User Manual
Page 2
... > Device Setup > SSC Setup. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. Step 1 In the main ASDM window, choose Wizards > VPN Wizards, then choose one of Cisco trademarks, go to this URL: www.cisco.com/go /offices. Cisco and the Cisco logo are trademarks... box.) Step 3 To configure the IPS module on recycled paper containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance The Public Server pane appears. Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN...
... > Device Setup > SSC Setup. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. Step 1 In the main ASDM window, choose Wizards > VPN Wizards, then choose one of Cisco trademarks, go to this URL: www.cisco.com/go /offices. Cisco and the Cisco logo are trademarks... box.) Step 3 To configure the IPS module on recycled paper containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance The Public Server pane appears. Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN...
Administration Guide
Page 20
...about how to configure the features of AnyConnect client software on client PCs: • To minimize user prompts during AnyConnect client setup, make sure certificate data on client PCs and on the security appliance, choose one that is installed manually. This section ... on clients. Note When using a self-signed certificate on the security appliance, see the Cisco ASA 5500 Command Reference Guide for version 8.0 or later. For more detailed information about certificates, Cisco Security Agent (CSA), adding trusted sites, and responding to browser alerts: • Ensuring Automatic...
...about how to configure the features of AnyConnect client software on client PCs: • To minimize user prompts during AnyConnect client setup, make sure certificate data on client PCs and on the security appliance, choose one that is installed manually. This section ... on clients. Note When using a self-signed certificate on the security appliance, see the Cisco ASA 5500 Command Reference Guide for version 8.0 or later. For more detailed information about certificates, Cisco Security Agent (CSA), adding trusted sites, and responding to browser alerts: • Ensuring Automatic...
Administration Guide
Page 26
... 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Exit all Windows programs, and disable any antivirus software (recommended). Click Next. After installing, the Completing the Cisco AnyConnect VPN Client Setup Wizard screen displays. The Ready to work (CSCsh23752). Click Install. In standalone mode, the user starts the AnyConnect client software without first establishing a web...
... 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Exit all Windows programs, and disable any antivirus software (recommended). Click Next. After installing, the Completing the Cisco AnyConnect VPN Client Setup Wizard screen displays. The Ready to work (CSCsh23752). Click Install. In standalone mode, the user starts the AnyConnect client software without first establishing a web...
Administration Guide
Page 45
... > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • ...Edit > Add or Edit User Account > VPN Policy > SSL VPN Client Figure 5-2 shows an example of configuring the DTLS setting for fallback to occur. Figure 5-2 Enabling or Disabling DTLS Note When using the AnyConnect client with an SSL VPN tunnel. Fallback to TLS, if necessary. OL-12950-012 Cisco...
... > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • ...Edit > Add or Edit User Account > VPN Policy > SSL VPN Client Figure 5-2 shows an example of configuring the DTLS setting for fallback to occur. Figure 5-2 Enabling or Disabling DTLS Note When using the AnyConnect client with an SSL VPN tunnel. Fallback to TLS, if necessary. OL-12950-012 Cisco...
Administration Guide
Page 47
...Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device ...for the AnyConnect client, you must update the AnyConnect clients of the group-policy or username configuration. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-5 Chapter 5 Configuring AnyConnect Features Using ASDM Enabling IPv6 VPN Access Figure 5-4 shows ...
...Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device ...for the AnyConnect client, you must update the AnyConnect clients of the group-policy or username configuration. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-5 Chapter 5 Configuring AnyConnect Features Using ASDM Enabling IPv6 VPN Access Figure 5-4 shows ...
Administration Guide
Page 52
... VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management...setting in group-policy and username webvpn modes. You can also configure compression for an internal group policy. 5-10 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 The global setting overrides the group-policy and username settings. Configuring, Enabling...
... VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management...setting in group-policy and username webvpn modes. You can also configure compression for an internal group policy. 5-10 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 The global setting overrides the group-policy and username settings. Configuring, Enabling...
Administration Guide
Page 53
... > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-11 The paths to Inherit. Adjusting the frequency also ensures that the...compression to deflate in either is set to disable (or to ensure that an AnyConnect client or SSL VPN connection through a proxy, firewall, or NAT device remains open, even if the device limits the time that the client does not disconnect and reconnect when the remote...
... > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-11 The paths to Inherit. Adjusting the frequency also ensures that the...compression to deflate in either is set to disable (or to ensure that an AnyConnect client or SSL VPN connection through a proxy, firewall, or NAT device remains open, even if the device limits the time that the client does not disconnect and reconnect when the remote...
