Administration Guide
Page 26
...Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 Printer Personal computer In a basic deployment for your LAN configuration, you can make any changes that you might not need to change any LAN ... the WAN settings link. However, depending on the LAN receive their IP addresses dynamically from the security appliance. Consider the following first steps: 1. Cisco SA500 Series Security Appliances Administration Guide 26
...Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 Printer Personal computer In a basic deployment for your LAN configuration, you can make any changes that you might not need to change any LAN ... the WAN settings link. However, depending on the LAN receive their IP addresses dynamically from the security appliance. Consider the following first steps: 1. Cisco SA500 Series Security Appliances Administration Guide 26
Administration Guide
Page 28
... Appliances Administration Guide 28 Configure the WAN and LAN settings for your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 UC500 Printer Personal computer IP IP Phone Configuration tasks for this scenario:...Because the security appliance will provide the firewall, Network Address Translation (NAT), and SIP Application Layer Gateway (SIP-ALG) for the Cisco Configuration Assistant (CCA). If you want to assign a static IP address to the documentation or online Help for your network, ...
... Appliances Administration Guide 28 Configure the WAN and LAN settings for your Cisco Smart Business Communications System network. 235235 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 UC500 Printer Personal computer IP IP Phone Configuration tasks for this scenario:...Because the security appliance will provide the firewall, Network Address Translation (NAT), and SIP Application Layer Gateway (SIP-ALG) for the Cisco Configuration Assistant (CCA). If you want to assign a static IP address to the documentation or online Help for your network, ...
Administration Guide
Page 30
Cisco SA500 Series Security Appliances Administration Guide 30 Getting Started Common Configuration Scenarios www.example.com 1 Internet Public IP Address 209.165.200.225 SA 500 LAN Interface 192.168.75.1 DMZ Interface 172.16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172....
Cisco SA500 Series Security Appliances Administration Guide 30 Getting Started Common Configuration Scenarios www.example.com 1 Internet Public IP Address 209.165.200.225 SA 500 LAN Interface 192.168.75.1 DMZ Interface 172.16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172....
Administration Guide
Page 32
...Cisco SA500 Series Security Appliances Administration Guide 32 Optionally, you can use other settings. Getting Started Common Configuration Scenarios 1 IPsec VPN for Site-to-Site VPN For site-to-site VPN, you can configure an IPsec tunnel with a VPN Client, page 139. Site A Outside 209.165.200.226 SA 500... Inside 10.10.10.0 Internet Outside 209.165.200.236 SA 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 Configuration tasks for Remote Access...
...Cisco SA500 Series Security Appliances Administration Guide 32 Optionally, you can use other settings. Getting Started Common Configuration Scenarios 1 IPsec VPN for Site-to-Site VPN For site-to-site VPN, you can configure an IPsec tunnel with a VPN Client, page 139. Site A Outside 209.165.200.226 SA 500... Inside 10.10.10.0 Internet Outside 209.165.200.236 SA 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 Configuration tasks for Remote Access...
Administration Guide
Page 35
... settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide 35 Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for Scenario 1: Basic Network Configuration with Internet Access, page...
... settings might be sufficient for your wireless network, see Chapter 3, "Wireless Configuration for the SA520W." 235237 Cisco SA500 Series Security Appliances Administration Guide 35 Outside Network Private Network Laptop computer Internet ISP Router SA 500 Printer Personal computer IP IP Phone Configuration tasks for Scenario 1: Basic Network Configuration with Internet Access, page...
Administration Guide
Page 57
... that you specify as the primary link, then the security appliance directs all Internet traffic is connected to the backup link. Cisco SA500 Series Security Appliances Administration Guide 57 When the primary link regains connectivity, all Internet traffic to the slower link. The ...WAN Ports configured with Auto-Roller Dual WAN Ports (Before Rollover) WAN1 IP SA 500 yourcompany.dyndns.org X X WAN2 port inactive WAN2 IP (N/A) Internet Dual WAN Ports (After Rollover) WAN1 IP (N/A) SA 500 WAN1 port inactive X X Internet yourcompany.dyndns.org WAN2 IP 197401 • Load ...
... that you specify as the primary link, then the security appliance directs all Internet traffic is connected to the backup link. Cisco SA500 Series Security Appliances Administration Guide 57 When the primary link regains connectivity, all Internet traffic to the slower link. The ...WAN Ports configured with Auto-Roller Dual WAN Ports (Before Rollover) WAN1 IP SA 500 yourcompany.dyndns.org X X WAN2 port inactive WAN2 IP (N/A) Internet Dual WAN Ports (After Rollover) WAN1 IP (N/A) SA 500 WAN1 port inactive X X Internet yourcompany.dyndns.org WAN2 IP 197401 • Load ...
