Manualios.com

Cisco Cisco ASA 5500 Series Configuration Manual

Cisco Cisco ASA 5500 Series Manual Online:

3.2, 2109 votes
Cisco Cisco ASA 5500 Series User Manual
Cisco Cisco ASA 5500 Series User Guide
Cisco Cisco ASA 5500 Series Online Manual

Text of Cisco Cisco ASA 5500 Series User Guide:

  • Cisco Cisco ASA 5500 Series, 37-29 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 37 Configuring WebVPN Optimizing WebVPN Performance Configuring Application Profile Customization Framework An APCF profile for WebVPN lets the security appliance handle non-standard applications and web resources so that they display correctly over a WebVPN connection. An APCF profile contains a script that specifies when (pre, post), where (header, body, request, response), and what data to transform for a particular application. The script is in XML and uses sed (stream editor) syntax for string/text transformation. Multiple APCF profiles can run in parallel on a security appliance. Within an

  • Cisco Cisco ASA 5500 Series, 37-43 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 37 Configuring WebVPN WebVPN End User Setup Communicating Security Tips Advise users always to log out from the WebVPN session. (To log out of WebVPN, click the logout icon on the WebVPN toolbar or close the browser.) Advise users that using WebVPN does not ensure that communication with every site is secure. WebVPN ensures the security of data transmission between the remote PC or workstation and the security appliance on the corporate network. If a user then accesses a non-HTTPS web resour

  • Cisco Cisco ASA 5500 Series, CHAPTER 31-1 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 31 Configuring IP Addresses for VPNs This chapter describes IP address assignment methods. IP addresses make internetwork connections possible. They are like telephone numbers: both the sender and receiver must have an assigned number to connect. But with VPNs, there are actually two sets of addresses: the first set connects client and server on the public network. Once that connection is made, the second set connects client and server through the VPN tunnel. In security appliance

  • Cisco Cisco ASA 5500 Series, 14-5 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 14 Configuring Failover Understanding Failover Stateful Failover Link To use Stateful Failover, you must configure a Stateful Failover link to pass all state information. You have three options for configuring a Stateful Failover link: • You can use a dedicated Ethernet interface for the Stateful Failover link. • If you are using LAN-based failover, you can share the failover link. • You can share a regular data interface, such as the ins

  • 25-21 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 25 Configuring Application Layer Protocol Inspection DNS Inspection Step 2 (Optional) Create one or more regular expression class maps to group regular expressions according to the “Creating a Regular Expression Class Map” section on page 21-8. Step 3 (Optional) Create a DNS

  • Cisco Cisco ASA 5500 Series, 7-4 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 7 Configuring Interface Parameters Configuring the Interface Note Transparent firewall mode allows only two interfaces to pass through traffic; however, on the The ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface (either the physical interface or a subinterface) as a third interface for management traffic. The mode is not configurable in this case and must always be management-only. Step 5 To set the IP address, enter one of the following commands. In ro

  • Cisco Cisco ASA 5500 Series, 37-7 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 37 Configuring WebVPN Getting Started with WebVPN hostname(config)# username Anyuser attributes hostname(config-username)# webvpn hostname(config-username-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0 auth-type basic Configuring SSO Authentication Using SiteMinder This section describes configuring the security appliance to support SSO with SiteMinder. You would typically choose to implement SSO with SiteMinder if your website security infrastucture already incorporates SiteMinder. With this method, SSO authentication is separate from AAA and hap

  • Cisco Cisco ASA 5500 Series, 21-19 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 21 Using Modular Policy Framework Modular Policy Framework Examples hostname(config)# policy-map http_traffic_policy hostname(config-pmap)# class http_traffic hostname(config-pmap-c)# inspect http hostname(config)# service-policy http_traffic_policy global Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers In this example (see Figure 21-3), any HTTP connection destined for Server A (TCP traffic on port 80) that enters the security appliance through the outside interface is classi

  • Cisco Cisco ASA 5500 Series, Glossary GL-20 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 TCP Intercept With the TCP intercept feature, once the optional embryonic connection limit is reached, and until the embryonic connection count falls below this threshold, every SYN bound for the effected server is intercepted. For each SYN, the security appliance responds on behalf of the server with an empty SYN/ACK segment. The security appliance retains pertinent state information, drops the packet, and waits for the client acknowledgment. If the ACK is received, then a copy of the client SYN segment

  • 25-63 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 25 Configuring Application Layer Protocol Inspection SIP Inspection The well-known port 5060 must be used on the initial call setup (INVITE) message; however, subsequent messages may not have this port number. The SIP inspection engine opens signaling connection pinh

  • 37-10 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 37 Configuring WebVPN Getting Started with WebVPN Figure 37-1 SSO Authentication Using HTTP Forms While you would expect to configure form parameters that let the security appliance include POST data such as the username and password, you initially might not be aware of additional

