Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems ASA 5500 with 4GE SSM, To Do This .... continued, Install the chassis, 5500”

Models: ASA 5500

1 144

Download 144 pages 23.87 Kb

Page 10

Chapter 1 Before You Begin

ASA 5500 with 4GE SSM

	To Do This .... (continued)	To Do This ....

	Configure the CSC SSM	Cisco Content Security and Control
		SSM Administrator Guide

	Refine configuration and configure	Cisco Security Appliance Command
	optional and advanced features	Line Configuration Guide
		Cisco Security Appliance Command
		Reference
		Cisco Security Appliance Logging
		Configuration and System Log
		Messages

ASA 5500 with 4GE SSM


			To Do This ...	See ...

			Install the chassis	Chapter 2, “Installing the Cisco ASA
				5500”

			Install the 4GE SSM	Chapter 3, “Installing Optional
				SSMs”

			Connect interface cables	Chapter 4, “Connecting Interface
				Cables”

			Perform initial setup of the adaptive	Chapter 5, “Configuring the
			security appliance	Adaptive Security Appliance”

			Install the fiber optic module	Chapter 3, “Installing Optional
				SSMs”

			Refine configuration and configure	Cisco Security Appliance Command
			optional and advanced features	Line Configuration Guide
				Cisco Security Appliance Command
				Reference
				Cisco Security Appliance Logging
				Configuration and System Log
				Messages

		Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide

1-4				78-17611-01
1-4				78-17611-01

Image 10

Cisco Systems ASA 5500 with 4GE SSM, To Do This .... continued, Install the chassis, “Installing the Cisco ASA, 5500”

