Administration Guide
Page 26
...set up your LAN configuration, you can make any changes that are needed . Review the WAN configuration and make changes, as needed to change any LAN devices. ...Internet. For more information, see Changing the Default User Name and Password, page 23). Cisco SA500 Series Security Appliances Administration Guide 26 Consider the following first steps: 1. In the...with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 Printer Personal computer In a basic deployment for a small business, the security appliance ...
...set up your LAN configuration, you can make any changes that are needed . Review the WAN configuration and make changes, as needed to change any LAN devices. ...Internet. For more information, see Changing the Default User Name and Password, page 23). Cisco SA500 Series Security Appliances Administration Guide 26 Consider the following first steps: 1. In the...with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 Printer Personal computer In a basic deployment for a small business, the security appliance ...
Administration Guide
Page 27
... WAN Port section of the Getting Started (Advanced) page. See Configuring the Logging Options, page 185 and RMON (Remote Management), page 197. Cisco SA500 Series Security Appliances Administration Guide 27 However, you will need a DMZ. For more information, see Configuring the LAN, page 43. 3. For... such as logging or remote access to host public services such as an extra LAN port. Getting Started Common Configuration Scenarios 1 2. Review the LAN configuration and make any changes that are going to support your UC500. If you want to restrict some types of the...
... WAN Port section of the Getting Started (Advanced) page. See Configuring the Logging Options, page 185 and RMON (Remote Management), page 197. Cisco SA500 Series Security Appliances Administration Guide 27 However, you will need a DMZ. For more information, see Configuring the LAN, page 43. 3. For... such as logging or remote access to host public services such as an extra LAN port. Getting Started Common Configuration Scenarios 1 2. Review the LAN configuration and make any changes that are going to support your UC500. If you want to restrict some types of the...
Administration Guide
Page 32
...10.10.10.0 Internet Outside 209.165.200.236 SA 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 Configuration tasks for Remote Access with advanced encryption to review and modify the policies that were created by the Wizard.... Optionally, you can use other settings. For more information, see Configuring an IPsec VPN Tunnel for this scenario: In the Site-to -Site option and enter the other links on the Getting Started (Advanced) page to maintain network security. Cisco...
...10.10.10.0 Internet Outside 209.165.200.236 SA 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 Configuration tasks for Remote Access with advanced encryption to review and modify the policies that were created by the Wizard.... Optionally, you can use other settings. For more information, see Configuring an IPsec VPN Tunnel for this scenario: In the Site-to -Site option and enter the other links on the Getting Started (Advanced) page to maintain network security. Cisco...
Administration Guide
Page 33
... Remote Access with a VPN Client For remote access by the Wizard. Return to the Getting Started (Advanced) page and click Add Users to review and modify the policies that were created by users who have an IPsec VPN client on the page. For more information, see Configuring an IPsec...VPN client tunnel for this scenario: In the IPsec VPN Remote Access section of the Getting Started (Advanced) page, click the VPN Wizard link. Cisco SA500 Series Security Appliances Administration Guide 33 Optionally, you can use other links on the Getting Started (Advanced) page to add your VPN users....
... Remote Access with a VPN Client For remote access by the Wizard. Return to the Getting Started (Advanced) page and click Add Users to review and modify the policies that were created by users who have an IPsec VPN client on the page. For more information, see Configuring an IPsec...VPN client tunnel for this scenario: In the IPsec VPN Remote Access section of the Getting Started (Advanced) page, click the VPN Wizard link. Cisco SA500 Series Security Appliances Administration Guide 33 Optionally, you can use other links on the Getting Started (Advanced) page to add your VPN users....
Administration Guide
Page 34
...can use other links to extend your network resources. Return to the Getting Started (Advanced) page and click the Configure Users link to review the default settings for different user groups, if needed. You are not responsible for Browser-Based Remote Access, page 154. DNS Server...Started (Advanced) page, click the SSL VPN Portal Layouts link to add your SSL VPN. Create new portals for the user portal. Cisco SA500 Series Security Appliances Administration Guide 34 Getting Started Common Configuration Scenarios 1 SSL VPN Remote Access With a Web Browser For remote access ...
...can use other links to extend your network resources. Return to the Getting Started (Advanced) page and click the Configure Users link to review the default settings for different user groups, if needed. You are not responsible for Browser-Based Remote Access, page 154. DNS Server...Started (Advanced) page, click the SSL VPN Portal Layouts link to add your SSL VPN. Create new portals for the user portal. Cisco SA500 Series Security Appliances Administration Guide 34 Getting Started Common Configuration Scenarios 1 SSL VPN Remote Access With a Web Browser For remote access ...
