cisco asa 시리즈 일반 운영 asdm 구성 가이드 소프트웨어 버전 7.3

Cisco ASA ASDM 7.3

: 2014 7 24: 2014 9 16Cisco Systems, Inc.www.cisco.com

Cisco has more than 200 offices worldwide. , Cisco www.cisco.com/go/offices .

: N/A, Online only

http://www.cisco.comhttp://www.cisco.com/go/officeshttp://www.cisco.com/go/offices

. , . .

. CISCO .

Cisco TCP UNIX UCB University of California, Berkeley(UCB) . All rights reserved. Copyright 1981, Regents of the University of California.

" " . CISCO , , , , (, ) .

Cisco , (, ) , , .

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any InternetProtocol (IP) addresses andphone numbers used in this document are not intended to be actual addresses andphone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco ASA ASDM Copyright 2014 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

xxix

xxix

xxix

xxx

xxx

1 ASA

1 Cisco ASA 1-1

ASDM 1-1ASDM 1-2Java 1-3

1-7

VPN 1-7

1-7ASA 9.3(1)/ASDM 7.3(1) 1-7

ASA Services Module 1-11

1-13 1-14 1-16 1-16

VPN 1-18

1-18

ASA 1-19

, , 1-19 1-19 1-19 1-19

2 2-1

Command-Line Interface 2-1 2-2 ASA Services Module 2-3iiiCisco ASA ASDM

ASDM 2-7ASDM (, ASAv) 2-7 ASAv ASDM 2-8ASA Services Module ASDM 2-9

ASDM 2-12

ASDM ID 2-13

ASDM 2-13

2-15 2-15ASAv 2-16ASA 2-17ASAv 2-17

2-18

ASDM Command Line Interface 2-19Command Line Interface 2-19ASDM 2-20

ASDM 2-20

2-22

3 ASDM 3-1

ASDM 3-2

ASDM 3-4

3-4

3-5 3-6 3-7Wizards 3-8 3-9 3-9

3-10

ASDM Assistant 3-10

3-11Connection to Device 3-11

Device List 3-12

3-12

3-13

ASDM 3-14ivCisco ASA ASDM

ACL Manager 3-15

3-16

3-16

Help 3-16

Home ( ) 3-17Device Dashboard 3-17Firewall Dashboard 3-21Cluster Dashboard 3-24Cluster Firewall Dashboard 3-26Intrusion Prevention 3-26ASA CX Status 3-28ASA FirePOWER Status 3-28

Home (System) 3-29

ASDM 3-30

ASDM Assistant 3-32

History Metrics 3-32

3-32 3-33 3-33 3-34ASDM CLI 3-34

4 Cisco ASA Version 9.3 4-1

4-1 4-1 4-14VPN 4-19

4-20 4-20 4-20 4-20Shared AnyConnect Premium 4-23 ASA 4-27No Payload Encryption 4-30 FAQ 4-30

4-31

4-32 4-32vCisco ASA ASDM

4-33 4-34

4-36 4-36 4-36

4-37

5 5-1

5-1 5-1 5-2

5-7

5-7

5-8

( ) 5-9

ARP 5-10ARP 5-10 ARP 5-10ARP 5-12

MAC 5-12

5-13 ASA 5-13 5-19

5-24

6 Startup Wizard 6-1

Startup Wizard 6-1

Startup Wizard 6-1

Startup Wizard 6-1 6-1 6-2 6-2 6-3DHCP 6-3 (NAT/PAT) 6-3 6-3IPS 6-3ASA CX (ASA 5585-X) 6-4viCisco ASA ASDM

ASA FirePOWER 6-4 6-4 ( ) 6-4Startup Wizard 6-4

Startup Wizard 6-5

2

7 7-1

7-1 7-2 7-2ASA 7-3 7-6 7-7 7-8MAC 7-11

7-13

7-13

7-14

7-14

7-15 7-15 7-15 7-17 7-19 MAC 7-23

7-24

7-25 7-25 7-26 URL 7-27 7-28

7-30 7-30 MAC 7-31

7-32viiCisco ASA ASDM

8 8-1

8-1 8-2 8-2 8-3MAC IP 8-8ASA Services Module Intra-Chassis Inter-Chassis 8-9 8-12 8-14 8-16 8-18 8-18/ 8-20/ 8-21

8-24

8-25

8-25

8-26

/ 8-26

/ 8-27

8-28 , HTTP , , MAC 8-29 Standby 8-31 (/ ) 8-32

8-34 8-34

8-39 8-39 8-40

8-41

9 ASA 9-1

ASA 9-1ASA 9-2 9-2 9-3 9-4 9-6viiiCisco ASA ASDM

ASA 9-8 9-10ASA 9-11 9-12 9-18ASA 9-22ASA 9-24

ASA 9-31

ASA 9-31

ASA 9-32

ASA 9-36

ASA 9-36 / 9-36 () 9-38 9-39(, ) 9-41ASA 9-47

ASA 9-50ASA 9-50 9-53 9-55 9-56 9-57 9-58 9-58

ASA 9-59 9-59 9-60 9-60 9-60 9-60 9-61

ASA 9-61 ASA 9-61 9-64 9-66 Spanned EtherChannel( 8 /8 ) 9-68

ASA 9-73ixCisco ASA ASDM

3

10 (ASA 5512-X ) 10-1

ASA 5512-X 10-1 MDI/MDIX 10-2 10-2 10-2 10-4EtherChannel 10-4MTU TCP 10-7

ASA 5512-X 10-9

10-10

10-12

(ASA 5512-X ) 10-13 10-13 10-14 10-17EtherChannel 10-20VLAN 802.1Q 10-25 10-28 EtherChannel 10-29

10-38

10-38

ASA 5512-X 10-38

11 (ASAv) 11-1

ASAv 11-1ASAv NIC 11-1 11-3 11-3 11-4MTU TCP 11-4

ASAv 11-6

11-6

11-7

(ASAv) 11-8 11-8 11-8xCisco ASA ASDM

11-11VLAN 802.1Q 11-13 11-15

11-16ARP 11-16MAC 11-16 11-17

11-19

ASAv 11-19

12 12-1

12-1 12-1 IP Stack(IPv4 IPv6) 12-2

12-2

12-4

12-4

12-5 12-5 12-6MAC Address, MTU TCP MSS 12-11IPv6 12-13 12-18

12-20

12-21ARP 12-21DHCP 12-21MAC 12-24 ACL 12-24 12-24PPPoE 12-27 12-27

12-28

13 13-1

13-1 13-1 13-2xiCisco ASA ASDM

13-2

13-4

13-5

13-5 13-6 13-6 13-8 (ASA 5512-X ASAv) 13-10MAC , MTU, TCP MSS 13-13IPv6 13-15 13-19

13-20

13-21

13-21

4

14 14-1

, , Enable 14-1

Enable 14-2ASA 14-2ASA 5506, 5506-W, ASA 5508 14-4ASAv 14-5 14-6

14-7NTP 14-7 14-8

14-8 14-9 14-10 14-10

Configure the DNS Server 14-11DNS 14-11DNS 14-12

ASP(Accelerated Security Path) 14-12 14-13ASP 14-13

14-14xiiCisco ASA ASDM

15 DHCP 15-1

DHCP 15-1

DHCP 15-2

DHCP 15-2

DHCP 15-2

DHCP 15-4DHCP 15-4 DHCP 15-6DHCPv4 15-7DHCPv6 15-7

DHCP 15-8

DHCP 15-9

16 DNS 16-1

DDNS 16-1DDNS 16-1UDP 16-2

DDNS 16-2

DDNS 16-2

DDNS 16-3

DDNS 16-3

5 ACL

17 17-1

17-1

17-2 17-2 17-3 17-5 17-6 17-7

17-7

17-8

18 18-1

ACL 18-1xiiiCisco ASA ASDM

ACL 18-1ACL Manager 18-2ACL 18-3 18-3/ / 18-4 18-4NAT ACL IP 18-4 ACE 18-5

ACL 18-5

ACL 18-6 ACL 18-6 ACL 18-9 ACL 18-10

ACL 18-13

ACL 18-13

6 IP

19 19-1

19-1 19-1

19-2 19-2

ASA 19-3 19-4 19-4

19-5

19-5 19-6 19-6 19-8 19-8 19-9 19-10

ARP 19-10

20 20-1

20-1xivCisco ASA ASDM

20-2

20-2 null0 20-2

20-6 20-6IPv6 20-7

20-7

20-8

20-9

21 21-1

21-1 21-2 21-2BGP BGP 21-3

21-4

21-4

21-6 21-6 21-7 21-8 21-8

21-9

21-9

22 BGP 22-1

BGP 22-1BGP 22-1 22-1BGP 22-2

BGP 22-3

BGP 22-4BGP 22-4BGP 22-5 22-6AS 22-7 22-8IPv4 22-8xvCisco ASA ASDM

BGP 22-15

BGP 22-16

23 OSPF 23-1

OSPF 23-1OSPF Support for Fast Hello Packets 23-3OSPFv2 OSPFv3 23-4

OSPF 23-4

OSPFv2 23-6

OSPF Fast Hello Packets 23-7

OSPFv2 23-7OSPFv2 23-7 OSPFv2 23-9OSPFv2 23-11OSPFv2 23-11OSPFv2 23-14OSPFv2 NSSA 23-15(OSPFv2 OSPFv3) IP 23-16 OSPFv2 23-18 23-19 23-19OSPF 23-20OSPF 23-21

OSPFv3 23-22OSPFv3 23-23OSPFv3 23-23OSPFv3 23-24 23-25OSPFv3 23-26OSPFv3 23-27OSPFv3 23-27 OSPFv3 23-29Syslog 23-29Syslog 23-30 23-30OSPFv3 23-30IPv6 23-31IPv6 23-31

