Manuals / Brands / Computer Equipment / Computer Hardware / Cisco Systems / Computer Equipment / Computer Hardware

Cisco Systems ISA550 manual

1 479

Download 479 pages, 4.29 Mb

Cisco Small Business

ISA500 Series Integrated Security Appliances

(ISA550, ISA550W, ISA570, ISA570W)

ADMINISTRATION

GUIDE

Contents

Main Page Page Page Chapter 1: Getting Started 19 Chapter 2: Configuration Wizards 35 Page Chapter 3: Status 84 Chapter 4: Networking 115 Page Chapter 5: Wireless (for ISA550W and ISA570W only) 206 Chapter 6: Firewall 251 Chapter 7: Security Services 291 Chapter 8: VPN 333 Page Chapter 9: User Management 388 Chapter 10: Device Management 403 Page Page Getting Started Introduction Getting Started Product Overview ISA570W Cisco ISA550W Cisco Product Overview Front Pane l ISA550 Front Panel ISA550W Front Panel ISA570 Front Panel Page Back Panel Page Getting Started with the Configuration Utility Logging in to the Configuration Utility Navigating Through the Configuration Utility Using the Help System Configuration Utility Icons Page Factory Default Settings Default Settings of Key Features Restoring the Factory Default Settings Performing Basic Configuration Tasks Changing the Default Administrator Password Upgrading your Firmware After your First Login Backing Up Your Configuration Configuration Wizards Using the Setup Wizard for the Initial Configuration Starting the Setup Wizard Configuring Cisco.com Account Credentials Enabling Firmware Upgrade Validating Security License Enabling Bonjour and CDP Discovery Protoc ols Configuring Remote Administration Configuring Physical Ports Configuring the Primary WAN Configuring the Secondary WAN Configuring Default LAN Settings Configuring DMZ Configuring DMZ Services Page Configuring Wireless Radio Settings Configuring Intranet WLAN Access Configure Security Services Page Using the Dual WAN Wizard to Configure WAN Redundancy Settings Starting the Dual WAN Wizard Configuring a Configurable Port as a Secondar y WAN Port Configuring the Primary WAN Configuring the Secondary WAN Configuring Network Failure Detection Using the Remote Access VPN Wizard Using the Remote Access VPN Wizard for IPsec Remote Access Starting the Remote Access VPN Wizard Configuring IPsec Remote Access Group Policy Configuring WAN Settings Configuring Operation Mode Configuring Access Control Settings Configuring DNS and WINS Settings Configuring Backup Servers Configuring Split Tunneling Viewing Group Policy Summary Configuring IPsec Remote Access User Groups Viewing IPsec Remote Access Summar y Using Remote Access VPN Wizard for SSL Remote Acc ess Starting the Remote Access VPN Wizard with SSL Remote Ac cess Configuring SSL VPN Gateway Page Configuring SSL VPN Group Policy Page Page Configuring SSL VPN User Groups Viewing SSL VPN Summary Using the Site-to-Site VPN Wizard to Configure Site-to-Site VPN Starting the Site-to-Site VPN Wizard Configuring VPN Peer Settings Configuring IKE Policies Configuring Transform Policies Configuring Local and Remote Networks Using the DMZ Wizard to Configure DMZ Settings Starting the DMZ Wizard Configuring DDNS Profiles Configuring DMZ Network Page Configuring DMZ Services Page Using the Wireless Wizard (for ISA550W and ISA570W only) Starting the Wireless Wizard Configuring Wireless Radio Settings Configuring Wireless Connectivity Typ es Specify Wireless Connec tivity Settings for All Enabled SSIDs Configuring the SSID for Intranet WLAN Acces s Page Configuring the SSID for Guest WLAN Acce ss Page Page Page Status Device Status Dashboard Page Page Page Network Status Status Summary Page Page Traffic St atistics Usage Reports Page WAN B andwidt h Repo rts ARP Table DHCP Bindings STP Status Page CDP Neighbor Wireless Status (for ISA550W and ISA570W only) Wireless Status Client Status NAT Status VPN Status IPsec VPN Status Page SSL VPN Status Page Active User Sessions Security Ser vices Reports Web Security Report Anti-Virus Report Email Security Report Network Reputation Report IPS Report Application Control Report System Status Processes Resource Utilization Page Networking Viewing Network Status Configuring IPv4 or IPv6 Routing ! Managing Ports Viewing Status of Physical Interfaces Configuring Physical Ports Configuring Port Mirroring Configuring Port-Based (802.1x) Access Control Page Configuring the WAN Configuring WAN Settings for Your Internet Connection Page Page Page Page Page Page Page Dual WAN Settings Page Configuring Link Failover Detection Load Balancing with Policy-Based Routing C onfiguration Example Configuring Dynamic DNS Measuring and Limiting Traffic with the Traffic Meter Page Configuring a VLAN Page Page Page Configuring DMZ Page Page Page Page