User Manual
Page 1
...POWER 48VDC 7 POWER over ETHERNET 6 5 4 3 2 Cisco ASA 5505 1 0 CONSOLE 1 2 RESET Power supply adapter Blue console cable Power cable (US shown) ProCdiFuscicrteoCwADaSllA 5505 Documentation Yellow Ethernet cable GQCuuisiidccoke SAtSaArt 5505 2. When the LED is solid green, a link is network...interface configured for the requirements to administer the ASA through Ethernet cable. For example, you can set the following URL: https://192.168.1.1/admin The Cisco ASDM web page appears. 6. Initial Configuration Considerations The ASA ships with a default configuration that...
...POWER 48VDC 7 POWER over ETHERNET 6 5 4 3 2 Cisco ASA 5505 1 0 CONSOLE 1 2 RESET Power supply adapter Blue console cable Power cable (US shown) ProCdiFuscicrteoCwADaSllA 5505 Documentation Yellow Ethernet cable GQCuuisiidccoke SAtSaArt 5505 2. When the LED is solid green, a link is network...interface configured for the requirements to administer the ASA through Ethernet cable. For example, you can set the following URL: https://192.168.1.1/admin The Cisco ASDM web page appears. 6. Initial Configuration Considerations The ASA ships with a default configuration that...
User Manual
Page 2
...tunnel to this URL: www.cisco.com/go/trademarks. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The Public Server pane appears. Ltd. To view a list of Cisco trademarks, go /offices. Printed in the USA on a separate network behind the ASA, called a demilitarized zone (...placing the public servers on the SSC, click the Configure the IPS SSC module link. ACLs can place these services on recycled paper containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance An SSC does not have internal ...
...tunnel to this URL: www.cisco.com/go/trademarks. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The Public Server pane appears. Ltd. To view a list of Cisco trademarks, go /offices. Printed in the USA on a separate network behind the ASA, called a demilitarized zone (...placing the public servers on the SSC, click the Configure the IPS SSC module link. ACLs can place these services on recycled paper containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance An SSC does not have internal ...
Administration Guide
Page 3
... AnyConnect Client Features 1 Remote User Interface 2 Getting and Installing the Files You Need 7 CSA Interoperability with the AnyConnect Client and Cisco Secure Desktop 7 Common AnyConnect VPN Client Installation and Configuration Procedures 1 Installing the AnyConnect Client 1 Before You Install the AnyConnect Client 2 Ensuring Automatic Installation of AnyConnect Clients 2 AnyConnect Client ...PC Running Windows 8 Installing the AnyConnect Client on a PC Running Linux 9 Installing the AnyConnect Client on a PC Running MAC OSX 9 OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 3
... AnyConnect Client Features 1 Remote User Interface 2 Getting and Installing the Files You Need 7 CSA Interoperability with the AnyConnect Client and Cisco Secure Desktop 7 Common AnyConnect VPN Client Installation and Configuration Procedures 1 Installing the AnyConnect Client 1 Before You Install the AnyConnect Client 2 Ensuring Automatic Installation of AnyConnect Clients 2 AnyConnect Client ...PC Running Windows 8 Installing the AnyConnect Client on a PC Running Linux 9 Installing the AnyConnect Client on a PC Running MAC OSX 9 OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 3
Administration Guide
Page 4
... and Users 10 Enabling AnyConnect Keepalives 11 Enabling AnyConnect Rekey 12 Enabling and Adjusting Dead Peer Detection 14 Configuring the Dynamic Access Policies Feature of the Security Appliance 15 Cisco Secure Desktop Support 15 6 C H A P T E R Configuring AnyConnect Features Using CLI 1 Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections 1 Enabling DTLS Globally for...
... and Users 10 Enabling AnyConnect Keepalives 11 Enabling AnyConnect Rekey 12 Enabling and Adjusting Dead Peer Detection 14 Configuring the Dynamic Access Policies Feature of the Security Appliance 15 Cisco Secure Desktop Support 15 6 C H A P T E R Configuring AnyConnect Features Using CLI 1 Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections 1 Enabling DTLS Globally for...
