Cisco Systems 5505 Network Router User Manual
Contents
1. amp Note Read the safety warnings in the Regulatory Compliance and Safety Information RCSI and follow proper safety procedures when performing the steps in this guide See http www cisco com go asadocs for links to the RCSI and other documents 1 Verifying the Package Contents Power supply adapter Power cable US shown Documentation 3 Powering on and Verifying Interface Connectivity Step 1 Connect the power supply adaptor to the power cable Step 2 Connect the rectangular connector of the power supply adaptor to the power connector on the rear panel of the ASA Step 3 Connect the AC power connector of the power cable to an electrical outlet The ASA does not have a power switch Completing this step powers on the device Step 4 Check the Power LED on the front of the ASA if it is solid green the device is powered on Step 5 Check your management PC to make sure it received an IP address on the 192 168 1 0 24 network using DHCP Step 6 Check the LINK ACT indicators to verify interface connectivity Interface Connectivity Each Ethernet interface has an LED to indicate a physical link is established When the LED is solid green a link is established When the LED is flashing green there is network activity LINK ACT Indicator Power Indicator Cisco Systems LINK ACT 100 MBPS Cisco ASA 5505 series Adaptive Security Appliance If a LINK ACT LED is not lit the link could be down due to a duplex misma2. have internal network services such as a web and FTP server that need to be available to an outside user You can place these services on a separate network behind the ASA called a demilitarized zone DMZ By placing the public servers on the DMZ any attacks launched against the public servers do not affect your inside networks Add Public Server So Use this panel to define the server that you wish to expose to a public interface You will need to specify the private interface and address of the server and the service to be exposed and then the public interface address and service that the server will be seen at Private Interface UC wiz test Private IP Address web_server OO Private Service tcp http 4 Public Interface outside D Public IP Address 209 165 201 10 Options __ Specify Public Service if different from Private Service This will enable the static PAT Public Service TCP or UDP service only Step 1 In the main ASDM window choose Configuration gt Firewall gt Public Servers The Public Server pane appears Step 2 Click Add then enter the public server settings in the Add Public Server dialog box For information about any field click Help Step 3 Click OK The server appears in the list Step 4 Click Apply to submit the configuration to the ASA File View Tools MUJERES Window Help a Startup Wizard VPN Wizards jonitoring i Save p ids amaes S
3. your security appliance Run ASDM Run Startup Wizard 300017 Step 3 Click Run Startup Wizard Step 4 Accept any certificates according to the dialog boxes that appear The Cisco ASDM IDM Launcher appears Step 5 Leave the username and password fields empty and click OK The main ASDM window appears and the Startup Wizard opens See 6 Running the Startup Wizard 2 Installing the Chassis The ASA ships with a default configuration that includes two preconfigured networks the Inside network and the Outside network and an Inside interface configured for a DHCP server Clients on the Inside network obtain a dynamic IP address from the ASA so that they can communicate with each other as well as with devices on the Internet Step 1 Connect one end of a yellow Ethernet cable to Ethernet 0 on the ASA By default Ethernet 0 is the Outside interface Connect the other end to a cable DSL ISDN modem the Outside network Step 2 Connect your devices such as PCs printers and servers with Ethernet cables to Ethernet 1 through 7 A Note Connect a PC to the ASA so that you can run the Adaptive Security Device Manager ASDM See 4 Initial Configuration Considerations Step 3 Connect Power over Ethernet PoE devices such as Cisco IP Phones or network cameras with Ethernet cables to switch ports 6 or 7 the only ports providing power to PoE devices Inside Network Outside Network Ports 1 7 Port 0 Inside Net
4. asis ACLs can be applied to restrict or allow access to specific corporate resources e IPsec IKEv1 Remote Access VPN Wizard Configures IPsec VPN remote access for the Cisco IPsec client 10 Optional Configuring the IPS Module ASA 8 2 and Later If your ASA came installed with a Security Services Card SSC you can use ASDM to set up the SSC and configure the Intrusion Prevention System IPS application to run on the SSC An SSC does not have any external interfaces d Add Delete g Connect EE co lh 10 86 194 171 Hm 172 23 204 53 Hm 172 23 59 101 Management Interface Interface VLAN 2220 v IP Address 172 23 204 89 Subnet Mask 255 255 255 0 v Default Gateway 172 23 204 1 g Startup Wizard B Interfaces 43 Routing H a Device Name Password Syste i g Allowed Hosts Networks IP Address Network Mask IP Address 0 0 0 0 0 0 0 0 Host Network Subnet Mask 0 0 0 0 v IPS Password Username cisco Old Password New Password Confirm New Password o Configure the IPS SSC module 300019 Step 1 In the main ASDM window choose Configuration gt Device Setup gt SSC Setup The SSC pane appears Step 2 Complete the SSC setup fields and click Apply For information about any field click Help in the dialog box Step 3 To configure the IPS module on the SSC click the Configure the IPS SSC module link The Startup Wizard appears Click Launch Startup Wi
5. ite to site VPN Wizard High Availability and Scalability Wizard AnyConnect VPN Wizard a Unified Communication Wizard Clientless SSL VPN Wizard VERMA Packet Capture Wizard IPsec IKEv1 Remote Access VPN Wizard e090 AnyConnect VPN Connection Setup Wizard Introduction Use this wizard to configure the ASA to accept VPN connections from the AnyConnect VPN Client The connections will be protected using either the IPsec or the SSL protocol The ASA will automatically upload the AnyConnect VPN Client to the end user s device when a VPN connection is established VPN Remote Access Locel Remot Next gt Cancel Help Step 1 In the main ASDM window choose Wizards gt VPN Wizards then choose one of the following e Site to Site VPN Wizard e AnyConnect VPN Wizard e Clientless VPN Wizard e IPsec IKEv1 Remote Access VPN Wizard Step 2 Follow the wizard instructions For information about any wizard field click Help Americas Headquarters Asia Pacific Headquarters Europe Headquarters 8 i D n n Cisco Systems Inc Cisco Systems USA Pte Ltd Cisco Systems International BV San Jose CA Singapore Amsterdam The Netherlands CISCO Cisco has more than 200 offices worldwide Addresses phone numbers and fax numbers are listed on the Cisco Website at www cisco com go offices Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and or its affiliates in the U S and