Graceful Restart 23-32xviCisco ASA ASDM

OSPFv2 Graceful Restart 23-33OSPFv3 Graceful Restart 23-34OSPF 23-35

OSPFv2 23-35

OSPFv3 23-37

OSPF 23-38

23-39RFC 23-39

OSPF 23-39

24 EIGRP 24-1

EIGRP 24-1 24-2

EIGRP 24-2

24-3

EIGRP 24-3

EIGRP 24-4EIGRP 24-4EIGRP Stub 24-5

EIGRP 24-6EIGRP 24-7EIGRP 24-7 24-9 24-10 EIGRP 24-10EIGRP 24-11EIGRP 24-12EIGRP 24-13EIGRP hello 24-14 24-15EIGRP 24-16EIGRP Split Horizon 24-17EIGRP 24-17

EIGRP 24-18

EIGRP 24-19

25 25-1

25-1xviiCisco ASA ASDM

Stub 25-2PIM 25-2 25-2 25-2

25-3

25-3

25-3

25-4Stub IGMP 25-4Static Multicast Route 25-5IGMP 25-6PIM 25-10 25-14 25-15 25-16

25-17

25-18 25-18RFC 25-18

25-18

26 IPv6 26-1

IPv6 26-1 26-2 26-3 26-3 26-3 IPv6 26-5

IPv6 26-5

IPv6 26-5

26-5

IPv6 26-7

IPv6 Neighbor Discovery 26-7 26-8 26-8

26-9 26-9 DAD 26-10xviiiCisco ASA ASDM

26-10IPv6 DHCP 26-11 IPv6 26-11 IPv6 26-12

26-13

26-13IPv6 26-13IPv6 RFC 26-13

IPv6 26-14

7 AAA

27 AAA 27-1

27-1

27-2

27-2

, 27-2

AAA 27-2

AAA 27-2

27-2

28 AAA 28-1

28-1(Fallback) 28-2 28-2

28-3

28-3

28-6

28-7

28-7

29 AAA RADIUS 29-1

RADIUS 29-1 29-2VPN 29-2 RADIUS 29-2 RADIUS 29-3xixCisco ASA ASDM

IETF RADIUS 29-12RADIUS 29-13

RADIUS 29-13

29-14

RADIUS 29-14RADIUS 29-14RADIUS 29-15 RADIUS 29-16 29-18

RADIUS 29-18

RADIUS 29-19

29-19RFC 29-19

RADIUS 29-20

30 AAA TACACS+ 30-1

TACACS+ 30-1TACACS+ 30-1

TACACS+ 30-2

30-3

TACACS+ 30-3TACACS+ 30-3TACACS+ 30-4 TACACS+ 30-4 30-5

TACACS+ 30-6

TACACS+ 30-6

TACACS+ 30-7

31 AAA LDAP 31-1

LDAP AAA 31-1LDAP 31-1 LDAP 31-2LDAP 31-2LDAP 31-4LDAP 31-4 31-4

LDAP 31-5xxCisco ASA ASDM

LDAP 31-5LDAP 31-5LDAP 31-7 LDAP 31-8

LDAP 31-9

LDAP 31-10

LDAP 31-10

32 ID 32-1

ID 32-1ID 32-1ID 32-2ID 32-3 32-4

ID 32-7

32-7

32-9

ID 32-10

ID 32-10AD 32-10AD 32-11AD 32-12AD 32-12ID 32-13ID 32-15

ID 32-16AD 32-16 32-17ID 32-17ID 32-18

ID 32-19

33 ASA Cisco TrustSec 33-1

Cisco TrustSec ASA 33-1Cisco TrustSec 33-2Cisco TrustSec SGT SXP 33-2Cisco TrustSec 33-3 33-3xxiCisco ASA ASDM

ASA 33-4ISE 33-6ASA 33-6SXP Chattiness 33-7SXP 33-7IP-SGT Manager 33-8ASA-Cisco TrustSec 33-8

Cisco TrustSec 33-10

Cisco TrustSec 33-10ISE ASA() 33-11ISE 33-11PAC 33-11

33-12

Cisco TrustSec ASA 33-14Cisco TrustSec AAA 33-14PAC 33-15Security Exchange Protocol 33-16SXP 33-18 33-18 33-19 2 Security Group Tagging Imposition 33-20SGT plus Ethernet Tagging 33-22 33-22 Cisco TrustSec 33-22 IP-SGT 33-23

Cisco TrustSec AnyConnect VPN 33-23 33-23 SGT 33-24


33-24


34 ASA Cisco 34-1

ASA Cisco 34-1

ASA MDM 34-1

ASA MDM Proxy 34-2

Mobile Enablement Proxy 34-3

ASA Mobile Enablement Proxy 34-3xxiiCisco ASA ASDM

35 35-1

35-1 35-2 35-3 35-3 35-3 35-4 CA 35-7 35-8

35-9SCEP 35-9

35-9

35-10CA 35-11CA 35-13CRL 35-13CRL 35-14OCSP 35-14 CRL OCSP 35-15

ID 35-16ID 35-17ID 35-18ID 35-19ID 35-19 35-20ID 35-21

35-22 35-22 35-22 35-23 35-23

CA 35-24 CA 35-24 CA 35-27

35-27 CA 35-28 OTP OTP 35-28 CA 35-28 CA 35-29xxiiiCisco ASA ASDM

35-29OTP 35-29

35-30

CRL 35-30

35-31

8

36 36-1

ASDM, SSH ASA 36-1ASA ASDM, SSH 36-2 36-2 36-3HTTP 36-4 36-5SSH 36-5

CLI 36-5CLI 36-5 36-5 36-6CLI 36-7 36-8

VPN 36-8 36-8 36-8 36-9

AAA 36-9 AAA 36-10 AAA 36-13 36-13 36-14 36-14CLI , enable 36-15 CLI ASDM 36-16 36-18 36-21 36-26 36-27 36-27xxivCisco ASA ASDM

36-28

36-29

36-30

37 37-1

37-1 37-1 37-3Cisco.com 37-3 37-3 ASA 37-6

37-12 37-13File Management 37-17 37-18

37-19

37-20 37-20 CA 37-24 TFTP 37-25

37-25

37-26 37-26 37-26

37-28 37-28 37-31 37-31

37-33

38 38-1

EEM 38-1

EEM 38-2

EEM 38-3 38-3 38-4 38-5

EEM 38-5xxvCisco ASA ASDM

EEM 38-6

EEM 38-6

39 39-1

39-1 39-3 39-4 39-4

39-4

Run Captures 39-4 39-5

ASAv vCPU 39-5CPU 39-5VMware CPU 39-6ASAv vCenter 39-6

9 , SNMP, Smart Call Home

40 40-1

40-1 40-2 Syslog 40-2Syslog 40-2 40-3

Syslog ID 40-3 Syslog 40-3 40-4 40-4 40-4

40-5

40-6 40-6 40-6

40-23 Syslog 40-24 40-25 40-26

40-26xxviCisco ASA ASDM

41 SNMP 41-1

SNMP 41-1 SNMP 41-2SNMP 3 41-2SNMP Syslog 41-3 41-4

SNMP 41-4

SNMP 41-5SNMP SNMP . 41-6SNMP 41-6SNMP 41-7SNMP 1 2c 41-7SNMP 3 41-8 41-9

SNMP 41-10

SNMP 41-10

42 Anonymous Reporting Smart Call Home 42-1

Anonymous Reporting 42-1DNS 42-2

Smart Call Home 42-2

Anonymous Reporting Smart Call Home 42-3

Anonymous Reporting Smart Call Home 42-4 Anonymous Reporting 42-4Smart Call Home 42-4



10

43 , 43-1

IPv4 43-1 43-1

43-2 43-2

IPv6 43-5IPv6 43-5IPv6 43-6xxviiCisco ASA ASDM

IPv6 43-10

43-11

TCP UDP 43-12

43-14

ICMP 43-16xxviiiCisco ASA ASDM

xxix

xxix

xxx

xxx

ASDM(Adaptive Security Device Manager) Cisco ASA . .

ASA .

ASDM ASA . ASDM ASA . ASA . , ASDM ASA . . ASA ASDM Cisco ASA Series .

F Cisco ASA (Navigating the Cisco ASA Series Documentation, http://www.cisco.com/go/asadocs) .xxixCisco ASA ASDM

http://www.cisco.com/go/asadocs

.

.

.

. , .

Cisco BST(Bug Search Tool) , , Whats New in Cisco Product Documentation ( http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html) .

Cisco Cisco RSS . RSS .

, , .

, , .

[ ] .

{x | y | z } .[ x | y | z ] . .

. .

courier courier .

courier , , courier .

courier courier .

< > .

[ ] .

!, # (!) (#) .xxxCisco ASA ASDM

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

1

ASA

1

Cisco ASA

: 2014 7 24: 2014 9 16

Cisco ASA VPN , IPS . ASA ( ), ( ), ( 2) ( 3) , , IPsec VPN, SSL VPN SSL VPN .

ASDM ASA . ASDM ASA . ASA . , ASDM ASA . . ASA ASDM Cisco ASA . 1-19 , , .

1-1 ASDM

1-7

1-7 VPN

1-7

1-11 ASA Services Module

1-13

1-18 VPN

1-18

1-19 ASA

1-19 , ,

ASDM 1-2 ASDM

1-3 Java 1-1Cisco ASA ASDM

1 Cisco ASA ASDM ASDM 1-1 ASDM Java .

1-1

Java SE

Internet Explorer Firefox Safari Chrome

Microsoft Windows( ):

8

7

Vista

2008 Server

XP

6.0 1.5 18.0 6.0

Apple OS X 10.4 1.5 2.0 18.0 6.0

Red Hat Enterprise Linux 5(GNOME KDE):

N/A 1.5 N/A 18.0 6.0 1-2Cisco ASA ASDM

1 Cisco ASA ASDM Java 1-2 Java, ASDM .

1-2 ASDM

Java

7 51

ASDM Launcher

Launcher .

CA ASA .

Java . http://www.cisco.com/go/asdm-certificate .

Java 7 45 .

Java Web Start .