Configuring Zones Security Levels for Zones Predefined Zones Configuring Zones Page Configuring DHCP Reserved IPs Configuring Routing Viewing the Routing Table Configuring Routing Mode Configuring Static Routing Configuring Dynamic Routing - RIP Configuring Policy-Based Routing Page Configuring Quality of Service General QoS Settings Configuring WAN QoS Managing WAN Bandwidth for Upstream Traffic Configuring WAN Queue Settings Configuring Traffic Selectors Page Configuring WAN QoS Policy Profiles Configuring WAN QoS Class Rules Mapping WAN QoS Policy Profiles to WAN Interfaces WAN QoS Configuration Example Page Configure WAN QoS for Voice Traffic from LAN to WAN Configuring WAN QoS for Voice Traffic from WAN to LAN Configuring LAN QoS Configuring LAN Queue Settings Configuring LAN QoS Classification Methods Mapping CoS to LAN Queue Mapping DSCP to LAN Queue Configuring Default CoS Configuring Wireless QoS Default Wireless QoS Settings Configuring Wireless QoS Classification Methods Mapping CoS to Wireless Queue Mapping DSCP to Wireless Queue Understanding DSCP Values Configuring IGMP Configuring VRRP Page Address Management Configuring Addresses Configuring Address Groups Service Management Configuring Services Configuring Service Groups Configuring Captive Portal Requirements Before You Begin VLAN Setup Wireless Setup User Authentication Configuring a Captive Portal Page Page Page Troubleshooting Using External Web-Hosted CGI Scripts Page Page Page Page Page Page Page Page CGI Source Code Example: No Authentication and Acc ept Button Page Page Page Page Page Page Page Page Related Information Page Wireless (for ISA550W and ISA570W only) Viewing Wireless Status Viewing Wireless Statistics Viewing Wireless Client Status Configuring the Basic Settings Page Configuring SSID Profiles Configuring Wireless Security Page Page Page Page Page Controlling Wireless Access B ased on MAC Addresses Mapping the SSID to VLAN Configuring SSID Schedule Configuring Wi-Fi Protected Setup Page Configuring Captive Portal Requirements Before You Begin VLAN Setup Wireless Setup User Authentication Configuring a Captive Portal Page Page Page Troubleshooting Using External Web-Hosted CGI Scripts Page Page Page Page Page Page Page Page CGI Source Code Example: No Authentication and Acc ept Button Page Page Page Page Page Page Page Page Related Information Configuring Wireless Rogue AP Detection Advanced Radio Settings Page Page Firewall Configuring Firewall Rules to Control Inbound and Outbound Traff ic About Security Zones Page Default Firewall Settings Priorities of Firewall Rules Preliminary Tasks for Configuring Firewall Rules General Firewall Settings Configuring a Firewall Rule Page Configuring a Firewall Rule to Allow Multicast Traffic Configuring Firewall Logging Settings Configuring NAT Rules to Securely Access a Remote Network Viewing NAT Translation Status Priorities of NAT Rules Configuring Dynamic PAT Rules Configuring Static NAT Rules Configuring Port Forwarding Rules Page Configuring Port Triggering Rules Configuring Advanced NAT Rules Configuring IP Alias for Advanced NAT rules Page Configuring an Advanced NAT Rule to Support NAT Hairpinning Page Firewall and NAT Rule C onfiguration Examples Allowing Inbound Traffic Using the WAN IP Address Page Allowing Inbound Traffic Using a Public IP Address Page Page Allowing Inbound Traffic from Specified Range of Outside Hosts Blocking Outbound Traffic by Schedule and IP Address Range Blocking Outbound Traffic to an Offsite Mail Server Configuring Content Filtering to Control Internet Access Configuring Content Filtering Policy Profiles Configuring Website Access Control List Mapping Content Filtering Policy Profiles to Zones Configuring Advanced Content Filtering Settings Configuring MAC Address Filtering to Permit or Block Traffic Configuring IP-MAC Binding to Prevent Spoofing Configuring Attack Protection Configuring Session Limits Configuring Application Level Gateway Page Security Services About Security Services Activating Security Ser vices Priority of Security Services Security Ser vices Dashboard Viewing Security Ser vices Reports Viewing Web Security Report Viewing Anti-Virus Report Viewing Email Security Report Viewing Network Reputation Report Viewing IPS Report Viewing Application Control Report Configuring Anti-Virus General Anti-Virus Settings Page Page Configuring Advanced Anti-Virus Settings Configuring HTTP Notification Configuring Email Notification Updating Anti-Virus Signatures Configuring Application Control Configuring Application Control Policies General Application Control Policy Settings Adding an Application Control Policy Permitting or Blocking Traffic for all