Administration Guide
Page 55
...ASDM Configuring, Enabling, and Using Other AnyConnect Features • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration • Device Management > Users/AAA > User Accounts > ...Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration Figure 5-11 shows an example of the connection. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-13 Note The security appliance does ...
...ASDM Configuring, Enabling, and Using Other AnyConnect Features • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration • Device Management > Users/AAA > User Accounts > ...Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration Figure 5-11 shows an example of the connection. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-13 Note The security appliance does ...
Administration Guide
Page 56
... > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client > Dead Peer Detection • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Dead Peer...appliance (gateway) or the client can quickly detect a condition where the peer is necessary for an internal group policy. 5-14 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 Fallback to TLS, if necessary. Note When using the AnyConnect client with which ...
... > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client > Dead Peer Detection • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Dead Peer...appliance (gateway) or the client can quickly detect a condition where the peer is necessary for an internal group policy. 5-14 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 Fallback to TLS, if necessary. Note When using the AnyConnect client with which ...
Installation Guide
Page 6
...power supply cable to the power connector on the Cisco ASA 5505, perform the following steps: Step 1 Step 2 Step 3 Connect the power supply with the Adaptive Security Device Manager (ASDM) application, which you can perform setup, configuration and management tasks from which provides an ...intuitive graphical user interface (GUI). Connect the AC power connector of the Cisco ASA 5505 inside ports is powered on. Step 4 Check the power LED;...
...power supply cable to the power connector on the Cisco ASA 5505, perform the following steps: Step 1 Step 2 Step 3 Connect the power supply with the Adaptive Security Device Manager (ASDM) application, which you can perform setup, configuration and management tasks from which provides an ...intuitive graphical user interface (GUI). Connect the AC power connector of the Cisco ASA 5505 inside ports is powered on. Step 4 Check the power LED;...
Installation Guide
Page 7
Step 3 Step 4 Use an Ethernet cable to connect the PC to perform initial setup and configuration of the Cisco ASA 5505 lights up solid green. Check the LINK LED to verify that the PC has basic connectivity to either 10 or 100 Mbps half duplex. this ...address is not an option for information about how to a switched inside port on the front panel of the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-7 See Chapter 1, "Configuring the Adaptive Security Appliance" for the PC interface, set the interface to run ASDM for System ...
Step 3 Step 4 Use an Ethernet cable to connect the PC to perform initial setup and configuration of the Cisco ASA 5505 lights up solid green. Check the LINK LED to verify that the PC has basic connectivity to either 10 or 100 Mbps half duplex. this ...address is not an option for information about how to a switched inside port on the front panel of the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-7 See Chapter 1, "Configuring the Adaptive Security Appliance" for the PC interface, set the interface to run ASDM for System ...
Installation Guide
Page 8
To do so, you must run a serial terminal emulator on the Cisco ASA 5505. Figure 4-3 Connecting to perform tasks that are not required for administration using the console port on a PC or workstation, as shown in Figure 4-3. This section includes the following steps: ASA 5505 Getting Started Guide 4-8 78-18003-02 Optional Procedures Chapter 4 Installing the... the Console" section on page 4-8 • "Installing a Cable Lock" section on page 4-9 Connecting to the Console You can access the command line for the initial setup of the Cisco ASA 5505.
To do so, you must run a serial terminal emulator on the Cisco ASA 5505. Figure 4-3 Connecting to perform tasks that are not required for administration using the console port on a PC or workstation, as shown in Figure 4-3. This section includes the following steps: ASA 5505 Getting Started Guide 4-8 78-18003-02 Optional Procedures Chapter 4 Installing the... the Console" section on page 4-8 • "Installing a Cable Lock" section on page 4-9 Connecting to the Console You can access the command line for the initial setup of the Cisco ASA 5505.
Installation Guide
Page 11
... be down if there is a duplex mismatch. If the system is part of a high availability setup, a solid amber light indicates that the link is part of cable. 78-18003-02 ASA 5505 Getting Started Guide 4-11 If the system is forwarding traffic. Flashing The system is forwarding traffic. If...LED does not light up, the link could be using the wrong type of a high availability setup, a solid green light indicates that this is enabled by changing the settings either on the Cisco ASA 5505 or on standby. Solid The tunnel failed to initiate. - State Description Solid The system is ...
... be down if there is a duplex mismatch. If the system is part of a high availability setup, a solid amber light indicates that the link is part of cable. 78-18003-02 ASA 5505 Getting Started Guide 4-11 If the system is forwarding traffic. Flashing The system is forwarding traffic. If...LED does not light up, the link could be using the wrong type of a high availability setup, a solid green light indicates that this is enabled by changing the settings either on the Cisco ASA 5505 or on standby. Solid The tunnel failed to initiate. - State Description Solid The system is ...