User Manual
Page 2
...-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance The Public Server pane appears. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go /offices. With...CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. Cisco and the Cisco logo are listed on Cisco.com. The use ... ASDM window, choose Configuration > Device Setup > SSC Setup. Step 4 Click Apply to submit the configuration to the ASA. 10. (Optional) Configuring the IPS Module ASA 8.2 and Later If your inside server...
...-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance The Public Server pane appears. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go /offices. With...CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. Cisco and the Cisco logo are listed on Cisco.com. The use ... ASDM window, choose Configuration > Device Setup > SSC Setup. Step 4 Click Apply to submit the configuration to the ASA. 10. (Optional) Configuring the IPS Module ASA 8.2 and Later If your inside server...
Administration Guide
Page 20
...Windows, page 2-4 Ensuring Automatic Installation of AnyConnect client software on client PCs: • To minimize user prompts during AnyConnect client setup, make sure certificate data on client PCs and on the security appliance match: - The security appliance loads the client based ... client and other SSL VPN connections on the security appliance, see "Configuring SSL VPN Connections" in this administrator's guide, see the Cisco ASA 5500 Command Reference Guide for the AnyConnect client Release 2.0(1), and contains the following sections: • Before You Install the AnyConnect Client,...
...Windows, page 2-4 Ensuring Automatic Installation of AnyConnect client software on client PCs: • To minimize user prompts during AnyConnect client setup, make sure certificate data on client PCs and on the security appliance match: - The security appliance loads the client based ... client and other SSL VPN connections on the security appliance, see "Configuring SSL VPN Connections" in this administrator's guide, see the Cisco ASA 5500 Command Reference Guide for the AnyConnect client Release 2.0(1), and contains the following sections: • Before You Install the AnyConnect Client,...
Administration Guide
Page 26
...license agreement and click OK. Click Next. We suggest you accept the defaults unless your system administrator has instructed otherwise. Cisco AnyConnect VPN Client Administrator Guide 2-8 OL-12950-012 Note Vista users must add the security appliance to the trusted zone ... operating-system-specific download sites. The Ready to the user, asking for the Cisco AnyConnect VPN Client Setup Wizard displays. Click Install. After installing, the Completing the Cisco AnyConnect VPN Client Setup Wizard screen displays. Installing the AnyConnect Client on a User's PC Chapter 2 ...
...license agreement and click OK. Click Next. We suggest you accept the defaults unless your system administrator has instructed otherwise. Cisco AnyConnect VPN Client Administrator Guide 2-8 OL-12950-012 Note Vista users must add the security appliance to the trusted zone ... operating-system-specific download sites. The Ready to the user, asking for the Cisco AnyConnect VPN Client Setup Wizard displays. Click Install. After installing, the Completing the Cisco AnyConnect VPN Client Setup Wizard screen displays. Installing the AnyConnect Client on a User's PC Chapter 2 ...
Administration Guide
Page 45
...send data over the UPD/DTLS session, and the DPD mechanism is necessary for an internal group policy. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-3 To enable DTLS, use the Datagram TLS setting in the group policy on security appliance,...Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management > ...
...send data over the UPD/DTLS session, and the DPD mechanism is necessary for an internal group policy. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-3 To enable DTLS, use the Datagram TLS setting in the group policy on security appliance,...Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management > ...
Administration Guide
Page 47
... Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device management ...where you can specify these modules are released for the AnyConnect client, you must use the new features. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-5 Separate multiple strings with commas. Figure 5-5 shows an example. To enable new features,...
... Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device management ...where you can specify these modules are released for the AnyConnect client, you must use the new features. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-5 Separate multiple strings with commas. Figure 5-5 shows an example. To enable new features,...
Administration Guide
Page 52
... VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management...> Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client Figure 5-9 shows an example of the command. You can also configure compression for an internal group policy. 5-10 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012
... VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management...> Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client Figure 5-9 shows an example of the command. You can also configure compression for an internal group policy. 5-10 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012
Administration Guide
Page 53
...frequency of keepalive messages to Inherit. To set to ensure that an AnyConnect client or SSL VPN connection through a proxy, firewall, or NAT device remains open, even if the device limits the time that the client does not disconnect and reconnect when... SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-11 Chapter 5 Configuring AnyConnect Features Using ASDM Figure 5-9 Compression Setting ...
...frequency of keepalive messages to Inherit. To set to ensure that an AnyConnect client or SSL VPN connection through a proxy, firewall, or NAT device remains open, even if the device limits the time that the client does not disconnect and reconnect when... SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-11 Chapter 5 Configuring AnyConnect Features Using ASDM Figure 5-9 Compression Setting ...
