Administration Guide
Page 9
... LAN Devices Reports Appendix A: Troubleshooting Internet Connection Date and Time Pinging to Test LAN Connectivity Restoring Factory Default Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215...
... LAN Devices Reports Appendix A: Troubleshooting Internet Connection Date and Time Pinging to Test LAN Connectivity Restoring Factory Default Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215...
Administration Guide
Page 38
... PPPoE, or other server. Get Dynamically from ISP: Choose this option, enter the Day and Time you . - You can be passed on a specific day. Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. STEP 6 If required by your ISP has assigned an IP...; Never: Disables Reset Connection by your ISP or use the default MTU size, 1500 bytes. Choose Default to use ISP-specified addresses. - Cisco SA500 Series Security Appliances Administration Guide 38 Choose one of the largest packet that can get DNS server addresses automatically from ISP: Choose this box...
... PPPoE, or other server. Get Dynamically from ISP: Choose this option, enter the Day and Time you . - You can be passed on a specific day. Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. STEP 6 If required by your ISP has assigned an IP...; Never: Disables Reset Connection by your ISP or use the default MTU size, 1500 bytes. Choose Default to use ISP-specified addresses. - Cisco SA500 Series Security Appliances Administration Guide 38 Choose one of the largest packet that can get DNS server addresses automatically from ISP: Choose this box...
Administration Guide
Page 86
... ISATAP subnet for this router. To select all entries in the List of the heading row. The endpoint can get the prefix from your settings. Cisco SA500 Series Security Appliances Administration Guide 86 You can be the LAN interface (assuming the LAN is one endpoint (a node) for the tunnel. Any existing... that defines the logical ISATAP subnet to configure a tunnel. STEP 2 To add an ISATAP tunnel, click Add. The security appliance is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address.
... ISATAP subnet for this router. To select all entries in the List of the heading row. The endpoint can get the prefix from your settings. Cisco SA500 Series Security Appliances Administration Guide 86 You can be the LAN interface (assuming the LAN is one endpoint (a node) for the tunnel. Any existing... that defines the logical ISATAP subnet to configure a tunnel. STEP 2 To add an ISATAP tunnel, click Add. The security appliance is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address.
Administration Guide
Page 87
... parameter is 5000 ms (5 seconds) and maximum value is 1800000 ms (30 mins). • Robustness Variable: Enter a value from 2 to 8 to allow tuning for a specific multicast group. Cisco SA500 Series Security Appliances Administration Guide 87 By varying the Query Response Interval, an administrator can tune the number of MLD messages on the...
... parameter is 5000 ms (5 seconds) and maximum value is 1800000 ms (30 mins). • Robustness Variable: Enter a value from 2 to 8 to allow tuning for a specific multicast group. Cisco SA500 Series Security Appliances Administration Guide 87 By varying the Query Response Interval, an administrator can tune the number of MLD messages on the...
Administration Guide
Page 96
... as intended. MAC Filtering provides additional security, but it also adds to ensure that you to define specific MAC addresses to permit or deny access to this queue (FTP data, for this access point. Cisco SA500 Series Security Appliances Administration Guide 96 The QoS Configuration window opens. Be sure to enter each...
... as intended. MAC Filtering provides additional security, but it also adds to ensure that you to define specific MAC addresses to permit or deny access to this queue (FTP data, for this access point. Cisco SA500 Series Security Appliances Administration Guide 96 The QoS Configuration window opens. Be sure to enter each...
Administration Guide
Page 100
Wireless Configuration for the SA520W Configuring the Radio 3 • Country: Choose a country from the list of countries. Cisco SA500 Series Security Appliances Administration Guide 100 ng: Select this mode to allow 802.11n, 802.11g and 802.11b clients to connect to the... is populated according to this mode if some devices in the corresponding country/region. • Mode: Choose the 802.11 modulation technique. - This setting is specific to use based on the environmental noise levels for all APs that use this mode if all devices in the wireless network can support 802...
Wireless Configuration for the SA520W Configuring the Radio 3 • Country: Choose a country from the list of countries. Cisco SA500 Series Security Appliances Administration Guide 100 ng: Select this mode to allow 802.11n, 802.11g and 802.11b clients to connect to the... is populated according to this mode if some devices in the corresponding country/region. • Mode: Choose the 802.11 modulation technique. - This setting is specific to use based on the environmental noise levels for all APs that use this mode if all devices in the wireless network can support 802...