Contents

For the Cisco ASA 5510, ASA 5520, and ASA Cisco ASA 5500 Series AdaptiveSecurity Appliance Getting Started Guide Corporate HeadquartersTHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS Ports and LEDs Installing Optional SSMsC O N T E N T S Before You BeginScenario DMZ Configuration Configuring the Other Side of the VPN Connection Configuring Client AttributesImplementing the Site-to-SiteScenario Configuring the 4GE SSM for Fiber Configuration RequirementsRun the CSC Setup Wizard What to Do NextChapter 2, “Installing the Cisco ASA Before You BeginInstall the chassis Chapter 4, “Connecting InterfaceRemote-AccessVPN Configuration” Configure the adaptive security appliance forConfiguration” VPN Configuration”To Do This ASA 5500 with CSC SSMTo Do This .... continued To Do ThisChapter 2, “Installing the Cisco ASA ASA 5500 with 4GE SSMInstall the chassis Install the 4GE SSM•Installing the Chassis, page Installing the Cisco ASA•Verifying the Package Contents, page C H A P T E RVerifying the Package Contents Figure 2-1Contents of ASA 5500 PackageInstalling the Chassis Rack-Mountingthe Chassis Figure 2-2Installing the Right and Left BracketsPorts and LEDs Figure 2-3 Rack-Mountingthe ChassisState ColorDescription Management Port1 Color IndicatorDescription Chapter 4, “Connecting Interface What to Do NextChapter 3, “Installing Optional SSMs” Chapter 2 Installing the Cisco ASAWhat to Do Next Chapter 2 Installing the Cisco ASA2-10 78-17611-01•Installing the Cisco 4GE SSM, page Installing Optional SSMsCisco 4GE SSM Installing the SFP Modules, pageState 4GE SSM ComponentsColor DescriptionState Installing the Cisco 4GE SSMColor Description•Installing the SFP Module, page Installing the SFP Modules•SFP Module, page Type of Connection SFP ModuleSFP Module Cisco Part NumberInstalling the SFP Module Optical port plug Cisco AIP SSM and CSC SSM DRAMColor Installing an SSM1 2 3 StateFigure 3-6Removing the Screws from the Slot Cover What to Do Next3-10 Figure 3-7Inserting the SSM into the SlotC H A P T E R Connecting Interface Cables•Connecting Cables to Interfaces, page •What to Do Next, pageConnecting Cables to Interfaces Connecting Cables to Interfaces Figure 4-1Connecting to the Management PortChapter 4 Connecting Interface Cables 78-17611-01b.Console port c.Auxiliary port d.Cisco 4GE SSM Ethernet port •SFP modules LC connector Connecting Cables to Interfaces Figure 4-7Connecting to the Management PortChapter 4 Connecting Interface Cables 78-17611-01f.Ethernet ports What to Do Next4-10 •About the Factory-DefaultConfiguration, page Configuring the Adaptive Security ApplianceAbout the Factory-DefaultConfiguration •Using the Startup Wizard, pageAbout the Adaptive Security Device Manager About the Adaptive Security Device Manager78-17611-01 Before Launching the Startup Wizard Using the Startup Wizard VPN Configuration” Configuration”Chapter 7, “Scenario: Remote-Access VPN Configuration”To Do This Chapter 9, “Configuring the AIP SSM”Chapter 10, “Configuring the CSC SSM”C H A P T E R Scenario: DMZ ConfigurationExample DMZ Network Topology Example DMZ Network Topology, pageNetwork Layout for DMZ Configuration Scenario Security Incoming request •Configuration Requirements, page Configuration Requirements•Starting ASDM, page Starting ASDM Creating IP Pools for Network Address Translation a.In the Features pane, click NAT d.From the Interfaces drop-downlist, choose DMZ b.Under the Global Pools tab, click Add 6-10g.Click OK 6-11Step 4 Click Apply in the main ASDM window 6-12Step 2 In the Features pane, click NAT 6-13c.Click OK to add the Dynamic NAT Rule and return to the Configuration > NAT window 6-146-15 Step 2 In the Features pane, click NAT 6-16a.From the Interface drop-downlist, choose Outside 6-176-18 Step 1 In the ASDM window 6-19Step 2 In the Interface and Action area 6-20Step 4 In the Destination area 6-21d.Click OK 6-22Step 7 Click Apply to save the configuration changes to the configuration that the adaptive security appliance is currently running 6-23To Do This Refine configuration and configureWhat to Do Next 6-24VPN Configuration” Chapter 7, “Scenario: Remote-AccessVPN Configuration” Chapter 6 Scenario: DMZ ConfigurationWhat to Do Next Chapter 6 Scenario DMZ Configuration6-26 78-17611-01C H A P T E R Scenario: Remote-AccessVPN ConfigurationExample IPsec Remote-AccessVPN Network Topology •What to Do Next, page•Starting ASDM, page Implementing the IPsec Remote-AccessVPN Scenario•Information to Have Available, page •Selecting VPN Client Types, page•Optional Configuring User Accounts, page Information to Have Available•Specifying a User Authentication Method, page •Configuring Address Pools, pageStarting ASDM The Main ASDM window appearsa.Click the Remote Access VPN radio button Selecting VPN Client Types Page Specifying a User Authentication Method Step 3 Click Next to continue Optional Configuring User Accounts 7-10Configuring Address Pools 7-11Configuring Client Attributes 7-12Configuring the IKE Policy 7-13Step 2 Click Next to continue 7-14Step 2 Click Next to continue 7-157-16 Verifying the Remote-AccessVPN Configuration 7-17To Do This If you are satisfied with the configuration, click Finish to apply the changes to the adaptive security applianceWhat to Do Next 7-18To Do This Configuration”VPN Configuration” Chapter 6, “Scenario: DMZWhat to Do Next 7-2078-17611-01 C H A P T E R Scenario: Site-to-SiteVPN ConfigurationExample Site-to-SiteVPN Network Topology Example Site-to-SiteVPN Network Topology, pageInformation to Have Available Implementing the Site-to-SiteScenario•Configuring the Site-to-SiteVPN, page •Information to Have Available, page•Configuring the IKE Policy, page Configuring the Site-to-SiteVPNStarting ASDM •Starting ASDM, pagePage a.Click the Site-to-SiteVPN radio button Providing Information About the Remote VPN Peer Configuring the IKE Policy Step 2 Click Next to continue Step 2 Click Next to continue Specifying Hosts and Networks 8-10Viewing VPN Attributes and Completing the Wizard 8-11If you want the configuration changes to be saved to the startup configuration so that they are applied the next time the device starts, from the File menu, click Save 8-12Configuring the Other Side of the VPN Connection Configuring the Other Side of the VPN ConnectionChapter 8 Scenario Site-to-SiteVPN Configuration What to Do NextVPN Configuration” Configuration”Chapter 7, “Scenario: Remote-Access To Do This•AIP SSM Configuration, page Configuring the AIP SSMAIP SSM Configuration C H A P T E ROverview of Configuration Process •Overview of Configuration Process, pagehostnameconfig-cmap# match access-list acl-name hostnameconfig# interface interface_IDSessioning to the AIP SSM and Running Setup ciscoAIP SSM To Do This Configure the IPS sensorWhat to Do Next To Do ThisVPN Configuration” Configuration”Chapter 7, “Scenario Remote-Access VPN Configuration”C H A P T E R Configuring the CSC SSMAbout the CSC SSM •About the CSC SSM, pageAbout Deploying the Security Appliance with the CSC SSM10-2 1.The client initiates a request 10-3Figure 10-2CSC SSM Deployment Scenario Chapter 10 Configuring the CSC SSM10-4 78-17611-0110-5 Configuring the CSC SSM for Content SecurityConfiguration Requirements 78-17611-01Gather Information Obtain Software Activation Key from Cisco.com10-6 Launch ASDM 10-7Verify Time Settings 10-8Run the CSC Setup Wizard 10-9•IP address for the Primary DNS server 10-1010-11 Step 8 Click NextStep 10 Click Next Chapter 10 Configuring the CSC SSM10-12 78-17611-0110-13 Step 12 Click Next10-14 The Add Service Policy Rule appears 10-15Step 5 Click Next. The Traffic Classification Criteria page appears 10-16Step 8 In the Service Policy Rule Wizard, click the CSC Scan tab 10-17Step 10 Click Finish Chapter 10 Configuring the CSC SSM10-18 78-17611-0110-19 Step 11 Click ApplyWhat to Do Next Configuration or Monitoring tabthen click the Trend Micro Content To Do ThisVPN Configuration” Configuration”Chapter 7, “Scenario: Remote-Access VPN Configuration”What to Do Next Chapter 10 Configuring the CSC SSM10-22 78-17611-01•Cabling 4GE SSM Interfaces, page Configuring the 4GE SSM for FiberC H A P T E R •What to Do Next, pageCabling 4GE SSM Interfaces 11-2LC connector 11-3Note Because the default media type setting is Ethernet, you do not need to change the media type setting for Ethernet interfaces you use 11-4To Do This What to Do Next11-5 What to Do Next Chapter 11 Configuring the 4GE SSM for Fiber11-6 78-17611-01Obtaining a DES License or a 3DES-AESLicense C H A P T E R Areplacing the activation-4-tuple-key CommandPurpose activation-5-tuple-key variable is a