User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Wireless Configuration for ISA550W and ISA570W
Configuring the Access Points
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 166
5
• Encryption: Choose the encryption type: 64 bits (10 hex digits), 64 bits (5
ASCII), 128 bits (26 hex digits), or 128 bits (13 ASCII). The default is 64 bits
(10 hex digits). The larger size keys provide stronger encryption, thus making
the key more difficult to crack.
• Passphrase: If you want to generate WEP keys by using a Passphrase, enter
any alphanumeric phrase (longer than 8 characters for optimal security) and
then click Generate to generate four unique WEP keys. Select one key to use
as the key that devices must have to use the wireless network.
• Key 1-4: If a WEP Passphrase is not specified, a key can be entered directly
into one of the Key boxes. The length of the key should be 5 ASCII characters
(or 10 hex characters) for 64-bit WEP and 13 ASCII characters (or 26 hex
characters) for 128-bit WEP.
STEP 6 If you choose WPA-Personal as the security mode, enter the following
information:
• Encryption: Choose either TKIP or AES as the encryption algorithm for data
encryption. The default is TKIP.
• Shared Secret: The Pre-shared Key (PSK ) is the shared secret key for WPA.
Enter a string of at least 8 characters to a maximum of 63 characters.
• Key Renewal Timeout: Enter a value to set the interval at which the key is
refreshed for clients associated to this SSID. The valid range is 0 to 86400
seconds. A value of 0 indicates that the key is not refreshed. The default is
3600 seconds.
STEP 7 If you choose WPA2-Personal as the security mode, enter the following
information:
• Encryption: WPA2-Personal always uses AES for data encryption.
• Shared Secret: The Pre-shared Key (PSK ) is the shared secret key for WPA.
Enter a string of at least 8 characters to a maximum of 63 characters.
• Key Renewal Timeout: Enter a value to set the interval at which the key is
refreshed for clients associated to this SSID. The valid range is 0 to 86400
seconds. A value of 0 indicates that the key is not refreshed. The default is
3600 seconds.
STEP 8 If you choose WPA/WPA2-Personal Mixed as the security mode, enter the
following information:
• Encryption: WPA/WPA2-Personal Mixed automtically choose TKIP or AES
for data encryption.