Manuals / Casio / Computer Equipment / Network Router

Casio ISA550WBUN3K9 manual Example DMZ with Two Public IP Addresses, Configuring a DMZ

Models: ISA550WBUN3K9

1 479

Download 479 pages 49.64 Kb

Page 143

Networking	4
Networking
Configuring DMZ

Figure 2 Example DMZ with Two Public IP Addresses

www.example.com

Internet

Public IP Addresses

Source Address Translation

209.165.200.225 (router)209.165.200.226 172.16.2.30 209.165.200.226 (web server)

		DMZ Interface
	ISA500	172.16.2.1
	ISA500
	LAN Interface	Web Server
	LAN Interface	Private IP Address: 172.16.2.30
	192.168.75.1	Private IP Address: 172.16.2.30
	192.168.75.1	Public IP Address: 209.165.200.226
		Public IP Address: 209.165.200.226

User	User
192.168.75.10	192.168.75.11

283050

In this scenario, the ISP has supplied two static IP addresses: 209.165.200.225 and 209.165.200.226. The address 209.165.200.225 is used for the security appliance’s public IP address. The administrator configures the configurable port to be used as a DMZ port and created a firewall rule to allow inbound HTTP traffic to the web server at 172.16.2.30. The firewall rule specifies an external IP address of 209.165.200.226. Internet users enter the domain name that is associated with the IP address 209.165.200.226 and can then connect to the web server.

Configuring a DMZ

STEP 1 To add a new DMZ, click Add. To modify the settings for a DMZ, click the Edit (pencil) icon.

Other options: To delete a DMZ, click the Delete (x) icon.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

143

Image 143

Casio ISA550WBUN3K9 manual Example DMZ with Two Public IP Addresses, Configuring a DMZ