Java 7 51 ASDM 7.1(5) . Java Version 7.2 ASDM , CLI ASDM ASDM ASA Java Control Panel . " " .

http://java.com/en/download/help/java_blocked.xml

ASDM 7.2 .

Java Web Start

. "Unable to connect" .

:

ASDM Launcher .

:

Java Runtime Parameters -Djava.net.preferIPv6Addresses=true .

a. Java Control Panel .

b. Java .

c. View .

d. -Djava.net.preferIPv6Addresses=true .

e. OK Apply OK .1-3Cisco ASA ASDM

http://www.cisco.com/go/asdm-certificatehttp://java.com/en/download/help/java_blocked.xml

1 Cisco ASA ASDM 7 45

Permissions ASDM

Java ASA JAR Permissions . . ASDM 7.2 Permissions . CA , Configuration > Device Management > Certificates > Identity Certificates ASA . ASDM Always trust connections to websites .

7 ASA (3DES/AES)

ASDM ASA SSL . ASA (DES) SSL ASDM . Java 7 Java 6 (http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase6-419409.html). Java 6 ( ).

6 50

Java , Java 6 ASDM 50 . Java 7 .

ASA (3DES/AES)

ASA ASDM , ASA SSL . ASA (DES) SSL ASDM ASDM . . (3DES/AES) .

, ASDM Launcher Java Web Start . Launcher Web Start Java 6 .

Windows Internet Explorer , DES . http://support.microsoft.com/kb/929708 .

Firefox , security.ssl3.dhe_dss_des_sha . http://kb.mozillazine.org/About:config .

1-2 ASDM ()

Java 1-4Cisco ASA ASDM

http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase6-419409.htmlhttp://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase6-419409.htmlhttp://support.microsoft.com/kb/929708http://kb.mozillazine.org/About:config

1 Cisco ASA ASDM

IPv6

Firefox Safari

ASA , HTTPS over IPv6 Firefox 4 Safari . https://bugzilla.mozilla.org/show_bug.cgi?id=633001 . Firefox Safari ASA SSL (ASDM ) . ASA .

ASA SSL RC4-MD5 RC4-SHA1 , Chrome SSL false start

Chrome

ASA SSL RC4-MD5 RC4-SHA1 , Chrome "SSL false start" Chrome ASDM . (Configuration > Device Management > Advanced > SSL Settings ). http://www.chromium.org/developers/how-tos/run-chromium-with-flags --disable-ssl-false-start Chrome SSL false start .

IE9 Internet Explorer 9.0 Do not save encrypted pages to disk (Tools > Internet Options > Advanced ). ASDM . ASDM .

OS X OS X ASDM Java . . ASDM .

1-2 ASDM ()


https://bugzilla.mozilla.org/show_bug.cgi?id=633001http://www.chromium.org/developers/how-tos/run-chromium-with-flags

1 Cisco ASA ASDM OS X 10.8 Apple Developer ID ASDM . .

1. ASDM ( Ctrl-) Cisco ASDM-IDM Launcher Open .

2. , ASDM . Open . ASDM-IDM Launcher .

1-2 ASDM ()


1 Cisco ASA Cisco ASA .

http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html

VPN VPN , Cisco ASA Series .

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html

1-7 ASA 9.3(1)/ASDM 7.3(1)

syslog , syslog , syslog syslog .

ASA 9.3(1)/ASDM 7.3(1) : 2014 7 24 1-3 ASA Version 9.3(1)/ASDM Version 7.3(1) .

1-3 ASA Version 9.3(1)/ASDM Version 7.3(1)

SIP, SCCP, TLS IPv6 SIP, SCCP, TLS (SIP SCCP ) IPv6 .

ASDM .

Cisco Unified Communications Manager 8.6

ASA Cisco Unified Communications Manager Version 8.6 (SCCPv21 ).

ASDM .

NAT

, .

. Configuration > Device Management > Advanced > Rule Engine1-7Cisco ASA ASDM

http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.htmlhttp://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html

1 Cisco ASA

SSL VPN XenDesktop 7

SSL VPN XenDesktop 7 . URL ID .

. Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Bookmarks

Mobile Enablement ISE Mobile Enablement Mobile Enablement .

Mobile Enablement 2015 ISE ISE .

. Configuration > Remote Access VPN > AAA/Local Users > MDM Proxy

AnyConnect ASA AnyConnect (: Deferred Upgrade) . . , , . . 9.3.x .

.

Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom AttributesConfiguration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Custom Attribute NamesConfiguration > Remote Access VPN > Network (Client) Access > Group Policies > Add/Edit > Advanced > AnyConnect Client > Custom AttributesConfiguration > Remote Access VPN > Network (Client) Access > Dynamic Access Policies > Add/Edit > AnyConnect Custom Attributes

ACIDex(AnyConnect Identity Extensions)

AnyConnect Endpoint Attributes Mobile Posture ACIDex AnyConnect VPN ASA . .

AnyConnect VPN DAP (Windows, Mac OS X, Linux) MAC .

. Configuration > Remote Access VPN > Dynamic Access Policies > Add/Edit > Add/Edit (endpoint attribute), select AnyConnect for the Endpoint Attribute Type. Platform MAC Address Mac Address Pool .

1-3 ASA Version 9.3(1)/ASDM Version 7.3(1) ()

1-8Cisco ASA ASDM

1 Cisco ASA VPN TrustSec SGT ASA TrustSec SGT(Security Group Tag) SGT-IP .

.

Configuration > Remote Access VPN > AAA/Local Users > Local Users > Edit User > VPN PolicyConfiguration > Remote Access VPN > Network (Client) Access > Group Policies > Add a Policy

.

ASDM .

ASA ASA FirePOWER . .

. Configuration > Device Management > High Availability and Scalability > Failover > Interfaces

ASP asp load-balance per-packet auto ASA ASP . , .

.

ASDM .

SNMP MIB CISCO-REMOTE-ACCESS-MONITOR-MIB ASASM .

250

8 250 . 250 , 4 .

.

Configuration > Device Setup > InterfacesConfiguration > Device Setup > Interfaces > Add/Edit Bridge Group InterfaceConfiguration > Device Setup > Interfaces > Add/Edit Interface

ASA BGP ASA BGP .

. Configuration > Device Setup > Routing > BGP > IPv4 Family > General


1-9Cisco ASA ASDM

1 Cisco ASA NSF BGP BGP NSF(Nonstop Forwarding) .

.

Configuration > Device Setup > Routing > BGP > GeneralConfiguration > Device Setup > Routing > BGP > IPv4 Family > NeighborMonitoring > Routing > BGP Neighbors

BGP BGPv4 .

. Configuration > Device Setup > Routing > BGP > IPv4 Family > Neighbor > Add BGP Neighbor > Routes

NSF OSPF NSF OSPFv2 OSPFv3 .

.

Configuration > Device Setup > Routing > OSPF > Setup > NSF PropertiesConfiguration > Device Setup > Routing > OSPFv3 > Setup > NSF Properties

AAA

2 . Layer 2 SGT Imposition SGT plus Ethernet Tagging ASA Cisco (Ether Type 0x8909) . .

.

Configuration > Device Setup > Interfaces > Add Interface > AdvancedConfiguration > Device Setup > Interfaces > Add Redundant Interface > AdvancedConfiguration > Device Setup > Add Ethernet Interface > AdvancedWizards > Packet Capture WizardTools > Packet Tracer

AAA Windows NT VPN NTLM .

. Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups > Add AAA Server Group

ASDM Identity Certificate Java ASDM Launcher . ID . ASDM Identity Certificate ID . ASDM , Java Web Start ASDM . . ID Java . https://www.cisco.com/go/asdm-certificate .

Wizards > ASDM Identity Certificate Wizard .


1-10Cisco ASA ASDM

https://www.cisco.com/go/asdm-certificate

1 Cisco ASA ASA Services Module ASA Services Module Cisco IOS Catalyst 6500 Series Cisco 7600 Series MSFC ASASM .

Catalyst OS( ) .

ASA .

() (MSFC) . MSFC , . MSFC , MSFC VLAN . MSFC .

( 1-1 ).

VLAN . , 1-1 VLAN 201 ASASM . 1-1 VLAN 200 ASASM .

show traffic . sysopt traffic detailed-statistics .


1-11Cisco ASA ASDM

1 Cisco ASA ASA Services Module MSFC VLAN 201, 301, 302, 303 , ASASM . ASASM VLAN 201, 202, 203 .

1-1 MSFC/

ASASM

ASASM

MSFC/Router Behind the ASASM MSFC/Router In Front of the ASASM

MSFC/Router

Router

VLAN 200

VLAN 201

VLAN 302

VLAN 303VLAN 301

DMZ

Inside HR

MSFC/Router

VLAN 200

VLAN 100

VLAN 201

VLAN 202

VLAN 203

DMZ

Inside HR

Internet Internet1-12Cisco ASA ASDM

1 Cisco ASA ASASM . , . ( 1-2 )

1-2 MSFC/

. . . FTP , DMZ(Demilitarized Zone) . DMZ DMZ , . , , URL (: ) .

, , , DMZ . ASA (: , DMZ, ) , .

1-14

1-16

1-16

Context A Context B Context C

VLAN 203VLAN 202VLAN 201

VLAN 100

AdminContext

VLAN 200

VLAN 300 VLAN 303

VLAN 302VLAN 301

MSFC/Router

Internet

InsideCustomer A

InsideCustomer B

InsideCustomer C

AdminNetwork1-13Cisco ASA ASDM

1 Cisco ASA . ASA ( ) ( ) . .

1-14

1-14 NAT

1-14 IP

1-14 AAA

1-15 HTTP, HTTPS FTP

1-15

1-15

1-15 QoS

1-15 TCP

1-15

1-16

1-16 Cisco Unified Communications

, . , EtherType IP .

NAT

NAT .

. .

NAT , .

NAT IP IP .

IP

ASA IP . ICMP , ASA IP . . .

AAA

HTTP / . ASA RADIUS TACACS+ .1-14Cisco ASA ASDM

1 Cisco ASA HTTP, HTTPS FTP

FTP , .