6. other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R 2011 2014 Cisco Systems Inc All rights reserved gt Printed in the USA on recycled paper containing 10 postconsumer waste 78 19752 01 8 Optional Running VPN Wizards You can configure VPN using the following wizards e Site to Site VPN Wizard Creates an IPsec site to site tunnel between two ASAs e ASA 8 0 and later AnyConnect VPN Wizard Configures SSL VPN remote access for the Cisco AnyConnect VPN client AnyConnect provides secure SSL connections to the ASA for remote users with full VPN tunneling to corporate resources The ASA policy can be configured to download the AnyConnect Client to remote users when they initially connect via a browser With AnyConnect 3 0 and later the client can run either the SSL or IPSec IKEv2 VPN protocol e ASA 8 0 and later Clientless SSL VPN Wizard Configures clientless SSL VPN remote access for a browser Clientless browser based SSL VPN lets users establish a secure remote access VPN tunnel to the ASA using a web browser After authentication users access a portal page and can access specific supported internal resources The network administrator provides access to resources by users on a group b
7. tch If auto negotiation is disabled verify you are using a straight through Ethernet cable For a description of all chassis components see the hardware installation guide on Cisco com 5 Launching ASDM See the ASDM release notes on Cisco com for the requirements to run ASDM Step 1 On the PC connected to the ASA launch a web browser Step 2 In the Address field enter the following URL https 192 168 1 1 admin The Cisco ASDM web page appears Bie Ek Yen Fates De g Address https 4 192 168 1 fadminpublicjindex html MI gt E z stents g Cisco ASDM cisco Cisco ASDM X XX provides an intuitive graphical user interface that makes it easy to set up configure and manage your Cisco security appliances Cisco ASDM can run as a local application or as a Java Web Start application When you run Cisco ASDM as a local application it connects to your security appliance from your desktop using SSL Running Cisco ASDM as an application has these advantages e You can invoke ASOM from a desktop shortcut No browser is required e One desktop shortcut allows you to connect to multiple security appliances Install ASDM Launcher and Run ASOM You can run Cisco ASOM as a Java Web Start application that is dynamically downloaded from the security appliance Click Run ASOM to run Cisco ASDM Click Run Startup Wizard to run the Startup Wizard The Startup Wizard walks you through step by step the initial configuration of
8. work Interfaces Outside Network Interface ISP Connection Cisco IP Phone Web Server If you connect a server such as a web server to the ASA you can use ASDM to make services on that server accessible by internal and external users See 7 Optional Allowing Access to Public Servers Behind the ASA 4 Initial Configuration Considerations The ASA ships with a default configuration that in most cases is sufficient for your basic deployment You configure the ASA by using ASDM ASDM is a graphical interface that allows you to manage the ASA from any location by using a web browser However changing certain settings is recommended or required For example you should change the following settings from their defaults e The privileged mode enable password that is required to administer the ASA through ASDM and the CLI e When using the ASA as a VPN endpoint using the SSL VPN features The hostname domain name and DNS server names Outside interface IP address to a static address Identity certificate WINS names when access to Windows file shares is required Use the Start up Wizard in ASDM to make these changes See 6 Running the Startup Wizard 6 Running the Startup Wizard Run the Startup Wizard to modify the default configuration so that you can customize the security policy to suit your deployment Using the startup wizard you can set the following e Hostname e Static routes DHCP server Net
9. work address translation rules e Domain name e Administrative passwords e Interfaces e and more e IP addresses File View Tools Egg Window Help Startup Wizard onitoring F Save VPN Wizards High Availability and Scalability Wizard SCR Unified Communication Wizard WE Deveeeshboors Packet Capture Wizard e090 __ AnyConnect VPN Connection Setup Wizard VPN Wizard 7 i a Site to site VPN Wizard AnyConnect VPN Wizard Clientless SSL VPN Wizard IPsec IKEv1 Remote Access VPN Wizard Introduction Use this wizard to configure the ASA to accept VPN connections from the AnyConnect VPN Client The connections will be protected using either the IPsec or the SSL protocol The ASA will automatically upload the AnyConnect VPN Client to the end user s device when a VPN connection is established VPN Remote Access Step 1 If the wizard is not already running in the main ASDM window choose Wizards gt Startup Wizard Step 2 Follow the instructions in the Startup Wizard to configure your ASA Step 3 While running the wizard you can accept the default settings or change them as required For information about any wizard field click Help 7 Optional Allowing Access to Public Servers Behind the ASA ASA 8 2 and Later The Public Server pane automatically configures the security policy to make an inside server accessible from the Internet As a business owner you might
10. zard Alternatively you can choose Configure gt IPS gt Sensor Setup gt Startup Wizard to access the wizard For more information about configuring the IPS module see the IPS module quick start guide on Cisco com stfecntas CISCO QUICK START GUIDE ora c Cisco ASA 5505 Adaptive Security Appliance
Download Pdf Manuals
Related Search