Contents

Administration Guide Cisco Systems, Inc. All rights reserved 78-20776-03 FCC Radiation Exposure Statement For ISA550W and ISA570W Important NoteDéclaration dexposition aux radiations Industry Canada statementCanada Radiation Exposure Statement For ISA550W and ISA570W UL/CB Getting Started Configuration WizardsUsing Remote Access VPN Wizard for SSL Remote Access Status Networking 115 Understanding Dscp Values 171 Vlan Setup 180 Wireless Setup 181 User Authentication Wireless for ISA550W and ISA570W only 206Firewall 251 Vlan Setup 222 Wireless Setup 223 User AuthenticationSecurity Services 291 VPN 333 General Application Control Settings 314Client Mode 366 Network Extension Mode 367 Device Management 403 User Management 388Contents Appendix D Where to Go From Here 479 Appendix a Troubleshooting 453Getting Started ISA550W Model Description ConfigurationIntroduction Getting StartedFront Panel, Back Panel, Product OverviewFront Panel USB POWER/SYSLight Description VPNISA550 and ISA550W Back Panel Back PanelSpeed LINK/ACTANT01/ANT02 Feature DescriptionPower Getting Started with the Configuration UtilityReset Button Power SwitchLogging in to the Configuration Utility Number Component Description Navigating Through the Configuration UtilityIcon Description Action Using the Help SystemConfiguration Utility Icons Getting Started Default Settings of Key Features Factory Default SettingsRestoring the Factory Default Settings Parameter Default Value Performing Basic Configuration TasksChanging the Default Administrator Password Click Continue Upgrading your Firmware After your First LoginBacking Up Your Configuration Configuration Wizards Configuration Wizards Using the Setup Wizard for the Initial ConfigurationStarting the Setup Wizard Enabling Firmware Upgrade Enabling Bonjour and CDP Discovery Protocols Validating Security LicenseConfiguring Remote Administration Configuring Physical Ports Configuring WAN Redundancy Configuring the Primary WANConfiguring the Secondary WAN Configuring Default LAN Settings Configuring DMZ Configuring DMZ Services Configuration Wizards WAN IP Configuring Wireless Radio SettingsWAN Configuring Intranet Wlan Access Security Services Configure Security ServicesViewing Configuration Summary Starting the Dual WAN Wizard Configuring a Configurable Port as a Secondary WAN PortClick Configuration Wizards Dual WAN Wizard Configuring the Primary WAN Configuring Network Failure Detection Using the Remote Access VPN Wizard for IPsec Remote Using the Remote Access VPN WizardClick Configuration Wizards Remote Access VPN Wizard Starting the Remote Access VPN WizardConfiguring IPsec Remote Access Group Policy Configuring Operation Mode Configuring WAN SettingsConfiguring DNS and Wins Settings Configuring Access Control SettingsViewing Group Policy Summary Configuring Backup ServersConfiguring Split Tunneling Viewing IPsec Remote Access Summary Configuring IPsec Remote Access User GroupsConfiguring SSL VPN Gateway Using Remote Access VPN Wizard for SSL Remote AccessClient Netmask Client Address Pool Configuring SSL VPN Group Policy Configuration Wizards Configuration Wizards Configuring SSL VPN User Groups Viewing SSL VPN Summary Using the Site-to-Site VPN Wizard to Configure Site-to-SiteStarting the Site-to-Site VPN Wizard Configuring VPN Peer SettingsClick Configuration Wizards Site-to-Site VPN Wizard Configuring IKE Policies Configuring Transform Policies Configuring Local and Remote Networks Starting the DMZ Wizard Using the DMZ Wizard to Configure DMZ SettingsConfiguring Ddns Profiles Click Configuration Wizards DMZ WizardConfiguring DMZ Network Configuration Wizards Configuring DMZ Services WAN Click Configuration Wizards Wireless Wizard Using the Wireless Wizard for ISA550W and ISA570W onlyStarting the Wireless Wizard Configuring Wireless Connectivity Types Configuring the Ssid for Intranet Wlan Access Specify Wireless Connectivity Settings for All Enabled SSIDsConfiguring Wireless Security, Configuring the Ssid for Guest Wlan Access Configuration Wizards Configuration Wizards Configuration Wizards System Information Device Status DashboardStatus Dashboard Field DescriptionSyslog Summary StatusResource Utilization LicensesPhysical Ports Remote Access VPNRouting Mode Site-to-Site VPNField Ethernet Network StatusStatus Summary Status SummaryVlan Pvid DMZ VlanTraffic Statistics Traffic StatisticsUsage Reports Status WAN Bandwidth Reports Dhcp Bindings ARP TableDhcp Bindings ARP