User Manual
Page 1
.... 1. LINK/ACT Indicator Power Indicator LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance If a LINK/ACT LED is a graphical interface that you can use ASDM to make sure it is...Slot POWER 48VDC 7 POWER over ETHERNET 6 5 4 3 2 Cisco ASA 5505 1 0 CONSOLE 1 2 RESET Power supply adapter Blue console cable Power cable (US shown) ProCdiFuscicrteoCwADaSllA 5505 Documentation Yellow Ethernet cable GQCuuisiidccoke SAtSaArt 5505 2. Using the startup wizard, you are using ASDM. However, ...
.... 1. LINK/ACT Indicator Power Indicator LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance If a LINK/ACT LED is a graphical interface that you can use ASDM to make sure it is...Slot POWER 48VDC 7 POWER over ETHERNET 6 5 4 3 2 Cisco ASA 5505 1 0 CONSOLE 1 2 RESET Power supply adapter Blue console cable Power cable (US shown) ProCdiFuscicrteoCwADaSllA 5505 Documentation Yellow Ethernet cable GQCuuisiidccoke SAtSaArt 5505 2. Using the startup wizard, you are using ASDM. However, ...
User Manual
Page 2
... 200 offices worldwide. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. Americas Headquarters Cisco Systems, Inc. Addresses, phone numbers, and fax numbers are the property of Cisco and/or its affiliates in the list. ACLs can run on a group basis... containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance With AnyConnect 3.0 and later, the client can be available to the ASA. 10. (Optional) Configuring the IPS Module ASA 8.2 and Later If your inside server accessible from the Internet....
... 200 offices worldwide. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. Americas Headquarters Cisco Systems, Inc. Addresses, phone numbers, and fax numbers are the property of Cisco and/or its affiliates in the list. ACLs can run on a group basis... containing 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance With AnyConnect 3.0 and later, the client can be available to the ASA. 10. (Optional) Configuring the IPS Module ASA 8.2 and Later If your inside server accessible from the Internet....
Administration Guide
Page 7
... models, unless specified otherwise. Audience This guide is not supported. ASDM includes configuration wizards to guide you configure the Cisco AnyConnect VPN Client parameters on the security appliance. You can configure and monitor the security appliance by using either the ...The purpose of this guide, the term "security appliance" applies generically to the Cisco ASA 5500 series security appliances (ASA 5505 and higher). About This Guide OL-12950-012 This preface introduces the Cisco AnyConnect VPN Client Administrator Guide, and includes the following tasks: • Manage network...
... models, unless specified otherwise. Audience This guide is not supported. ASDM includes configuration wizards to guide you configure the Cisco AnyConnect VPN Client parameters on the security appliance. You can configure and monitor the security appliance by using either the ...The purpose of this guide, the term "security appliance" applies generically to the Cisco ASA 5500 series security appliances (ASA 5505 and higher). About This Guide OL-12950-012 This preface introduces the Cisco AnyConnect VPN Client Administrator Guide, and includes the following tasks: • Manage network...
Administration Guide
Page 8
... Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators • For...
... Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages • Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators • For...
Administration Guide
Page 11
...) on your central-site security appliance and on either clientless or AnyConnect. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM 6.0 and higher. Then, you configure the AnyConnect client features on Windows systems.... OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 1-1 The client allows user profiles that provides a low-latency data path ...
...) on your central-site security appliance and on either clientless or AnyConnect. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM 6.0 and higher. Then, you configure the AnyConnect client features on Windows systems.... OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 1-1 The client allows user profiles that provides a low-latency data path ...
Administration Guide
Page 18
...• The CD shipped with the security appliance. • The software download page for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Attach the new rule module to import. Getting and Installing the Files You Need Chapter 1 ...Introduction Step 1 Step 2 Step 3 Step 4 Step 5 Retrieve the CSA policies for Cisco Security Agents 5.2. For more ...
...• The CD shipped with the security appliance. • The software download page for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Attach the new rule module to import. Getting and Installing the Files You Need Chapter 1 ...Introduction Step 1 Step 2 Step 3 Step 4 Step 5 Retrieve the CSA policies for Cisco Security Agents 5.2. For more ...
Administration Guide
Page 19
... AnyConnect client features after installation. DTLS avoids latency and bandwidth problems associated with some SSL connections and improves the performance of the ASA Release 8.0(1) and later and ASDM Release 6.0 and later. You can also negotiate a simultaneous Datagram Transport Layer Security (DTLS) connection...on the security appliance and what you have it loads the client that interface and displays the login screen. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-1 Standalone Mode In the case of a previously-installed client, when the user authenticates, the ...