Administration Guide
Page 5
...Matching Example 15 Customizing and Localizing the AnyConnect Client 1 Customizing the End-user Experience 1 Language Translation (Localization) for User Messages 3 Understanding Language Translation 3 Configuring Language Localization Using ASDM 4 Creating or Modifying a Translation Table Using ASDM 6 Import/Export Language Localization 7 Creating or Modifying a Translation Table Using CLI 8... AnyConnect Client Sessions 3 Updating AnyConnect Client and SSL VPN Client Images 4 Sample AnyConnect Profile and XML Schema 1 Sample AnyConnect Profile 1 Cisco AnyConnect VPN Client Administrator Guide 5
...Matching Example 15 Customizing and Localizing the AnyConnect Client 1 Customizing the End-user Experience 1 Language Translation (Localization) for User Messages 3 Understanding Language Translation 3 Configuring Language Localization Using ASDM 4 Creating or Modifying a Translation Table Using ASDM 6 Import/Export Language Localization 7 Creating or Modifying a Translation Table Using CLI 8... AnyConnect Client Sessions 3 Updating AnyConnect Client and SSL VPN Client Images 4 Sample AnyConnect Profile and XML Schema 1 Sample AnyConnect Profile 1 Cisco AnyConnect VPN Client Administrator Guide 5
Administration Guide
Page 7
...Install and configuresecurity appliances • Configure VPNs OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7 The PIX family of this guide, the term "security appliance" applies generically to help you through some common configuration scenarios, and online Help for network...guide does not cover every feature, but describes only the most common configuration scenarios. ASDM includes configuration wizards to the Cisco ASA 5500 series security appliances (ASA 5505 and higher). You can configure and monitor the security appliance by using either the command-line interface...
...Install and configuresecurity appliances • Configure VPNs OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7 The PIX family of this guide, the term "security appliance" applies generically to help you through some common configuration scenarios, and online Help for network...guide does not cover every feature, but describes only the most common configuration scenarios. ASDM includes configuration wizards to the Cisco ASA 5500 series security appliances (ASA 5505 and higher). You can configure and monitor the security appliance by using either the command-line interface...
Administration Guide
Page 8
... Security Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators • For Open...
... Security Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators • For Open...
Administration Guide
Page 11
... (DTLS) with SSL connections-Avoids latency and bandwidth problems associated with a VPN 3000 Series Concentrator. As the network administrator, you configure the AnyConnect client features on Windows PC users. Then, you can load the client on PCs. For detailed information about DTLS, ... the focus in the user interface and define the names and addresses of host computers. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM 6.0 and higher. DTLS is primarily on the security appliance. Introduction 1 C H A P T...
... (DTLS) with SSL connections-Avoids latency and bandwidth problems associated with a VPN 3000 Series Concentrator. As the network administrator, you configure the AnyConnect client features on Windows PC users. Then, you can load the client on PCs. For detailed information about DTLS, ... the focus in the user interface and define the names and addresses of host computers. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM 6.0 and higher. DTLS is primarily on the security appliance. Introduction 1 C H A P T...
Administration Guide
Page 12
...• Dynamic Access Policies feature of the security appliance-Lets you configure authorization that addresses the variables of multiple group membership and endpoint security for VPN connections. • Cisco Secure Desktop support-Validates the security of client computers requesting access to... working. • Language Translation (localization)-Provides a way of the packets being transferred. Remote User Interface Remote users see the Cisco AnyConnect VPN Client user interface (Figure 1-1). Remote User Interface Chapter 1 Introduction • IPv6 VPN access-Allows access to IPv6 ...
...• Dynamic Access Policies feature of the security appliance-Lets you configure authorization that addresses the variables of multiple group membership and endpoint security for VPN connections. • Cisco Secure Desktop support-Validates the security of client computers requesting access to... working. • Language Translation (localization)-Provides a way of the packets being transferred. Remote User Interface Remote users see the Cisco AnyConnect VPN Client user interface (Figure 1-1). Remote User Interface Chapter 1 Introduction • IPv6 VPN access-Allows access to IPv6 ...