TableInterface Status Table STP StatusSTP Status Global Status Status CDP Neighbor Wireless Status, Client Status, Wireless Status for ISA550W and ISA570W onlyWireless Status NAT Status NAT StatusClient Status VPN Status IPsec VPN Status VPN StatusIPsec VPN Status IPsec VPN Status, SSL VPN Status,Statistics VPN Status SSL VPN Status SSL VPN StatusTeleworker VPN Client SSL VPN Statistics Active User Sessions Active User SessionsWeb Security Report Security Services ReportsAnti-Virus Report Email Security Report Network Reputation Report IPS Report Application Control Report System Status Processes System StatusProcesses Processes, Resource Utilization,Memory Utilization Resource UtilizationSystem Status Resource Utilization CPU UtilizationStatus Networking Networking Configuring IPv4 or IPv6 RoutingViewing Network Status Managing PortsViewing Status of Physical Interfaces Configuring Physical Ports Configuring Port Mirroring Configuring Port-Based 802.1x Access Control Networking Release or renew a Dhcp WAN connection, Configuring the WANConfiguring WAN Settings for Your Internet Connection Configure the primary WAN Networking Dhcp Client Configure a secondary WANNetwork Addressing Mode Network Addressing Configuration ModeStatic IP ISP PPPoEPptp L2TP Dual WAN Settings Networking Configuring Link Failover Detection Networking Adding or modifying a Ddns service Configuring Dynamic DNSDdns Services Table Measuring and Limiting Traffic with the Traffic Meter Networking Configuring a Vlan Networking Networking Networking About DMZ networks Configuring DMZExample DMZ with One Public IP Address for WAN and DMZ Example DMZ with Two Public IP Addresses Configuring a DMZNetworking Networking Security Levels for Zones Configuring ZonesPredefined Zones Configuring ZonesServices Configuring Routing Configuring Dhcp Reserved IPsViewing the Routing Table Configuring Routing ModeConfiguring Static Routing Configuring Dynamic Routing RIP Configuring Policy-Based Routing Networking Click Networking QoS General Settings Configuring Quality of ServiceGeneral QoS Settings Click Networking QoS WAN QoS Bandwidth Configuring WAN QoSManaging WAN Bandwidth for Upstream Traffic Configuring WAN Queue Settings Click Networking QoS WAN QoS Queue Settings Configuring Traffic SelectorsNetworking Click Networking QoS WAN QoS QoS Policy Profile Configuring WAN QoS Policy ProfilesConfiguring WAN QoS Class Rules Mapping WAN QoS Policy Profiles to WAN Interfaces WAN QoS Configuration Example WAN1IP WAN1Policy Name Configure WAN QoS for Voice Traffic from LAN to WANClass Name Source AddressQoS Class Rules Configuring WAN QoS for Voice Traffic from WAN to LANQoS Class Rule Configuring LAN QoS Click Networking QoS LAN QoS Classification Methods Configuring LAN Queue SettingsConfiguring LAN QoS Classification Methods Click Networking QoS LAN QoS Queue SettingsClick Networking QoS LAN QoS Mapping CoS to Queue Mapping CoS to LAN QueueMapping Dscp to LAN Queue LAN Queue CoS Value802.1p Priority 802.11e Priority Configuring Wireless QoSConfiguring Default CoS Default Wireless QoS Settings802.11e Priority 802.1p Priority Configuring Wireless QoS Classification MethodsClick Networking QoS Wireless QoS Classification Methods Ieee 802.11e to 802.1p MappingDscp Value Decimal Value Meaning Mapping CoS to Wireless QueueMapping Dscp to Wireless Queue Understanding Dscp ValuesClick Networking Igmp Configuring Igmp011 100Click Networking Vrrp Configuring VrrpNetworking Click Networking Address Management Configuring AddressesConfiguring Addresses, Configuring Address Groups, Address ManagementConfiguring Address Groups Click Networking Service Management Service ManagementConfiguring Services Configuring Services, Configuring Service Groups,Configuring Service Groups Requirements Configuring Captive PortalBefore You Begin Vlan SetupUser Authentication Configuring a Captive PortalWireless Setup Networking Networking Networking Troubleshooting Using External Web-Hosted CGI Scripts Networking Networking Networking Networking Networking Networking Networking Networking CGI Source Code Example No Authentication and Accept Button Networking Networking Networking Networking Networking If result == 2 result == 5 //document.form1.UserName.focus Networking Networking Cisco Small Business Related InformationSupport DocumentationCisco Small Business Home Wireless for ISA550W and ISA570W only Wireless Wireless Status Wireless Status Viewing Wireless StatusViewing