Administration Guide
Page 4
...the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring the Optional Port as a LAN Port 53... for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management 70 Configuring the Ports...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
...the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring the Optional Port as a LAN Port 53... for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management 70 Configuring the Ports...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 22
Depending on the requirements of your Internet Service Provider (ISP) and the needs of your business, you will need to obtain an IP address from your ISP assigned a static IP ...the page that allow you can configure the Optional port for all settings, as needed . However, you to act as a DHCP server. Alternatively, you want to act as a secondary WAN port. For a full list of the security appliance. If ...8226; Optional Port: This port is configured to enter the account information. A new window opens with Cisco SA500 Series Security Appliances Administration Guide 22
Depending on the requirements of your Internet Service Provider (ISP) and the needs of your business, you will need to obtain an IP address from your ISP assigned a static IP ...the page that allow you can configure the Optional port for all settings, as needed . However, you to act as a DHCP server. Alternatively, you want to act as a secondary WAN port. For a full list of the security appliance. If ...8226; Optional Port: This port is configured to enter the account information. A new window opens with Cisco SA500 Series Security Appliances Administration Guide 22
Administration Guide
Page 27
...devices. In the WAN & LAN Connectivity section of the Getting Started (Advanced) page. If you can use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your firewall rules. For more information, see Configuring the Optional Port as an extra LAN port, ... configure the port, use the Optional port: • If you need to host public services such as an extra LAN port. The default DHCP and TCP/IP settings should be satisfactory in the Secondary WAN Port section of the Getting Started (Basic) page, click the LAN Settings link...
...devices. In the WAN & LAN Connectivity section of the Getting Started (Advanced) page. If you can use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your firewall rules. For more information, see Configuring the Optional Port as an extra LAN port, ... configure the port, use the Optional port: • If you need to host public services such as an extra LAN port. The default DHCP and TCP/IP settings should be satisfactory in the Secondary WAN Port section of the Getting Started (Basic) page, click the LAN Settings link...
Administration Guide
Page 28
... data VLANs (192.168.10.x). Getting Started Common Configuration Scenarios 1 Scenario 8: Cisco Smart Business Communications System Configuration You can use the security appliance to the UC500 or other LAN devices, click the DHCP Reserved IPs link under WAN & LAN Connectivity on the UC500. If you want... to assign a static IP address to protect your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer...
... data VLANs (192.168.10.x). Getting Started Common Configuration Scenarios 1 Scenario 8: Cisco Smart Business Communications System Configuration You can use the security appliance to the UC500 or other LAN devices, click the DHCP Reserved IPs link under WAN & LAN Connectivity on the UC500. If you want... to assign a static IP address to protect your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer...
Administration Guide
Page 37
...Profiles, page 40. • User Name: Enter user name required to log in • Password: Enter the password required to log in minutes Cisco SA500 Series Security Appliances Administration Guide 37 If not, check, continue to Step 5 STEP 2 If your Internet connection requires a login, complete these settings...the connection type, as specified by your ISP to complete the fields in this option if you pay a flat fee for your ISP automatically through DHCP. If a login is required, continue to Step 2 to complete the fields under WAN & LAN Connectivity, click WAN settings. Idle Time: ...
...Profiles, page 40. • User Name: Enter user name required to log in • Password: Enter the password required to log in minutes Cisco SA500 Series Security Appliances Administration Guide 37 If not, check, continue to Step 5 STEP 2 If your Internet connection requires a login, complete these settings...the connection type, as specified by your ISP to complete the fields in this option if you pay a flat fee for your ISP automatically through DHCP. If a login is required, continue to Step 2 to complete the fields under WAN & LAN Connectivity, click WAN settings. Idle Time: ...
Administration Guide
Page 39
... the dedicated WAN and the optional WAN (if applicable): • Connection Time • Connection Type: Dynamic IP (DHCP) or Static IP • Connection State: Connected or Disconnected • Link State: Up or Down Cisco SA500 Series Security Appliances Administration Guide 39 STEP 1 Click Networking >WAN > WAN Status. Networking Configuring the WAN Connection...
... the dedicated WAN and the optional WAN (if applicable): • Connection Time • Connection Type: Dynamic IP (DHCP) or Static IP • Connection State: Connected or Disconnected • Link State: Up or Down Cisco SA500 Series Security Appliances Administration Guide 39 STEP 1 Click Networking >WAN > WAN Status. Networking Configuring the WAN Connection...
