User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Networking
Port Management
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 98
4
• Speed: Choose one of these options: AUTO, 10 Mbps, 100 Mbps, and 1000
Mbps. The default is AUTO for all ports. The AUTO option lets the system and
network determine the optimal port speed.
• Duplex: Choose either Half Duplex or Full Duplex based on the port support.
The default is Full Duplex for all ports.
- Full: Indicates that the port supports transmissions between the device
and the client in both directions simultaneously.
- Half: Indicates that the port supports transmissions between the device
and the client in only one direction at a time.
STEP 4 Click OK to save your settings.
STEP 5 Repeat the above steps to edit the settings for other physical ports.
STEP 6 Click Save to apply your settings.
Configuring 802.1X Access Control on Physical Ports
Port-Based Access Control configures IEEE 802.1X port-based authentication to
prevent unauthorized devices (802.1X-capable clients) from gaining access to the
network.
The IEEE 802.1X standard defines a client-server-based access control and
authentication protocol that restricts unauthorized devices from connecting to a
LAN through publicly accessible ports. The authentication server authenticates
each client (supplicant in Windows 2000, XP, Vista, Windows 7, and Mac OS)
connected to a port before making available any service offered by the security
appliance or the LAN.
Until the client is authenticated, 802.1X access control allows only Extensible
Authentication Protocol over LAN (EAPOL) traffic through the port to which the
client is connected. After authentication is successful, normal traffic can pass
through the port.
This feature simplifies the security management by allowing you to control access
from a master database in a single server (although you can use up to three
RADIUS servers to provide backups in case access to the primary server fails). It
also means that user can enter the same authorized RADIUS username and
password pair for authentication, regardless of which switch is the access point
into the LAN.