User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
User Management
About the Users and Groups
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 274
9
NOTE You cannot disable the web login service or change its web login
service level for the default user group (admin).
• SSL VPN: Allows the members of the group at the remote site to establish
the SSL VPN tunnels based on the selected SSL VPN group policy to
access your network resources. The Cisco AnyConnect VPN Client must be
installed on the user’s PC.
• Cisco IPSec VPN: Allows the members of the group at the remote site to
securely access your network resources over the IPSec VPN tunnels.
• Captive Portal: Allows the wireless users who authenticated successfully
to be directed to a specified web page (portal) before they can access the
Internet. This service only applies to the ISA550W and ISA570W.
NOTE The security appliance can perform the authentications in parallel when
multiple services need to authenticate at the same time.
Default User and Group
The default administrator account (user name: cisco, password: cisco) is an
administrative account that has fully privilege to set the configurations and read
the system status. It does not belong to any user group. To prevent unauthorized
access, you are forced to immediately change the default user name and
password at its first login. See Changing the User Name and Password of the
Default Administrator Account at Your First Login, page 27. The default
administrator account cannot be deleted.
The default user group (admin) is a user group that has the administrative web
login access ability and enables the SSL VPN, Cisco IPSec VPN, and captive
portal (for ISA550W and ISA570W only) services. You cannot delete the default
user group, but can modify its service policy settings.
Preempt the Administrators
If an administrator account was already logged in, when the administrator account
attempts to log in again, a prompted warning message is displayed. Click Yes to
kick off the previous login, or click No to retun to the login screen.