Home » Cisco Manuals » Networking » Cisco 5510 » Manual Viewer

Cisco 5510 Getting Started Guide - Page 184

About Deploying the Adaptive Security Appliance with the CSC SSM

UPC - 882658094767

Add to My Manuals
Save this manual to your list of manuals

Page 184 highlights

About Deploying the Adaptive Security Appliance with the CSC SSM Chapter 14 Configuring the CSC SSM content profiles it obtains from Trend Micro. It then forwards legitimate content on to the adaptive security appliance for routing, or blocks and reports content that is suspicious. In addition to obtaining content profiles from Trend Micro, system administrators can also customize the configuration so that the CSC SSM scans for additional traffic types or locations. For example, system administrators can configure the CSC SSM to block or filter specific URLs, as well as scan for FTP and e-mail parameters. You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking links within ASDM. This chapter describes how to configure the adaptive security appliance for the deployment. Use of the CSC SSM GUI is explained in the Cisco Content Security and Control SSM Administrator Guide. About Deploying the Adaptive Security Appliance with the CSC SSM In a network in which the adaptive security appliance is deployed with the CSC SSM, you configure the adaptive security appliance to send to the CSC SSM only the types of traffic that you want to be scanned. Figure 14-1 illustrates the basic traffic flow between a company network, the adaptive security appliance and CSC SSM, and the Internet. The network illustrated in Figure 14-1 includes the following: • An adaptive security appliance with a CSC SSM installed and configured • A service policy on the adaptive security appliance specifies which traffic is diverted to the CSC SSM for scanning 14-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01