Wireless Statistics Wireless for ISA550W and ISA570W onlyClick Wireless Basic Settings Configuring the Basic SettingsViewing Wireless Client Status Wireless for ISA550W and ISA570W only Configuring Ssid Profiles Open Configuring Wireless SecuritySecurity Mode Description WPA WEPWPA/WPA2-Enterprise mixed Supports WPA2WPA + WPA2 WPA/WPA2-Personal mixed SupportsWireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Controlling Wireless Access Based on MAC Addresses Mapping the Ssid to Vlan Configuring Ssid ScheduleClick Wireless Wi-Fi Protected Setup Configuring Wi-Fi Protected SetupWireless for ISA550W and ISA570W only Configuring Captive Portal Requirements Configuring a Captive Portal Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Troubleshooting Using External Web-Hosted CGI Scripts Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only CGI Source Code Example No Authentication and Accept Button Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only If result == 2 result == 5 //document.form1.UserName.focus Wireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Related Information Click Wireless Rogue AP Detection Configuring Wireless Rogue AP DetectionClick Wireless Advanced Settings Advanced Radio SettingsWireless for ISA550W and ISA570W only Wireless for ISA550W and ISA570W only Firewall Firewall About Security ZonesSecurity Levels and Predefined Zones Description Click Firewall Access Control Default Policies Default Firewall SettingsPriorities of Firewall Rules Preliminary Tasks for Configuring Firewall RulesClick Firewall Access Control ACL Rules General Firewall SettingsConfiguration Examples, Configuring a Firewall RuleFirewall MAC Address Filtering to Permit or Block Traffic, Configuring a Firewall Rule to Allow Multicast TrafficConfiguring Firewall Logging Settings Configuring NAT Rules to Securely Access a Remote Network Firewall NAT NAT Status Viewing NAT Translation StatusOutbound Traffic Priorities of NAT RulesInbound Traffic Click Firewall NAT Dynamic PAT Configuring Dynamic PAT RulesClick Firewall NAT Static NAT Configuring Static NAT RulesClick Firewall NAT Port Forwarding Configuring Port Forwarding RulesFirewall Click Firewall NAT Port Triggering Configuring Port Triggering RulesClick Firewall NAT Advanced NAT Configuring Advanced NAT RulesConfiguring IP Alias for Advanced NAT rules Http As AnyFrom Any Configuring an Advanced NAT Rule to Support NAT HairpinningWAN WAN1 WAN IP WAN1IP DefaultDefaultnetwork FTP-CONTROLAllowing Inbound Traffic Using the WAN IP Address Firewall and NAT Rule Configuration ExamplesANY Enable Port ForwardingTranslated IP InternalFTP WAN WAN1 WAN IP Allowing Inbound Traffic Using a Public IP AddressRDP Translated IP RDPServerAddress Original Destination PublicIP Original Services Zone NameNetmask PortTranslated IP InternalIP Enable Port Forwarding Create Firewall Rule OffCU-SEEME Schedule Blocking Outbound Traffic by Schedule and IP Address RangeBlocking Outbound Traffic to an Offsite Mail Server Click Firewall Content Filtering Content Filtering Policies Configuring Content Filtering to Control Internet AccessConfiguring Content Filtering Policy Profiles Configuring Website Access Control List Click Firewall Content Filtering Policy to Zone Mapping Mapping Content Filtering Policy Profiles to ZonesClick Firewall Content Filtering Advanced Settings Configuring Advanced Content Filtering SettingsClick Firewall MAC Filtering MAC Address Filtering Configuring MAC Address Filtering to Permit or Block TrafficClick Firewall MAC Filtering IP MAC Binding Rules Configuring IP-MAC Binding to Prevent SpoofingClick Firewall Attack Protection Configuring Attack ProtectionClick Firewall Session Limits Configuring Session LimitsClick Firewall Application Level Gateway Configuring Application Level GatewayFirewall Security Services IPS About Security ServicesPriority of Security Services Activating Security ServicesClick Security Services Dashboard Security Services DashboardViewing Security Services Reports Viewing IPS Report, Viewing Application Control Report, Viewing Web Security ReportViewing Anti-Virus Report Viewing Email Security Report Total Last 7 Days Viewing Network Reputation ReportSystem Date Total Since ActivatedGraph Viewing IPS ReportTotal Today Viewing Application Control Report Configuring Anti-Virus Click Security Services Anti-Virus General Settings General Anti-Virus SettingsFTP Protocol ActionNotify + Drop Connection Drop the connection