Administration Guide
Page 4
... 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring the Optional Port as a LAN Port 53 Configuring the Optional WAN 54 Configuring Auto-Rollover, Load Balancing, and Failure Detection 57 Configuring the Protocol Bindings ... IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management 70 Configuring the Ports 70 Configuring SPAN (Port Mirroring) 71 QoS Bandwidth Profiles 72 Creating QoS Bandwidth Profiles for WAN Interfaces 72 Traffic Selectors 73...
... 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring the Optional Port as a LAN Port 53 Configuring the Optional WAN 54 Configuring Auto-Rollover, Load Balancing, and Failure Detection 57 Configuring the Protocol Bindings ... IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management 70 Configuring the Ports 70 Configuring SPAN (Port Mirroring) 71 QoS Bandwidth Profiles 72 Creating QoS Bandwidth Profiles for WAN Interfaces 72 Traffic Selectors 73...
Administration Guide
Page 6
... MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other ... Policy Configuring the Protocol Inspection Settings Configuring Peer-to-Peer Blocking and Instant Messaging 130 131 132 133 134 Chapter 6: Using Cisco ProtectLink Security Services 135 Chapter 7: Configuring VPN About VPN Configuring a Site-to-Site VPN Tunnel Configuring an IPsec VPN Tunnel...
... MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other ... Policy Configuring the Protocol Inspection Settings Configuring Peer-to-Peer Blocking and Instant Messaging 130 131 132 133 134 Chapter 6: Using Cisco ProtectLink Security Services 135 Chapter 7: Configuring VPN About VPN Configuring a Site-to-Site VPN Tunnel Configuring an IPsec VPN Tunnel...
Administration Guide
Page 7
... the Portal Layout Scenario Step 2: Adding the SSL VPN Users Creating the SSL VPN Policies Specifying the Network Resources for SSL VPN Configuring SSL VPN Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for... 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
... the Portal Layout Scenario Step 2: Adding the SSL VPN Users Creating the SSL VPN Policies Specifying the Network Resources for SSL VPN Configuring SSL VPN Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for... 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
Administration Guide
Page 8
... Bonjour Associating VLANs Chapter 10: Status Device Status Device Status Resource Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187 188 189 190 193 194 197...
... Bonjour Associating VLANs Chapter 10: Status Device Status Device Status Resource Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187 188 189 190 193 194 197...
Administration Guide
Page 11
.... • POWER LED-(Green) When lit, indicates the appliance is powered on. • DMZ LED-(Green) When lit, indicates the Optional port is performing the power-on the rear panel. To restore the factory default settings, press and hold the Reset button for 5 seconds. •...which allows public services such as web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate for the associated port. Cisco SA500 Series Security Appliances Administration Guide 11 Off = 10 Mbps, Green = 100 Mbps, Orange = 1000 Mbps. Yes (50) Includes 2 seats. ...
.... • POWER LED-(Green) When lit, indicates the appliance is powered on. • DMZ LED-(Green) When lit, indicates the Optional port is performing the power-on the rear panel. To restore the factory default settings, press and hold the Reset button for 5 seconds. •...which allows public services such as web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate for the associated port. Cisco SA500 Series Security Appliances Administration Guide 11 Off = 10 Mbps, Green = 100 Mbps, Orange = 1000 Mbps. Yes (50) Includes 2 seats. ...
Administration Guide
Page 12
...Switch-Turns the security appliance on or off. • POWER Connector-Connects the security appliance to power using the supplied power cable. • LAN Ports-Connect computers and other network appliances to services such as a WAN, LAN, or DMZ port. The SA520 and SA520W have 4 LAN ports... includes three threaded connectors for backup and restore operations. The SA540 has 8. • OPTIONAL Port-Can be configured to allow public access to the security appliance. Cisco SA500 Series Security Appliances Administration Guide 12 Getting Started Feature Overview 1 • LINK/ACT LED...
...Switch-Turns the security appliance on or off. • POWER Connector-Connects the security appliance to power using the supplied power cable. • LAN Ports-Connect computers and other network appliances to services such as a WAN, LAN, or DMZ port. The SA520 and SA520W have 4 LAN ports... includes three threaded connectors for backup and restore operations. The SA540 has 8. • OPTIONAL Port-Can be configured to allow public access to the security appliance. Cisco SA500 Series Security Appliances Administration Guide 12 Getting Started Feature Overview 1 • LINK/ACT LED...