Administration Guide
Page 106
...check the box in the Select Schedule drop-down list on your settings. STEP 4 Click Apply to save your local network. Cisco SA500 Series Security Appliances Administration Guide 106 Any existing schedules appear in the first column of Available Schedules table. The name will add...Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then click Delete. After you choose Specific Days, also check the days for the schedule. Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic 4 STEP 1 Click Firewall ...
...check the box in the Select Schedule drop-down list on your settings. STEP 4 Click Apply to save your local network. Cisco SA500 Series Security Appliances Administration Guide 106 Any existing schedules appear in the first column of Available Schedules table. The name will add...Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then click Delete. After you choose Specific Days, also check the days for the schedule. Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic 4 STEP 1 Click Firewall ...
Administration Guide
Page 121
...use, thereby providing a level of security that , when external devices connect to them, they are closed. STEP 5 Click Apply to Enable or Disable dropped packets. Cisco SA500 Series Security Appliances Administration Guide 121 Port triggering rules do not have to open . Firewall Configuration Port Triggering 4 STEP 3 If you can also specify... a port triggering rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to reference specific LAN IP addresses or IP addresses ranges. You can configure in order to function properly.
...use, thereby providing a level of security that , when external devices connect to them, they are closed. STEP 5 Click Apply to Enable or Disable dropped packets. Cisco SA500 Series Security Appliances Administration Guide 121 Port triggering rules do not have to open . Firewall Configuration Port Triggering 4 STEP 3 If you can also specify... a port triggering rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to reference specific LAN IP addresses or IP addresses ranges. You can configure in order to function properly.
Administration Guide
Page 125
...Java applets, ActiveX controls are installed on other ports, they can be added here. Cisco SA500 Series Security Appliances Administration Guide 125 Firewall Configuration Using Other Tools to Control Access to...but do not match the name of the domain of the page. Java applets are small programs embedded in a comma separated list. The default port is not blocked by ...example, if connections to store session information by a website. Certain commonly used to a specific IP address are used web components can be blocked for any component that usually require login...
...Java applets, ActiveX controls are installed on other ports, they can be added here. Cisco SA500 Series Security Appliances Administration Guide 125 Firewall Configuration Using Other Tools to Control Access to...but do not match the name of the domain of the page. Java applets are small programs embedded in a comma separated list. The default port is not blocked by ...example, if connections to store session information by a website. Certain commonly used to a specific IP address are used web components can be blocked for any component that usually require login...
Administration Guide
Page 143
...and policies. This option should be used when additional client security is specific only to provide user credentials. STEP 5 Repeat as Greenbow. Cisco SA500 Series Security Appliances Administration Guide 143 QuickVPN is a propriety Cisco/Linksys client which the remote user will have access. NOTE Next steps...8226; If you also must enable Remote Management. STEP 4 Click Apply to the list of IPsec VPN, page 144. • For Cisco QuickVPN, you are using the Getting Started (Advanced) page, click Getting Started > Advanced to return to save your settings. XAUTH can ...
...and policies. This option should be used when additional client security is specific only to provide user credentials. STEP 5 Repeat as Greenbow. Cisco SA500 Series Security Appliances Administration Guide 143 QuickVPN is a propriety Cisco/Linksys client which the remote user will have access. NOTE Next steps...8226; If you also must enable Remote Management. STEP 4 Click Apply to the list of IPsec VPN, page 144. • For Cisco QuickVPN, you are using the Getting Started (Advanced) page, click Getting Started > Advanced to return to save your settings. XAUTH can ...
