Cisco 5510 - ASA SSL / IPsec VPN Edition Started Manual

Download or browse on-line these Getting Started Manual for Cisco 5510 - ASA SSL / IPsec VPN Edition Firewall, Network Hardware.

Cisco 5510 - ASA SSL / IPsec VPN Edition Manual Information:

This manual for Cisco 5510 - ASA SSL / IPsec VPN Edition, given in the PDF format, is available for free online viewing and download without logging on. The guide contains 208 pages, and the size of the file at download is 4.65 Mb. The document type is Getting Started Manual.

Download Manual

More Manuals:

In case you failed to obtain relevant information in this document, please, look through related operating manuals and user instructions for Cisco 5510 - ASA SSL / IPsec VPN Edition. Just click one of the links below to go to the selected manual:

Summary of Contents:

[Page 1] Cisco 5510 - ASA SSL / IPsec VPN Edition

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Cisco ASA 5500 Series Getting Started Guide For the Cisco ASA 5510, ASA 5520, AS...

[Page 2] Cisco 5510 - ASA SSL / IPsec VPN Edition

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIN...

[Page 3] Cisco 5510 - ASA SSL / IPsec VPN Edition

iii Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CONTENTS iii CHAPTER 1 Before You Begin 1-1 ASA 5500 1-1 ASA 5500 with AIP SSM 1-2 ASA 5500 with CSC SSM 1-3 ASA 5500 with 4GE SSM 1-4 ASA 5550 1-5 Related Documents 1-5 CHA...

[Page 4] Cisco 5510 - ASA SSL / IPsec VPN Edition

Contents iv Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Front Panel LEDs 3-9 Rear Panel LEDs and Ports in Slot 0 3-10 Ports and LEDs in Slot 1 3-12 Connecting Interface Cables 3-13 What to Do Next 3-19 CHAPTER 4 Installing the...

[Page 5] Cisco 5510 - ASA SSL / IPsec VPN Edition

v Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Contents Powering On the Adaptive Security Appliance 6-9 What to Do Next 6-9 CHAPTER 7 Configuring the Adaptive Security Appliance 7-1 About the Factory Default Configuration 7-1 Usi...

[Page 6] Cisco 5510 - ASA SSL / IPsec VPN Edition

Contents vi Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Providing Public HTTP Access to the DMZ Web Server 8-20 What to Do Next 8-23 CHAPTER 9 Scenario: IPsec Remote-Access VPN Configuration 9-1 Example IPsec Remote-Access VPN Net...

[Page 7] Cisco 5510 - ASA SSL / IPsec VPN Edition

vii Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Contents Specifying a Group Policy 10-8 Configuring the Cisco AnyConnect VPN Client 10-9 Verifying the Remote-Access VPN Configuration 10-11 What to Do Next 10-12 CHAPTER 11 Scenar...

[Page 8] Cisco 5510 - ASA SSL / IPsec VPN Edition

Contents viii Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Specifying Hosts and Networks 12-9 Viewing VPN Attributes and Completing the Wizard 12-10 Configuring the Other Side of the VPN Connection 12-12 What to Do Next 12-13 CHAPT...

[Page 9] Cisco 5510 - ASA SSL / IPsec VPN Edition

ix Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Contents CHAPTER 15 Configuring the 4GE SSM for Fiber 15-1 Cabling 4GE SSM Interfaces 15-2 Setting the 4GE SSM Media Type for Fiber Interfaces (Optional) 15-3 What to Do Next 15-5 A...

[Page 10] Cisco 5510 - ASA SSL / IPsec VPN Edition

Contents x Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ...

[Page 11] Cisco 5510 - ASA SSL / IPsec VPN Edition

1-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 1 Before You Begin Use the following table to find the installation and configuration steps that are required for your implementation of the Cisco ASA 5500 series adaptive security ...

[Page 12] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 1 Before You Begin ASA 5500 with AIP SSM 1-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ASA 5500 with AIP SSM Connect interface cables Chapter 6, “Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and AS...

[Page 13] Cisco 5510 - ASA SSL / IPsec VPN Edition

1-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 1 Before You Begin ASA 5500 with CSC SSM ASA 5500 with CSC SSM Connect interface cables Chapter 6, “Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and...