Administration Guide
Page 139
... parameters to configure an IPsec VPN tunnel for remote access with a VPN Client 7 For the example illustrated in the navigation pane. Cisco SA500 Series Security Appliances Administration Guide 139 The Wizard creates a VPN policy and an IKE policy based on the local LAN. NOTE ...-shared key, which greatly simplifies setup For information about the VPNC recommendations, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. Configuring VPN Configuring an IPsec VPN Tunnel for Remote Access with a VPN ...
... parameters to configure an IPsec VPN tunnel for remote access with a VPN Client 7 For the example illustrated in the navigation pane. Cisco SA500 Series Security Appliances Administration Guide 139 The Wizard creates a VPN policy and an IKE policy based on the local LAN. NOTE ...-shared key, which greatly simplifies setup For information about the VPNC recommendations, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. Configuring VPN Configuring an IPsec VPN Tunnel for Remote Access with a VPN ...
Administration Guide
Page 141
... you want to use for the IPsec Remote Access VPN, page 142. - To allow Extended Authentication (XAUTH) from user records stored on the remote client. Cisco SA500 Series Security Appliances Administration Guide 141 NOTE Next steps: • If you are not using the Getting Started (Advanced) page, click Getting Started > Advanced... IP Address if you want to save your settings. If you want to the list of configuration tasks for IPsec VPN, page 144. • To review or update the configured VPN policy click IPsec > VPN Policies.
... you want to use for the IPsec Remote Access VPN, page 142. - To allow Extended Authentication (XAUTH) from user records stored on the remote client. Cisco SA500 Series Security Appliances Administration Guide 141 NOTE Next steps: • If you are not using the Getting Started (Advanced) page, click Getting Started > Advanced... IP Address if you want to save your settings. If you want to the list of configuration tasks for IPsec VPN, page 144. • To review or update the configured VPN policy click IPsec > VPN Policies.
Administration Guide
Page 142
... IPsec Users table. To select all entries, check the box in the List of the table heading. Standard IPsec (XAuth) Cisco SA500 Series Security Appliances Administration Guide 142 Configuring VPN Configuring an IPsec VPN Tunnel for the XAUTH user. • Remote Peer Type...: Choose one of the following information: • User Name: Enter a unique identifier for Remote Access with a VPN Client 7 • To review or update the configured IKE policy, click IPsec > IKE Policies. STEP 1 Click VPN > IPsec > IPsec Users. STEP 3 Enter the following options: - ...
... IPsec Users table. To select all entries, check the box in the List of the table heading. Standard IPsec (XAuth) Cisco SA500 Series Security Appliances Administration Guide 142 Configuring VPN Configuring an IPsec VPN Tunnel for the XAUTH user. • Remote Peer Type...: Choose one of the following information: • User Name: Enter a unique identifier for Remote Access with a VPN Client 7 • To review or update the configured IKE policy, click IPsec > IKE Policies. STEP 1 Click VPN > IPsec > IPsec Users. STEP 3 Enter the following options: - ...
Administration Guide
Page 143
...be part of configuration tasks for the local subnet. NOTE Next steps: • If you also must enable Remote Management. Cisco SA500 Series Security Appliances Administration Guide 143 STEP 5 Repeat as Greenbow. Configuring VPN Configuring an IPsec VPN Tunnel for Remote Access ...Subnet Mask: Enter the subnet mask for IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. See Advanced Configuration of IPsec VPN, page 144. • For Cisco QuickVPN, you are using the Getting Started (Advanced) page, click Getting Started > ...
...be part of configuration tasks for the local subnet. NOTE Next steps: • If you also must enable Remote Management. Cisco SA500 Series Security Appliances Administration Guide 143 STEP 5 Repeat as Greenbow. Configuring VPN Configuring an IPsec VPN Tunnel for Remote Access ...Subnet Mask: Enter the subnet mask for IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. See Advanced Configuration of IPsec VPN, page 144. • For Cisco QuickVPN, you are using the Getting Started (Advanced) page, click Getting Started > ...
Administration Guide
Page 144
...field of devices that are configured by the Wizard, click VPN on the menu bar, and then click IPsec > Basic Setting Defaults. Cisco SA500 Series Security Appliances Administration Guide 144 After the Wizard creates the matching IKE and VPN policies, you can create IKE policies to define..., etc. Configuring VPN Advanced Configuration of IPsec VPN 7 Advanced Configuration of IPsec VPN The following topics are helpful for users who want to review and modify the settings that are created by the VPN Wizard. • Viewing the Basic Setting Defaults for IPsec VPN • Configuring the...
