Administration Guide
Page 3
... 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public...31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
... 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public...31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
Administration Guide
Page 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring ... the Protocol Bindings for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management ...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring ... the Protocol Bindings for Load Balancing 60 Configuring a DMZ 61 Configuring the DMZ Settings 64 DMZ Reserved IPs 66 DMZ DHCP Leased Clients 67 Routing 67 Routing 67 Static Routing 68 Dynamic Routing 69 Port Management ...Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 5
Contents Configuring IPv6 Addressing IP Routing Mode Configuring the IPv6 WAN Connection Configuring the IPv6 LAN IPv6 LAN Address Pools IPv6 Multi LAN IPv6 Static Routing Routing (RIPng) 6to4 Tunneling ... Basic Radio Configuration Advanced Radio Configuration Chapter 4: Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91...
Contents Configuring IPv6 Addressing IP Routing Mode Configuring the IPv6 WAN Connection Configuring the IPv6 LAN IPv6 LAN Address Pools IPv6 Multi LAN IPv6 Static Routing Routing (RIPng) 6to4 Tunneling ... Basic Radio Configuration Advanced Radio Configuration Chapter 4: Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91...
Administration Guide
Page 18
If you change this setting in the LAN configuration, you will need to enter the new IP address to connect to launch the Configuration Utility if you are using the security appliance with the Configuration Utility 1 Connecting to the ...more information about CCA, see Using the Getting Started Pages, page 19. Cisco SA500 Series Security Appliances Administration Guide 18 On the Certificate page, click Install the Certificate. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. STEP 2 Start a web browser, and...
If you change this setting in the LAN configuration, you will need to enter the new IP address to connect to launch the Configuration Utility if you are using the security appliance with the Configuration Utility 1 Connecting to the ...more information about CCA, see Using the Getting Started Pages, page 19. Cisco SA500 Series Security Appliances Administration Guide 18 On the Certificate page, click Install the Certificate. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log In. STEP 2 Start a web browser, and...
Administration Guide
Page 22
... changes needed . However, you might need to modify some of the security appliance. You can change the subnet address, or the default IP address of these settings. If your ISP by using the device with Internet Access, page 26. • Optional Port: This port... default settings, see Scenario 1: Basic Network Configuration with Cisco SA500 Series Security Appliances Administration Guide 22 Settings of the screen. For a full list of the security appliance should be satisfactory. In addition, if your IPv6 LAN. For most deployment scenarios, the default DHCP and TCP/IP ...
... changes needed . However, you might need to modify some of the security appliance. You can change the subnet address, or the default IP address of these settings. If your ISP by using the device with Internet Access, page 26. • Optional Port: This port... default settings, see Scenario 1: Basic Network Configuration with Cisco SA500 Series Security Appliances Administration Guide 22 Settings of the screen. For a full list of the security appliance should be satisfactory. In addition, if your IPv6 LAN. For most deployment scenarios, the default DHCP and TCP/IP ...
Administration Guide
Page 23
... you begin using a web browser and entering the default IP address of 192.168.75.1. STEP 3 Click the button in range. The default setting requires logging in again after 10 minutes of the table, find the default Administrator account. The Users window opens. You are ...in the Edit column. The User Configuration window opens, displaying the default information. These settings make it is strongly recommended that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 STEP 2 In the first row of inactivity. ...
... you begin using a web browser and entering the default IP address of 192.168.75.1. STEP 3 Click the button in range. The default setting requires logging in again after 10 minutes of the table, find the default Administrator account. The Users window opens. You are ...in the Edit column. The User Configuration window opens, displaying the default information. These settings make it is strongly recommended that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 STEP 2 In the first row of inactivity. ...
Administration Guide
Page 26
...from the Internet to access the Internet. Cisco SA500 Series Security Appliances Administration Guide 26 With the default settings, the security appliance gets its ...Default User Name and Password, page 23). NOTE Before you configure your LAN configuration, you might not need to set up your Internet connection. Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500... on the LAN receive their IP addresses dynamically from the ISP.
...from the Internet to access the Internet. Cisco SA500 Series Security Appliances Administration Guide 26 With the default settings, the security appliance gets its ...Default User Name and Password, page 23). NOTE Before you configure your LAN configuration, you might not need to set up your Internet connection. Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500... on the LAN receive their IP addresses dynamically from the ISP.
Administration Guide
Page 27
...Internet, configure your network. To configure the port, use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your devices. The default DHCP and TCP/IP settings should be satisfactory in the Secondary WAN Port section of the Getting Started (...Basic) page, click the LAN Settings link. Cisco SA500 Series Security Appliances Administration Guide 27 For more...
...Internet, configure your network. To configure the port, use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your devices. The default DHCP and TCP/IP settings should be satisfactory in the Secondary WAN Port section of the Getting Started (...Basic) page, click the LAN Settings link. Cisco SA500 Series Security Appliances Administration Guide 27 For more...