[Page 14] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 1 Before You Begin ASA 5500 with 4GE SSM 1-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ASA 5500 with 4GE SSM Configure the adaptive security appliance for content security Chapter 14, “Configuring the CSC SSM” Confi...

[Page 15] Cisco 5510 - ASA SSL / IPsec VPN Edition

1-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 1 Before You Begin ASA 5550 ASA 5550 Related Documents For more information, see the following documentation: • Documentation Roadmap for the Cisco ASA 5500 Series • ...

[Page 16] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 1 Before You Begin Related Documents 1-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 • Cisco ASA 5500 Series Command Reference • Cisco ASA 5500 Series Configuration Guide using the CLI • Cisco ASA 5500 Series Sy...

[Page 17] Cisco 5510 - ASA SSL / IPsec VPN Edition

2-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 2 Maximizing Throughput on the ASA 5550 Note This chapter applies only to the Cisco ASA 5550. The Cisco ASA 5550 adaptive security appliance is designed to deliver maximum through...

[Page 18] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 2 Maximizing Throughput on the ASA 5550 Balancing Traffic to Maximize Throughput 2-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Note To establish fiber connectivity on the adaptive security appliance, you must order and i...

[Page 19] Cisco 5510 - ASA SSL / IPsec VPN Edition

2-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 2 Maximizing Throughput on the ASA 5550 Balancing Traffic to Maximize Throughput In Figure 2-2 and Figure 2-3, network traffic is distributed so that all traffic flows throug...

[Page 20] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 2 Maximizing Throughput on the ASA 5550 Balancing Traffic to Maximize Throughput 2-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Figure 2-4 illustrates several configurations that do not enable the adaptive security applia...

[Page 21] Cisco 5510 - ASA SSL / IPsec VPN Edition

2-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 2 Maximizing Throughput on the ASA 5550 What to Do Next Note You can use the show traffic command to see the traffic throughput over each bus. For more information about usin...

[Page 22] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 2 Maximizing Throughput on the ASA 5550 What to Do Next 2-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ...

[Page 23] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 3 Installing the ASA 5550 Caution Read the safety warnings in the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series and follow proper safety procedures whe...

[Page 24] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Verifying the Package Contents 3-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Verifying the Package Contents Verify the contents of the packing box, shown in Figure 3-1, to ensure that you have r...

[Page 25] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Installing the Chassis Installing the Chassis This section describes how to rack-mount and install the adaptive security appliance. You can mount th...

[Page 26] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Installing the Chassis 3-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Rack-Mounting the Chassis To rack-mount the chassis, perform the following steps: Note You can use the mounting brackets to mo...

[Page 27] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Installing the Chassis Figure 3-3 Rack-Mounting the Chassis Note Figure 3-2 shows the rack mounting brackets attached to the rear of the chassis wh...

[Page 28] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Installing SFP Modules 3-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Installing SFP Modules The adaptive security appliance uses a field-replaceable SFP module to establish fiber Gigabit Ethern...

[Page 29] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-7 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Installing SFP Modules Ta b l e 3-2 Cabling Requirements for Fiber-Optic SFP Modules Use only Cisco-certified SFP modules on the adaptive security a...

[Page 30] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Installing SFP Modules 3-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Installing an SFP Module To install an SFP module in a fiber port in Slot 1, perform the following steps: Step 1 Line up the S...

[Page 31] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-9 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Ports and LEDs Caution The latching mechanism used on many SFP modules locks them into place when cables are connected. Do not pull on the cabling i...

[Page 32] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Ports and LEDs 3-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Rear Panel LEDs and Ports in Slot 0 Figure 3-6 shows the rear panel LEDs and ports in Slot 0. Figure 3-6 Rear Panel LEDs and Ports ...

[Page 33] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-11 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Ports and LEDs For more information on the Management Port, see the management-only command in the Cisco ASA 5500 Series Command Reference. Figure...

