Cisco ASA 5505 Quick Start Manual page 2

7. (Optional) Making Internal Services Accessible from the Internet
As a business owner, you might have internal network services, such as a web or FTP server, that need to be available to an outside
user. You can place these services on a separate network behind the adaptive security appliance, called a demilitarized zone (DMZ).
The adaptive security appliance allows limited access to the DMZ and only includes public servers. An attack there does not affect the
Inside network.
The Public Servers pane displays a list of public servers, internal and external addresses, the interfaces that the internal or external
addresses apply to, and the service that is exposed.
To set up public server access:
Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The Public Server pane appears.
Step 2 Click Add, then enter the public server settings in the dialog box. (For information about any field, click Help in the dialog box.)
Step 3 Click OK. The server appears in the list.
Step 4 Click Apply to submit the configuration to the adaptive security appliance.
9. (Optional) Running the SSL VPN Wizard in ASDM
The SSL VPN Wizard enables you to configure an SSL VPN policy on your adaptive security appliance.
Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN tunnel to the security appliance using a web
browser. After authentication, users access a portal page and can access specific, supported internal resources. The network
administrator provides access to resources by users on a group basis. Users have no direct access to resources on the Inside network.
The Cisco AnyConnect VPN client provides secure SSL connections to the adaptive security appliance for remote users with full VPN
tunneling to corporate resources. The adaptive security appliance downloads the AnyConnect Client to remote users.
To run the IPSec VPN Wizard:
Step 1 In the main ASDM window, choose Wizards > SSL VPN Wizard.
Step 2 Select the SSL VPN connection type (Clientless, Cisco SSL, or both), and then follow the wizard instructions. (For information
about any wizard field, click Help in the window.)
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the
Cisco Website at www.cisco.com/go/offices.
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence,
Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the
Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are
service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo,
Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center,
Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy,
PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks
of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
(1002R)
© 2010 Cisco Systems, Inc. All rights reserved.
Printed in the USA on recycled paper containing 10% postconsumer waste.
78-19188-01
Asia Pacific Headquarters Europe Headquarters
Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV
Singapore Amsterdam, The Netherlands
8. (Optional) Running the IPsec VPN Wizard in ASDM
The IPSec VPN Wizard helps you to configure basic site-to-site (or LAN-to-LAN) and remote access VPN connections.
To run the IPSec VPN Wizard:
Step 1 In the main ASDM window, choose Wizards > IPSec VPN Wizard.
Step 2 Click a tunnel type, Site-to-Site or Remote Access, then follow the wizard instructions. (For information about any wizard field,
click Help in the window.)
10. (Optional) Configuring the SSC in ASDM
If your adaptive security appliance came installed with a Security Services Card (SSC), you can use ASDM to set up the SSC and
configure the Intrusion Prevention System (IPS) application to run on the SSC. An SSC does not have any external interfaces.
To set up the SSC and IPS:
Step 1 In the main ASDM window, choose Configuration > Device Setup > SSC Setup. The SSC pane appears.
Step 2 Complete the SSC setup fields and click Apply. (For information about any field, click Help in the dialog box.)
Step 3 To configure the IPS module on the SSC, click the Configure the IPS SSC module link. The Startup Wizard appears. Click Launch
Startup Wizard. (Alternatively, you can choose Configure > IPS > Sensor Setup > Startup Wizard to access the wizard.)
Q S
UICK TART
Cisco ASA 5505 Adaptive
Security Appliance, Version 8.3
Tunnel Type and VPN Tunnel Interface
Site-to-Site Remote Access
Remote Site Peer Remote Access Client
(Authentication,
Tunnel group)
VPN Client
(Authentication, Tunnel group)
IKE Policy
Client Authentication
IPSec Rule
User Accounts
Hosts and Networks
(for IPSec tunnel)
Address Pool
Attributes Pushed to VPN Client
IKE Policy
IPSec Settings
(NAT exceptions)
G
UIDE