Administration Guide
Page 3
... Connecting to the Configuration Utility 18 Using the Getting Started Pages 19 Navigating Through the Configuration Utility 21 Using the Help System 22 About the Default Settings 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic...
... Connecting to the Configuration Utility 18 Using the Getting Started Pages 19 Navigating Through the Configuration Utility 21 Using the Help System 22 About the Default Settings 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic...
Administration Guide
Page 6
... Firewall Rules 113 Firewall Rule Configuration Examples 114 Using Other Tools to Prevent Attacks, Restrict Access, and Control Inbound Traffic 117 Configuring Attack Checks 118 Configuring MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other Tools to Control Access to the Internet 124...
... Firewall Rules 113 Firewall Rule Configuration Examples 114 Using Other Tools to Prevent Attacks, Restrict Access, and Control Inbound Traffic 117 Configuring Attack Checks 118 Configuring MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other Tools to Control Access to the Internet 124...
Administration Guide
Page 7
... Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for VeriSign Service Chapter 8: Administration Users Domains Groups Adding or Editing User Settings Adding or Editing User Login Policies Firmware and Configuration Upgrading Firmware and Working with Configuration Files Maintaining the USB Device Using the Secondary Firmware Diagnostics Measuring and Limiting Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging...
... Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for VeriSign Service Chapter 8: Administration Users Domains Groups Adding or Editing User Settings Adding or Editing User Login Policies Firmware and Configuration Upgrading Firmware and Working with Configuration Files Maintaining the USB Device Using the Secondary Firmware Diagnostics Measuring and Limiting Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging...
Administration Guide
Page 11
... the appliance has booted properly. • POWER LED-(Green) When lit, indicates the appliance is performing the power-on diagnostics. Cisco SA500 Series Security Appliances Administration Guide 11 Yes (100) Included (50) Device Overview Before you begin to 25 seats. To restore the factory default settings, press and hold the Reset button for the associated port. Refer to 25 seats. Front Panel • RESET Button-To reboot the security...
... the appliance has booted properly. • POWER LED-(Green) When lit, indicates the appliance is performing the power-on diagnostics. Cisco SA500 Series Security Appliances Administration Guide 11 Yes (100) Included (50) Device Overview Before you begin to 25 seats. To restore the factory default settings, press and hold the Reset button for the associated port. Refer to 25 seats. Front Panel • RESET Button-To reboot the security...
Administration Guide
Page 18
... Configuration Utility if you will need to enter the new IP address to connect to an available LAN port on the back panel of the security appliance. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default LAN address of the security appliance. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log...
... Configuration Utility if you will need to enter the new IP address to connect to an available LAN port on the back panel of the security appliance. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default LAN address of the security appliance. STEP 4 Enter the default user name and password: • Username: cisco • Password: cisco STEP 5 Click Log...
Administration Guide
Page 23
... network. Changing the Default User Name and Password To prevent unauthorized access, immediately change the default username and password. The security profile has Open security and identifies itself to all wireless devices that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 See Scenario 10: Wireless Networking, page 35. • Administrative Access: You can access the Configuration Utility by default. The access point is enabled by using...
... network. Changing the Default User Name and Password To prevent unauthorized access, immediately change the default username and password. The security profile has Open security and identifies itself to all wireless devices that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 See Scenario 10: Wireless Networking, page 35. • Administrative Access: You can access the Configuration Utility by default. The access point is enabled by using...
Administration Guide
Page 24
... the Install the updated firmware link. The default password for this box to a saved configuration. You can be changed for this account. • Check to Edit Password: Check this new security appliance is cisco. • New Password: Enter a password that contains alphanumeric, '-' or '_' characters. • Confirm Password: Enter the password again. • Idle Timeout: Enter the time in minutes that the user can upgrade from 0 to 999. STEP 3 In the Upgrade Firmware...
... the Install the updated firmware link. The default password for this box to a saved configuration. You can be changed for this account. • Check to Edit Password: Check this new security appliance is cisco. • New Password: Enter a password that contains alphanumeric, '-' or '_' characters. • Confirm Password: Enter the password again. • Idle Timeout: Enter the time in minutes that the user can upgrade from 0 to 999. STEP 3 In the Upgrade Firmware...
Administration Guide
Page 27
.... See Scenario 8: Cisco Smart Business Communications System Configuration, page 28. 4. Consider how you want to use the Optional port: • If you need a DMZ, you want to restrict some types of outbound traffic to allow access to provide backup connectivity or load balancing. If you can use the links in most cases. See Configuring the Logging Options, page 185 and RMON (Remote Management), page 197. For...