... AnyConnect client features after installation. DTLS avoids latency and bandwidth problems associated with some SSL connections and improves the performance of the ASA Release 8.0(1) and later and ASDM Release 6.0 and later. You can also negotiate a simultaneous Datagram Transport Layer Security (DTLS) connection...on the security appliance and what you have it loads the client that interface and displays the login screen. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 2-1 Standalone Mode In the case of a previously-installed client, when the user authenticates, the ...
Administration Guide
Page 20
... For more detailed information about configuring the AnyConnect client and other SSL VPN connections on the security appliance, see the Cisco ASA 5500 Command Reference Guide for the AnyConnect client Release 2.0(1), and contains the following sections: • Before You Install ...Install the AnyConnect Client The following sections contain recommendations to ensure successful AnyConnect client installation, as well as tips about certificates, Cisco Security Agent (CSA), adding trusted sites, and responding to browser alerts: • Ensuring Automatic Installation of AnyConnect Clients, page...
... For more detailed information about configuring the AnyConnect client and other SSL VPN connections on the security appliance, see the Cisco ASA 5500 Command Reference Guide for the AnyConnect client Release 2.0(1), and contains the following sections: • Before You Install ...Install the AnyConnect Client The following sections contain recommendations to ensure successful AnyConnect client installation, as well as tips about certificates, Cisco Security Agent (CSA), adding trusted sites, and responding to browser alerts: • Ensuring Automatic Installation of AnyConnect Clients, page...
Administration Guide
Page 22
... possible login situations. The following examples illustrate sequences of events involving the pop-up Security Alert dialog box. 2. Example Set 1 1. Cisco AnyConnect VPN Client Administrator Guide 2-4 OL-12950-012 Click the Security tab. Use a wildcard such as a trusted root certificate on a...to Browser Security Alert Windows This section explains how to install a self-signed certificate as https://*.yourcompany.com to allow all ASA 5500s within the yourcompany.com domain to be used to badly configured security appliance #1. A user connects to support multiple sites....
... possible login situations. The following examples illustrate sequences of events involving the pop-up Security Alert dialog box. 2. Example Set 1 1. Cisco AnyConnect VPN Client Administrator Guide 2-4 OL-12950-012 Click the Security tab. Use a wildcard such as a trusted root certificate on a...to Browser Security Alert Windows This section explains how to install a self-signed certificate as https://*.yourcompany.com to allow all ASA 5500s within the yourcompany.com domain to be used to badly configured security appliance #1. A user connects to support multiple sites....
Administration Guide
Page 58
There is no specific configuration of AnyConnect required to use Secure Desktop. Configuring, Enabling, and Using Other AnyConnect Features Chapter 5 Configuring AnyConnect Features Using ASDM Cisco Secure Desktop for Cisco ASA 5500 Series Administrators (Software Release 3.2). 5-16 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 For detailed information about configuring Cisco Secure Desktop, see the Cisco Secure Desktop Configuration Guide for Windows 2000 and Windows XP.
There is no specific configuration of AnyConnect required to use Secure Desktop. Configuring, Enabling, and Using Other AnyConnect Features Chapter 5 Configuring AnyConnect Features Using ASDM Cisco Secure Desktop for Cisco ASA 5500 Series Administrators (Software Release 3.2). 5-16 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012 For detailed information about configuring Cisco Secure Desktop, see the Cisco Secure Desktop Configuration Guide for Windows 2000 and Windows XP.
Administration Guide
Page 64
... the Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators (Software Release 3.2). To enable the client to use the svc rekey command from group-policy and username webvpn modes. If either command is disabled. Cisco Secure Desktop Support Cisco Secure Desktop...authorization that SSL renegotiation takes place during rekey. Enabling AnyConnect Rekey Configuring AnyConnect Rekey specifies that addresses the variables of Cisco Secure Desktop for Windows 2000 and Windows XP. Configuring, Enabling, and Using Other AnyConnect Features Chapter 6 Configuring AnyConnect ...
... the Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators (Software Release 3.2). To enable the client to use the svc rekey command from group-policy and username webvpn modes. If either command is disabled. Cisco Secure Desktop Support Cisco Secure Desktop...authorization that SSL renegotiation takes place during rekey. Enabling AnyConnect Rekey Configuring AnyConnect Rekey specifies that addresses the variables of Cisco Secure Desktop for Windows 2000 and Windows XP. Configuring, Enabling, and Using Other AnyConnect Features Chapter 6 Configuring AnyConnect ...
Administration Guide
Page 65
..., if necessary. Note When using the AnyConnect client with which the security appliance (gateway) performs DPD. To enable DPD on the ASA to allow the AnyConnect client to fall back to occur. In the following example sets the frequency of DPD performed by the security ...: The following example, the client is necessary for the existing group-policy sales: hostname(config)# group-policy sales attributes OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 6-7 client none disables DPD performed by the security appliance. To remove the svc dpd-interval command from 30...
