Cisco Systems ASA 5500 manual Security tab, 10-20

Page 134

Chapter 10 Configuring the CSC SSM

What to Do Next

If included in the license you purchased, you can create custom settings for URL blocking and URL filtering, as well as email and FTP parameters. For more information, see the Cisco Content Security and Control SSM Administrator Guide.

What to Do Next

You are now ready to configure the Trend Micro Interscan for Cisco CSC SSM software. Use the following documents to continue configuring the adaptive security appliance for your implementation.

To Do This ...

See ...

 

 

Configure CSC SSM software, such as

Cisco Content Security and Control

advanced security policies

SSM Administrator Guide

 

 

Configure additional CSC SSM

ASDM online help (click the

features in ASDM, including content

Configuration or Monitoring tab,

filtering

then click the Trend Micro Content

 

Security tab)

 

 

Optimize performance by creating

“Managing AIP SSM and CSC SSM”

more efficient service policies

in Cisco Security Appliance Command

 

Line Configuration Guide

 

 

 

Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide

10-20

78-17611-01

Image 134
Contents For the Cisco ASA 5510, ASA 5520, and ASA Page N T E N T S IiiScenario DMZ Configuration Implementing the Site-to-Site Scenario What to Do Next Before You Begin ASAASA 5500 with AIP SSM ASA 5500 with CSC SSM ASA 5500 with 4GE SSM Installing the Cisco ASA Verifying the Package Contents Installing the Chassis Installing the Right and Left Brackets Rack-Mounting the ChassisPorts and LEDs Rack-Mounting the ChassisLED Section in the Cisco Security Appliance Command Reference Indicator Color Description What to Do Next To Do This SeeInstalling the Cisco ASA What to Do Next Installing Optional SSMs Cisco 4GE SSM4GE SSM Components LinkInstalling the Cisco 4GE SSM SpeedInstalling the SFP Modules SFP Module, Installing the SFP Module,SFP Module SFP Module Type of Connection Cisco Part NumberInstalling the SFP Module Installing an SFP Module Cisco AIP SSM and CSC SSM SSM CPU DramInstalling an SSM Continue with , Connecting Interface Cables Connecting Interface Cables Connecting Cables to Interfaces Management port RJ-45 to RJ-45 Ethernet cable RJ-45 Console port RJ-45 to DB-9 console cable RJ-45 AUX port RJ-45 to DB-9 console cable Ethernet ports RJ-45 connector Removing the Optical Port Plug Connecting the LC Connector SSM management port RJ-45 to RJ-45 cable Continue with , Configuring the Adaptive Security Appliance Configuring the Adaptive Security Appliance About the Factory-Default ConfigurationAbout the Adaptive Security Device Manager Before Launching the Startup Wizard Using the Startup Wizard Scenario Remote-Access SSM Scenario DMZ Configuration Example DMZ Network TopologyNetwork Layout for DMZ Configuration Scenario Outgoing Http Traffic Flow from the Private Network Configuring the Security Appliance for a DMZ Deployment Incoming Http Traffic Flow From the InternetConfiguration Requirements Starting Asdm Creating IP Pools for Network Address Translation 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 Configuring an External Identity for the DMZ Web Server 78-17611-01 Providing Public Http Access to the DMZ Web Server 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 Scenario DMZ Configuration What to Do Next Configure a remote-access VPN Scenario DMZ Configuration What to Do Next Scenario Remote-Access VPN Configuration Example IPsec Remote-Access VPN Network TopologyImplementing the IPsec Remote-Access VPN Scenario Network Layout for Remote Access VPN ScenarioInformation to Have Available Starting Asdm Configuring the Fwsm for an IPsec Remote-Access VPN Selecting VPN Client Types 78-17611-01 Specifying a User Authentication Method 78-17611-01 Optional Configuring User Accounts Configuring Address Pools Configuring Client Attributes Configuring the IKE Policy 78-17611-01 Configuring IPsec Encryption and Authentication Parameters Specifying Address Translation Exception and Split Tunneling Verifying the Remote-Access VPN Configuration Scenario Remote-Access VPN Configuration What to Do Next DMZ Scenario Remote-Access VPN Configuration What to Do Next Scenario Site-to-Site VPN Configuration Example Site-to-Site VPN Network TopologyNetwork Layout for Site-to-Site VPN Configuration Scenario Implementing the Site-to-Site ScenarioConfiguring the Site-to-Site VPN Starting AsdmConfiguring the Security Appliance at the Local Site 78-17611-01 Providing Information About the Remote VPN Peer Configuring the IKE Policy Click Next to continue Configuring IPSec Encryption and Authentication Parameters Specifying Hosts and Networks Viewing VPN Attributes and Completing the Wizard 78-17611-01 Configuring the Other Side of the VPN Connection Scenario Site-to-Site VPN Configuration What to Do Next Configuring the AIP SSM AIP SSM ConfigurationOverview of Configuration Process Configuring the ASA 5500 to Divert Traffic to the AIP SSMHostnameconfig# class-mapclassmapname hostnameconfig-cmap# Interface interfaceID Sessioning to the AIP SSM and Running Setup CiscoLicense Notice Configuring the AIP SSM What to Do Next Configure protection of a DMZ web About the CSC SSM 10-1CSC SSM 10-210-3 CSC SSM Traffic Flow10-4 CSC SSMConfiguring the CSC SSM for Content Security 10-510-6 Obtain Software Activation Key from Cisco.comGather Information Launch Asdm 10-7Verify Time Settings 10-8Run the CSC Setup Wizard 10-910-10 10-11 10-12 10-13 Divert Traffic to the CSC SSM for Content Scanning 10-1410-15 10-16 10-17 10-18 10-19 Security tab 10-2010-21 10-22 Configuring the 4GE SSM for Fiber 11-1Cabling 4GE SSM Interfaces 11-2Setting the 4GE SSM Media Type for Fiber Interfaces Optional 11-311-4 11-5 11-6 Obtaining a DES License or a 3DES-AES License Command Purpose
Related manuals
Manual 49 pages 36.1 Kb Manual 16 pages 48.09 Kb Manual 16 pages 52 Kb

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.