.... See Scenario 8: Cisco Smart Business Communications System Configuration, page 28. 4. Consider how you want to use the Optional port: • If you need a DMZ, you want to restrict some types of outbound traffic to allow access to provide backup connectivity or load balancing. If you can use the links in most cases. See Configuring the Logging Options, page 185 and RMON (Remote Management), page 197. For...
Administration Guide
Page 43
... the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port as a LAN Port About the Default LAN Settings • By default the LAN of the router is configured in the DHCP configuration when acknowledging a DHCP request from a DHCP client. • By default, your LAN. If you can use a Windows Internet Naming Service (WINS) server...
... the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port as a LAN Port About the Default LAN Settings • By default the LAN of the router is configured in the DHCP configuration when acknowledging a DHCP request from a DHCP client. • By default, your LAN. If you can use a Windows Internet Naming Service (WINS) server...
Administration Guide
Page 46
... to your settings. For example, if you can create new VLAN. For more information, see Configuring the Optional Port as a LAN Port, page 53. • If you enable inter VLAN routing. Viewing the LAN Status STEP 1 Click Networking > LAN > LAN Status. The LAN Status window opens. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP...
... to your settings. For example, if you can create new VLAN. For more information, see Configuring the Optional Port as a LAN Port, page 53. • If you enable inter VLAN routing. Viewing the LAN Status STEP 1 Click Networking > LAN > LAN Status. The LAN Status window opens. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP...
Administration Guide
Page 57
...: Enable this feature to segregate traffic between links that you specify as the primary link. Figure 1 shows an example of WAN port traffic, consider making the WAN port Internet addresses public and keeping the other one for the protocols that is connected to a high speed link, and bind low-volume services to the port that are having problems with Load Balancing. The two links will carry data...
...: Enable this feature to segregate traffic between links that you specify as the primary link. Figure 1 shows an example of WAN port traffic, consider making the WAN port Internet addresses public and keeping the other one for the protocols that is connected to a high speed link, and bind low-volume services to the port that are having problems with Load Balancing. The two links will carry data...
Administration Guide
Page 70
... MD5 based authentication between routers. - By default all ports are enabled. Cisco SA500 Series Security Appliances Administration Guide 70 STEP 4 Click Apply to multicast addresses. To disable the port, uncheck the box. RIP-2M sends data to save your settings. The Port Management window opens. STEP 3 In the Authentication for RIP 2B/2M area, enter the following options for RIP 2B/2M: Check this MD5 key. - STEP 2 Choose the...
... MD5 based authentication between routers. - By default all ports are enabled. Cisco SA500 Series Security Appliances Administration Guide 70 STEP 4 Click Apply to multicast addresses. To disable the port, uncheck the box. RIP-2M sends data to save your settings. The Port Management window opens. STEP 3 In the Authentication for RIP 2B/2M area, enter the following options for RIP 2B/2M: Check this MD5 key. - STEP 2 Choose the...
Administration Guide
Page 96
... of Service to the selected access point. The default is "open" access, which means that the policy is not enabled. Wireless Configuration for this profile. The settings on this page apply only if this box is typically sent to this setting to specify the default Class of Profiles table. Cisco SA500 Series Security Appliances Administration Guide 96 Bulk data that you to define specific MAC addresses to...
... of Service to the selected access point. The default is "open" access, which means that the policy is not enabled. Wireless Configuration for this profile. The settings on this page apply only if this box is typically sent to this setting to specify the default Class of Profiles table. Cisco SA500 Series Security Appliances Administration Guide 96 Bulk data that you to define specific MAC addresses to...
Administration Guide
Page 131
... IPS signature downloads. - To enable the auto update option, check the Automatically Update Signatures box. Cisco SA500 Series Security Appliances Administration Guide 131 From this page you must choose IPS as the facility. STEP 1 Click IPS > IPS Setup, or from the IPS Setup page. To display messages generated by IPS, you can configure the security appliance to save your Cisco.com User Name and Password to authenticate...
... IPS signature downloads. - To enable the auto update option, check the Automatically Update Signatures box. Cisco SA500 Series Security Appliances Administration Guide 131 From this page you must choose IPS as the facility. STEP 1 Click IPS > IPS Setup, or from the IPS Setup page. To display messages generated by IPS, you can configure the security appliance to save your Cisco.com User Name and Password to authenticate...
Administration Guide
Page 143
... selected when the clients use QuickVPN Client. • Allow user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be part of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the local subnet. See Advanced Configuration of configuration tasks for IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. This...