ASA Cloud Web Security , URL (: ASA CX ASA FirePOWER) ASA . ASA Cisco WSA(Web Security Appliance) .

IP , . ASA .

ASA . . .

QoS

. QoS . QoS .

TCP

TCP UDP . DoS . ASA TCP , TCP SYN DoS . .

TCP TCP .

, .

(: DoS ) , .

IP ( ). . IPS , ASA .1-15Cisco ASA ASDM

1 Cisco ASA , , TCP (: IPID) .

ASA .

. IP , (, , , ) . IP () , . syslog .

Cisco Unified Communications

Cisco ASA Series . . , , . .

ASA .

ASA .

ASA (bump in the wire) (stealth firewall) , . ASA .

. . . , EtherType .

ASA Adaptive Security Algorithm . , , , . , .

TCP .1-16Cisco ASA ASDM

1 Cisco ASA ASA .

?

ASA ? " " , " " .

.

NAT (xlates)

" "

ASA TCP . ASA UDP, ICMP(ICMP ) , .

ASA SCTP IP . ICMP .

7 ( ) . 7 ( , ) . FTP, H.323 SNMP .

?

ASA . . .

IP

TCP

NAT

3 4

7 .

. HTTP . 7 .1-17Cisco ASA ASDM

1 Cisco ASA VPN VPN VPN TCP/IP (: ) . . ASA , , , , . ASA . , , . ASA . ASA .

ASA .

ASA .

ASA . , . . , , IPS, . .

ASA , , . ( ) . ASA . . (: ) .

. , .1-18Cisco ASA ASDM

1 Cisco ASA ASA ASA ASA ASA . (, ) .

( ) , .

, , . .


1-19

1-19

1-19

ASA Cisco . (Unified Communications), Cisco , Cisco Web Security Appliance WCCP . .

ASA . , 8.2 8.3 NAT 8.3 8.4 . ASDM ASA , .

ASA , . .1-19Cisco ASA ASDM


1 Cisco ASA , , 1-20Cisco ASA ASDM

2

Cisco ASA .

2-1 Command-Line Interface

2-7 ASDM

2-12 ASDM

2-13 ASDM ID

2-13 ASDM

2-15

2-18

2-19 ASDM Command Line Interface

2-20 ASDM

2-22

Command-Line Interface CLI ASDM .

CLI . 36 , . SSH . , .

ASAv ASAv .

2-2

2-3 ASA Services Module 2-1Cisco ASA ASDM

2 Command-Line Interface .

1 PC , 9600, 8 , , 1 , .

ASA .

2 Enter .

ciscoasa>

EXEC . EXEC .

3 EXEC .

ciscoasa> enable

.

:

EXEC . EXEC .

4 enable .

Enter . enable 14-1 , , Enable .

.

ciscoasa#

disable, exit quit .

5 .

ciscoasa# configure terminal

.

ciscoasa(config)#

ASA . exit, quit end .2-2Cisco ASA ASDM

2 Command-Line Interface ASA Services Module ( /SSH ) ASASM Command-Line Interface . ASASM ASDM CLI . ASASM CLI .

2-3


2-5

2-6

2-6

CLI ASASM .

service-module session ASASM , .

.

.

ASASM .

ASASM ROMMON .

.

.

(9600baud).

.

Ctrl-Shift-6, x . Ctrl-Shift-6, x ASASM . ASASM . ASASM . . Cisco IOS , session .

ASASM . .

session ASASM .

ASASM . ASASM ( ). passwd .2-3Cisco ASA ASDM

2 Command-Line Interface .

ASASM .

.

.

ASASM .

ASASM ROMMON .

. .

ASA Services Module

( /SSH ) ASASM Command-Line Interface .

ASASM .

SSH ASASM .

1 .

CLI ASASM .

service-module session [switch {1 | 2}] slot number

:

Router# service-module session slot 3ciscoasa>

VSS switch .

show module .

EXEC .

CLI, ASASM .

session [switch {1 |2}] slot number processor 1

.

ciscoasa passwd:

:

Router# session slot 3 processor 1ciscoasa passwd: ciscociscoasa>

VSS switch .

session slot processor 0 ASASM . ASASM 0 .

show module .2-4Cisco ASA ASDM

2 Command-Line Interface ASASM . passwd . .

EXEC .

2 EXEC .

enable

:

ciscoasa> enable

:ciscoasa#

enable . .

EXEC disable, exit quit .

3 :

configure terminal

disable, exit quit .

36-1 ASDM, SSH ASA .

14-1 , , Enable

ASASM . ASASM CLI .

2-6 .

1 CLI .

Ctrl-Shift-6, x

.

asasm# [Ctrl-Shift-6, x]Router#

Shift-6 (^) . (^) , . terminal escape-character ascii_number ( ) default escape-character ascii_number ( ) . , Ctrl-w, x terminal escape-character 23 .2-5Cisco ASA ASDM

2 Command-Line Interface

ASASM . .

1 CLI show users . "con" . 127.0.0.slot slot .

Router# show users

, 2 0 "con" .

Router# show usersLine User Host(s) Idle Location* 0 con 0 127.0.0.20 00:00:02

2 .

Router# clear line number

:

Router# clear line 0

CLI .

1 CLI , ASASM EXEC exit . exit .

.

asasm# exitRouter#

Ctrl-Shift-6, x . Enter . CLI disconnect . ASASM .2-6Cisco ASA ASDM

2 ASDM ASDM ASDM .

2-7 ASDM (, ASAv)

2-8 ASAv ASDM

2-9 ASA Services Module ASDM

ASDM (, ASAv) ASDM .

1 ASDM .

.

ASA 5512-X ASDM Management 0/0.

ASAv ASDM Management 0/0.

.

ASA 192.168.1.1.

ASAv IP .

ASDM .

ASA 192.168.1.0/24 . DHCP IP .

ASAv IP . ASAv DHCP .

, ASDM .

2-15

7-15

2-12 ASDM 2-7Cisco ASA ASDM

2 ASDM ASAv ASDM .

ASDM IP . .

1 CLI .

2 ( ) .

.

firewall transparent

3 .

interface management id nameif name security-level level no shutdown ip address ip_address mask

:

ciscoasa(config)# interface management 0/0ciscoasa(config-if)# nameif managementciscoasa(config-if)# security-level 100ciscoasa(config-if)# no shutdownciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0

security-level 1~100 100 .

4 ( ) DHCP .

dhcpd address ip_address-ip_address interface_namedhcpd enable interface_name

:

ciscoasa(config)# dhcpd address 192.168.1.2-192.168.1.254 managementciscoasa(config)# dhcpd enable management

.

5 ( ) .

route management_ifc management_host_ip mask gateway_ip 1

:

ciscoasa(config)# route management 10.1.1.0 255.255.255.0 192.168.1.50 12-8Cisco ASA ASDM

2 ASDM 6 ASDM HTTP .

http server enable

7 ASDM .

http ip_address mask interface_name

:

ciscoasa(config)# http 192.168.1.0 255.255.255.0 management

8 .

write memory

9 ( ) .

mode multiple

. ASA .

, Management 0/0 , ASDM .

firewall transparentinterface management 0/0

ip address 192.168.1.1 255.255.255.0nameif managementsecurity-level 100no shutdown

dhcpd address 192.168.1.2-192.168.1.254 managementdhcpd enable managementhttp server enablehttp 192.168.1.0 255.255.255.0 management

2-15

5-9 ( )

2-2

2-12 ASDM

7 , .

ASA Services Module ASDM ASASM ASDM . ASASM CLI ASDM . ASDM ASASM .

ASASM ASASM VLAN .2-9Cisco ASA ASDM

2 ASDM

1 ASASM .

2 ( ) .

firewall transparent

.

3 , .

.

interface vlan number ip address ip_address [mask] nameif name security-level level

:

ciscoasa(config)# interface vlan 1ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0ciscoasa(config-if)# nameif insideciscoasa(config-if)# security-level 100


VLAN .

interface bvi number ip address ip_address [mask]

interface vlan number bridge-group bvi_number nameif name security-level level

:

ciscoasa(config)# interface bvi 1ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0

ciscoasa(config)# interface vlan 1ciscoasa(config-if)# bridge-group 1ciscoasa(config-if)# nameif insideciscoasa(config-if)# security-level 100


4 ( ) DHCP .

dhcpd address ip_address-ip_address interface_namedhcpd enable interface_name

:

ciscoasa(config)# dhcpd address 192.168.1.2-192.168.1.254 insideciscoasa(config)# dhcpd enable inside

.2-10Cisco ASA ASDM

2 ASDM 5 ( ) .

route management_ifc management_host_ip mask gateway_ip 1

:

ciscoasa(config)# route management 10.1.1.0 255.255.255.0 192.168.1.50

6 ASDM HTTP .

http server enable

7 ASDM .

http ip_address mask interface_name

:

ciscoasa(config)# http 192.168.1.0 255.255.255.0 management

8 .

write memory

9 ( ) .

mode multiple

. ASASM .

VLAN 1 ASDM .

interface vlan 1nameif insideip address 192.168.1.1 255.255.255.0security-level 100

dhcpd address 192.168.1.3-192.168.1.254 insidedhcpd enable insidehttp server enablehttp 192.168.1.0 255.255.255.0 inside

, VLAN 1 BVI 1 , ASDM .

firewall transparentinterface bvi 1

ip address 192.168.1.1 255.255.255.0interface vlan 1

bridge-group 1nameif insidesecurity-level 100

dhcpd address 192.168.1.3-192.168.1.254 insidedhcpd enable insidehttp server enablehttp 192.168.1.0 255.255.255.0 inside2-11Cisco ASA ASDM

2 ASDM


7 , .

5-9 ( )

ASDM ASDM .

ASDM-IDM Launcher Launcher ASA IP ASA . ASA Launcher . Launcher ASDM .

Java Web Start ASA Java Web Start . PC ASA IP .