Administration Guide
Page 40
... WAN connection, see the Internet Connection, page 217 in Appendix A, "Troubleshooting." Cisco SA500 Series Security Appliances Administration Guide 40 Networking Configuring the WAN Connection 2 • WAN state: Up or Down • DHCP Server • Lease Obtained • Lease Duration • IP Address •...; Subnet Mask • Gateway • DNS Server • Secondary DNS • MAC Address STEP 2 If the WAN is configured using DHCP, you can use this page to maintain the information. STEP 1 Click Networking > WAN > PPPoE Profiles, or from the Getting Started (Basic)...
... WAN connection, see the Internet Connection, page 217 in Appendix A, "Troubleshooting." Cisco SA500 Series Security Appliances Administration Guide 40 Networking Configuring the WAN Connection 2 • WAN state: Up or Down • DHCP Server • Lease Obtained • Lease Duration • IP Address •...; Subnet Mask • Gateway • DNS Server • Secondary DNS • MAC Address STEP 2 If the WAN is configured using DHCP, you can use this page to maintain the information. STEP 1 Click Networking > WAN > PPPoE Profiles, or from the Getting Started (Basic)...
Administration Guide
Page 43
...want another PC on the WLAN or LAN network. Cisco SA500 Series Security Appliances Administration Guide 43 The security...By default the LAN of the router is configured in the DHCP configuration when acknowledging a DHCP request from a DHCP client. • By default, your PCs, disable DHCP and enter the appropriate settings. • Instead of the security...is configured for IPv4 addressing. Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of using a DNS server, you can use the LAN Configuration page to change ...
...want another PC on the WLAN or LAN network. Cisco SA500 Series Security Appliances Administration Guide 43 The security...By default the LAN of the router is configured in the DHCP configuration when acknowledging a DHCP request from a DHCP client. • By default, your PCs, disable DHCP and enter the appropriate settings. • Instead of the security...is configured for IPv4 addressing. Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of using a DNS server, you can use the LAN Configuration page to change ...
Administration Guide
Page 44
...and reinsert the Ethernet cable to release and renew your IP address). STEP 3 In the DHCP area, configure these settings: • DHCP Mode: Choose one of the browser, and log in your web browser to launch the ...a few seconds to allow the security appliance to act as the security appliance (having received an IP address through DHCP based on the LAN are configured to obtain a new IP address from the Getting Started (Basic) page, under ...• Subnet mask: Enter the subnet mask for the security appliance. Cisco SA500 Series Security Appliances Administration Guide 44
...and reinsert the Ethernet cable to release and renew your IP address). STEP 3 In the DHCP area, configure these settings: • DHCP Mode: Choose one of the browser, and log in your web browser to launch the ...a few seconds to allow the security appliance to act as the security appliance (having received an IP address through DHCP based on the LAN are configured to obtain a new IP address from the Getting Started (Basic) page, under ...• Subnet mask: Enter the subnet mask for the security appliance. Cisco SA500 Series Security Appliances Administration Guide 44
Administration Guide
Page 45
...address subnet as the DHCP mode, enter the IP address of the relay gateway. STEP 4 In the LAN Proxies section, specify the proxy settings: • Enable DNS Proxy: Check this box to allow the security appliance to communicate with fixed addresses. Cisco SA500 Series Security ...Appliances Administration Guide 45 These addresses should be used by particular devices, click LAN > DHCP Reserved IPs. When the time elapses, the user is 24 hours. • Relay Gateway...
...address subnet as the DHCP mode, enter the IP address of the relay gateway. STEP 4 In the LAN Proxies section, specify the proxy settings: • Enable DNS Proxy: Check this box to allow the security appliance to communicate with fixed addresses. Cisco SA500 Series Security ...Appliances Administration Guide 45 These addresses should be used by particular devices, click LAN > DHCP Reserved IPs. When the time elapses, the user is 24 hours. • Relay Gateway...
Administration Guide
Page 46
...of the LAN interface • IP address and subnet mask of the connected devices, click LAN > DHCP Leased Clients. Viewing the LAN Status STEP 1 Click Networking > LAN > LAN Status. Cisco SA500 Series Security Appliances Administration Guide 46 Networking Configuring the LAN 2 • To view a list of... the interface • DHCP server mode STEP 2 Click Apply to save your site, you can create new...
...of the LAN interface • IP address and subnet mask of the connected devices, click LAN > DHCP Leased Clients. Viewing the LAN Status STEP 1 Click Networking > LAN > LAN Status. Cisco SA500 Series Security Appliances Administration Guide 46 Networking Configuring the LAN 2 • To view a list of... the interface • DHCP server mode STEP 2 Click Apply to save your site, you can create new...