[Page 34] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Ports and LEDs 3-12 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Ports and LEDs in Slot 1 Figure 3-8 illustrates the ports and LEDs in Slot 1. Figure 3-8 Ports and LEDs in Slot 1 Note Figure 3-8 ...

[Page 35] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-13 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Connecting Interface Cables Connecting Interface Cables This section describes how to connect the appropriate cables to the Console, Auxiliary, Man...

[Page 36] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Connecting Interface Cables 3-14 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 a. Locate an Ethernet cable, which has an RJ-45 connector on each end. b. Connect one RJ-45 connector to the Management...

[Page 37] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-15 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Connecting Interface Cables c. Connect the RJ-45 connector to the Console port of the adaptive security appliance as shown in Figure 3-10. d. Con...

[Page 38] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Connecting Interface Cables 3-16 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Figure 3-11 Connecting to the AUX Port Step 5 Connect to copper Ethernet ports to be used for network connections. Copp...

[Page 39] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-17 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 Connecting Interface Cables Figure 3-12 Connecting to a Copper Ethernet Interface in Slot 0 Figure 3-13 Connecting to a Copper Ethernet Interfaces ...

[Page 40] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 Connecting Interface Cables 3-18 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 b. Connect the other end of the Ethernet cable to a network device, such as a router, switch or hub. Step 6 Connect to ...

[Page 41] Cisco 5510 - ASA SSL / IPsec VPN Edition

3-19 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 3 Installing the ASA 5550 What to Do Next Figure 3-15 Connecting the LC Connector c. Connect the other end of the cable to a network device, such as a router, switch, or hub...

[Page 42] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 3 Installing the ASA 5550 What to Do Next 3-20 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ...

[Page 43] Cisco 5510 - ASA SSL / IPsec VPN Edition

4-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Note This chapter does not apply to the ASA 5550. Warning Only trained and qualified personnel should install, replace, ...

[Page 44] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Verifying the Package Contents 4-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Note The illustrations in this document show the Cisco ASA 5540 adaptive security a...

[Page 45] Cisco 5510 - ASA SSL / IPsec VPN Edition

4-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Installing the Chassis Figure 4-1 Contents of ASA 5500 Package Installing the Chassis This section describes how to...

[Page 46] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Installing the Chassis 4-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Warning To prevent bodily injury when mounting or servicing this unit in a rack, you must t...

[Page 47] Cisco 5510 - ASA SSL / IPsec VPN Edition

4-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Installing the Chassis Step 1 Attach the rack-mount brackets to the chassis using the supplied screws. Attach the ...

[Page 48] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Installing the Chassis 4-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Figure 4-4 Rack-Mounting the Chassis Note Figure 4-2 and Figure 4-3 show the rack mounting ...

[Page 49] Cisco 5510 - ASA SSL / IPsec VPN Edition

4-7 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Ports and LEDs Ports and LEDs This section describes the front and rear panels. Figure 4-5 shows the front panel L...

[Page 50] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Ports and LEDs 4-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Figure 4-6 shows the rear panel features for the adaptive security appliance. Figure 4-6 Rear Panel ...

[Page 51] Cisco 5510 - ASA SSL / IPsec VPN Edition

4-9 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Ports and LEDs Figure 4-7 shows the adaptive security appliance rear panel LEDs. Figure 4-7 Rear Panel Link and Spe...

[Page 52] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 4 Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 What to Do Next 4-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 What to Do Next Continue with one of the following chapters. To Do This... See .. Install SSMs y...

[Page 53] Cisco 5510 - ASA SSL / IPsec VPN Edition

5-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 5 Installing Optional SSMs Note This chapter does not apply to the ASA 5550. This chapter provides information about installing optional SSMs (Security Services Modules) and their c...

[Page 54] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 5 Installing Optional SSMs Cisco 4GE SSM 5-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 4GE SSM Components Figure 5-1 lists the Cisco 4GE SSM ports and LEDs. Figure 5-1 Cisco 4GE SSM Ports and LEDs Note Figure 5-1 shows SF...