ASDM ASA IP . Launcher Java Web Start ASA ASDM .

ASDM PC ASA . ASA 5 ASDM . ASA PC 1 . , 5 ASDM , ASA 32 .

ASDM Launcher Java Web Start ASDM .

1 ASDM PC URL .

https://asa_ip_address/admin

ASDM .

Install ASDM Launcher and Run ASDM

Run ASDM

Run Startup Wizard

2 Launcher

a. Install ASDM Launcher and Run ASDM .

b. ( ) OK . HTTPS , enable ( ) ASDM . : HTTPS .

c. PC . ASDM-IDM Launcher .

d. IP ( ) OK . : HTTPS .2-12Cisco ASA ASDM

2 ASDM ID 3 Java Web Start

a. Run ASDM Run Startup Wizard .

b. PC . .

c. Java Web Start .

d. . Cisco ASDM-IDM Launcher .

e. ( ) OK . : HTTPS .

ASDM ID Java 7 51 , ASDM Launcher . ID . Java Web Start ASDM .

ASA ID ASDM , Java .

http://www.cisco.com/go/asdm-certificate

ASDM ASDM ASDM . .

ASDM .

ASDM ASDM ASA

CSC SSM .

syslog . , .

.

- ASA

NAT - DMZ ASA

- ASA

IPv6 VPN( SSL VPN IPsec VPN)

IDS( )

Unified Communication Wizard

.

GUI

2-13Cisco ASA ASDM


2 ASDM

:

:

Save Running Configuration to Flash

Save Running Configuration to TFTP Server

Save Running Configuration to Standby Unit

Save Internal Log Buffer to Flash

Clear Internal Log Buffer

:

Command Line Interface

Ping

File Management

Update Software

File Transfer

Upload Image from Local PC

System Reload

Toolbar/Status > Save

Configuration > Interface > Edit Interface > Renew DHCP Lease

(GUI ):

NAT

Clock

ASDM .

1 ASDM Demo Mode (asdm-demo-version.msi) . http://www.cisco.com/cisco/web/download/index.html

2 .

3 Cisco ASDM Launcher Start .

4 Run in Demo Mode .

Demo Mode .2-14Cisco ASA ASDM

http://www.cisco.com/cisco/web/download/index.html

2 Cisco ASA .

ASA ASDM ASA .

ASAv ( ) , ASDM ASAv . IP . " " .

ASASM . 2-3 ASA Services Module .

.

() , log/, crypto_archive/ coredumpinfo/coredump.cfg . . .

2-15

2-16 ASAv

2-17 ASA

2-17 ASAv

. CLI ASDM . ASAv , ASA .

ASASM .

, IP . . ASA .

1 ASDM File > Reset Device to the Factory Default Configuration .

Reset Device to the Default Configuration .2-15Cisco ASA ASDM

2 2 ( ) 192.168.1.1 Management IP address .

3 ( ) Management Subnet Mask .

4 OK .

.

. Configuration > Device Management > System Image/Configuration > Boot Image/Configuration . ASA , . ASA .

5 Yes .

6 , . File > Save Running Configuration to Flash .

, . .

ASAv ASAv .

1 .

. . , .

2 . .

write erase

ASAv . boot image .

.

3 ASAv .

reload2-16Cisco ASA ASDM

2 4 .

. .

ASA ASA .

Management 0/0()

IP 192.168.1.1/24.

DHCP PC 192.168.1.2~192.168.1.254 .

ASDM .

.

interface management 0/0 ip address 192.168.1.1 255.255.255.0 nameif management security-level 100 no shutdownasdm logging informational 100asdm history enablehttp server enablehttp 192.168.1.0 255.255.255.0 managementdhcpd address 192.168.1.2-192.168.1.254 managementdhcpd lease 3600dhcpd ping_timeout 750dhcpd enable management

ASAv ASAv ASDM Management 0/0 . .

Management 0/0 :

IP DHCP

0

IP

ASDM

IP ASDM

( ) GigabitEthernet 0/8 Management 0/0 IP IP 2-17Cisco ASA ASDM

2 .

interface Management0/0 nameif management security-level 0 ip address ip_address management-onlyroute management management_host_IP mask gateway_ip 1http server enablehttp managemment_host_IP mask management

.

interface Management0/0 nameif management security-level 0 ip address ip_address standby standby_ip management-onlyroute management management_host_IP mask gateway_ip 1http server enablehttp managemment_host_IP mask managementfailover failover lan unit primaryfailover lan interface fover gigabitethernet0/8failover link fover gigabitethernet0/8failover interface ip fover primary_ip mask standby standby_ip

ASA .

1 Startup Wizard Wizards > Startup Wizard .

2 IPsec VPN Wizard IPsec VPN Wizards > IPsec VPN Wizard .

3 SSL VPN Wizard SSL VPN Wizards > SSL VPN Wizard .

4 Wizards > High Availability and Scalability Wizard .

5 Packet Capture Wizard Wizards > Packet Capture Wizard .

6 ASDM GUI View > Office Look and Feel .

7 Configuration .

Configuration Refresh .

8 ASA Monitoring .2-18Cisco ASA ASDM

2 ASDM Command Line Interface ASDM 512KB . .

ASDM Command Line Interface ASDM CLI .

2-19 Command Line Interface

2-20 ASDM

Command Line Interface ASA .

CLI . ASDM CLI .

ASDM CLI ASA .

, . Response .

CLI . ASDM noconfirm .

crypto key generate rsa modulus 1024 noconfirm

ASA . ASDM CLI . ASA .

ASA Monitoring > Properties > Device Access .

1 ASDM Tools > Command Line Interface .

Command Line Interface .

2 ( ) .

3 Send .

4 Clear Response .2-19Cisco ASA ASDM

2 ASDM 5 Enable context-sensitive help (?) . .

6 Command Line Interface ASDM Refresh .

ASDM ASDM . ASDM . ASDM . 3-32 .

1 ASDM Tools > Show Commands Ignored by ASDM on Device .

2 OK .

ASDM ASDM 512KB . . , . ASDM . ASDM .

ASDM Launcher .

1 Windows :

a. ASDM-IDM Launcher Properties .

b. Shortcut .

c. Target -Xmx . , 768MB -Xmx768M 1GB -Xmx1G .2-20Cisco ASA ASDM

2 ASDM 2 Macintosh :

a. Cisco ASDM-IDM Show Package Contents .

b. Contents Info.plist . Developer , Property List Editor . TextEdit .

c. Java > VMOptions -Xmx . , 768MB -Xmx768M 1GB -Xmx1G .

d. .

e. Unlock .

Unlock Cisco ASDM-IDM Copy Cisco ASDM-IDM (: ) . .2-21Cisco ASA ASDM

2 . . show , .

, QoS service-policy , show service-policy QoS . .

.

.

clear local-host [ip_address] [all]

. . show local-host all .

(through-the-box) . (to-the-box) ( ) all . IP ip_address .

clear conn [all] [protocol {tcp | udp}] [address src_ip[-src_ip] [netmask mask]] [port src_port[-src_port]] [address dest_ip[-dest_ip] [netmask mask]] [port dest_port[-dest_port]]

. show conn .

(through-the-box) . (to-the-box) ( ) all . IP , IP , / .2-22Cisco ASA ASDM

3

ASDM

ASDM .

3-2 ASDM

3-4 ASDM

3-4

3-10

3-10 ASDM Assistant

3-11

3-12 Device List

3-12

3-13

3-14 ASDM

3-15 ACL Manager

3-16

3-16

3-16 Help

3-17 Home ( )

3-29 Home (System)

3-30 ASDM

3-32 ASDM Assistant

3-32 History Metrics

3-32 3-1Cisco ASA ASDM

3 ASDM ASDM ASDM ASDM ASA . ASDM .

, , , . .

ASDM Home, Configuration Monitoring . .

Navigation Configuration Monitoring . , . Configuration Monitoring .

Navigation . Content (: Configuration > Device Setup > Startup Wizard)

Navigation Content .

Content Navigation .

Device List ASDM . , .

, , , , , , SSL .

Navigation , NAT , AAA , , . . ASDM Assistant .3-2Cisco ASA ASDM

3 ASDM ASDM 3-3 3-1 ASDM .

3-1 ASDM

Wizards, Configuration Monitoring , Status Bar GUI . .

2472

71

1

765 89

24

10.10.10.25

10.10.10.010.10.10.110.10.10.2

10.10.10.3

3

GUI

1

2

3

4

5

6

7

8

9 3-3Cisco ASA ASDM

3 ASDM ASDM ASDM ASDM , , , Navigation . Device List . .

Device Setup

Firewall

Trend Micro Content Security

Remote Access VPN

Site to Site VPN

Device Management

. Configuration Monitoring . Home .

.

1 .

2 .

Show More Buttons .

Show Fewer Buttons .

Add or Remove Buttons .

Option Option . .

Move Up .

Move Down .

Reset .

3 OK .

ASDM . 3-13 .

ASDM .

3-5

3-6

3-7 3-4Cisco ASA ASDM

3 ASDM 3-8 Wizards

3-9

3-9

File ASA . File .

File

Refresh ASDM with the Running Configuration on the Device

ASDM .

Refresh ASDM .

Reset Device to the Factory Default Configuration

.

Show Running Configuration in New Window

.

Save Running Configuration to Flash

.

Save Running Configuration to TFTP Server

TFTP .

Save Running Configuration to Standby Unit

.

Save Internal Log Buffer to Flash .

Print . . Internet Explorer , .

Clear ASDM Cache ASDM . ASDM ASDM .

Clear ASDM Password Cache .

Clear Internal Log Buffer syslog .

ASDM .3-5Cisco ASA ASDM

3 ASDM View ASDM . . . View .

View Home Home .

Configuration Configuration .

Monitoring Monitoring .

Device List . 3-12 Device List .

Navigation Configuration Monitoring Navigation .

ASDM Assistant ASDM . 3-10 ASDM Assistant .

SIP Details .