Administration Guide
Page 28
... Cisco Configuration Assistant (CCA). With the default configuration, the security appliance acts as needed. Configure the WAN and LAN settings for your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 UC500 Printer Personal computer IP IP Phone Configuration tasks for this scenario: 1. IP Phones are assigned IP...
... Cisco Configuration Assistant (CCA). With the default configuration, the security appliance acts as needed. Configure the WAN and LAN settings for your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 UC500 Printer Personal computer IP IP Phone Configuration tasks for this scenario: 1. IP Phones are assigned IP...
Administration Guide
Page 29
...deployment, but consider the steps outlined in which you need an exception from the Internet, and to a specified IP address, a range of firewall rules. Cisco SA500 Series Security Appliances Administration Guide 29 You can address this scenario: To start configuring your LAN. For more.... Configuration tasks for approved business purposes, you can configure the firewall rules that you specify. To prevent unwanted traffic from the default firewall policy, you configure your private LAN and the Internet. After you need to configure a firewall rule. This zone acts ...
...deployment, but consider the steps outlined in which you need an exception from the Internet, and to a specified IP address, a range of firewall rules. Cisco SA500 Series Security Appliances Administration Guide 29 You can address this scenario: To start configuring your LAN. For more.... Configuration tasks for approved business purposes, you can configure the firewall rules that you specify. To prevent unwanted traffic from the default firewall policy, you configure your private LAN and the Internet. After you need to configure a firewall rule. This zone acts ...
Administration Guide
Page 30
... more information, see Configuring a DMZ, page 61. Getting Started Common Configuration Scenarios www.example.com 1 Internet Public IP Address 209.165.200.225 SA 500 LAN Interface 192.168.75.1 DMZ Interface 172.16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web...IP Address: 172.16.2.30 Public IP Address: 209.165.200.225 235140 User 192.168.75.10 User 192.168.75.11 NOTE The default WAN and LAN settings might be sufficient for this scenario: To start configuring a DMZ, use the links in Scenario 1: Basic Network Configuration with Internet Access, page 26. Cisco...
... more information, see Configuring a DMZ, page 61. Getting Started Common Configuration Scenarios www.example.com 1 Internet Public IP Address 209.165.200.225 SA 500 LAN Interface 192.168.75.1 DMZ Interface 172.16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web...IP Address: 172.16.2.30 Public IP Address: 209.165.200.225 235140 User 192.168.75.10 User 192.168.75.11 NOTE The default WAN and LAN settings might be sufficient for this scenario: To start configuring a DMZ, use the links in Scenario 1: Basic Network Configuration with Internet Access, page 26. Cisco...
Administration Guide
Page 35
... with Internet Access, page 26. 2. The default WAN and LAN settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for this scenario: 1. Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide...
... with Internet Access, page 26. 2. The default WAN and LAN settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for this scenario: 1. Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide...
Administration Guide
Page 37
Networking Configuring the WAN Connection 2 Configuring the WAN Connection By default, your security appliance is configured to complete the fields under ISP Connection Type. Use the account information provided by your ISP to log into ... Internet connectivity. Keep Connected: The connection is required, continue to Step 2 to receive a public IP address from your ISP fees are based on the requirements of inactivity (Idle Time). To manage the profiles in minutes Cisco SA500 Series Security Appliances Administration Guide 37 Idle Time: The security appliance disconnects from the...
Networking Configuring the WAN Connection 2 Configuring the WAN Connection By default, your security appliance is configured to complete the fields under ISP Connection Type. Use the account information provided by your ISP to log into ... Internet connectivity. Keep Connected: The connection is required, continue to Step 2 to receive a public IP address from your ISP fees are based on the requirements of inactivity (Idle Time). To manage the profiles in minutes Cisco SA500 Series Security Appliances Administration Guide 37 Idle Time: The security appliance disconnects from the...
Administration Guide
Page 38
...VLAN Tagging: Check this option if your ISP or use the default MTU size, 1500 bytes. Choose Default to restart the WAN connection. If you choose this option if you by the ISP. • Server IP Address: Enter the IP address of the largest packet that were provided by your ISP.... STEP 6 If required by your ISP. • DNS Server Source: DNS servers map Internet domain names (example: www.cisco.com) to IP addresses. STEP 5 If your ISP has not assigned an IP address to you . - STEP 4 Reset the PPPoE/L2TP/PPTP connection by Schedule. • Daily: Resets the connection daily...
...VLAN Tagging: Check this option if your ISP or use the default MTU size, 1500 bytes. Choose Default to restart the WAN connection. If you choose this option if you by the ISP. • Server IP Address: Enter the IP address of the largest packet that were provided by your ISP.... STEP 6 If required by your ISP. • DNS Server Source: DNS servers map Internet domain names (example: www.cisco.com) to IP addresses. STEP 5 If your ISP has not assigned an IP address to you . - STEP 4 Reset the PPPoE/L2TP/PPTP connection by Schedule. • Daily: Resets the connection daily...
