Administration Guide
Page 7
... Remote Access Access Options for SSL VPN Security Tips for SSL VPN Elements of the SSL VPN Scenario Step 1: Customizing the Portal Layout Scenario Step 2: Adding the SSL VPN Users Creating the SSL VPN Policies Specifying the Network Resources for SSL VPN Configuring SSL VPN Port Forwarding SSL VPN Tunnel Client Configuration Viewing... 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
... Remote Access Access Options for SSL VPN Security Tips for SSL VPN Elements of the SSL VPN Scenario Step 1: Customizing the Portal Layout Scenario Step 2: Adding the SSL VPN Users Creating the SSL VPN Policies Specifying the Network Resources for SSL VPN Configuring SSL VPN Port Forwarding SSL VPN Tunnel Client Configuration Viewing... 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
Administration Guide
Page 50
Untagged data coming into port. STEP 5 Click Apply to forward or filter the untagged packets coming into and out of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 Trunk mode is recommended if the port is untagged. Multiple VLAN Subnets Typically, VLANs are instances where you want to enable communication between VLANs...
Untagged data coming into port. STEP 5 Click Apply to forward or filter the untagged packets coming into and out of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 Trunk mode is recommended if the port is untagged. Multiple VLAN Subnets Typically, VLANs are instances where you want to enable communication between VLANs...
Administration Guide
Page 104
... other than the IP address configured on specified days and times, first create the schedules. Cisco SA500 Series Security Appliances Administration Guide 104 See Creating Custom Services, page 104. • If you want to use to configure firewall rules and port forwarding rules. (See Appendix B, "Standard Services.") If you need to configure a firewall rule for a service...
... other than the IP address configured on specified days and times, first create the schedules. Cisco SA500 Series Security Appliances Administration Guide 104 See Creating Custom Services, page 104. • If you want to use to configure firewall rules and port forwarding rules. (See Appendix B, "Standard Services.") If you need to configure a firewall rule for a service...
Administration Guide
Page 112
... the traffic flow is hosting the service. • Enable Port Forwarding: Check the box to forward traffic to a particular port. • Translate Port Number: If you enabled port forwarding, enter the port number that is from a list of the "by entering an IP address or address range. - Cisco SA500 Series Security Appliances Administration Guide 112 For more information, see Creating Schedules for...
... the traffic flow is hosting the service. • Enable Port Forwarding: Check the box to forward traffic to a particular port. • Translate Port Number: If you enabled port forwarding, enter the port number that is from a list of the "by entering an IP address or address range. - Cisco SA500 Series Security Appliances Administration Guide 112 For more information, see Creating Schedules for...
Administration Guide
Page 121
... of traffic on the required port or range of ports. NOTE Port triggering is more flexible than the static port forwarding that , when external devices connect to them, they are closed. Port Triggering Port triggering opens an incoming port for some applications. STEP 5...and outgoing ports to open when enabled. When a LAN device makes a connection on a specific port or range of data. See Appendix B, "Standard Services." Cisco SA500 Series Security Appliances Administration Guide 121 In addition, the ports are not left open . Port triggering is completed, the ports are ...
... of traffic on the required port or range of ports. NOTE Port triggering is more flexible than the static port forwarding that , when external devices connect to them, they are closed. Port Triggering Port triggering opens an incoming port for some applications. STEP 5...and outgoing ports to open when enabled. When a LAN device makes a connection on a specific port or range of data. See Appendix B, "Standard Services." Cisco SA500 Series Security Appliances Administration Guide 121 In addition, the ports are not left open . Port triggering is completed, the ports are ...
Administration Guide
Page 155
... you can specify the user privileges and you could restrict the user from the security appliance. A web-based (ActiveX or Java) client is installed in place of a VPN client on the Cisco SA500 Series Security Appliances Administration Guide 155 You can control each user's access to network resources. Access ...the remote host to allow remote users to access the LAN over an encrypted link through a customizable user portal interface. To configure port forwarding, see RMON (Remote Management), page 197. To do not have access to the full LAN. Configuring VPN Configuring SSL VPN ...
... you can specify the user privileges and you could restrict the user from the security appliance. A web-based (ActiveX or Java) client is installed in place of a VPN client on the Cisco SA500 Series Security Appliances Administration Guide 155 You can control each user's access to network resources. Access ...the remote host to allow remote users to access the LAN over an encrypted link through a customizable user portal interface. To configure port forwarding, see RMON (Remote Management), page 197. To do not have access to the full LAN. Configuring VPN Configuring SSL VPN ...
Administration Guide
Page 156
...provide customized information for your own domains and groups. Instructions are not going to different resources. As needed . Cisco SA500 Series Security Appliances Administration Guide 156 They should be sufficient for different groups of Clientless SSL VPN to be sure to create different...for all users. See Creating the SSL VPN Policies, page 160. • Port Forwarding: You can modify title, banner heading, banner message, security settings, and access type (VPN tunnel, port forwarding, or both). Configuring VPN Configuring SSL VPN for different user domains, you must ...
...provide customized information for your own domains and groups. Instructions are not going to different resources. As needed . Cisco SA500 Series Security Appliances Administration Guide 156 They should be sufficient for different groups of Clientless SSL VPN to be sure to create different...for all users. See Creating the SSL VPN Policies, page 160. • Port Forwarding: You can modify title, banner heading, banner message, security settings, and access type (VPN tunnel, port forwarding, or both). Configuring VPN Configuring SSL VPN for different user domains, you must ...
Administration Guide
Page 161
... an SSL VPN policy, click Add. After you define a policy, it goes into effect immediately. If you first need to the VPN Tunnel, Port Forwarding, or both. If you are in conflict, a more specific policy takes precedence over a policy for a range of SSL VPN Policies for: Choose...will be offered to configure a record for the network resource. STEP 2 In the Query area, choose which policies to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 161 See RMON (Remote Management), page 197. To select all users, Group for a particular group, or User for all ...