Latest ASDM Syslog Messages Home Latest ASDM Syslog Messages . Home . , syslog %ASA-1-211004 . 24 .

Addresses Addresses . Addresses Configuration Access Rules, NAT Rules, Service Policy Rules, AAA Rules, Filter Rules .

Services Services . Services Configuration Access Rules, NAT Rules, Service Policy Rules, AAA Rules, Filter Rules .

Time Ranges Time Ranges . Time Ranges Configuration Access Rules, Service Policy Rules, AAA Rules, Filter Rules .

Global Pools Global Pools . Global Pools Configuration NAT Rules .

Find in ASDM ASDM Assistant .

Back . 3-12 .

Forward . 3-12 .

Reset Layout .

Office Look and Feel Microsoft Office .3-6Cisco ASA ASDM

3 ASDM Tools ASDM .

Tools

Command Line Interface ASA .

Show Commands Ignored by ASDM on Device

ASDM .

Packet Tracer . , . .

Ping ASA , . .

Traceroute . .

File Management , , . . TFTP, , PC .

Upgrade Software from Local Computer

ASA , ASDM PC .

Check for ASA/ASDM Updates ASA ASDM .

Backup Configurations ASA , Cisco Secure Desktop , SSL VPN Client .

Restore Configurations ASA , Cisco Secure Desktop , SSL VPN Client .

System Reload ASDM .

Administrators Alerts to Clientless SSL VPN Users

SSL VPN . VPN . 3-7Cisco ASA ASDM

3 ASDM Wizards Wizards . Wizards .

Migrate Network Object Group Members

8.3 ASA IP . , ASDM IP . IP address .

ASA , ASDM . . ASA IP , ASDM ASDM . Tools > Migrate Network Object Group Members .

Cisco ASA 5500 Migration to Version 8.3 and Later .

Preferences ASDM . 3-30 ASDM .

ASDM Java Console Java .

Tools

Wizards

Startup Wizard ASA .

IPsec VPN Wizard ASA IPsec VPN . VPN .

SSL VPN Wizard ASA SSL VPN . VPN .

High Availability and Scalability Wizard

: VPN ASA ASA

Unified Communication Wizard ASA IP . .3-8Cisco ASA ASDM

3 ASDM Window ASDM . .

Help ASDM ASA . Help .

ASDM Identity Certificate Java 7 51 , ASDM Launcher . ID . Java Web Start ASDM . http://www.cisco.com/go/asdm-certificate .

Packet Capture Wizard ASA . (ingress) (egress) . .

Wizards

Help

Help Topics , . Search .

Help for Current Screen . , . question mark (?) help .

Release Notes Cisco.com ASDM . ASDM .

ASDM Assistant Cisco.com ASDM Assistant . .

About Cisco Adaptive Security Appliance (ASA)

, , , ASA . .

About Cisco ASDM , , , , , Java ASDM .3-9Cisco ASA ASDM


3 ASDM Toolbar Home , Configuration , Monitoring . , . Toolbar .

ASDM AssistantASDM Assistant ASDM . , .

View > ASDM Assistant > How Do I? Look For . Find How Do I? .

Toolbar

System/Contexts . down , up . left , right . System . .

Home , , , ASA Home . 3-17 Home ( ) . Home .

Configuration ASA . Navigation .

Monitoring ASA . Navigation .

Back ASDM .

Forward ASDM .

Search ASDM . Search , . Back Forward . 3-10 ASDM Assistant .

Refresh Monitoring , ASDM .

Save .

Help .3-10Cisco ASA ASDM

3 ASDM ASDM Assistant .

1 View > ASDM Assistant .

ASDM Assistant .

2 Search Go .

Search Results .

3 Search Results and Features .

Status Bar ASDM . .

Connection to DeviceASDM ASA Monitoring Home . . ASDM , .

Status (: "Device configuration loaded successfully").

Failover ( ).

User Name ASDM . "admin".

User Privilege ASDM .

Commands Ignored by ASDM

ASDM . .

Connection to Device ASA ASDM . 3-11 Connection to Device .

Syslog Connection syslog ASA .

SSL Secure SSL ASDM .

Time ASA .3-11Cisco ASA ASDM

3 ASDM Device ListDevice ListDevice List . , . Home, Configuration, Monitoring, System . . ASDM . . , , .

.

1 Add .

Add Device .

2 IP OK .

3 Delete .

4 Connect .

Enter Network Password .

5 Login .

ASDM . .

Apply ASDM ASA .

Save .

Reset , Refresh Apply . Reset Refresh .

Restore Default .

Cancel .

Enable .

Close .

Clear .

Back .

Forward .

Help .3-12Cisco ASA ASDM

3 ASDM ASDM .

3-1 ASDM .

3-2 .

3-1

Windows/Linux MacOS

Home Ctrl+H Shift+Command+H

Configuration Ctrl+G Shift+Command+G

Monitoring Ctrl+M Shift+Command+M

Help F1 Command+?

Back Alt+Left Arrow Command+[

Forward Alt+Rightarrow Command+]

F5 Command+R

Ctrl+X Command+X

Ctrl+C Command+C

Ctrl+V Command+V

Ctrl+S Command+S

Shift+F10

Alt+F4 Command+W

Ctrl+F Command+F

Alt+F4 Command+Q

Ctrl_Shift Ctrl+Shift+Tab

Ctril+Shift Ctrl+Shift+Tab

3-2

Tab

Shift+Tab

Ctrl+Tab

Shift+Ctrl+Tab

Next ( )

Previous ( )

Tab

Shift+Tab

( ) F6

( ) Shift+F63-13Cisco ASA ASDM

3 ASDM ASDM 3-3 Log Viewer .

3-4 .

ASDM ASDM . , ASDM .

Find . "*" "?" . * ? . Find () () . Match Case .

, B*ton-L* .

Boston-LA, Boston-Lisbon, Boston-London

Bo?ton .

Boston, Bolton

3-3 Log Viewer

Windows/Linux MacOS

Log Viewer Ctrl+U Command+

Log Buffer F5 Command+R

Clear Internal Log Buffer Ctrl+Delete Command+Delete

Ctrl+C Command+C

Ctrl+S Command+S

Print Ctrl+P Command+P

Alt+F4 Command+W

3-4

Windows/Linux

Alt

Enter3-14Cisco ASA ASDM

3 ASDM ACL Manager ASDM .

AAA Server Groups

ACL Manager ACL Manager . 3-15 ACL Manager .

Certificate-to-Conn Profile Maps-Rules

DAP

Identity Certificates

IKE Policies

IPSec Proposals (Transform Sets)

Local User

Portal-Bookmark

Portal-Customization

Portal-Port Forwarding

CA Certificates

Portal-Smart Tunnels

Portal-Web Contents

VPN Connection Profiles

VPN Group Policies

ACL Manager ACL ACE , ACL Manager .

ACL Manager .

1 ACL Manager Find .

2 Filter .

Source , IP IP . 4 .

Destination Source IP IP ( ) . 4 .

Source or Destination 4 .

Service 4 .

Query Query Query (Source, Destination, Source or Destination, Service) .

3 .

is 4 .

contains 4 ACL ACE .3-15Cisco ASA ASDM

3 ASDM 4 ACL ACE , Browse ACL/ACE .

5 Filter .

ASDM ACL ACE .

6 ACL ACE Clear .

7 x .

Tab . JAWS . .

.

1 Tools > Preferences .

Preferences .

2 General Enable screen reader support .

3 OK .

4 ASDM .

. . Navigation . .

Help .

About ASDM , , , ASDM , , , ASA .

Search .

Using Help .

Glossary ASDM ASA .3-16Cisco ASA ASDM

3 ASDM Home ( )Home ( )ASDM Home ASA . Home 10 . Device Dashboard Firewall Dashboard .

IPS CX , .

Device Dashboard Device Dashboard , , , ASA .

3-2 Device Dashboard .

3-2 Device Dashboard

.

Screens .

Index ASDM .

1 2

3 4

5

6

3708

253-17Cisco ASA ASDM

3 ASDM Home ( )

Device Information

Device Information (General License ) . General Environment Status .

General

ASA .

Host name .

ASA version ASA .

ASDM version ASDM .

Firewall mode .

Total flash RAM .

ASA Cluster Role , .

Device uptime .

Context mode .

Total Memory ASA DRAM .

Environment status . ASA 5585-X General Environment Status (+) . , , CPU .

Environment Status . (+) OK . , (+) Critical .

.

GUI

1 3-18 Device Information

2 3-19 Interface Status

3 3-19 VPN Sessions

4 3-20 Traffic Status

5 3-20 System Resources Status

6 3-20 Traffic Status

3-12 Device List

3-20 Latest ASDM Syslog Messages 3-18Cisco ASA ASDM

3 ASDM Home ( ) ASA , Memory Insufficient Warning . ASA ASDM . OK .

Licenses

. More Licenses . Configuration > Device Management > Licensing > Activation Key .

Cluster

.

Virtual Resources (ASAv)

ASAv vCPU , RAM ASAv .

Interface Status

. Kbps .

VPN Sessions

VPN . Details Monitoring > VPN > VPN Statistics > Sessions .

Failover Status

.

Configure High Availability and Scalability Wizard . (/ /) .

Details Monitoring > Properties > Failover > Status .3-19Cisco ASA ASDM

3 ASDM Home ( )System Resources Status

CPU .

Traffic Status

.

"outside" , . ASDM .

Latest ASDM Syslog Messages

ASA 100 . Enable Logging .

3-3 Latest ASDM Syslog Messages .

3-3 Latest ASDM Syslog Messages

21

3

4

5

6

87

2478

36

GUI

1 .

2 . .

3 . .

4 Auto-hide . Auto-hide Latest ASDM Syslog Messages . .

5 . View Latest ASDM Syslog Messages .

6 syslog .

7 syslog .

8 Logging Filters .3-20Cisco ASA ASDM

3 ASDM Home ( ) Clear Content .

PC Save Content .

Copy .

syslog Color Settings .

Firewall Dashboard Firewall Dashboard ASA . . Firewall Dashboard .