  • Cisco Cisco ASA 5500 Series, 30-23 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 30 Configuring Tunnel Groups, Group Policies, and Users Configuring Tunnel Groups hostname(config-tunnel-webvpn)# Name is the name of a group policy created for a WebVPN tunnel group. This policy is an alternative group policy to differentiate access rights for the following CSD clients: • Clients that match a CSD location entry set to “Use Failure Group-Policy.” • Clients that match a CSD location entry set to “Use Success Group-Policy, if criteria match,” and then fail to match the configured Group-Based Policy crite

  • Cisco Cisco ASA 5500 Series, 30-42 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 30 Configuring Tunnel Groups, Group Policies, and Users Group Policies hostname(config-group-policy)# split-tunnel-network-list {value access-list_name | none} hostname(config-group-policy)# no split-tunnel-network-list value [access-list_name] Split tunneling network lists distinguish networks that require traffic to travel across the tunnel from those that do not require tunneling. The security appliance makes split tunnelin

  • B-33 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Appendix B Sample Configurations Example 14: Dual ISP Support Using Static Route Tracking Example 14: Dual ISP Support Using Static Route Tracking This configuration shows a remote office using static route tracking to use a backup ISP route if the primary ISP route fails. The security appliance i

  • Cisco Cisco ASA 5500 Series, 25-48 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 25 Configuring Application Layer Protocol Inspection Instant Messaging Inspection IM Inspection Overview The IM inspect engine lets you apply fine grained controls on the IM application to control the network usage and stop leakage of confidential data, propagation of worms, and other threats to the corporate network. Configuring an Instant Messaging Inspection Policy Map for Additional Inspection Control To specify actions when a message violates a parameter, create an IM inspection policy map. You can then ap

  • Cisco Cisco ASA 5500 Series, 8-3 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 8 Configuring Basic Settings Setting the Date and Time This section includes the following topics: • Setting the Time Zone and Daylight Saving Time Date Range, page 8-3 • Setting the Date and Time Using an NTP Server, page 8-4 • Setting the Date and Time Manually, page 8-4 Setting the Time Zone and Daylight Saving Time Date Range By default, the time zone is UTC and the daylight saving time date range is from 2:00 a.m. on the first Sunday in April to 2:00 a.m. on the last Sunday in October. To change the time zone

  • Cisco Cisco ASA 5500 Series, 33-2 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 33 Configuring Network Admission Control Configuring Basic Settings Configuring Basic Settings The instructions in the following sections describe how to enter the minimum set of commands to configure support for NAC on the security appliance: • Specifying the Access Control Server Group, page 33-2 • Enabling NAC, page 33-2 • Configuring the Default ACL for NAC, page 33-3 • Configuring Exemptions from NAC, page 33-4 Note See Uses, Requirements, and Limitations, page 33-1 before following these instructions. Specifying the Access Control Server Group You must configure at least one Cisco Acce

  • Cisco Cisco ASA 5500 Series, 33-8 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 33 Configuring Network Admission Control Changing Advanced Settings • Retransmission retries When the security appliance sends an EAP over UDP message to the remote host, it waits for a response. If it fails to receive a response, it resends the EAP over UDP message. By default, it retries up to 3 times. To change this value, enter the following command in global configuration mode: eou max-retry retries retries is a valu

  • Cisco Cisco ASA 5500 Series, 13-13 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 13 Configuring AAA Servers and the Local Database Identifying AAA Server Groups and Servers hostname(config-aaa-server-group)# max-failed-attempts number The number can be between 1 and 5. The default is 3. If you configured a fallback method using the local database (for management access only; see the “Configuring AAA for System Administrators” section on page 40-4 and the “Configuring TACACS+ Command Authorization” section on

  • Cisco Cisco ASA 5500 Series, 17-3 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 17 Applying NAT NAT Overview Figure 17-1 NAT Example See the following commands for this example: hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0 hostname(config)# global (outside) 1 209.165.201.1-209.165.201.15 NAT Control NAT control requires that packets traversing from an inside interface to an outside interface match a NAT rule; for any host on the inside network to access a host on the outsi

  • Cisco Cisco ASA 5500 Series, 14-22 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 14 Configuring Failover Configuring Failover Note If the Stateful Failover link uses the failover link or a data interface, then you only need to supply the if_name argument. The if_name argument assigns a logical name to the interface specified by the phy_if argument. The phy_if argument can be the physical port name, such as Ethernet1, or a previously created subinterface, such as Ethernet0/2.3. This interface sho

  • Cisco Cisco ASA 5500 Series, B-10 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Appendix B Sample Configurations Example 3: Shared Resources for Multiple Contexts security-level 100 ip address 10.1.0.1 255.255.255.0 no shutdown interface gigabitethernet 0/0.300 nameif shared security-level 50 ip address 10.1.1.1 255.255.255.0 no shutdown passwd v00d00 enable password d011 route outside 0 0 209.165.201.2 1 nat (inside) 1 10.1.0.0 255.255.255.0 ! This context uses PAT for inside users that access the outside global (outside) 1 2