Applications in a Category Permitting or Blocking Traffic for an Application General Application Control Settings Enabling Application Control Service Mapping Application Control Policies to Zones Configuring Application Control Policy Mapping Rules Updating Application Signature Database Advanced Application Control Settings Configuring Spam Filter Page Configuring Intrusion Prevention Page Configuring Signature Actions Updating IPS Signature Database Configuring Web Reputation Filtering Page Configuring Web URL Filtering Configuring Web URL Filtering Policy Profiles Configuring Website Access Control List Mapping Web URL Filtering Policy Profiles to Zones Configuring Advanced Web URL Filtering Settings Page Network Reputation VPN About VPNs Viewing VPN Status Viewing IPsec VPN Status Page Viewing SSL VPN Status Page Page Configuring a Site-to-Site VPN Configuration Tasks to Establish a Site-to-Site VPN Tunnel General Site-to-Site VPN Settings Page Configuring IPsec VPN Policies Page Page Page Page Page Configuring IKE Policies Page Configuring Transform Sets Remote Teleworker Configuration Examples Page Page Configuring IPsec Remote Acce ss Cisco VPN Client Compatibility Enabling IPsec Remote Access Configuring IPsec Remote Acces s Group Policies Page Page Allowing IPsec Remote VPN Clients to Access the Internet Page Page Configuring Teleworker VPN Client Required IPsec VPN Servers Benefits of the Teleworker VPN Client Feature Modes of Operation Client Mode Network Extension Mode General Teleworker VPN Client Settings Configuring Teleworker VPN Client Group Policies Page Page Configuring SSL VPN Elements of the SSL VPN Configuration Tasks to Establish a SSL VPN Tunnel Installing Cisco AnyConnect Secure Mobilit y Client Importing Certificates for User Authentication Configuring SSL VPN Users Configuring SSL VPN Gateway Page Page Configuring SSL VPN Group Policies Page Page Accessing SSL VPN Portal Allowing SSL VPN Clients to Access the Internet Page Page Configuring L2TP Server Page Configuring VPN Passthrough User Management Viewing Active User Sessions Configuring Users and User Groups Default User and User Group Available Services for User Groups Preempt Administrators Configuring Local Users Configuring Local User Groups Page Configuring User Authentication Settings Using Local Database for User Authentication Using RADIUS Server for User Authentication Page Page Using Local Database and RADIUS Ser ver for User Authentication Using LDAP for User Authentication Page Using Local Database and LDAP for Authentication Configuring RADIUS Servers Page Device Management Viewing System Status Viewing Process Status Viewing Resource Utilization Administration Configuring Administrator Settings Configuring Remote Administration Configuring Email Alert Settings Page Page Page Page Page Page Configuring SNMP Backing Up and Restoring a Configuration Page Managing Certificates for Authentication Viewing Certificate Status and Details Exporting Certificates to Your Local PC Exporting Certificates to a USB D evice Importing Certificates from Your Local PC Importing Certificates from a USB Device Generating New Certificate Signing Requests Importing Signed Certificate for CSR from Your Local PC Configuring Cisco Services and Support Set tings Configuring Cisco.com Account Configuring Cisco OnPlus Configuring Remote Support Settings Sending Contents for System Diagnosis Configuring System Time Configuring Device Properties Diagnostic Utilities Ping Trace route DNS Lookup Packet Capture Device Discovery Protocols UPnP Discovery Bonjour Discovery CDP Discovery LLDP Discovery Firmware Management Viewing Firmware Information Using the Secondary Firmware Upgrading your Firmware from Cisco.com Upgrading Firmware from a PC or a USB Device Firmware Auto Fall Back Mechanism Using Rescue Mode to Recover the System Managing Security License Checking Security Licens e Status Installing or Renewing Security License Log Management Viewing Logs Page Configuring Log Settings Page Page Configuring Log Facilities Rebooting and Resetting the D evice Restoring the Factory Default Settings Rebooting the Security Appli ance Configuring Schedules Page Page Page A Troubleshooting Internet Connection Page Page Date and Time Pinging to Test LAN Connectivity Testing the LAN Path from Your PC to Your Security Appliance Testing the LAN Path from Your PC to a Remote Device B Technical Specifications and Environmental Requirements B C Factory Default Settings Device Management Page User Management Networking Page Page Page Wireless VPN Page Security Ser vices Firewall Page Reports Default Service Objects Page Page Page Default Address Objects D Where to Go From Here