[Page 55] Cisco 5510 - ASA SSL / IPsec VPN Edition

5-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 5 Installing Optional SSMs Cisco 4GE SSM Installing the Cisco 4GE SSM To install a new Cisco 4GE SSM for the first time, perform the following steps: Step 1 Power off the ada...

[Page 56] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 5 Installing Optional SSMs Cisco 4GE SSM 5-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Step 4 Insert the Cisco 4GE SSM through the slot opening as shown in Figure 5-3. Figure 5-3 Inserting the Cisco 4GE SSM into the Slot ...

[Page 57] Cisco 5510 - ASA SSL / IPsec VPN Edition

5-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 5 Installing Optional SSMs Cisco 4GE SSM SFP Module The adaptive security appliance uses a field-replaceable SFP module to establish Gigabit connections. Note If you install...

[Page 58] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 5 Installing Optional SSMs Cisco 4GE SSM 5-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Use only Cisco certified SFP modules on the adaptive security appliance. Each SFP module has an internal serial EEPROM that is encode...

[Page 59] Cisco 5510 - ASA SSL / IPsec VPN Edition

5-7 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 5 Installing Optional SSMs Cisco 4GE SSM Figure 5-4 Installing an SFP Module Caution Do not remove the optical port plugs from the SFP until you are ready to connect the cab...

[Page 60] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 5 Installing Optional SSMs Cisco AIP SSM and CSC SSM 5-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Cisco AIP SSM and CSC SSM The ASA 5500 series adaptive security appliance supports the AIP SSM (Advanced Inspection and P...

[Page 61] Cisco 5510 - ASA SSL / IPsec VPN Edition

5-9 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 5 Installing Optional SSMs Cisco AIP SSM and CSC SSM Figure 5-5 SSM LEDs Table 5-5 describes the SSM LEDs. Installing an SSM To install a new SSM, perform the following steps...

[Page 62] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 5 Installing Optional SSMs What to Do Next 5-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Figure 5-6 Removing the Screws from the Slot Cover Step 4 Insert the SSM into the slot opening as shown in Figure 5-7. Figure 5-7 I...

[Page 63] Cisco 5510 - ASA SSL / IPsec VPN Edition

6-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Note This chapter does not apply to the ASA 5550. This chapter describes how to connect th...

[Page 64] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting Interface Cables 6-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 This chapter includes the following sections: • Conn...

[Page 65] Cisco 5510 - ASA SSL / IPsec VPN Edition

6-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting Interface Cables b. Connect one RJ-45 connector to the Management0/0 port,...

[Page 66] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting to SSMs 6-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Set up the terminal as follows: 9600 baud (default), 8 data bits, ...

[Page 67] Cisco 5510 - ASA SSL / IPsec VPN Edition

6-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting to SSMs Note This procedure does not apply to the 4GE SSM. See Connecting ...

[Page 68] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting to a 4GE SSM 6-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Note You can use any unused Ethernet interface on the device ...

[Page 69] Cisco 5510 - ASA SSL / IPsec VPN Edition

6-7 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting to a 4GE SSM To connect to a 4GE SSM, perform the following steps: Step 1 ...

[Page 70] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Connecting to a 4GE SSM 6-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Step 2 Connect to fiber Ethernet ports to be used for network...

[Page 71] Cisco 5510 - ASA SSL / IPsec VPN Edition

6-9 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms Powering On the Adaptive Security Appliance b. Connect the other end of the cable to ...

[Page 72] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 6 Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms What to Do Next 6-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ...

[Page 73] Cisco 5510 - ASA SSL / IPsec VPN Edition

7-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 7 Configuring the Adaptive Security Appliance This chapter describes the initial configuration of the adaptive security appliance. You can perform the configuration steps using eit...

[Page 74] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 7 Configuring the Adaptive Security Appliance Using the CLI for Configuration 7-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 – Allocated switch ports Ethernet 0/1 through Ethernet 0/7 – Security level of 100 – ...

[Page 75] Cisco 5510 - ASA SSL / IPsec VPN Edition

7-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 7 Configuring the Adaptive Security Appliance Using the Adaptive Security Device Manager for Configuration Using the Adaptive Security Device Manager for Configuration The Ad...