..., if necessary. Note When using the AnyConnect client with which the security appliance (gateway) performs DPD. To enable DPD on the ASA to allow the AnyConnect client to fall back to occur. In the following example sets the frequency of DPD performed by the security ...: The following example, the client is necessary for the existing group-policy sales: hostname(config)# group-policy sales attributes OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 6-7 client none disables DPD performed by the security appliance. To remove the svc dpd-interval command from 30...
Administration Guide
Page 91
...a translation, enter the translated text between the quotes of message fields: # Copyright (C) 2007 by Cisco Systems, Inc. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: ASA\n" "Report-Msgid-Bugs-To: support@cisco.com\n" "POT-Creation-Date: 2007-04-23 18:57 GMT\n" "PO-Revision-Date: YEAR-MO-...specified), and it contains empty message fields: hostname# export webvpn translation-table AnyConnect template tftp://209.165.200.225/test Step 2 Edit the translation table XML file. Step 3 Import the translation table using the import webvpn translation-table command from privileged EXEC mode. ...
...a translation, enter the translated text between the quotes of message fields: # Copyright (C) 2007 by Cisco Systems, Inc. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: ASA\n" "Report-Msgid-Bugs-To: support@cisco.com\n" "POT-Creation-Date: 2007-04-23 18:57 GMT\n" "PO-Revision-Date: YEAR-MO-...specified), and it contains empty message fields: hostname# export webvpn translation-table AnyConnect template tftp://209.165.200.225/test Step 2 Edit the translation table XML file. Step 3 Import the translation table using the import webvpn translation-table command from privileged EXEC mode. ...
Administration Guide
Page 101
OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide A-3 Appendix A Sample AnyConnect Profile and XML Schema Sample AnyConnect Profile Schema Can be a FQDN or IP address. --> cvc-asa-02.cisco.com 10.94.146.172 CVC-ASA-02 cvc-asa-02.cisco.com CVC-ASA-01 10.94.146.172 cvc-asa-03.cisco.com 10.94.146.173 Sample AnyConnect Profile Schema pwd This is the data needed to attempt a connection to a specific host.
OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide A-3 Appendix A Sample AnyConnect Profile and XML Schema Sample AnyConnect Profile Schema Can be a FQDN or IP address. --> cvc-asa-02.cisco.com 10.94.146.172 CVC-ASA-02 cvc-asa-02.cisco.com CVC-ASA-01 10.94.146.172 cvc-asa-03.cisco.com 10.94.146.173 Sample AnyConnect Profile Schema pwd This is the data needed to attempt a connection to a specific host.
Installation Guide
Page 1
4 C H A P T E R Installing the ASA 5505 This chapter describes how to install your Cisco Cisco ASA 5505 adaptive security appliance, as shown in Figure 4-1. 78-18003-02 ASA 5505 Getting Started Guide 4-1 This chapter includes the following sections: • Verifying the Package Contents, ...; PoE Ports and Devices, page 4-3 • Installing the Chassis, page 4-4 • Connecting to Network Interfaces, page 4-4 • Powering on the Cisco ASA 5505, page 4-6 • Setting Up a PC for System Administration, page 4-6 • Optional Procedures, page 4-8 • Ports and LEDs, page 4-9...
4 C H A P T E R Installing the ASA 5505 This chapter describes how to install your Cisco Cisco ASA 5505 adaptive security appliance, as shown in Figure 4-1. 78-18003-02 ASA 5505 Getting Started Guide 4-1 This chapter includes the following sections: • Verifying the Package Contents, ...; PoE Ports and Devices, page 4-3 • Installing the Chassis, page 4-4 • Connecting to Network Interfaces, page 4-4 • Powering on the Cisco ASA 5505, page 4-6 • Setting Up a PC for System Administration, page 4-6 • Optional Procedures, page 4-8 • Ports and LEDs, page 4-9...
