User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Getting Started
About the Default Settings
Cisco ISA500 Series Integrated Security Appliance Administration Guide 26
1
• IP Routing Mode: By default, only the IPv4 mode is enabled. To support the
IPv4 and IPv6 addressing, you need to enable the IPv4/IPv6 mode. To
change the IP routing mode, see Configuring IP Routing Mode, page 95.
• WAN Configuration: By default, the security appliance is configured to
obtain an IP address from your ISP by using Dynamic Host Configuration
Protocol (DHCP). Depending on the requirement of your ISP, you will need to
configure the network address mode for the primary WAN and the
secondary WAN if applicable. You can change other WAN settings as well.
See Configuring the WAN, page 101.
• LAN Configuration: By default, the LAN of the security appliance is
configured in the 192.168.1.0 subnet and the LAN IP address is 192.168.1.1.
The security appliance acts as a DHCP server to the hosts on the WLAN or
LAN network. It can automatically assign IP addresses and DNS server
addresses to the PCs and other devices on the LAN. For most deployment
scenarios, the default DHCP and TCP/IP settings should be satisfactory.
However, you can change the subnet address or the default IP address. You
can assign static IP addresses to connected devices rather than allowing the
security appliance to act as a DHCP server. See Configuring the VLAN,
page 118.
• VLAN Configuration: The security appliance predefines a native VLAN
(DEFAULT) and a guest VLAN (GUEST). You can customize new VLANs for
your specific business needs. See Configuring the VLAN, page 118.
• Configurable Ports: By default, all configurable ports are set to act as LAN
ports. Alternatively, you can configure the configurable port for use as a DMZ
port or a secondary WAN port. See Configuring the WAN, page 101 or
Configuring the DMZ, page 123.
• Wireless Network (for ISA550W and ISA570W only): The ISA550W or
ISA570W is configured with four SSIDs. All SSIDs are disabled by default.
For security purposes, we strongly recommend that you configure the SSIDs
with the appropriate security settings. See Wireless Configuration for
ISA550W and ISA570W, page 157.
• Administrative Access: You can access the Configuration Utility by using a
web browser and entering the default LAN IP address of 192.168.1.1. You
can log into by entering the username and password of the default
administrator account. You are forced to change the default username and
password after the first login. See Changing the User Name and Password
of the Default Administrator Account at Your First Login, page 27. You
also may want to change the user login settings for authentication. See
Configuring the User Authentication Settings, page 277.