[Page 76] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 7 Configuring the Adaptive Security Appliance Using the Adaptive Security Device Manager for Configuration 7-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Preparing to Use ASDM Before you can use ASDM, perform the following...

[Page 77] Cisco 5510 - ASA SSL / IPsec VPN Edition

7-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 7 Configuring the Adaptive Security Appliance Using the Adaptive Security Device Manager for Configuration • The IP addresses of your outside interface, inside interface, ...

[Page 78] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 7 Configuring the Adaptive Security Appliance Using the Adaptive Security Device Manager for Configuration 7-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Note The adaptive security appliance ships with a default IP address...

[Page 79] Cisco 5510 - ASA SSL / IPsec VPN Edition

7-7 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 7 Configuring the Adaptive Security Appliance Using the Adaptive Security Device Manager for Configuration Step 4 Enter the IP address or host name of your adaptive security a...

[Page 80] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 7 Configuring the Adaptive Security Appliance Running the ASDM Startup Wizard 7-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ASDM starts and the main window appears. Starting ASDM with a Web Browser To run ASDM in a web br...

[Page 81] Cisco 5510 - ASA SSL / IPsec VPN Edition

7-9 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 7 Configuring the Adaptive Security Appliance What to Do Next Note If you get an error requesting a DES license or a 3DES-AES license, see Appendix A, “Obtaining a 3DES/AES...

[Page 82] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 7 Configuring the Adaptive Security Appliance What to Do Next 7-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 ...

[Page 83] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-1 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 CHAPTER 8 Scenario: DMZ Configuration A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside) network and a public (outside) network. This ch...

[Page 84] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Example DMZ Network Topology 8-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Figure 8-1 Network Layout for DMZ Configuration Scenario This example scenario has the following characteristics: ...

[Page 85] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-3 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Example DMZ Network Topology This section includes the following topics: • An Inside User Visits a Web Server on the Internet, page 8-3 �...

[Page 86] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Example DMZ Network Topology 8-4 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 When an inside user requests an HTTP page from a web server on the Internet, data moves through the adaptive securi...

[Page 87] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-5 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Example DMZ Network Topology Figure 8-3 An Outside User Visits the DMZ Web Server When a user on the Internet requests an HTTP page from the DMZ ...

[Page 88] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Example DMZ Network Topology 8-6 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 3. The adaptive security appliance translates the destination address to the local address of the DMZ web server (1...

[Page 89] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-7 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Example DMZ Network Topology Figure 8-4 An Inside User Visits a Web Server on the DMZ In Figure 8-4, the adaptive security appliance permits HTTP...

[Page 90] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment 8-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 2. The internal client requests a web page from the public IP address of the DMZ...

[Page 91] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-9 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment • Enabling Inside Clients to Communicate with Devices on the Internet, page...

[Page 92] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment 8-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Information to Have Available Before you begin this configuration procedure, ga...

[Page 93] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-11 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment Note Because there is not a DNS server on the inside network, DNS requests must...

[Page 94] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment 8-12 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Step 4 From the Type drop-down list, choose Static. Step 5 In the Translated Ad...

[Page 95] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-13 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment Step 7 Click OK. You return to the Add Network Object dialog box. Step 8 Click ...

[Page 96] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment 8-14 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Translating the Public Address of the Web Server to its Real Address on the Ins...

[Page 97] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-15 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment Step 6 Click Advanced, and configure the following options in the Advanced NAT ...

[Page 98] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment 8-16 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Step 7 Click OK. You return to the Add Network Object dialog box. Step 8 Click ...

[Page 99] Cisco 5510 - ASA SSL / IPsec VPN Edition

8-17 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment Step 9 Click Apply to complete the adaptive security appliance configuration ch...

[Page 100] Cisco 5510 - ASA SSL / IPsec VPN Edition

Chapter 8 Scenario: DMZ Configuration Configuring the Adaptive Security Appliance for a DMZ Deployment 8-18 Cisco ASA 5500 Series Getting Started Guide 78-19186-01 Step 5 In the Translated Addr. field, enter the public IP address to be used fo...