... an SSL VPN policy, click Add. After you define a policy, it goes into effect immediately. If you first need to the VPN Tunnel, Port Forwarding, or both. If you are in conflict, a more specific policy takes precedence over a policy for a range of SSL VPN Policies for: Choose...will be offered to configure a record for the network resource. STEP 2 In the Query area, choose which policies to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 161 See RMON (Remote Management), page 197. To select all users, Group for a particular group, or User for all ...
Administration Guide
Page 162
...If RMON is disabled, SSL VPN access is available only for policies that are highlighted with those ports. Also complete the fields that are managed by the device. Cisco SA500 Series Security Appliances Administration Guide 162 NOTE If you create a policy with same name as that are applied to... your settings. Leave the fields empty to apply the policy to field, enter the IP address of ports to apply the policy to all traffic. • Service: Choose VPN Tunnel, Port Forwarding, or All Services Defined. • Defined Resources: Choose the services for a particular policy. See ...
...If RMON is disabled, SSL VPN access is available only for policies that are highlighted with those ports. Also complete the fields that are managed by the device. Cisco SA500 Series Security Appliances Administration Guide 162 NOTE If you create a policy with same name as that are applied to... your settings. Leave the fields empty to apply the policy to field, enter the IP address of ports to apply the policy to all traffic. • Service: Choose VPN Tunnel, Port Forwarding, or All Services Defined. • Defined Resources: Choose the services for a particular policy. See ...
Administration Guide
Page 163
...delete an entry, check the box and then click Delete. STEP 4 Click Apply to edit an entry. Configuring SSL VPN Port Forwarding Port Forwarding is different from split and full tunnel modes, which allow access only to a limited set of the supported SSL VPN ...3 Enter the following table lists some common applications and corresponding TCP port numbers: TCP Application FTP Data (usually not needed) FTP Control Protocol SMTP (send mail) Port Number 20 21 25 Cisco SA500 Series Security Appliances Administration Guide 163 Configuring VPN Configuring SSL VPN for Browser-Based Remote...
...delete an entry, check the box and then click Delete. STEP 4 Click Apply to edit an entry. Configuring SSL VPN Port Forwarding Port Forwarding is different from split and full tunnel modes, which allow access only to a limited set of the supported SSL VPN ...3 Enter the following table lists some common applications and corresponding TCP port numbers: TCP Application FTP Data (usually not needed) FTP Control Protocol SMTP (send mail) Port Number 20 21 25 Cisco SA500 Series Security Appliances Administration Guide 163 Configuring VPN Configuring SSL VPN for Browser-Based Remote...
Administration Guide
Page 164
... Address: Enter the IP address of the internal host machine or local server. • TCP Port Number: Enter the port number of the table heading. STEP 4 Click Apply to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 164 The Port Forwarding window opens. Other options: Click the Edit button to save your settings. STEP 1 Click VPN...
... Address: Enter the IP address of the internal host machine or local server. • TCP Port Number: Enter the port number of the table heading. STEP 4 Click Apply to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 164 The Port Forwarding window opens. Other options: Click the Edit button to save your settings. STEP 1 Click VPN...
Administration Guide
Page 165
Cisco SA500 Series Security Appliances Administration Guide 165 SSL VPN Tunnel Client Configuration An SSL VPN tunnel client provides a point-to save your settings. STEP 1 Click VPN > SSL VPN Server > Port Forwarding. STEP 3 Enter the following information: • Local Server IP Address: Enter the IP ...application. STEP 4 Click Apply to -point connection between the browser-side machine and this security appliance. This feature allows access to edit an entry. The Port Forwarding window opens. Other options: Click the Edit button to services on the private network ...
Cisco SA500 Series Security Appliances Administration Guide 165 SSL VPN Tunnel Client Configuration An SSL VPN tunnel client provides a point-to save your settings. STEP 1 Click VPN > SSL VPN Server > Port Forwarding. STEP 3 Enter the following information: • Local Server IP Address: Enter the IP ...application. STEP 4 Click Apply to -point connection between the browser-side machine and this security appliance. This feature allows access to edit an entry. The Port Forwarding window opens. Other options: Click the Edit button to services on the private network ...
Administration Guide
Page 168
... to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 168 The user can click the Launcher icon to connect to the remote servers. • Change Password: The user can click the Launcher icon to connect to the remote network. • Port Forwarding: After the user clicks the...through the following options in the navigation pane: • VPN Tunnel: After the user clicks the link in the navigation pane, the Port Forwarding information window opens. STEP 2 To add a configured client route, click Add. The client portal provides remote access to which a route...
... to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 168 The user can click the Launcher icon to connect to the remote servers. • Change Password: The user can click the Launcher icon to connect to the remote network. • Port Forwarding: After the user clicks the...through the following options in the navigation pane: • VPN Tunnel: After the user clicks the link in the navigation pane, the Port Forwarding information window opens. STEP 2 To add a configured client route, click Add. The client portal provides remote access to which a route...
Administration Guide
Page 224
ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 Cisco SA500 Series Security Appliances Administration Guide 224 See Creating Custom Services, page 104. B Standard Services The security appliance is not on this list, you want to configure a port forwarding rule or a firewall rule for a service that is configured with the following list of standard services that are available for that purpose. If you can create a custom service for port forwarding and firewall configuration.
ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 Cisco SA500 Series Security Appliances Administration Guide 224 See Creating Custom Services, page 104. B Standard Services The security appliance is not on this list, you want to configure a port forwarding rule or a firewall rule for a service that is configured with the following list of standard services that are available for that purpose. If you can create a custom service for port forwarding and firewall configuration.