Administration Guide
Page 151
... the SA Lifetime in expiry frequencies of the SAs; SHA-1: 20 characters - SHA2-384: 48 characters - The SA is renegotiated after which the Security Association becomes invalid. The default value ... If you specify the SA Lifetime in seconds, this value represents the interval after this asymmetry. Cisco SA500 Series Security Appliances Administration Guide 151 Configuring VPN Advanced Configuration of IPsec VPN 7 • ... SHA2-256: 32 characters - The lifebyte specifications are created, one for inbound traffic and one for the inbound policy. MD5: 16 characters -
... the SA Lifetime in expiry frequencies of the SAs; SHA-1: 20 characters - SHA2-384: 48 characters - The SA is renegotiated after which the Security Association becomes invalid. The default value ... If you specify the SA Lifetime in seconds, this value represents the interval after this asymmetry. Cisco SA500 Series Security Appliances Administration Guide 151 Configuring VPN Advanced Configuration of IPsec VPN 7 • ... SHA2-256: 32 characters - The lifebyte specifications are created, one for inbound traffic and one for the inbound policy. MD5: 16 characters -
Administration Guide
Page 156
...the Portal Layout, page 157. Elements of Clientless SSL VPN to be sure to different resources. For example, you could configure links to specific targets on the internal network that you want the SSL VPN users to create different portal layouts for Browser-Based Remote Access 7 Internet.... you may want users of the SSL VPN Several elements work together to support SSL VPN. • Portal: To access your portal. Cisco SA500 Series Security Appliances Administration Guide 156 In addition, you can start with a portal that you can modify title, banner heading, banner message...
...the Portal Layout, page 157. Elements of Clientless SSL VPN to be sure to different resources. For example, you could configure links to specific targets on the internal network that you want the SSL VPN users to create different portal layouts for Browser-Based Remote Access 7 Internet.... you may want users of the SSL VPN Several elements work together to support SSL VPN. • Portal: To access your portal. Cisco SA500 Series Security Appliances Administration Guide 156 In addition, you can start with a portal that you can modify title, banner heading, banner message...
Administration Guide
Page 160
... such as a local user with password, and when the user is set to 999. Policies are supported by the security appliance. Cisco SA500 Series Security Appliances Administration Guide 160 STEP 4 Click Apply to other SSL VPN services that the user can create user, group,... value for the individual user has precedence over the timeout for Browser-Based Remote Access 7 The User Configuration window opens. A policy applies to a specific network resource, IP address, or IP address range on the following information: • User Name: Enter a unique identifier for the user. By...
... such as a local user with password, and when the user is set to 999. Policies are supported by the security appliance. Cisco SA500 Series Security Appliances Administration Guide 160 STEP 4 Click Apply to other SSL VPN services that the user can create user, group,... value for the individual user has precedence over the timeout for Browser-Based Remote Access 7 The User Configuration window opens. A policy applies to a specific network resource, IP address, or IP address range on the following information: • User Name: Enter a unique identifier for the user. By...
Administration Guide
Page 161
... Resources for the network resource. If you choose Group, also choose the group from the Available Users list. For example, a policy for a specific IP address takes precedence over a general policy. If you are in the first column of the table heading. Other options: Click the Edit button to... the name from this list. • Available Users: If you chose User as the query type, choose the name from this IP address. Cisco SA500 Series Security Appliances Administration Guide 161 The SSL VPN Policies window opens. STEP 3 To add an SSL VPN policy, click Add. Configuring VPN...
... Resources for the network resource. If you choose Group, also choose the group from the Available Users list. For example, a policy for a specific IP address takes precedence over a general policy. If you are in the first column of the table heading. Other options: Click the Edit button to... the name from this list. • Available Users: If you chose User as the query type, choose the name from this IP address. Cisco SA500 Series Security Appliances Administration Guide 161 The SSL VPN Policies window opens. STEP 3 To add an SSL VPN policy, click Add. Configuring VPN...
Administration Guide
Page 166
... security appliance) is directed through the tunnel. Cisco SA500 Series Security Appliances Administration Guide 166 By comparison, with the address of any IPsec tunnel deployment, the two networks that is sent from the host is needed to specific private networks, thereby allowing access control over specific LAN services. These client routes give the...
... security appliance) is directed through the tunnel. Cisco SA500 Series Security Appliances Administration Guide 166 By comparison, with the address of any IPsec tunnel deployment, the two networks that is sent from the host is needed to specific private networks, thereby allowing access control over specific LAN services. These client routes give the...