Administration Guide
Page 47
Data, VLAN Number (untagged packets): 1 - Data, Subnet Mask: 255.255.255.0 - VLAN - IP Address Distribution: DHCP Server - Data, IP Address: See Product Tab - IP Address: 10.1.1.1 - VLAN - Data, End IP Address: 192.168.75.254 (assuming LAN...Voice VLAN: The VLAN is enabled with the VLAN ID 100. - Lease Time in Minutes: 1440 (24hours) - Data, IP Address Distribution: DHCP Server - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Data, Lease Time in Minutes: 1440 (24hours) - VLAN - VLAN - VLAN - Start IP Address:...
Data, VLAN Number (untagged packets): 1 - Data, Subnet Mask: 255.255.255.0 - VLAN - IP Address Distribution: DHCP Server - Data, IP Address: See Product Tab - IP Address: 10.1.1.1 - VLAN - Data, End IP Address: 192.168.75.254 (assuming LAN...Voice VLAN: The VLAN is enabled with the VLAN ID 100. - Lease Time in Minutes: 1440 (24hours) - Data, IP Address Distribution: DHCP Server - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Data, Lease Time in Minutes: 1440 (24hours) - VLAN - VLAN - VLAN - Start IP Address:...
Administration Guide
Page 50
... half of the page. • PVID: If you want to an unmanaged switch with a mix of the page. - Trunk: The port is a member of a specified set of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 If you choose this option, also configure... the VLAN Membership in the List of the port is tagged. STEP 3 In the DHCP section of VLANs. The Multiple VLAN Subnet Configuration window ...
... half of the page. • PVID: If you want to an unmanaged switch with a mix of the page. - Trunk: The port is a member of a specified set of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 If you choose this option, also configure... the VLAN Membership in the List of the port is tagged. STEP 3 In the DHCP section of VLANs. The Multiple VLAN Subnet Configuration window ...
Administration Guide
Page 51
...this address and the Ending IP Address. • Ending IP Address: Enter the last IP address in the DHCP range. When the time elapses, the user is 24 hours. Cisco SA500 Series Security Appliances Administration Guide 51 When this feature is assigned an IP address between the Starting IP ...Address and this mode, also enter the IP address of the ISP. Any new DHCP client joining the VLAN is disabled, all ...
...this address and the Ending IP Address. • Ending IP Address: Enter the last IP address in the DHCP range. When the time elapses, the user is 24 hours. Cisco SA500 Series Security Appliances Administration Guide 51 When this feature is assigned an IP address between the Starting IP ...Address and this mode, also enter the IP address of the ISP. Any new DHCP client joining the VLAN is disabled, all ...
Administration Guide
Page 52
... device is found, then the reserved IP address is assigned automatically from the Getting Started (Basic) page, under WAN & LAN Connectivity, click DHCP Reserved IPs (Optional). However, when the DNS proxy is enabled, then clients can make requests to the router and the router, in Auto Rollover..., check the box at the left side of the heading row. To select all entries in the Available DHCP Assigned IPs (LAN) table. STEP 3 Enter the IP address and the MAC address of the device that the DHCP server assigns dynamically. Cisco SA500 Series Security Appliances Administration Guide 52
... device is found, then the reserved IP address is assigned automatically from the Getting Started (Basic) page, under WAN & LAN Connectivity, click DHCP Reserved IPs (Optional). However, when the DNS proxy is enabled, then clients can make requests to the router and the router, in Auto Rollover..., check the box at the left side of the heading row. To select all entries in the Available DHCP Assigned IPs (LAN) table. STEP 3 Enter the IP address and the MAC address of the device that the DHCP server assigns dynamically. Cisco SA500 Series Security Appliances Administration Guide 52
Administration Guide
Page 53
...STEP 1 Click Networking > Optional Port > Optional Port Mode. The Optional Port Mode window opens. STEP 3 Click Apply to save your changes. Cisco SA500 Series Security Appliances Administration Guide 53 STEP 1 Click Networking > LAN > IGMP Configuration. STEP 3 Click Apply to save your settings. Configuring the... Optional Port as a LAN port. STEP 2 Choose LAN. The IGMP Proxy window opens. Networking Configuring the LAN 2 DHCP Leased Clients This page displays a list of the DHCP-assigned IP addresses and hardware addresses of the ISP. Click Networking > LAN...