Administration Guide
Page 43
...manually configuring the network settings of all of using a DNS server, you can automatically assign IP addresses and DNS server addresses to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN ...server. If you want another PC on the WLAN or LAN network. Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of a DNS server but uses the NetBIOS protocol to resolve hostnames...
...manually configuring the network settings of all of using a DNS server, you can automatically assign IP addresses and DNS server addresses to the PCs and other settings. • About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN ...server. If you want another PC on the WLAN or LAN network. Cisco SA500 Series Security Appliances Administration Guide 43 Networking Configuring the LAN 2 Configuring the LAN For most applications, the default DHCP and TCP/IP settings of a DNS server but uses the NetBIOS protocol to resolve hostnames...
Administration Guide
Page 45
...your service provider. • Primary Tftp Server and Secondary Tftp Server (Optional): Optionally, enter the IP address of addresses in the IP address pool for PCs with the DNS servers of the ISP. The default is 192.168.75.2. NOTE Next steps: • If you chose DHCP Relay as a ... Viewing the LAN Status, page 46. • To reserve certain IP addresses always to act as the DHCP mode, enter the IP address of configuration tasks. • To check the LAN connection status, click LAN > LAN Status. Cisco SA500 Series Security Appliances Administration Guide 45 STEP 4 In the LAN ...
...your service provider. • Primary Tftp Server and Secondary Tftp Server (Optional): Optionally, enter the IP address of addresses in the IP address pool for PCs with the DNS servers of the ISP. The default is 192.168.75.2. NOTE Next steps: • If you chose DHCP Relay as a ... Viewing the LAN Status, page 46. • To reserve certain IP addresses always to act as the DHCP mode, enter the IP address of configuration tasks. • To check the LAN connection status, click LAN > LAN Status. Cisco SA500 Series Security Appliances Administration Guide 45 STEP 4 In the LAN ...
Administration Guide
Page 46
The default configuration provides for up to a total of 16 VLANs. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the connected devices, click LAN > DHCP Leased Clients. Viewing the LAN Status STEP 1 Click ... either an optional WAN or a DMZ, click Optional Port > Optional Port Mode and choose LAN for the default VLANs, and you can create new VLAN. Cisco SA500 Series Security Appliances Administration Guide 46 For more information, see Pinging to your settings. VLAN Configuration The security...
The default configuration provides for up to a total of 16 VLANs. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the connected devices, click LAN > DHCP Leased Clients. Viewing the LAN Status STEP 1 Click ... either an optional WAN or a DMZ, click Optional Port > Optional Port Mode and choose LAN for the default VLANs, and you can create new VLAN. Cisco SA500 Series Security Appliances Administration Guide 46 For more information, see Pinging to your settings. VLAN Configuration The security...
Administration Guide
Page 47
...): 1 - VLAN - Lease Time in Minutes: 1440 (24hours) - IP Address Distribution: DHCP Server - VLAN - IP Address: 10.1.1.1 - VLAN - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 VLAN - HTTPS Remote Access: disable... • Voice VLAN: The VLAN is enabled with the VLAN ID 100. - Networking Configuring the LAN 2 This section includes the following topics: • Default...
...): 1 - VLAN - Lease Time in Minutes: 1440 (24hours) - IP Address Distribution: DHCP Server - VLAN - IP Address: 10.1.1.1 - VLAN - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 VLAN - HTTPS Remote Access: disable... • Voice VLAN: The VLAN is enabled with the VLAN ID 100. - Networking Configuring the LAN 2 This section includes the following topics: • Default...
Administration Guide
Page 50
...option, also enter a PVID number for the default VLAN with a mix of the page, enter the following settings: • IP Address: Enter the VLAN subnet IP address. • Subnet Mask: Enter the ... and configure the VLAN Membership in the lower half of the port is connected to a VLAN-aware switch or router. STEP 1 Click Networking > VLAN > Multiple VLAN Subnets. All VLANs from the Networking... configure the VLAN Membership in the List of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 When you want to enable communication between VLANs ...
...option, also enter a PVID number for the default VLAN with a mix of the page, enter the following settings: • IP Address: Enter the VLAN subnet IP address. • Subnet Mask: Enter the ... and configure the VLAN Membership in the lower half of the port is connected to a VLAN-aware switch or router. STEP 1 Click Networking > VLAN > Multiple VLAN Subnets. All VLANs from the Networking... configure the VLAN Membership in the List of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 When you want to enable communication between VLANs ...
Administration Guide
Page 131
...; IPS Status: Displays the IPS Signatures status including the IPS license expiration date, the signature file version, and the date that you must choose IPS as the facility. The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. Click Apply to identify an attack in Administration is automatically updated for signature updates. - For example, the Cisco...
...; IPS Status: Displays the IPS Signatures status including the IPS license expiration date, the signature file version, and the date that you must choose IPS as the facility. The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. Click Apply to identify an attack in Administration is automatically updated for signature updates. - For example, the Cisco...