Figure 1-4 Browse Flash Dialog Note The File Name field at the bottom of the dialog box...
... closes the dialog box, transfers a copy of the source file you use the default name. Step 13 Step 14 Click OK. OL-8607-02 Cisco Secure Desktop Configuration Guide 1-5 Chapter 1 Installing or Upgrading the CSD Software Figure 1-4 Browse Flash Dialog Note The File Name field at the bottom of the dialog box...
Configuration Guide
Page 20
Cisco Secure Desktop Configuration Guide 1-6 OL-8607-02 Refer to "Enabling and Disabling CSD" to install the CSD software. Step 15 Click OK to continue. Step 16 Click Yes unless ...
Cisco Secure Desktop Configuration Guide 1-6 OL-8607-02 Refer to "Enabling and Disabling CSD" to install the CSD software. Step 15 Click OK to continue. Step 16 Click Yes unless ...
Configuration Guide
Page 21
....bin 10 4634 Sep 17 2004 15:32:48 first-backup 11 4096 Sep 21 2004 10:55:02 fsck-2451 OL-8607-02 Cisco Secure Desktop Configuration Guide 2-1 Note Disabling CSD does not alter the CSD configuration. CH A P T E R 2 Enabling and Disabling CSD You can enter the following command to identify the...
....bin 10 4634 Sep 17 2004 15:32:48 first-backup 11 4096 Sep 21 2004 10:55:02 fsck-2451 OL-8607-02 Cisco Secure Desktop Configuration Guide 2-1 Note Disabling CSD does not alter the CSD configuration. CH A P T E R 2 Enabling and Disabling CSD You can enter the following command to identify the...