Administration Guide
Page 16
...next to power. STEP 2 If you are not long enough to reattach the bracket with the spacer, attach the bracket directly to the screw holes. Cisco strongly recommends using Cat5E or better cable. STEP 3 For DSL, a cable modem, or other WAN connectivity devices, connect an Ethernet network cable from the...shown. STEP 4 For network devices, connect an Ethernet network cable from the network device to the WAN port on the side of the security appliance. STEP 2 Place one of the dedicated LAN ports on the back panel. NOTE If the screws are installing the SA520W, screw each side of the ...
...next to power. STEP 2 If you are not long enough to reattach the bracket with the spacer, attach the bracket directly to the screw holes. Cisco strongly recommends using Cat5E or better cable. STEP 3 For DSL, a cable modem, or other WAN connectivity devices, connect an Ethernet network cable from the...shown. STEP 4 For network devices, connect an Ethernet network cable from the network device to the WAN port on the side of the security appliance. STEP 2 Place one of the dedicated LAN ports on the back panel. NOTE If the screws are installing the SA520W, screw each side of the ...
Administration Guide
Page 17
...Configuration Utility 1 STEP 5 If you must be able to connect to the SA500 Series Security Appliances from the WAN port of the UC500 to an available LAN port of the security appliance is complete. A sample configuration is illustrated below. To use this utility, you are using... any web browser (such as Microsoft Internet Explorer or Mozilla Firefox). Cisco SA500 Series Security Appliances Administration Guide 17 STEP 6 Power ...
...Configuration Utility 1 STEP 5 If you must be able to connect to the SA500 Series Security Appliances from the WAN port of the UC500 to an available LAN port of the security appliance is complete. A sample configuration is illustrated below. To use this utility, you are using... any web browser (such as Microsoft Internet Explorer or Mozilla Firefox). Cisco SA500 Series Security Appliances Administration Guide 17 STEP 6 Power ...
Administration Guide
Page 18
...Wizard to proceed, or click View Certificate for details. Getting Started Getting Started with a CCA-supported device, such as the UC500. Cisco SA500 Series Security Appliances Administration Guide 18 Click the Add Exception button. If you change this setting in the Wizard to complete the ... need to enter the new IP address to connect to an available LAN port on the back panel of the security appliance. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. Click Get Certificate, and then click Confirm ...
...Wizard to proceed, or click View Certificate for details. Getting Started Getting Started with a CCA-supported device, such as the UC500. Cisco SA500 Series Security Appliances Administration Guide 18 Click the Add Exception button. If you change this setting in the Wizard to complete the ... need to enter the new IP address to connect to an available LAN port on the back panel of the security appliance. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. Click Get Certificate, and then click Confirm ...
Administration Guide
Page 22
... new window opens with Internet Access, page 26. • Optional Port: This port is configured to act as a DMZ port or an extra LAN port. Depending on the requirements of your business, you can configure the Optional port for all settings, as well. You can assign static IP addresses to..., you will need to customize all configuration tasks. Settings of the security appliance. If your ISP by using the device with Cisco SA500 Series Security Appliances Administration Guide 22 You can change the subnet address, or the default IP address of particular interest are...
... new window opens with Internet Access, page 26. • Optional Port: This port is configured to act as a DMZ port or an extra LAN port. Depending on the requirements of your business, you can configure the Optional port for all settings, as well. You can assign static IP addresses to..., you will need to customize all configuration tasks. Settings of the security appliance. If your ISP by using the device with Cisco SA500 Series Security Appliances Administration Guide 22 You can change the subnet address, or the default IP address of particular interest are...
Administration Guide
Page 27
..., or if you need to allow inbound access from remote sites or remote workers. For more information, see Configuring the Optional Port as a LAN Port, page 53. • If you have two ISP links and do not need a DMZ or a secondary WAN, you need... Scenario 7: DMZ for Controlling Inbound and Outbound Traffic, page 29. 6. Consider whether you need to support your firewall rules. See Scenario 8: Cisco Smart Business Communications System Configuration, page 28. 4. For more information, see Configuring the LAN, page 43. 3. Getting Started Common Configuration Scenarios 1 2. ...