3-4 Firewall Dashboard .

3-4 Firewall Dashboard

GUI

1 3-22 Traffic Overview

2 3-22 Top 10 Access Rules

3 3-22 Top Usage Status 3-21Cisco ASA ASDM

3 ASDM Home ( )Traffic Overview

. ( ), Enable . .

NAT .

.

(TCP SYN UDP ).

Top 10 Access Rules

. ( ), Enable .

Table Show Rule . Access Rules .

Top Usage Status

. 4 .

Top 10 Services

Top 10 Sources

Top 10 Destinations

Top 10 Users ID

3 (Top 10 Services, Top 10 Sources, Top 10 Destinations) . Enable . .

Top 10 Services Enable ( ). Top 10 Sources Top 10 Destinations Enable . ( ), .

Top 10 Users Identity Firewall . Identity Firewall ID . IP . ASA IP .

ASA (Microsoft Active Directory Cisco AD(Active Directory) Agent) Identity Firewall Top 10 Users .

( ) 3-23 Top Ten Protected Servers Under SYN Attack

( ) 3-23 Top 200 Hosts

( ) 3-23 Top Botnet Traffic Filter Hits

GUI 3-22Cisco ASA ASDM

3 ASDM Home ( ) Top 10 Users EPS , EPS , 10 . (domain\user_name ) EPS , EPS , , .

, ASA . . . .

Top Ten Protected Servers Under SYN Attack

. Enable , . 10 .

ASA ( 30) 30 .

IP .

10 ( 1000) Detail . . ASA 60 , 30 60 .

Top 200 Hosts

. ASA 200 . IP 120 . hpm topnenable .

Top Botnet Traffic Filter Hits

. Botnet Traffic Filter . 10 , , , 10 . IP whois .

.3-23Cisco ASA ASDM

3 ASDM Home ( )Cluster Dashboard Cluster Dashboard .

Cluster Members ( IP , , ) ( , , ) .

ASDM , IP IP . ASDM IP IP .

System Resource Status (CPU ) .

Traffic Status .

Connections Per Second :

Cluster Overall .

Per-Member Total .3-24Cisco ASA ASDM

3 ASDM Home ( ) Throughput :

Cluster Overall (egress) .

Per-Member Throughput .

Load Balancing :

Per-Member Percentage of Total Traffic .

Per-Member Locally Processed Traffic .

Control Link Usage :

Per-Member Receival Capacity Utilization .

Per-Member Transmittal Capacity Utilization .3-25Cisco ASA ASDM

3 ASDM Home ( )Cluster Firewall Dashboard Cluster Firewall Dashboard Firewall Dashboard top N , .

Intrusion Prevention Intrusion Prevention IPS . ASA IPS .

IPS .

1 Intrusion Prevention .

Connecting to IPS .3-26Cisco ASA ASDM

3 ASDM Home ( )2 IP , , . IP 192.168.1.2:443. cisco cisco.

3 PC Save IPS login information on local host .

4 Continue .

.

3-5 Intrusion Prevention Health Dashboard .

3-5 Intrusion Prevention (Health Dashboard)

2473

51

1 23 4 53-27Cisco ASA ASDM

3 ASDM Home ( )

ASA CX Status ASA CX Status ASA CX . ASA ASA CX .

ASA FirePOWER Status ASA FirePOWER Status . , , , (: , , ) . FireSIGHT Management Center , .

ASA FirePOWER .

GUI

1 Sensor Information

2 Sensor Health

3 CPU, Memory, Load

4 Interface Status

5 Licensing 3-28Cisco ASA ASDM

3 ASDM Home (System)Home (System)ASDM System Home ASA . ASDM System Home ASDM , ASA . System Home 10 .

3-29 3-6 System Home .

3-6 System Home

1

3

2

2529

73

5

4

GUI 1 System Context .

2 Interface Status .

3 Connection Status

4 CPU Status

5 Memory Status 3-29Cisco ASA ASDM

3 ASDM ASDM ASDM ASDM .

ASDM .

1 Tools > Preferences .

General, Rules Table, Syslog 3 Preferences .

2 . General . Rules Table Rules . Syslog Home syslog , NetFlow syslog .

3 General .

a. Warn that configuration in ASDM is out of sync with the configuration in ASA .

b. Show configuration restriction message to read-only user . .You are not allowed to modify the ASA configuration, because you do not have sufficient privileges.

c. ASDM Confirm before exiting ASDM . .

d. Enable screen reader support (requires ASDM restart) . ASDM .

e. ASDM ASA Warn of insufficient ASA memory when ASDM loads . ASDM , ASDM , 24 syslog .

f. ASDM CLI Preview commands before sending them to the device .

g. ASA Enable cumulative (batch) CLI delivery .

h. ( ) . 60.

i. Packet Capture Wizard Browse .

4 Rules Table .

a. Display Rules .

Auto-Expand Prefix Auto-expand network and service object groups with specified prefix .

Auto-Expand Prefix .3-30Cisco ASA ASDM

3 ASDM ASDM Rules Show members of network and service object groups . .

Limit Members To . n .

Rules Show all actions for service policy rules . .

b. Deployment Rules ASA .

NAT Issue clear xlate command when deploying access lists . ASA .

c. Access Rule Hit Count Settings Access Rules . . Access Rules .

Access Rules Update access rule hit counts automatically .

Access Rules . 10~86400.

5 Syslog .

Syslog Colors . Severity . . Pick a Color . .

Swatches OK .

HSB H, S, B OK .

RGB Red, Green, Blue OK .

syslog NetFlow Warn to disable redundant syslog messages when NetFlow action is first applied to the global service policy rule .

6 3 OK Preferences .

.conf ASDM . ASDM .3-31Cisco ASA ASDM

3 ASDM ASDM Assistant ASDM Assistant ASDM Assistant ASDM .

View > ASDM Assistant > How Do I? Look For . Find How Do I? .

PIX .

ASDM Assistant .

1 View > ASDM Assistant .

ASDM Assistant .

2 Search Go .

Search Results .

3 Search Results and Features .

History Metrics Configuration > Device Management > Advanced > History Metrics ASA , ASDM / . , . 10, 60, 12, 5 .

.

1 Configuration > Device Management > Advanced > History Metrics .

History Metrics .

2 ASDM History Metrics Apply .

ASDM ASA , ASDM . . Tools > Show Commands Ignored by ASDM on Device .3-32Cisco ASA ASDM

3 ASDM 3-5 CLI ASDM ASDM . ASDM ASDM GUI . GUI .

ASDM , ASDM . Tools > Show Commands Ignored by ASDM on Device .

3-5

ASDM

capture .

coredump . CLI .

crypto engine large-mod-accel .

dhcp-server (tunnel-group name general-attributes)

ASDM DHCP .

eject .

established .

failover timeout .

fips .

nat-assigned-to-public-ip .

pager .

pim accept-register route-map . ASDM list .

service-policy global match access-list . :

access-list myacl extended permit ip any anyclass-map mycm match access-list myaclpolicy-map mypm class mycm inspect ftpservice-policy mypm global

set metric .

sysopt nodnsalias .

sysopt uauth allow-http-cache .

terminal .

threat-detection rate .3-33Cisco ASA ASDM

3 ASDM ASDM 255.255.0.255 . , .

ip address inside 192.168.2.1 255.255.0.255

ASDM CLI ASDM CLI . CLI , ASDM [yes/no] . ASDM .

:

1. Tools > Command Line Interface .

2. crypto key generate rsa .

ASDM 1024 RSA .

3. crypto key generate rsa .

RSA ASDM .

Do you really want to replace them? [yes/no]:WARNING: You already have RSA ke0000000000000$A keyInput line must be less than 16 characters in length.

%Please answer 'yes' or 'no'.Do you really want to replace them [yes/no]:

%ERROR: Timed out waiting for a response.ERROR: Failed to create new RSA keys names

:

ASDM .

noconfirm CLI , CLI . :crypto key generate rsa noconfirm3-34Cisco ASA ASDM

4

Cisco ASA Version 9.3

Cisco ASA . . , .

9.3 . .

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-licensing-information-listing.html

4-1

4-20

4-31

4-32

4-36

4-37

.

4-1

4-14

4-19 VPN

.

4-2 ASA 5512-X

4-3 ASA 5515-X

4-5 ASA 5525-X4-1Cisco ASA ASDM

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-licensing-information-listing.html

4 Cisco ASA Version 9.3 4-6 ASA 5545-X

4-7 ASA 5555-X

4-8 ASA 5585-X SSP-10

4-9 SSP-20 ASA 5585-X

4-10 SSP-40 -60 ASA 5585-X


4-12 ASAv - CPU 1

4-13 ASAv - CPU 4

Base( Security Plus ) . . , Unified Communications 24 Strong Encryption , AnyConnect Premium 500 GTP/GPRS , .

. .

No Payload Encryption . 4-30 No Payload Encryption .

4-14 .