Administration Guide
Page 55
...SSL renegotiation during a rekey, or check the New Tunnel check box to establish a new tunnel during rekey. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-13 Note The security appliance does not currently support inline DTLS rekey. The AnyConnect client, therefore,... ASDM Configuring, Enabling, and Using Other AnyConnect Features • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration • Device Management > Users/AAA > User Accounts > Add or...
...SSL renegotiation during a rekey, or check the New Tunnel check box to establish a new tunnel during rekey. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-13 Note The security appliance does not currently support inline DTLS rekey. The AnyConnect client, therefore,... ASDM Configuring, Enabling, and Using Other AnyConnect Features • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration • Device Management > Users/AAA > User Accounts > Add or...
Administration Guide
Page 56
... (gateway) or the client can quickly detect a condition where the peer is necessary for an internal group policy. 5-14 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 Note When using the AnyConnect client with DTLS on security appliance, Dead Peer Detection... > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client > Dead Peer Detection • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Dead Peer...
... (gateway) or the client can quickly detect a condition where the peer is necessary for an internal group policy. 5-14 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 Note When using the AnyConnect client with DTLS on security appliance, Dead Peer Detection... > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client > Dead Peer Detection • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Dead Peer...
Installation Guide
Page 6
... 4 Installing the ASA 5505 Powering on the Cisco ASA 5505 To power on the Cisco ASA 5505, perform the following steps: Step 1 Step 2 Step 3 Connect the power supply with the Adaptive Security Device Manager (ASDM) application, which you can perform setup, configuration and management tasks from which provides an intuitive graphical user interface (GUI). For more information about using...
... 4 Installing the ASA 5505 Powering on the Cisco ASA 5505 To power on the Cisco ASA 5505, perform the following steps: Step 1 Step 2 Step 3 Connect the power supply with the Adaptive Security Device Manager (ASDM) application, which you can perform setup, configuration and management tasks from which provides an intuitive graphical user interface (GUI). For more information about using...
Installation Guide
Page 7
... this causes a duplex mismatch that the PC has basic connectivity to perform initial setup and configuration of the interface. You can assign a static IP address to verify that significantly impacts the total throughput capabilities of the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-7 See Chapter 1, "Configuring the Adaptive Security Appliance" for information...
... this causes a duplex mismatch that the PC has basic connectivity to perform initial setup and configuration of the interface. You can assign a static IP address to verify that significantly impacts the total throughput capabilities of the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-7 See Chapter 1, "Configuring the Adaptive Security Appliance" for information...
Installation Guide
Page 8
... 4-9 Connecting to the Console You can access the command line for the initial setup of the Cisco ASA 5505. Optional Procedures Chapter 4 Installing the ASA 5505 Optional Procedures This section describes how to perform tasks that are not required for ...administration using the console port on the Cisco ASA 5505. This section includes the following steps: ASA 5505 Getting Started Guide 4-8 78-18003-02 Figure 4-3 Connecting to the Console Security Services Card Slot POWER 48VDC 7 POWER over...
... 4-9 Connecting to the Console You can access the command line for the initial setup of the Cisco ASA 5505. Optional Procedures Chapter 4 Installing the ASA 5505 Optional Procedures This section describes how to perform tasks that are not required for ...administration using the console port on the Cisco ASA 5505. This section includes the following steps: ASA 5505 Getting Started Guide 4-8 78-18003-02 Figure 4-3 Connecting to the Console Security Services Card Slot POWER 48VDC 7 POWER over...
Installation Guide
Page 11
... The system is enabled by changing the settings either on the Cisco ASA 5505 or on standby. Solid The tunnel failed to initiate. - If auto-negotiation is disabled (it is initiating the VPN tunnel. If the system is part of a high availability setup, a solid amber light indicates that the link is established.... is the standby unit. State Description Solid The system is on the other end. Solid The system is forwarding traffic. Chapter 4 Installing the ASA 5505 Ports and LEDs Port / LED 6 Active 7 VPN 8 SSC Color Green Amber Green Amber - If the system is part of cable. 78-18003...
... The system is enabled by changing the settings either on the Cisco ASA 5505 or on standby. Solid The tunnel failed to initiate. - If auto-negotiation is disabled (it is initiating the VPN tunnel. If the system is part of a high availability setup, a solid amber light indicates that the link is established.... is the standby unit. State Description Solid The system is on the other end. Solid The system is forwarding traffic. Chapter 4 Installing the ASA 5505 Ports and LEDs Port / LED 6 Active 7 VPN 8 SSC Color Green Amber Green Amber - If the system is part of cable. 78-18003...