..., or if you need to allow inbound access from remote sites or remote workers. For more information, see Configuring the Optional Port as a LAN Port, page 53. • If you have two ISP links and do not need a DMZ or a secondary WAN, you need... Scenario 7: DMZ for Controlling Inbound and Outbound Traffic, page 29. 6. Consider whether you need to support your firewall rules. See Scenario 8: Cisco Smart Business Communications System Configuration, page 28. 4. For more information, see Configuring the LAN, page 43. 3. Getting Started Common Configuration Scenarios 1 2. ...
Administration Guide
Page 28
...addresses in the range of the security appliance. For instructions, refer to an available LAN port of 192.168.75.x. Configure the WAN and LAN settings for your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet Internet Access Device SA... the firewall, Network Address Translation (NAT), and SIP Application Layer Gateway (SIP-ALG) for the Cisco Configuration Assistant (CCA). Configure a static IP route from the WAN port of the UC500 to the documentation or online Help for your network, disable those functions on the ...
...addresses in the range of the security appliance. For instructions, refer to an available LAN port of 192.168.75.x. Configure the WAN and LAN settings for your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet Internet Access Device SA... the firewall, Network Address Translation (NAT), and SIP Application Layer Gateway (SIP-ALG) for the Cisco Configuration Assistant (CCA). Configure a static IP route from the WAN port of the UC500 to the documentation or online Help for your network, disable those functions on the ...
Administration Guide
Page 29
...LAN settings might be sufficient for this concern by configuring the Optional port of IP addresses, or to configure a firewall rule. Configuration ...traffic to your private LAN and the Internet. Consider the following examples of firewall rules. Cisco SA500 Series Security Appliances Administration Guide 29 Getting Started Common Configuration Scenarios 1 Scenario 6: ...rules: • Block outbound traffic to certain websites • Restrict Internet access for approved business purposes, you want to deny some outbound traffic or allow access to those services without exposing ...
...LAN settings might be sufficient for this concern by configuring the Optional port of IP addresses, or to configure a firewall rule. Configuration ...traffic to your private LAN and the Internet. Consider the following examples of firewall rules. Cisco SA500 Series Security Appliances Administration Guide 29 Getting Started Common Configuration Scenarios 1 Scenario 6: ...rules: • Block outbound traffic to certain websites • Restrict Internet access for approved business purposes, you want to deny some outbound traffic or allow access to those services without exposing ...
Administration Guide
Page 30
Configuration tasks for your deployment, but consider the steps outlined in the DMZ Port section of the Getting Started (Advanced) page. Cisco SA500 Series Security Appliances Administration Guide 30 For more information, see Configuring a DMZ, page 61. Getting Started Common Configuration Scenarios www.example.com 1 Internet Public ...
Configuration tasks for your deployment, but consider the steps outlined in the DMZ Port section of the Getting Started (Advanced) page. Cisco SA500 Series Security Appliances Administration Guide 30 For more information, see Configuring a DMZ, page 61. Getting Started Common Configuration Scenarios www.example.com 1 Internet Public ...
Administration Guide
Page 36
2 Networking This chapter describes how to configure the Networking features for your router. Cisco SA500 Series Security Appliances Administration Guide 36 It includes the following sections: • Configuring the WAN Connection • Configuring the LAN • Configuring the Optional WAN • Configuring a DMZ • VLAN Configuration • Routing • Port Management • QoS Bandwidth Profiles • Dynamic DNS • Configuring IPv6 Addressing To access the Networking pages click Networking from the Configuration Utility menu bar.
2 Networking This chapter describes how to configure the Networking features for your router. Cisco SA500 Series Security Appliances Administration Guide 36 It includes the following sections: • Configuring the WAN Connection • Configuring the LAN • Configuring the Optional WAN • Configuring a DMZ • VLAN Configuration • Routing • Port Management • QoS Bandwidth Profiles • Dynamic DNS • Configuring IPv6 Addressing To access the Networking pages click Networking from the Configuration Utility menu bar.