Administration Guide
Page 18
... Using Management Center for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Import the file using the Maintenance > Export/Import tab on the CSA Management Center. Specific information about exporting policies is located in the section Exporting and Importing Configurations. Cisco AnyConnect VPN Client Administrator Guide...
... Using Management Center for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Import the file using the Maintenance > Export/Import tab on the CSA Management Center. Specific information about exporting policies is located in the section Exporting and Importing Configurations. Cisco AnyConnect VPN Client Administrator Guide...
Administration Guide
Page 19
.... OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-1 After the user enters the URL, the browser connects to install the AnyConnect client on the security appliance configuration) when the connection terminates. After loading, the client installs and configures itself, establishes a ...a previously-installed client, remote users enter into their browser the IP address or DNS name of the ASA Release 8.0(1) and later and ASDM Release 6.0 and later. Unless the security appliance is configured to redirect http:// requests to accept clientless SSL VPN connections. 2 C H A P T E...
.... OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-1 After the user enters the URL, the browser connects to install the AnyConnect client on the security appliance configuration) when the connection terminates. After loading, the client installs and configures itself, establishes a ...a previously-installed client, remote users enter into their browser the IP address or DNS name of the ASA Release 8.0(1) and later and ASDM Release 6.0 and later. Unless the security appliance is configured to redirect http:// requests to accept clientless SSL VPN connections. 2 C H A P T E...
Administration Guide
Page 20
...Adding a Security Certificate in this administrator's guide, see "Configuring SSL VPN Connections" in Cisco Security Appliance Command Line Configuration Guide. The security appliance loads the client based on the security appliance, see the Cisco ASA 5500 Command Reference Guide for version 8.0 or later. For...(VPN Graphical Identification and Authentication) a cannot be installed dynamically if the AnyConnect client is already configured as a trusted root certificate on clients. Cisco AnyConnect VPN Client Administrator Guide 2-2 OL-12950-012 In the latter case, if the user does...
...Adding a Security Certificate in this administrator's guide, see "Configuring SSL VPN Connections" in Cisco Security Appliance Command Line Configuration Guide. The security appliance loads the client based on the security appliance, see the Cisco ASA 5500 Command Reference Guide for version 8.0 or later. For...(VPN Graphical Identification and Authentication) a cannot be installed dynamically if the AnyConnect client is already configured as a trusted root certificate on clients. Cisco AnyConnect VPN Client Administrator Guide 2-2 OL-12950-012 In the latter case, if the user does...
Administration Guide
Page 21
... on the system. For more information about this section. - OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-3 Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Before You Install the AnyConnect Client The procedure varies by following these files:... @SYSTEM\vpnweb.ocx Application Class: "Cisco Secure Tunneling Client - See the procedures that has a new...
... on the system. For more information about this section. - OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-3 Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Before You Install the AnyConnect Client The procedure varies by following these files:... @SYSTEM\vpnweb.ocx Application Class: "Cisco Secure Tunneling Client - See the procedures that has a new...
Administration Guide
Page 22
... Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Go to badly configured security appliance #1. Connecting to that security appliance. When a user gets the server certificate for the security appliance... how to install a self-signed certificate as https://*.yourcompany.com to allow all ASA 5500s within the yourcompany.com domain to be used to avoid these descriptions, you... box in the Internet Options window. The following examples and scenarios show some instances. Cisco AnyConnect VPN Client Administrator Guide 2-4 OL-12950-012 Click the Trusted Sites icon. Adding...
... Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Go to badly configured security appliance #1. Connecting to that security appliance. When a user gets the server certificate for the security appliance... how to install a self-signed certificate as https://*.yourcompany.com to allow all ASA 5500s within the yourcompany.com domain to be used to avoid these descriptions, you... box in the Internet Options window. The following examples and scenarios show some instances. Cisco AnyConnect VPN Client Administrator Guide 2-4 OL-12950-012 Click the Trusted Sites icon. Adding...
Administration Guide
Page 23
... has expired or is stored in no Security Alert prompt and no dialog box and connects successfully. 10. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-5 The user disconnects from security appliance #1. 5. For example, the user connects to approve or...trusted certificate authority; The AnyConnect client prompts the user for their own certificate authority or cacert.org. The user connects successfully to correctly configured security appliance #2. 9. Scenarios Where a User Might See the Security Alert • Scenario A: The user gets the server certificate ...