... selected when the clients use QuickVPN Client. • Allow user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be part of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the local subnet. See Advanced Configuration of configuration tasks for IPsec VPN Remote Access. • Optionally, review and modify the default settings and policies. This...
Administration Guide
Page 163
... Cisco SA500 Series Security Appliances Administration Guide 163 Configuring SSL VPN Port Forwarding Port Forwarding is different from split and full tunnel modes, which allow access only to a limited set of the supported SSL VPN services to easily create and configure SSL VPN policies. Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 Specifying the Network Resources for multiple remote SSL VPN users. To delete an entry, check the box and then click Delete. For example...
... Cisco SA500 Series Security Appliances Administration Guide 163 Configuring SSL VPN Port Forwarding Port Forwarding is different from split and full tunnel modes, which allow access only to a limited set of the supported SSL VPN services to easily create and configure SSL VPN policies. Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 Specifying the Network Resources for multiple remote SSL VPN users. To delete an entry, check the box and then click Delete. For example...
Administration Guide
Page 176
... delete an address, check the box, and then click Delete. IMPORTANT! Firmware and Configuration This section describes the following maintenance tasks: • Upgrading Firmware and Working with Configuration Files • Maintaining the USB Device • Using the Secondary Firmware Upgrading Firmware and Working with Configuration Files You can corrupt the flash memory and render the router unusable without a low-level process of restoring the flash firmware (not through the Configuration Utility). Cisco SA500 Series Security Appliances Administration Guide...
... delete an address, check the box, and then click Delete. IMPORTANT! Firmware and Configuration This section describes the following maintenance tasks: • Upgrading Firmware and Working with Configuration Files • Maintaining the USB Device • Using the Secondary Firmware Upgrading Firmware and Working with Configuration Files You can corrupt the flash memory and render the router unusable without a low-level process of restoring the flash firmware (not through the Configuration Utility). Cisco SA500 Series Security Appliances Administration Guide...
Administration Guide
Page 221
... up, test the network configuration: • Verify that the Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that the IP address for any hub ports that are correct and on page B-1 and follow instructions for "LAN or Internet port LEDs are not lit." • Verify that sends an ICMP echo-request packet to the designated device...
... up, test the network configuration: • Verify that the Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that the IP address for any hub ports that are correct and on page B-1 and follow instructions for "LAN or Internet port LEDs are not lit." • Verify that sends an ICMP echo-request packet to the designated device...
Administration Guide
Page 229
D Factory Default Settings General Settings Feature Setting Host Name Model number Device Name Model number Administrator Username cisco Administrator Password cisco Allow ICMP echo replies (good for validating connectivity) disable Date and Time - Automatic Time enable Update Date and Time - Time Zone Pacific Time (US & Canada) DDNS disable HTTP Remote Access enable HTTPS Remote Access enable SNMP - Trusted Peer IP address SNMP Agent disable Cisco SA500 Series Security Appliances Administration Guide 229 Daylight Savings enable Time Date and Time - ...
D Factory Default Settings General Settings Feature Setting Host Name Model number Device Name Model number Administrator Username cisco Administrator Password cisco Allow ICMP echo replies (good for validating connectivity) disable Date and Time - Automatic Time enable Update Date and Time - Time Zone Pacific Time (US & Canada) DDNS disable HTTP Remote Access enable HTTPS Remote Access enable SNMP - Trusted Peer IP address SNMP Agent disable Cisco SA500 Series Security Appliances Administration Guide 229 Daylight Savings enable Time Date and Time - ...
Administration Guide
Page 232
... (Data VLAN subnet mask) Setting enable DHCP client 1500 disable disable disable DHCP client 1500 disable disable disable disable enable / disable on DMS VLAN disable IPv4 Only Automatic enable 192.168.10.0 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 232 Factory Default Settings Router Settings D Feature HTTPS Remote Access WAN1 IP address assignment WAN1 - Key Exchange Method IPSec - Signaling Authentication - Outgoing Traffic Bandwidth Limit Allow ICMP echo replies (good for validating connectivity) HTTPS Remote Access Routing (RIP1/2) Inter-VLAN routing...
... (Data VLAN subnet mask) Setting enable DHCP client 1500 disable disable disable DHCP client 1500 disable disable disable disable enable / disable on DMS VLAN disable IPv4 Only Automatic enable 192.168.10.0 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 232 Factory Default Settings Router Settings D Feature HTTPS Remote Access WAN1 IP address assignment WAN1 - Key Exchange Method IPSec - Signaling Authentication - Outgoing Traffic Bandwidth Limit Allow ICMP echo replies (good for validating connectivity) HTTPS Remote Access Routing (RIP1/2) Inter-VLAN routing...