User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Firewall
Configuring the IP/MAC Binding to Prevent Spoofing
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 206
6
For example, if you click Add, the MAC Filtering - Add/Edit window opens. Select
the MAC address object from the MAC Address drop-down list, and then click
OK.
If the MAC address object you want is not in the list, choose Create New Address
to create a new MAC Address object. To maintain the MAC Address objects, go to
the Networking -> Address Object Management page. See Address
Management, page 152.
STEP 5 Click Save to apply your settings.
Configuring the IP/MAC Binding to Prevent Spoofing
The IP/MAC binding feature allows the traffic only when the host has an IP address
that matches up with a specified MAC address. By requiring the gateway to
validate the source traffic’s IP address with the unique MAC address of device,
please ensure that traffic from the specified IP address is not spoofed. If a violation
(the traffic’s source IP address doesn’t match up with the expected MAC address
having the same IP address) occurs, the packets will be dropped and can be
logged for diagnosis.
STEP 1 Click Firewall -> MAC Filtering -> IP/MAC Binding.
The IP/MAC Binding window opens.
STEP 2 To add an IP/MAC binding rule, click Add.
Other options: To edit an entry, click Edit. To delete an entry, click Delete. To
delete all selected entries, check the boxes of multiple entries and click Delete
Selection.
After you click Add or Edit, the IP/MAC Binding - Add/Edit window opens.
STEP 3 Enter the following information:
• Name: Enter a descriptive name for the IP/MAC binding rule.
• MAC Address: Choose an existing MAC address object. If the MAC address
object you want is not in the list, choose Create a MAC to add a new MAC
address object. To maintain the MAC address objects, go to the Networking
-> Address Object Management page. See Address Management,
page 152.