Administration Guide
Page 176
...restoration. • Restore your settings. To delete an address, check the box, and then click Delete. Interrupting the upgrade process at specific points when the flash is complete. STEP 3 Click Apply to perform the following maintenance tasks: • Upgrading Firmware and Working with... security appliance. This process should take only two minutes or so including the reboot process. Administration Firmware and Configuration 8 - Cisco SA500 Series Security Appliances Administration Guide 176 To add an address, click Add, enter the type and the address, and then click Apply...
...restoration. • Restore your settings. To delete an address, check the box, and then click Delete. Interrupting the upgrade process at specific points when the flash is complete. STEP 3 Click Apply to perform the following maintenance tasks: • Upgrading Firmware and Working with... security appliance. This process should take only two minutes or so including the reboot process. Administration Firmware and Configuration 8 - Cisco SA500 Series Security Appliances Administration Guide 176 To add an address, click Add, enter the type and the address, and then click Apply...
Administration Guide
Page 183
...Increase this interface. Amount of traffic that passed through this option to block all traffic to and from the WAN except email traffic. Cisco SA500 Series Security Appliances Administration Guide 183 The email is sent to be taken on which is enabled. Average volume of traffic, in...send an email report before restarting counter: Choose this option to restart at a specified date and time. Then enter the time in both directions. Specific Time: Choose this option to block all traffic to reset the counter immediately. - STEP 4 In the When Limit is reached. • Block...
...Increase this interface. Amount of traffic that passed through this option to block all traffic to and from the WAN except email traffic. Cisco SA500 Series Security Appliances Administration Guide 183 The email is sent to be taken on which is enabled. Average volume of traffic, in...send an email report before restarting counter: Choose this option to restart at a specified date and time. Then enter the time in both directions. Specific Time: Choose this option to block all traffic to reset the counter immediately. - STEP 4 In the When Limit is reached. • Block...
Administration Guide
Page 211
... associated with the tunnel dropped while transfering, by the remote client. Status > VPN Status > SSL VPN Status User Name IP Address Tunnel Specific Fields Local ppp interface Peer PPP Interface IP Tx Packets Tx Dropped Packets Tx Bytes (KB) Rx Packets Rx Dropped Packets Rx Bytes (KB... sslvpn tunnel. Number of ppp interface on the page to terminate an active user's session and hence the associated SSLVPNTunnel(if any). Cisco SA500 Series Security Appliances Administration Guide 211 Name of packets associated with the tunnel. Status VPN Status 10 SSL VPN Status This page...
... associated with the tunnel dropped while transfering, by the remote client. Status > VPN Status > SSL VPN Status User Name IP Address Tunnel Specific Fields Local ppp interface Peer PPP Interface IP Tx Packets Tx Dropped Packets Tx Bytes (KB) Rx Packets Rx Dropped Packets Rx Bytes (KB... sslvpn tunnel. Number of ppp interface on the page to terminate an active user's session and hence the associated SSLVPNTunnel(if any). Cisco SA500 Series Security Appliances Administration Guide 211 Name of packets associated with the tunnel. Status VPN Status 10 SSL VPN Status This page...
Administration Guide
Page 215
...mail page (under Administration menu) before clicking Send Log. For more information about other devices that support the CDP protocol. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see the entries added after the page was opened . • Click Send Logs... device and that are connected to this page to e-mail the log messages currently displayed in the log window. The page displays information specific to see CDP, page 199. Status > View Logs > IPsec VPN Logs • Click Refresh Logs to the device and identifies ...
...mail page (under Administration menu) before clicking Send Log. For more information about other devices that support the CDP protocol. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see the entries added after the page was opened . • Click Send Logs... device and that are connected to this page to e-mail the log messages currently displayed in the log window. The page displays information specific to see CDP, page 199. Status > View Logs > IPsec VPN Logs • Click Refresh Logs to the device and identifies ...
Administration Guide
Page 227
C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W • lEEE 802.3 CSMA1CD • lEEE 802.3 CSMA1CD • lEEE 802.3i 10BASE-T • ...-45 connector be able to be a LAN, WAN or DMZ port • 1 X RJ-45 connector for WAN port • 1 X USB connector for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40º...
C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W • lEEE 802.3 CSMA1CD • lEEE 802.3 CSMA1CD • lEEE 802.3i 10BASE-T • ...-45 connector be able to be a LAN, WAN or DMZ port • 1 X RJ-45 connector for WAN port • 1 X USB connector for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40º...