Administration Guide
Page 39
...; Connection Type: Dynamic IP (DHCP) or Static IP • Connection State: Connected or Disconnected • Link State: Up or Down Cisco SA500 Series Security Appliances Administration Guide 39 The WAN Status window opens. The standard MTU value for Ethernet networks is 1492 Bytes. After saving ...connection. This page displays the following types of the largest packet that page, click Optional Port > WAN to configure another ISP link, click Optional Port > Optional Port Mode and choose WAN for the port mode. For more information, see Viewing the WAN Status, page 39. • If ...
...; Connection Type: Dynamic IP (DHCP) or Static IP • Connection State: Connected or Disconnected • Link State: Up or Down Cisco SA500 Series Security Appliances Administration Guide 39 The WAN Status window opens. The standard MTU value for Ethernet networks is 1492 Bytes. After saving ...connection. This page displays the following types of the largest packet that page, click Optional Port > WAN to configure another ISP link, click Optional Port > Optional Port Mode and choose WAN for the port mode. For more information, see Viewing the WAN Status, page 39. • If ...
Administration Guide
Page 41
...inactivity (Idle Time). Idle: The security appliance disconnects from the Internet after a specified period of the heading row. The IP Aliases window opens. Cisco SA500 Series Security Appliances Administration Guide 41 This choice is recommended if you pay a flat fee for the profile. • User Name: Enter...ISP. • Connectivity Type: Choose one of IP Aliases table. STEP 1 Click Networking > WAN > IP Alias. STEP 4 Click Apply to the port. Networking Configuring the WAN Connection 2 Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then ...
...inactivity (Idle Time). Idle: The security appliance disconnects from the Internet after a specified period of the heading row. The IP Aliases window opens. Cisco SA500 Series Security Appliances Administration Guide 41 This choice is recommended if you pay a flat fee for the profile. • User Name: Enter...ISP. • Connectivity Type: Choose one of IP Aliases table. STEP 1 Click Networking > WAN > IP Alias. STEP 4 Click Apply to the port. Networking Configuring the WAN Connection 2 Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then ...
Administration Guide
Page 42
...; Interface Name: Choose an interface name on which the alias is created. • IP Address: The IP address alias added to this WAN port of the heading row. Cisco SA500 Series Security Appliances Administration Guide 42 To select all entries in the List of IP Aliases table. The new alias appears in...
...; Interface Name: Choose an interface name on which the alias is created. • IP Address: The IP address alias added to this WAN port of the heading row. Cisco SA500 Series Security Appliances Administration Guide 42 To select all entries in the List of IP Aliases table. The new alias appears in...
Administration Guide
Page 43
... • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port as a Dynamic Host Configuration Protocol (DHCP) server to change these and other devices on the WLAN or LAN network. However, you can ... uses the NetBIOS protocol to enable IPv6 addressing, see Configuring IPv6 Addressing, page 77 and Configuring the IPv6 LAN, page 80. Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP...
... • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port as a Dynamic Host Configuration Protocol (DHCP) server to change these and other devices on the WLAN or LAN network. However, you can ... uses the NetBIOS protocol to enable IPv6 addressing, see Configuring IPv6 Addressing, page 77 and Configuring the IPv6 LAN, page 80. Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP...
Administration Guide
Page 46
...that are having problems with your site, you need an extra LAN port and are not planning to a total of the connected devices, click LAN > DHCP Leased Clients. The LAN Status window opens. Cisco SA500 Series Security Appliances Administration Guide 46 VLAN Configuration The security appliance supports..., see DHCP Leased Clients, page 53. • If you are isolated from one another. For more information, see Configuring the Optional Port as a LAN Port, page 53. • If you need a guest network for visitors to segregate the network into LANs that is on a separate VLAN...
...that are having problems with your site, you need an extra LAN port and are not planning to a total of the connected devices, click LAN > DHCP Leased Clients. The LAN Status window opens. Cisco SA500 Series Security Appliances Administration Guide 46 VLAN Configuration The security appliance supports..., see DHCP Leased Clients, page 53. • If you are isolated from one another. For more information, see Configuring the Optional Port as a LAN Port, page 53. • If you need a guest network for visitors to segregate the network into LANs that is on a separate VLAN...