  • Cisco Cisco ASA 5500 Series, 14-14 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 14 Configuring Failover Understanding Failover Determining Which Type of Failover to Use The type of failover you choose depends upon your security appliance configuration and how you plan to use the security appliances. If you are running the security appliance in single mode, then you can only use Active/Standby failover. Active/Active failover is only available to security appliances running in multiple context mode. If you are

  • Cisco Cisco ASA 5500 Series, 29-7 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Chapter 29 Setting General IPSec VPN Parameters Understanding Load Balancing Eligible Platforms A load-balancing cluster can include security appliance models ASA 5520 and above. You can also include VPN 3000 Series Concentrators in the cluster. While mixed configurations are possible, administration is generally simpler if the cluster is homogeneous. Eligible Clients Load balancing is effective only on remote sessions initiated with the following clients: • Cisco VPN Client (Release 3.0 an

  • E-9 Cisco Security Appliance Command Line Configuration Guide OL-10088-01 Appendix E Configuring an External Server for Authorization and Authentication Configuring an External LDAP Server cVPN3000-Required-Client-Firewall- Product-Code YYY32IntegerSingleCisco Systems Products: 1 = Cisco Intrusion Prevention Security Agent or Cisco Integrated Client

Related Products and Documents (Firewall):

Comparable Devices:

# Manufacturer Model Document Type File Updated Pages Size
1 YASKAWA yasnac lx3 Maintenance manual yaskawa/yasnac-lx3-ZDJ.pdf 12 Jan 2024 152
2 Intellinet 524056 Operation & user’s manual intellinet/524056-8OK.pdf 07 Jan 2024 12
3 mr. steam W216 Assembly instruction manual mr-steam/w216-647.pdf 03 Jun 2023 8
4 Hotpoint TDWSF83BEPUK Reference manual hotpoint/tdwsf83bepuk-6B1.pdf 17 Aug 2022 8
5 Edelbrock 33505 Installation instructions manual edelbrock/33505-LR4.pdf 17 Oct 2022 7 0.6 Mb
6 Motorola WS5100 - Wireless Switch - Security Appliance Migration giude motorola/ws5100-wireless-switch-security-appliance-DD5.pdf 13 Jan 2023 198

Similar Resources:

  • TRENDnet

    TW100-BRF214

    (3 pages)
    PRODUCT OVERVIEW• 4-port 10/100Mbps wired switch• Easy installation and setup• Highly confi gurable fi rewall • Advanced QoS, DoS protection, and access fi lteringFEATURES• 1 x 10/100Mbps Auto-MDIX port (WAN/Internet)• 4 x 10/100Mbps Auto-MDIX ports (LAN) • Supports Cable/DSL Modems with Dynamic IP, Fixed IP, PPPoE, PPTP, and L2TP connection …
  • NETGEAR

    FVS124G - ProSafe VPN Firewall 25

    (2 pages)
    FVS124GProSafe™ VPN Firewall 25with 4 Gigabit LAN andDual WAN PortsManageable DUAL WAN VPN Firewall with Gigabit LAN PortsExtend enterprise class protection, performance, and reliability to remote office workers.The ProSafe Dual WAN Gigabit Firewall Router provides powerful yet economical security forbusinesses coping with the increasing performance demand …
  • US Robotics

    USR8200

    (42 pages)
    USR8200 Firewall/VPN/NASGuide d'installationInstallationsanleitungGuida all'installazione rapidaGuía breve de instalaciónBeknopte installatiegidsR24.0483.00 …
  • Honeywell

    SUGPACK-UK

    (196 pages)
    800-19460-C10/2015-English-Le Sucre™ Quick Installation guide MANDATORY STEPS TO FOLLOW BEFORE BEGINNING YOUR INSTALLATION ................................................................ 2Panel Identification ............................................................................................. 2 STEP 1: Connecting Le Sucre ........................ …
  • Watchguard

    Firebox X15

    (2 pages)
    Turn off your computer. If you connect to the Internet using a DSL/cablemodem, disconnect the power from this device.Disconnect the Ethernet cable that runs from your DSL/cable modem orother Internet connection to your computer and connect it to the mainWAN port (labeled “WAN 1”) on the Edge.Connect one end of the green straight-through Ethernet cable s …
  • Cisco

    ASA 5506-X

    (10 pages)
    Mount the ChassisDo not remove the rubber feet included with the ASA because they are needed for proper cooling for allmounting orientations.Note• Desktop-Mount the Chassis, on page 1• Wall-Mount the Chassis, on page 2• Rack-Mount the Chassis, on page 3• Install the ASA 5506H-X in a DIN Rail, on page 8Desktop-Mount the ChassisYou can mount the chassi …

Comments, Questions and Opinions: