Cisco Systems Complete Cisco ASA Manual for Home Security Systems
Page 1

Cisco ASA 5500 Series Adaptive

Security Appliance Getting Started

Guide

For the Cisco ASA 5510, ASA 5520, and ASA 5540

Corporate Headquarters

Cisco Systems, Inc.

170 West Tasman Drive San Jose, CA 95134-1706

USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387) Fax: 408 526-4100

Customer Order Number: DOC-7817611=

Text Part Number: 78-17611-01

Page 1 Page 2
Image 1
Page 1 Page 2
Contents For the Cisco ASA 5510, ASA 5520, and ASA Page Iii N T E N T SScenario DMZ Configuration Implementing the Site-to-Site Scenario What to Do Next ASA Before You BeginASA 5500 with AIP SSM ASA 5500 with CSC SSM ASA 5500 with 4GE SSM Installing the Cisco ASA Verifying the Package Contents Installing the Chassis Rack-Mounting the Chassis Installing the Right and Left BracketsRack-Mounting the Chassis Ports and LEDsLED Section in the Cisco Security Appliance Command Reference Indicator Color Description To Do This See What to Do NextInstalling the Cisco ASA What to Do Next Cisco 4GE SSM Installing Optional SSMsLink 4GE SSM ComponentsSpeed Installing the Cisco 4GE SSMSFP Module, Installing the SFP Module, Installing the SFP ModulesSFP Module Type of Connection Cisco Part Number SFP ModuleInstalling the SFP Module Installing an SFP Module SSM CPU Dram Cisco AIP SSM and CSC SSMInstalling an SSM Continue with , Connecting Interface Cables Connecting Interface Cables Connecting Cables to Interfaces Management port RJ-45 to RJ-45 Ethernet cable RJ-45 Console port RJ-45 to DB-9 console cable RJ-45 AUX port RJ-45 to DB-9 console cable Ethernet ports RJ-45 connector Removing the Optical Port Plug Connecting the LC Connector SSM management port RJ-45 to RJ-45 cable Continue with , Configuring the Adaptive Security Appliance About the Factory-Default Configuration Configuring the Adaptive Security ApplianceAbout the Adaptive Security Device Manager Before Launching the Startup Wizard Using the Startup Wizard Scenario Remote-Access SSM Example DMZ Network Topology Scenario DMZ ConfigurationNetwork Layout for DMZ Configuration Scenario Outgoing Http Traffic Flow from the Private Network Incoming Http Traffic Flow From the Internet Configuring the Security Appliance for a DMZ DeploymentConfiguration Requirements Starting Asdm Creating IP Pools for Network Address Translation 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 Configuring an External Identity for the DMZ Web Server 78-17611-01 Providing Public Http Access to the DMZ Web Server 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 Scenario DMZ Configuration What to Do Next Configure a remote-access VPN Scenario DMZ Configuration What to Do Next Example IPsec Remote-Access VPN Network Topology Scenario Remote-Access VPN ConfigurationNetwork Layout for Remote Access VPN Scenario Implementing the IPsec Remote-Access VPN ScenarioInformation to Have Available Starting Asdm Configuring the Fwsm for an IPsec Remote-Access VPN Selecting VPN Client Types 78-17611-01 Specifying a User Authentication Method 78-17611-01 Optional Configuring User Accounts Configuring Address Pools Configuring Client Attributes Configuring the IKE Policy 78-17611-01 Configuring IPsec Encryption and Authentication Parameters Specifying Address Translation Exception and Split Tunneling Verifying the Remote-Access VPN Configuration Scenario Remote-Access VPN Configuration What to Do Next DMZ Scenario Remote-Access VPN Configuration What to Do Next Example Site-to-Site VPN Network Topology Scenario Site-to-Site VPN ConfigurationImplementing the Site-to-Site Scenario Network Layout for Site-to-Site VPN Configuration ScenarioStarting Asdm Configuring the Site-to-Site VPNConfiguring the Security Appliance at the Local Site 78-17611-01 Providing Information About the Remote VPN Peer Configuring the IKE Policy Click Next to continue Configuring IPSec Encryption and Authentication Parameters Specifying Hosts and Networks Viewing VPN Attributes and Completing the Wizard 78-17611-01 Configuring the Other Side of the VPN Connection Scenario Site-to-Site VPN Configuration What to Do Next AIP SSM Configuration Configuring the AIP SSMConfiguring the ASA 5500 to Divert Traffic to the AIP SSM Overview of Configuration ProcessHostnameconfig# class-mapclassmapname hostnameconfig-cmap# Interface interfaceID Cisco Sessioning to the AIP SSM and Running SetupLicense Notice Configuring the AIP SSM What to Do Next Configure protection of a DMZ web 10-1 About the CSC SSM10-2 CSC SSMCSC SSM Traffic Flow 10-3CSC SSM 10-410-5 Configuring the CSC SSM for Content SecurityGather Information Obtain Software Activation Key from Cisco.com10-6 10-7 Launch Asdm10-8 Verify Time Settings10-9 Run the CSC Setup Wizard10-10 10-11 10-12 10-13 10-14 Divert Traffic to the CSC SSM for Content Scanning10-15 10-16 10-17 10-18 10-19 10-20 Security tab10-21 10-22 11-1 Configuring the 4GE SSM for Fiber11-2 Cabling 4GE SSM Interfaces11-3 Setting the 4GE SSM Media Type for Fiber Interfaces Optional11-4 11-5 11-6 Obtaining a DES License or a 3DES-AES License Command Purpose
Related manuals
Manual 49 pages 36.1 Kb Manual 16 pages 48.09 Kb Manual 16 pages 52 Kb

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.
Top Page Image Contents