Http Notification,Cifs NetbiosNotification, Click Security Services Anti-Virus Advanced Settings Configuring Advanced Anti-Virus SettingsClick Security Services Anti-Virus Email Notification Configuring Http NotificationConfiguring Email Notification Click Security Services Anti-Virus Http NotificationUpdating Anti-Virus Signatures Updating Application Signature Database, Configuring Application ControlImportant Tips Configuring Application Control PoliciesGeneral Application Control Policy Settings Adding an Application Control Policy Security Services Permitting or Blocking Traffic for an Application General Application Control Settings Mapping Application Control Policies to Zones Enabling Application Control ServiceConfiguring Application Control Policy Mapping Rules Updating Application Signature Database Click Update Database Advanced Application Control SettingsClick Security Services Spam Filter Configuring Spam FilterSecurity Services Configuring Intrusion Prevention Security Services Configuring Signature Actions Updating IPS Signature Database Configuring Web Reputation Filtering Click Security Services Web Reputation Filtering Configuring Web URL Filtering Click Security Services Web URL Filtering Policy Profile Configuring Web URL Filtering Policy ProfilesConfiguring Website Access Control List Mapping Web URL Filtering Policy Profiles to Zones Configuring Advanced Web URL Filtering SettingsClick Security Services Web URL Filtering Advanced Settings Security Services Network Reputation VPN About VPNs VPN VPN Status IPsec VPN Status Viewing VPN StatusViewing IPsec VPN Status Viewing IPsec VPN Status, Viewing SSL VPN Status,Field Description VPN VPN Status SSL VPN Status Viewing SSL VPN StatusSSL VPN Statistics VPN Site-to-Site VPN Configuring a Site-to-Site VPNClick VPN Site-to-Site IPsec Policies Configuration Tasks to Establish a Site-to-Site VPN TunnelGeneral Site-to-Site VPN Settings VPN Configuring IPsec VPN Policies VPN VPN VPN 283058 VPN Click VPN Site-to-Site IKE Policies VPN Click VPN Site-to-Site Transform Policies Configuring Transform SetsIKE Policy Remote Teleworker Configuration ExamplesField Setting Remote NetworkTransform Name Enable FromAddress Translated Destination Address Translated ServicesConfiguring IPsec Remote Access Then choose Cisco VPN Client Cisco VPN Client CompatibilityClick VPN IPsec Remote Access Enabling IPsec Remote AccessConfiguring IPsec Remote Access Group Policies VPN VPN WAN Interface Allowing IPsec Remote VPN Clients to Access the InternetIKE Authentication Group NameLAN Mode Client Pool Range for Client Start IPClient Internet Disable Access WAN Failover Name VPNClienttoWAN1 Enable From AnyWAN2IP Name VPNClienttoWAN2 Enable From AnyWAN2 Translated Any Destination Address Translated Services Configuring Teleworker VPN ClientTransform Set Required IPsec VPN ServersClient Mode, Benefits of the Teleworker VPN Client FeatureModes of Operation Network Extension Mode, Client ModeIPsec VPN Network Extension Connection Network Extension ModeClick VPN Teleworker VPN Client General Teleworker VPN Client SettingsConfiguring Teleworker VPN Client Group Policies VPN VPN Configuring SSL VPN Elements of the SSL VPN SSL Remote User AccessConfiguration Tasks to Establish a SSL VPN Tunnel Installing Cisco AnyConnect Secure Mobility Client Click VPN SSL Remote User Access SSL VPN Configuration Importing Certificates for User AuthenticationConfiguring SSL VPN Users Configuring SSL VPN GatewayClient Netmask Client Address Pool VPN Click VPN SSL Remote User Access SSL VPN Group Policies Configuring SSL VPN Group PoliciesVPN VPN Allowing SSL VPN Clients to Access the Internet Accessing SSL VPN PortalSslvpnaddresspool Enable From AnyName SSLVPNtoWAN1 Enable From Any Address Original Destination Any Original ServicesName SSLVPNtoWAN2 Enable From Any Click VPN L2TP Server Configuring L2TP ServerService Click VPN VPN Passthrough Configuring VPN PassthroughUsers Active User Sessions Viewing Active User SessionsUser Management Configuring Users and User GroupsDefault User and User Group Available Services for User GroupsClick Users Users and Groups Preempt AdministratorsConfiguring Local Users Configuring Local User Groups User Management Configuring User Authentication Settings Click Users User Authentication Using Local Database for User AuthenticationUsing Radius Server for User Authentication Local Database Settings Radius Server Settings Local Radius Server Settings