Administration Guide
Page 58
NOTE Before you perform this option if you have two ISP links and you want to configure the protocol bindings. Cisco SA500 Series Security Appliances Administration Guide 58 The WAN Mode window opens. STEP 1 Click Networking > Optional Port > WAN Mode, or from ... WAN. Networking Configuring the Optional WAN 2 Figure 2 Example of Dual WAN Ports with Load Balancing Dual WAN Ports (Load Balancing) SA 500 WAN1 IP yourcompany1.dyndns.org Internet yourcompany2.dyndns.org WAN2 IP 197402 NOTE When configuring load balancing, make sure that you configure both WAN ...
NOTE Before you perform this option if you have two ISP links and you want to configure the protocol bindings. Cisco SA500 Series Security Appliances Administration Guide 58 The WAN Mode window opens. STEP 1 Click Networking > Optional Port > WAN Mode, or from ... WAN. Networking Configuring the Optional WAN 2 Figure 2 Example of Dual WAN Ports with Load Balancing Dual WAN Ports (Load Balancing) SA 500 WAN1 IP yourcompany1.dyndns.org Internet yourcompany2.dyndns.org WAN2 IP 197402 NOTE When configuring load balancing, make sure that you configure both WAN ...
Administration Guide
Page 62
... the web server. The same IP address is used for WAN and DMZ www.example.com Internet Public IP Address 209.165.200.225 SA 500 LAN Interface 192.168.75.1 DMZ Interface 172.16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172....16.2.30 Public IP Address: 209.165.200.225 User 192.168.75.10 User 192.168.75.11 235140 Cisco SA500 Series Security Appliances Administration Guide 62 There are connected to be identical to the IP address given to the LAN interface of this scenario...
... the web server. The same IP address is used for WAN and DMZ www.example.com Internet Public IP Address 209.165.200.225 SA 500 LAN Interface 192.168.75.1 DMZ Interface 172.16.2.1 Source Address Translation 209.165.200.225 172.16.2.30 Web Server Private IP Address: 172....16.2.30 Public IP Address: 209.165.200.225 User 192.168.75.10 User 192.168.75.11 235140 Cisco SA500 Series Security Appliances Administration Guide 62 There are connected to be identical to the IP address given to the LAN interface of this scenario...
Administration Guide
Page 63
Cisco SA500 Series Security Appliances Administration Guide 63 Internet users can enter the domain name that is used as a DMZ port and created a firewall rule to ... associated with Two Public IP Addresses www.example.com 2 Internet Public IP Addresses 209.165.200.225 (router) 209.165.200.226 (web server) SA 500 LAN Interface 192.168.75.1 DMZ interface 172.16.2.1 Source Address Translation 209.165.200.226 172.16.2.30 Web Server Private IP Address: 172...
Cisco SA500 Series Security Appliances Administration Guide 63 Internet users can enter the domain name that is used as a DMZ port and created a firewall rule to ... associated with Two Public IP Addresses www.example.com 2 Internet Public IP Addresses 209.165.200.225 (router) 209.165.200.226 (web server) SA 500 LAN Interface 192.168.75.1 DMZ interface 172.16.2.1 Source Address Translation 209.165.200.226 172.16.2.30 Web Server Private IP Address: 172...
Administration Guide
Page 129
... Agent Client) behind the router. NOTE SIP-ALG should be enabled when voice devices such as the UC 500 or SIP phones are connected to the network behind NAT and the SIP endpoint possible. Cisco SA500 Series Security Appliances Administration Guide 129 Firewall Configuration SIP 4 SIP SIP ALG (Session Initiation Protocol Application...
... Agent Client) behind the router. NOTE SIP-ALG should be enabled when voice devices such as the UC 500 or SIP phones are connected to the network behind NAT and the SIP endpoint possible. Cisco SA500 Series Security Appliances Administration Guide 129 Firewall Configuration SIP 4 SIP SIP ALG (Session Initiation Protocol Application...
Administration Guide
Page 137
...website: www.vpnc.org/vpn-standards.html STEP 1 Click VPN > IPsec > VPN Wizard, or from the security appliance to another VPN gateway. Cisco SA500 Series Security Appliances Administration Guide 137 Configuring VPN Configuring a Site-to-Site VPN Tunnel 7 Configuring a Site-to-Site VPN Tunnel The configuration ...a name for the connection. Figure 5 Site-to-Site VPN Site A Outside 209.165.200.226 SA 500 Inside 10.10.10.0 Internet Outside 209.165.200.236 SA 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 The VPN Wizard helps you can ...
...website: www.vpnc.org/vpn-standards.html STEP 1 Click VPN > IPsec > VPN Wizard, or from the security appliance to another VPN gateway. Cisco SA500 Series Security Appliances Administration Guide 137 Configuring VPN Configuring a Site-to-Site VPN Tunnel 7 Configuring a Site-to-Site VPN Tunnel The configuration ...a name for the connection. Figure 5 Site-to-Site VPN Site A Outside 209.165.200.226 SA 500 Inside 10.10.10.0 Internet Outside 209.165.200.236 SA 500 Inside 10.20.20.0 Site B Printer Personal computers Personal computers Printer 235142 The VPN Wizard helps you can ...