Section	Page
Contents	3
Before You Begin	11
ASA 5500	11
ASA 5500 with AIP SSM	12
ASA 5500 with CSC SSM	13
ASA 5500 with 4GE SSM	14
ASA 5550	15
Related Documents	15
Maximizing Throughput on the ASA 5550	17
Embedded Network Interfaces	17
Balancing Traffic to Maximize Throughput	18
What to Do Next	21
Installing the ASA 5550	23
Verifying the Package Contents	24
Installing the Chassis	25
Rack-Mounting the Chassis	26
Installing SFP Modules	28
SFP Module	28
Installing an SFP Module	30
Ports and LEDs	31
Front Panel LEDs	31
Rear Panel LEDs and Ports in Slot 0	32
Ports and LEDs in Slot 1	34
Connecting Interface Cables	35
What to Do Next	41
Installing the ASA 5500, ASA 5510, ASA 5520, and ASA 5540	43
Verifying the Package Contents	44
Installing the Chassis	45
Rack-Mounting the Chassis	46
Ports and LEDs	49
What to Do Next	52
Installing Optional SSMs	53
Cisco 4GE SSM	53
4GE SSM Components	54
Installing the Cisco 4GE SSM	55
Installing the SFP Modules	56
SFP Module	57
Installing the SFP Module	58
Cisco AIP SSM and CSC SSM	60
Installing an SSM	61
What to Do Next	62
Connecting Interface Cables on the ASA 5500, ASA 5510, ASA 5520, and ASA 5540 Platforms	63
Connecting Interface Cables	64
Connecting to SSMs	66
Connecting to a 4GE SSM	68
Powering On the Adaptive Security Appliance	71
What to Do Next	71
Configuring the Adaptive Security Appliance	73
About the Factory Default Configuration	73
Using the CLI for Configuration	74
Using the Adaptive Security Device Manager for Configuration	75
Preparing to Use ASDM	76
Gathering Configuration Information for Initial Setup	76
Installing the ASDM Launcher	77
Starting ASDM with a Web Browser	80
Running the ASDM Startup Wizard	80
What to Do Next	81
Scenario: DMZ Configuration	83
Example DMZ Network Topology	83
An Inside User Visits a Web Server on the Internet	85
An Internet User Visits the DMZ Web Server	86
An Inside User Visits the DMZ Web Server	88
Configuring the Adaptive Security Appliance for a DMZ Deployment	90
Configuration Requirements	91
Information to Have Available	92
Enabling Inside Clients to Communicate with Devices on the Internet	92
Enabling Inside Clients to Communicate with the DMZ Web Server	92
Translating Internal Client IP Addresses Between the Inside and DMZ Interfaces	93
Translating the Public Address of the Web Server to its Real Address on the Inside Interface	96
Configuring Static PAT for Public Access to the DMZ Web Server (Port Forwarding)	99
Providing Public HTTP Access to the DMZ Web Server	102
What to Do Next	105
Scenario: IPsec Remote-Access VPN Configuration	107
Example IPsec Remote-Access VPN Network Topology	107
Implementing the IPsec Remote-Access VPN Scenario	108
Information to Have Available	109
Configuring an IPsec Remote-Access VPN	109
Selecting VPN Client Types	111
Specifying the VPN Tunnel Group Name and Authentication Method	112
Specifying a User Authentication Method	113
(Optional) Configuring User Accounts	115
Configuring Address Pools	116
Configuring Client Attributes	117
Configuring the IKE Policy	118
Specifying Address Translation Exception and Split Tunneling	120
Verifying the Remote-Access VPN Configuration	122
What to Do Next	123
Scenario: Configuring Connections for a Cisco AnyConnect VPN Client	125
About SSL VPN Client Connections	125
Obtaining the Cisco AnyConnect VPN Client Software	126
Example Topology Using AnyConnect SSL VPN Clients	127
Implementing the Cisco SSL VPN Scenario	127
Information to Have Available	128
Configuring the Adaptive Security Appliance for the Cisco AnyConnect VPN Client	129
Specifying the SSL VPN Interface	130
Specifying a User Authentication Method	131
Specifying a Group Policy	132
Configuring the Cisco AnyConnect VPN Client	133
Verifying the Remote-Access VPN Configuration	135
What to Do Next	136
Scenario: SSL VPN Clientless Connections	137
About Clientless SSL VPN	137
Security Considerations for Clientless SSL VPN Connections	138
Example Network with Browser-Based SSL VPN Access	139
Implementing the Clientless SSL VPN Scenario	140
Information to Have Available	141
Configuring the Adaptive Security Appliance for Browser-Based SSL VPN Connections	142
Specifying the SSL VPN Interface	143
Specifying a User Authentication Method	144
Specifying a Group Policy	146
Creating a Bookmark List for Remote Users	147
Verifying the Configuration	151
What to Do Next	152
Scenario: Site-to-Site VPN Configuration	153
Example Site-to-Site VPN Network Topology	153
Implementing the Site-to-Site Scenario	154
Information to Have Available	155
Configuring the Site-to-Site VPN	155
Configuring the Security Appliance at the Local Site	155
Providing Information About the Remote VPN Peer	157
Configuring the IKE Policy	158
Configuring IPsec Encryption and Authentication Parameters	160
Specifying Hosts and Networks	161
Viewing VPN Attributes and Completing the Wizard	162
Configuring the Other Side of the VPN Connection	164
What to Do Next	165
Configuring the AIP SSM	167
Understanding the AIP SSM	168
How the AIP SSM Works with the Adaptive Security Appliance	168
Operating Modes	169
Using Virtual Sensors	170
Configuring the AIP SSM	172
AIP SSM Procedure Overview	172
Sessioning to the AIP SSM	172
Configuring the Security Policy on the AIP SSM	174
Assigning Virtual Sensors to Security Contexts	175
Diverting Traffic to the AIP SSM	177
What to Do Next	180
Configuring the CSC SSM	183
About the CSC SSM	183
About Deploying the Adaptive Security Appliance with the CSC SSM	184
Scenario: Security Appliance with CSC SSM Deployed for Content Security	186
Configuration Requirements	187
Configuring the CSC SSM for Content Security	188
Obtain Software Activation Key from Cisco.com	188
Gather Information	189
Verify Time Settings	189
Run the CSC Setup Wizard	190
What to Do Next	199
Configuring the 4GE SSM for Fiber	201
Cabling 4GE SSM Interfaces	202
Setting the 4GE SSM Media Type for Fiber Interfaces (Optional)	203
What to Do Next	205