User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
User Management
Configuring the User Authentication Settings
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 277
9
Administrator: All members of the group have full privilege to set the
configurations and read the system status.
- SSLVPN: Choose a SSL VPN group policy so that all members of the
group at the remote site can establish the SSL VPN tunnels based on the
selected SSL VPN group policy to access your network resources, or
choose Disable to disable it. For more information about the SSL VPN
group policy, see Configuring the SSL VPN Group Policies, page 263.
- Cisco IPSec VPN: Click Enable to enable the Cisco IPSec VPN service
so that all members of the group can access the your network resources
over the IPSec VPN tunnels, or click Disable to disable it.
- Captive Portal: Click Enable to enable the Captive Portal service, or click
Disable to disable it. If you enable Captive Portal, the wireless members
of the user group who authenticated successfully will be directed to a
specified web page (portal) before they can access the Internet. This
service only applies to the ISA550W and ISA570W.
STEP 4 In the Membership tab, specify the members of the group.
• To add a member, select the member from the User list and click the right
arrow ->. The members of the groups appear in the Membership list.
• To delete a member from the user group, select the member from the
Membership list and click the left arrow <-.
STEP 5 Click OK to save your settings.
Configuring the User Authentication Settings
The security appliance provides a mechanism for user level authentication. It
authenticates all users when they attempt to access your network resources in
different zones. Users on the VLANs performs only local tasks, and are not
required to be authenticated by the security appliance.
User level authentication can be performed by using the local database that is
stored on the security appliance, an AAA server ( a variety of AAA server types
are supported, such as RADIUS, Lightweight Directory Access Protocol (LDAP),
Active Directory (AD)), or both.