...field of devices that are configured by the Wizard, click VPN on the menu bar, and then click IPsec > Basic Setting Defaults. Cisco SA500 Series Security Appliances Administration Guide 144 After the Wizard creates the matching IKE and VPN policies, you can create IKE policies to define..., etc. Configuring VPN Advanced Configuration of IPsec VPN 7 Advanced Configuration of IPsec VPN The following topics are helpful for users who want to review and modify the settings that are created by the VPN Wizard. • Viewing the Basic Setting Defaults for IPsec VPN • Configuring the...
Administration Guide
Page 148
...up Policies. You cannot enable, disable, edit, or delete the backup policies. Cisco SA500 Series Security Appliances Administration Guide 148 For more information, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. NOTE Before...7 STEP 8 Click Apply to save your RADIUS server, see Configuring RADIUS Server Records, page 193. NOTE Next Steps • To review or update the configured VPN policy click IPsec > VPN Policies. For more information, see Configuring the IKE Policies for remote access VPN ...
...up Policies. You cannot enable, disable, edit, or delete the backup policies. Cisco SA500 Series Security Appliances Administration Guide 148 For more information, see Configuring the IPsec VPN Policies, page 148. • To review or update the configured IKE policy, click IPsec > IKE Policies. NOTE Before...7 STEP 8 Click Apply to save your RADIUS server, see Configuring RADIUS Server Records, page 193. NOTE Next Steps • To review or update the configured VPN policy click IPsec > VPN Policies. For more information, see Configuring the IKE Policies for remote access VPN ...
Administration Guide
Page 156
...In the scenario, start the scenario with this site over a Clientless SSL VPN connection. See Configuring SSL VPN Port Forwarding, page 163. Cisco SA500 Series Security Appliances Administration Guide 156 If an SSL-enabled site is pre-configured with Scenario Step 1: Customizing the Portal Layout, page 157.... They should not visit this step so that have access to create different portal layouts, you can start with a portal that you can review the default settings and modify, as the User Type. In addition, you need to provide to a limited set of resources. Configuring VPN...
...In the scenario, start the scenario with this site over a Clientless SSL VPN connection. See Configuring SSL VPN Port Forwarding, page 163. Cisco SA500 Series Security Appliances Administration Guide 156 If an SSL-enabled site is pre-configured with Scenario Step 1: Customizing the Portal Layout, page 157.... They should not visit this step so that have access to create different portal layouts, you can start with a portal that you can review the default settings and modify, as the User Type. In addition, you need to provide to a limited set of resources. Configuring VPN...
Administration Guide
Page 189
... and as defined in the SysLog Server field. Alert (level 1) Immediate action needed. Syslog definition is LOG_CRIT. Syslog definition is LOG_ALERT. Syslog definition is LOG_EMERG. Cisco SA500 Series Security Appliances Administration Guide 189 STEP 5 If you want the security appliance to send logs to the syslog server. Logs Facility and Severity... the time of day when logs should be sent. STEP 6 Click Apply to save your settings. Critical (level 2) Critical conditions. STEP 3 Check the box for review. Syslog definition is LOG_NOTICE.
... and as defined in the SysLog Server field. Alert (level 1) Immediate action needed. Syslog definition is LOG_CRIT. Syslog definition is LOG_ALERT. Syslog definition is LOG_EMERG. Cisco SA500 Series Security Appliances Administration Guide 189 STEP 5 If you want the security appliance to send logs to the syslog server. Logs Facility and Severity... the time of day when logs should be sent. STEP 6 Click Apply to save your settings. Critical (level 2) Critical conditions. STEP 3 Check the box for review. Syslog definition is LOG_NOTICE.
Administration Guide
Page 220
Cisco SA500 Series Security Appliances Administration Guide 220 Recommended action: STEP 1 If you have just configured the security appliance, wait at least 5 minutes, click Administration > Time ...: Date shown is off by one hour. Possible cause: The security appliance does not automatically adjust for Daylight Savings Time. STEP 3 Verify your settings. STEP 2 Review the settings for the date and time. Recommended action: STEP 1 Click Administration > Time Zone. Symptom: The time is January 1, 2000. Possible cause: The security appliance...
Cisco SA500 Series Security Appliances Administration Guide 220 Recommended action: STEP 1 If you have just configured the security appliance, wait at least 5 minutes, click Administration > Time ...: Date shown is off by one hour. Possible cause: The security appliance does not automatically adjust for Daylight Savings Time. STEP 3 Verify your settings. STEP 2 Review the settings for the date and time. Recommended action: STEP 1 Click Administration > Time Zone. Symptom: The time is January 1, 2000. Possible cause: The security appliance...