ASA 5512-X

4-1 ASA 5512-X

Base Security Plus

Firewall

:

:

100,000 250,000

GTP/GPRS :

Intercompany Media Eng. : :

UC , UC

2 : 2 :

24 50 100 250 500 24 50 100 250 500

VPN

Adv. Endpoint Assessment : :

AnyConnect for Cisco VPN Phone

: :

AnyConnect Essentials : (250 )

: (250 )

AnyConnect for Mobile : : 4-2Cisco ASA ASDM

4 Cisco ASA Version 9.3 ASA 5515-X

AnyConnect Premium() 2 : 2 :

10 25 50 100 250 10 25 50 100 250

(VPN Flex) :

250 (VPN Flex) :

250

: . :

: . :

500~50,000(500 )

50,000~545,000(1,000 )

500~50,000(500 )

50,000~545,000(1,000 )

VPN(),

250 250

VPN() 250 250

VPN

Base(DES) : Strong(3DES/AES)


/ /

,

716 916

2 : 5

2

IPS : :

VLAN, 50 100

4-1 ASA 5512-X ()

Base Security Plus

4-2 ASA 5515-X

Base

Firewall

:

250,000

GTP/GPRS :

Intercompany Media Eng. :

UC , UC

2 : 24 50 100 250 500

VPN

Adv. Endpoint Assessment :


:

AnyConnect Essentials : (250 )4-3Cisco ASA ASDM

4 Cisco ASA Version 9.3 AnyConnect for Mobile :

AnyConnect Premium() 2 :

10 25 50 100 250

(VPN Flex) :

250

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

250

VPN() 250

VPN


/ /

,

916

2 : 5

2

IPS :

VLAN, 100

4-2 ASA 5515-X ()

Base 4-4Cisco ASA ASDM


4-3 ASA 5525-X

Base

Firewall

:

500,000

GTP/GPRS :


UC , UC

2 : 24 50 100 250 500 750 1000

VPN



:

AnyConnect Essentials : (750 )

AnyConnect for Mobile :


10 25 50 100 250 500 750

(VPN Flex) : 750

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

750

VPN() 750

VPN


/ /

,

1316

2 : 5 10 20

2

IPS :

VLAN, 2004-5Cisco ASA ASDM


4-4 ASA 5545-X

Base

Firewall

:

750,000

GTP/GPRS :


UC , UC

2 : 24 50 100 250 500 750 1000 2000

VPN



:

AnyConnect Essentials : (2,500 )



10 25 50 100 250 500 750 1000 2500

(VPN Flex) : 2500

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

2500

VPN() 2500

VPN


/ /

,

1716

2 : 5 10 20 50

2

IPS :



4-5 ASA 5555-X

Base

Firewall

:

1,000,000

GTP/GPRS :


UC , UC

2 :

24 50 100 250 500 750 1000 2000 3000

VPN



:




10 25 50 100 250 500 750 1000 2500 5000

(VPN Flex) : 5000

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

5000

VPN() 5000

VPN


/ /

,

2516

2 : 5 10 20 50 100

2

IPS :


4 Cisco ASA Version 9.3 ASA 5585-X SSP-10

SSP 2 . SSP (: SSP-20 SSP-10 ). SSP . 2 SSP .

4-6 SSP-10 ASA 5585-X

Base Security Plus

Firewall

:

1,000,000

GTP/GPRS :


UC , UC

2 :

24 50 100 250 500 750 1000 2000 3000

VPN



:




10 25 50 100 250 500 750 1000 2500 5000

(VPN Flex) : 5000

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

5000

VPN() 5000

VPN

10 GE I/O Base : , 1GE ifcs

Security Plus : , 10GE ifcs


/ /

,

4612

2 : 5 10 20 50 100

: 16


4 Cisco ASA Version 9.3 SSP-20 ASA 5585-X


4-7 SSP-20 ASA 5585-X

Base Security Plus

Firewall

:

2,000,000

GTP/GPRS :


UC , UC

2 :

24 50 100 250 500 750 1000 2000 3000 5000 10,0001

1. 10,000- UC , 10,000 5000.

VPN



:




10 25 50 100 250 500 750 1000 2500 5000 10,000

(VPN Flex) : 10,000

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

10,000

VPN() 10,000

VPN

10 GE I/O Base : , 1GE ifcs

Security Plus : , 10GE ifcs


/ /

,

4612

2 : 5 10 20 50 100 250

: 16


4 Cisco ASA Version 9.3 SSP-40 -60 ASA 5585-X


4-8 SSP-40 -60 ASA 5585-X

Base

Firewall

:

SSP-40 5585-X: 4,000,000 SSP-60 5585-X: 10,000,000

GTP/GPRS :


UC , UC

2 :

24 50 100 250 500 750 1000 2000 3000 5000 10,0001

1. 10,000- UC , 10,000 5000.

VPN



:




10 25 50 100 250 500 750 1000 2500 5000 10,000

(VPN Flex) : 10,000

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

10,000

VPN() 10,000

VPN

10 GE I/O , 10GE ifcs


/ /

,

4612

2 : 5 10 20 50 100 250

: 16


4 Cisco ASA Version 9.3 ASA Services Module

4-9 ASASM

Base

Firewall

:

10,000,000

GTP/GPRS :


UC , UC

2 :

24 50 100 250 500 750 1000 2000 3000 5000 10,0001

1. 10,000- UC , 10,000 5000.

VPN



:




10 25 50 100 250 500 750 1000 2500 5000 10,000

(VPN Flex) : 10,000

: . :

500~50,000(500 ) 50,000~545,000(1,000 )

VPN(),

10,000

VPN() 10,000

VPN


/ /

2 :

5 10 20 50 100 250


4 Cisco ASA Version 9.3 ASAv - CPU 1

4-10 ASAv - 1 vCPU

Standard Premium

Firewall

100,000

GTP/GPRS

Intercompany Media Eng.

UC , UC

250

VPN

Adv. Endpoint Assessment Standard : Premium :

AnyConnect Essentials Standard : Premium :


Standard : Premium :

AnyConnect for Mobile Standard : Premium :

AnyConnect Premium() Standard : 2 Premium : 250

Shared :

VPN(),

250

VPN() 250

VPN

Strong(3DES/AES)

/

,

716

VLAN, 50

RAM, vCPU 2GB, 5000MHz4-12Cisco ASA ASDM

4 Cisco ASA Version 9.3 ASAv - CPU 4

4-11 ASAv - 4 vCPU

Standard Premium

Firewall

500,000

GTP/GPRS

Intercompany Media Eng.

UC , UC

1000

VPN

Adv. Endpoint Assessment Standard : Premium :

AnyConnect Essentials Standard : Premium :


Standard : Premium :

AnyConnect for Mobile Standard : Premium :

AnyConnect Premium() Standard : 2 Premium : 750

Shared :

VPN(),

750

VPN() 750

VPN

Strong(3DES/AES)

/

,

1316

VLAN, 200

RAM, vCPU 8GB, 20000MHz

4 vCPU 2, 3 vCPU .

CPU 2 4GB RAM, vCPU 10000MHz, 250,000

CPU 3 4GB RAM, vCPU 15000MHz, 350,0004-13Cisco ASA ASDM

4 Cisco ASA Version 9.3 4-12 4-1 .

4-12

AnyConnect Essentials AnyConnect Essentials VPN .

SSL VPN

IKEv2 IPsec

() SSL VPN Cisco Secure Desktop . AnyConnect Essentials AnyConnect Premium .

AnyConnect Essentials VPN AnyConnect (WebLaunch) .

AnyConnect AnyConnect Premium .

AnyConnect Essentials ASA AnyConnect Premium ( ) Advanced Endpoint Assessment . ASA AnyConnect Essentials AnyConnect Premium .

ASA AnyConnect Essentials , webvpn no anyconnect-essentials , ASDM Configuration > Remote Access VPN > Network (Client) Access > Advanced > AnyConnect Essentials .

4-19 VPN .


AnyConnect Premium AnyConnect IP .4-14Cisco ASA ASDM

4 Cisco ASA Version 9.3 AnyConnect for Mobile Windows Mobile 5.0, 6.0, 6.1 AnyConnect Client . AnyConnect 2.3 . AnyConnect Essentials AnyConnect Premium SSL VPN .

AnyConnect Mobile AnyConnect Essentials AnyConnect Premium ASA . .

AnyConnect Premium

DAP DAP . .

AnyConnect Essentials

ASDM .

DAP CLI ASDM .

AnyConnect Premium AnyConnect Premium VPN .

SSL VPN

SSL VPN

IKEv2 IPsec

AnyConnect Premium Shared

ASA ASA . ASA .

Strong Encryption(3DES/AES) .

DES . 3DES DES . Strong Encryption DES , Strong Encryption .

4-12 ()

4-15Cisco ASA ASDM

4 Cisco ASA Version 9.3 Intercompany Media Engine

IME(Intercompany Media Engine) , TLS TLS . TLS UC(Unified Communications) , ASA UC . tls-proxy maximum-sessions ASDM Configuration > Firewall > Unified Communications > TLS Proxy TLS . tls-proxy maximum-sessions ? . UC UC TLS IME . , TLS 1000 750- UC , 250 IME UC . 250 IME , UC IME 750 .

K8 , TLS 1000 .

K9 , TLS .

K8 K9 , K8 K9 .

SRTP .

K8 SRTP 250 .

K9 .

/ SRTP . SRTP .

,

(: VLAN, , , , EtherChannel ) . interface .

IPS IPS IPS ASA . IPS IPS .

.

IPS ASA IPS ( "IPS" (: ASA5515-IPS-K9)). IPS ASA IPS .

IPS . ASA .

IPS IPS . ASA , IPS . IPS IPS .

4-12 ()

4-16Cisco ASA ASDM

4 Cisco ASA Version 9.3 VPN VPN VPN .

IKEv1 IPsec

IKEv1 IPsec VPN

IKEv2 IPsec VPN

Base .

VPN(),

VPN AnyConnect VPN VPN , VPN . VPN , ASA .

SSL VPN AnyConnect , 1 . AnyConnect (: ) SSL VPN 2 .

4-12 ()

4-17Cisco ASA ASDM

4 Cisco ASA Version 9.3 UC , UC

TLS . TLS UC .

TLS UC . Mobility Advantage Proxy( ) IME( IME ) .

UC . , Cisco Unified Communications Manager , 2 TLS 2 UC .

tls-proxy maximum-sessions ASDM Configuration > Firewall > Unified Communications > TLS Proxy TLS . tls-proxy maximum-sessions ? . TLS UC , ASA TLS UC . TLS UC . TLS UC UC .

"K8" (: 250 ), TLS 1000 . "K9" (: 250 ), TLS . K8 K9 , K8 K9 .

, clear configure all TLS . UC , tls-proxy maximum-sessions (ASDM TLS Proxy ). write standby ASDM File > Save Running Configuration to Standby Unit , clear configur

cisco asa 시리즈 일반 운영 asdm 구성 가이드 소프트웨어 버전 7.3

Documents