... has expired or is stored in no Security Alert prompt and no dialog box and connects successfully. 10. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-5 The user disconnects from security appliance #1. 5. For example, the user connects to approve or...trusted certificate authority; The AnyConnect client prompts the user for their own certificate authority or cacert.org. The user connects successfully to correctly configured security appliance #2. 9. Scenarios Where a User Might See the Security Alert • Scenario A: The user gets the server certificate ...
Administration Guide
Page 24
...was used to a different security appliance and back. Certificate Store window opens. The Certificate Import Wizard - Click Finish. Cisco AnyConnect VPN Client Administrator Guide 2-6 OL-12950-012 View the certificate to determine whether you have not chosen to a Microsoft... the security appliance generates a self-signed server certificate that the AnyConnect client does not trust. Recommendation: Administrators should correctly configure certificates on a client in the Security Alert window. Select "Automatically select the certificate store based on the first connection ...
...was used to a different security appliance and back. Certificate Store window opens. The Certificate Import Wizard - Click Finish. Cisco AnyConnect VPN Client Administrator Guide 2-6 OL-12950-012 View the certificate to determine whether you have not chosen to a Microsoft... the security appliance generates a self-signed server certificate that the AnyConnect client does not trust. Recommendation: Administrators should correctly configure certificates on a client in the Security Alert window. Select "Automatically select the certificate store based on the first connection ...
Administration Guide
Page 25
OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-7 The security appliance window opens, signifying the certificate is not recognized as follows: Step 1 Step 2 Step 3 Click the Examine ...establish a Netscape, Mozilla, or Firefox connection to a security appliance that is regenerated every time the device is rebooted. Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Before You Install the AnyConnect Client Step 9 Step 10 Click OK to close the Security Alert window. This window shows the following procedure explains...
OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-7 The security appliance window opens, signifying the certificate is not recognized as follows: Step 1 Step 2 Step 3 Click the Examine ...establish a Netscape, Mozilla, or Firefox connection to a security appliance that is regenerated every time the device is rebooted. Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Before You Install the AnyConnect Client Step 9 Step 10 Click OK to close the Security Alert window. This window shows the following procedure explains...
Administration Guide
Page 26
...welcome screen for the authentication credentials. Click Next. The client installs and displays the status bar during installation. Click Next. Cisco AnyConnect VPN Client Administrator Guide 2-8 OL-12950-012 We suggest you accept the defaults unless your system administrator has instructed ...the installation is complete. Download the AnyConnect client MSI file from the Cisco site; Click Install. Installing the AnyConnect Client on a User's PC Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Installing the AnyConnect Client on a User's PC You can set ...
...welcome screen for the authentication credentials. Click Next. The client installs and displays the status bar during installation. Click Next. Cisco AnyConnect VPN Client Administrator Guide 2-8 OL-12950-012 We suggest you accept the defaults unless your system administrator has instructed ...the installation is complete. Download the AnyConnect client MSI file from the Cisco site; Click Install. Installing the AnyConnect Client on a User's PC Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Installing the AnyConnect Client on a User's PC You can set ...
Administration Guide
Page 27
...Running Linux, follow these steps: Step 1 Step 2 For Linux, the client files are placed in the folder ciscovpn. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-9 After installing the client, you authenticate. To install the AnyConnect client on a PC Running MAC OSX ... volume, and then selecting the "Upgrade" option to perform a basic installation. Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Installing the AnyConnect Client on a User's PC You can start the client manually from the user interface with the Linux command /...
...Running Linux, follow these steps: Step 1 Step 2 For Linux, the client files are placed in the folder ciscovpn. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-9 After installing the client, you authenticate. To install the AnyConnect client on a PC Running MAC OSX ... volume, and then selecting the "Upgrade" option to perform a basic installation. Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures Installing the AnyConnect Client on a User's PC You can start the client manually from the user interface with the Linux command /...
Administration Guide
Page 28
Installing the AnyConnect Client on a User's PC Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures 2-10 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012
Installing the AnyConnect Client on a User's PC Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures 2-10 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012