Database Click Users User Authentication Using Ldap for User Authentication User Management Using Local Database and Ldap for Authentication Click Users Radius Servers Configuring Radius ServersUser Management Device Management Viewing Resource Utilization Viewing System StatusViewing Process Status Administration Configuring Administrator Settings Example https//209.165.201.18080 Configuring Email Alert Settings Click Device Management Administration Email Alert Your Firmware from Cisco.com, Event DescriptionCPU Overload Alert New Firmware AlertLog Facilities, Settings page. See Configuring Log Settings,Security License, WAN Up/Down Alert Check Site-to-Site VPN Up/Down Alert in the Enable columnUp/Down Alert Anti-Virus Alert Traffic Meter AlertIPS Alert Settings. See Configuring Application Control,Click Device Management Administration Snmp Configuring SnmpClick Device Management Backup/Restore Backing Up and Restoring a ConfigurationDevice Management Managing Certificates for Authentication Click Device Management Certificate Management Viewing Certificate Status and DetailsCertificate Type Details Exporting Certificates to Your Local PCImporting Certificates from Your Local PC Exporting Certificates to a USB DeviceGenerating New Certificate Signing Requests Importing Certificates from a USB DeviceImporting Signed Certificate for CSR from Your Local PC Configuring Cisco Services and Support Settings Configuring Cisco OnPlus Sending Contents for System Diagnosis Configuring Remote Support SettingsClick Device Management Date and Time Configuring System TimePing, Traceroute, DNS Lookup, Packet Capture, Configuring Device PropertiesDiagnostic Utilities Click Device Management Device PropertiesTraceroute Click Device Management Diagnostic Utilities PingClick Device Management Diagnostic Utilities Traceroute PingUPnP Discovery, Bonjour Discovery, CDP Discovery, Device Discovery ProtocolsDNS Lookup Packet CaptureClick Device Management Discovery Protocols UPnP UPnP DiscoveryLldp Discovery, Click Device Management Discovery Protocols CDP Bonjour DiscoveryCDP Discovery Click Device Management Discovery Protocols BonjourClick Device Management Discovery Protocols Lldp Lldp DiscoveryView the firmware status. See Viewing Firmware Information, Firmware ManagementClick Device Management Firmware Using the Secondary FirmwareFirmware Version area, click Switch Firmware Viewing Firmware InformationUpgrading your Firmware from Cisco.com Upgrading Firmware from a PC or a USB Device Firmware Auto Fall Back Mechanism Using Rescue Mode to Recover the SystemManaging Security License Click Device Management License Management Checking Security License StatusInstalling or Renewing Security License Click Device Management Logs View Logs Log ManagementViewing Logs Click Query Click Device Management Logs Log Settings Configuring Log SettingsNotification level Severity Level DescriptionEmergency level Critical levelDevice Management Click Device Management Logs Logs Facilities Configuring Log FacilitiesReset Device area, click Reset to Factory Defaults Rebooting and Resetting the DeviceClick Device Management Reboot/Reset Click Device Management Schedules Configuring SchedulesRebooting the Security Appliance Device Management Device Management Device Management Recommended Actions Internet ConnectionClick Status Dashboard TroubleshootingRecommended Actions Click Networking WAN WAN Settings Date and Time Enable the Daylight Saving Time Adjustment featureDate and Time Pinging to Test LAN Connectivity Testing the LAN Path from Your PC to Your Security ApplianceTesting the LAN Path from Your PC to a Remote Device ISA570 Feature ISA550Physical Specifications Internal Power SupplyDevice Management Feature SettingRemote Administration Lldp Factory Default SettingsSnmp CDPLocal Users User ManagementUser Groups Network Addressing Modes User Authentication MethodsNetworking IPv4 or IPv6 RoutingVLANs Port-based Access ControlWAN Redundancy Operation Modes Routing ZonesVrrp LAN QOSWireless IKE Policies Wi-Fi Protected Setup WPSRogue AP Detection Captive PortalSSL VPN IPsec Remote AccessFirewall Security ServicesFeatures Setting IP MAC Binding Content FilteringNAT MAC Address FilteringReports Service Name Protocol Port Description Start End Default Service ObjectsFTP-DATA TCP IKE UDP Rtelnet TCP Address Name Type IP, IP/Netmask, or IP Range Default Address ObjectsCisco Small Business Product ResourcesSupport Product Documentation