...STEP 1 Click Networking > Optional Port > Optional Port Mode. The Optional Port Mode window opens. STEP 3 Click Apply to save your changes. Cisco SA500 Series Security Appliances Administration Guide 53 STEP 1 Click Networking > LAN > IGMP Configuration. STEP 3 Click Apply to save your settings. Configuring the... Optional Port as a LAN port. STEP 2 Choose LAN. The IGMP Proxy window opens. Networking Configuring the LAN 2 DHCP Leased Clients This page displays a list of the DHCP-assigned IP addresses and hardware addresses of the ISP. Click Networking > LAN...
Administration Guide
Page 64
...Advanced) page, under DMZ Port, click Set Optional Port to DMZ mode. The Optional Port Mode window opens. Click Apply to use a DHCP Relay. Networking Configuring a DMZ 2 Configuring the DMZ Settings Follow this procedure to configure your DMZ port settings, and then create firewall rules...IP addresses or are using this option to allow traffic to access the services on the internal network. Cisco SA500 Series Security Appliances Administration Guide 64 c. STEP 4 In the DHCP for the domain. STEP 1 First configure the Optional port for the DMZ port on your settings....
...Advanced) page, under DMZ Port, click Set Optional Port to DMZ mode. The Optional Port Mode window opens. Click Apply to use a DHCP Relay. Networking Configuring a DMZ 2 Configuring the DMZ Settings Follow this procedure to configure your DMZ port settings, and then create firewall rules...IP addresses or are using this option to allow traffic to access the services on the internal network. Cisco SA500 Series Security Appliances Administration Guide 64 c. STEP 4 In the DHCP for the domain. STEP 1 First configure the Optional port for the DMZ port on your settings....
Administration Guide
Page 65
...Optional Port > DMZ Reserved IPs. When the time elapses, the user is 24 hours. • Relay Gateway: If you chose DHCP Relay as a proxy for all DHCP clients on the menu bar. For more information, see Configuring a Firewall Rule for the WINS server or, if present in your ...DMZ. Cisco SA500 Series Security Appliances Administration Guide 65 Optionally, enter the IP address of a secondary DNS server. • Primary Tftp Server...
...Optional Port > DMZ Reserved IPs. When the time elapses, the user is 24 hours. • Relay Gateway: If you chose DHCP Relay as a proxy for all DHCP clients on the menu bar. For more information, see Configuring a Firewall Rule for the WINS server or, if present in your ...DMZ. Cisco SA500 Series Security Appliances Administration Guide 65 Optionally, enter the IP address of a secondary DNS server. • Primary Tftp Server...
Administration Guide
Page 66
...desired IP address, to edit an entry. NOTE Before you can reserve certain IP addresses always to be outside the pool of the DHCP addresses that the DMZ DHCP server assigns dynamically. Any existing DMZ reserved IP addresses appear in the table, check the box at the left side of DMZ ...Reserved IPs. Cisco SA500 Series Security Appliances Administration Guide 66 DMZ Reserved IPs If you configured your DMZ to act as a DHCP server, you can perform this procedure, you click Add or Edit, the DMZ Reserved IPs ...
...desired IP address, to edit an entry. NOTE Before you can reserve certain IP addresses always to be outside the pool of the DHCP addresses that the DMZ DHCP server assigns dynamically. Any existing DMZ reserved IP addresses appear in the table, check the box at the left side of DMZ ...Reserved IPs. Cisco SA500 Series Security Appliances Administration Guide 66 DMZ Reserved IPs If you configured your DMZ to act as a DHCP server, you can perform this procedure, you click Add or Edit, the DMZ Reserved IPs ...
Administration Guide
Page 67
... the computers that allows several devices such as your ISP has assigned only one IP address to share an Internet connection. Cisco SA500 Series Security Appliances Administration Guide 67 Routing If needed, you can configure the security appliance in NAT routing mode or ...STEP 1 Click Networking > Routing > Routing. Click Networking > Optional Port > DMZ DHCP Clients. STEP 2 Choose one of the DMZ clients. Networking Routing 2 DMZ DHCP Leased Clients This page displays a list of the DHCP-assigned IP addresses and hardware addresses of the following options: • NAT: Choose ...
... the computers that allows several devices such as your ISP has assigned only one IP address to share an Internet connection. Cisco SA500 Series Security Appliances Administration Guide 67 Routing If needed, you can configure the security appliance in NAT routing mode or ...STEP 1 Click Networking > Routing > Routing. Click Networking > Optional Port > DMZ DHCP Clients. STEP 2 Choose one of the DMZ clients. Networking Routing 2 DMZ DHCP Leased Clients This page displays a list of the DHCP-assigned IP addresses and hardware addresses of the following options: • NAT: Choose ...