Installation Guide
Page 2
Verifying the Package Contents Figure 4-1 Contents of Cisco ASA 5505 Package Chapter 4 Installing the ASA 5505 POWER 48VDC Security SCearrvdicSelost 7 POWER over ETHERNET 6 5 4 3 2 1 0 Cisco ASA 5505 CONSOLE 1 2 RESET Power supply adapter Blue console cable Cable (US shown) ProCdiFusiccrteoCwADaSllA 5505 Yellow Ethernet cable InfoarnCmdoaSRmtiaoepfngeliuatylnactoery GeCGtitusincidgoeSAtSaArte5d505 Documentation ASA 5505 Getting Started Guide 4-2 78-18003-02
Verifying the Package Contents Figure 4-1 Contents of Cisco ASA 5505 Package Chapter 4 Installing the ASA 5505 POWER 48VDC Security SCearrvdicSelost 7 POWER over ETHERNET 6 5 4 3 2 1 0 Cisco ASA 5505 CONSOLE 1 2 RESET Power supply adapter Blue console cable Cable (US shown) ProCdiFusiccrteoCwADaSllA 5505 Yellow Ethernet cable InfoarnCmdoaSRmtiaoepfngeliuatylnactoery GeCGtitusincidgoeSAtSaArte5d505 Documentation ASA 5505 Getting Started Guide 4-2 78-18003-02
Installation Guide
Page 3
...IEEE 802.3af standard, such as Ethernet switch ports, like the Ethernet switch ports numbered 0 through 5. Using crossover cable does not enable the Cisco ASA 5505 to provide power to the PoE ports. • Do not disable auto-negotiation (force speed and duplex) on its own. If auto-...negotiation is always in low-power mode when drawing power from the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-3 However, these switch ports, the adaptive security appliance does not supply power to the ports and the device...
...IEEE 802.3af standard, such as Ethernet switch ports, like the Ethernet switch ports numbered 0 through 5. Using crossover cable does not enable the Cisco ASA 5505 to provide power to the PoE ports. • Do not disable auto-negotiation (force speed and duplex) on its own. If auto-...negotiation is always in low-power mode when drawing power from the Cisco ASA 5505. 78-18003-02 ASA 5505 Getting Started Guide 4-3 However, these switch ports, the adaptive security appliance does not supply power to the ports and the device...
Installation Guide
Page 4
... for ordering a wall-mount kit for the Cisco ASA 5505 is ASA-5505-WALL-MNT= , the part number for ordering a rack-mount kit for the Cisco ASA 5505 is , the Internet): a. Use a yellow Ethernet cable to connect the device to an Internet router.) ASA 5505 Getting Started Guide 4-4 78-18003-02 Step ... to a network interface, perform the following steps: Step 1 Step 2 Place the chassis on wall-mounting or rack-mounting the Cisco ASA 5505, see "Mounting the ASA 5505 Chassis" section in Figure 4-2. (Typically Ethernet port 0 is the outside port. If you are connecting any Power over Ethernet ...
... for ordering a wall-mount kit for the Cisco ASA 5505 is ASA-5505-WALL-MNT= , the part number for ordering a rack-mount kit for the Cisco ASA 5505 is , the Internet): a. Use a yellow Ethernet cable to connect the device to an Internet router.) ASA 5505 Getting Started Guide 4-4 78-18003-02 Step ... to a network interface, perform the following steps: Step 1 Step 2 Place the chassis on wall-mounting or rack-mounting the Cisco ASA 5505, see "Mounting the ASA 5505 Chassis" section in Figure 4-2. (Typically Ethernet port 0 is the outside port. If you are connecting any Power over Ethernet ...
Installation Guide
Page 5
Chapter 4 Installing the ASA 5505 Connecting to Network Interfaces Figure 4-2 Connecting to a device, such as a router, desktop computer, or printer. Note When connecting a computer to an inside port on the ... cable because ports 0 through 5 are switched ports and ports 6 and 7 are PoE ports and both require that you connect a straight through cable. 78-18003-02 ASA 5505 Getting Started Guide 4-5
Chapter 4 Installing the ASA 5505 Connecting to Network Interfaces Figure 4-2 Connecting to a device, such as a router, desktop computer, or printer. Note When connecting a computer to an inside port on the ... cable because ports 0 through 5 are switched ports and ports 6 and 7 are PoE ports and both require that you connect a straight through cable. 78-18003-02 ASA 5505 Getting Started Guide 4-5
Installation Guide
Page 6
... best performance. Connect the AC power connector of the power supply cable to one of the Cisco ASA 5505 inside ports is powered on the device. Note The Cisco ASA 5505 does not have a power switch. In addition to configuration and management capability, ASDM also provides...graphical user interface (GUI). For more information, see Chapter 1, "Configuring the Adaptive Security Appliance." Powering on the Cisco ASA 5505 Chapter 4 Installing the ASA 5505 Powering on the Cisco ASA 5505 To power on page 4-10. Step 4 Check the power LED; To set to an electrical outlet. Connect ...
... best performance. Connect the AC power connector of the power supply cable to one of the Cisco ASA 5505 inside ports is powered on the device. Note The Cisco ASA 5505 does not have a power switch. In addition to configuration and management capability, ASDM also provides...graphical user interface (GUI). For more information, see Chapter 1, "Configuring the Adaptive Security Appliance." Powering on the Cisco ASA 5505 Chapter 4 Installing the ASA 5505 Powering on the Cisco ASA 5505 To power on page 4-10. Step 4 Check the power LED; To set to an electrical outlet. Connect ...