Filter
Top Products
4-10
Cisco ASDM User Guide
OL-16647-01
Chapter 4 Before You Start
Configuration Overview
–
Filter Rules prevent outbound access to specific websites or FTP servers. The security appliance
works with a separate server running either Websense Enterprise or Sentian by N2H2. Choose
Configuration > Properties > URL Filtering to configure the URL filtering server, which you
must do before adding a rule.
–
Configuring Service Policy Rules apply application inspection, connection limits, and TCP
normalization. Inspection engines are required for services that embed IP addressing
information in the user data packet or that open secondary channels on dynamically assigned
ports. These protocols require the adaptive security appliance to do a deep packet inspection.
You can also limit TCP and UDP connections, and embryonic connections. Limiting the number
of connections and embryonic connections protects you from a DoS attack. An embryonic
connection is a connection request that has not finished the necessary handshake between a
source and destination. TCP normalization drops packets that do not appear normal.
–
NAT translates addresses used on a protected network to addresses used on the public Internet.
This setting lets you use private addresses, which are not routable on the Internet, on your inside
networks.
–
Adding Global Objects provides a single location where you can configure, view, and modify
the reusable components that you need to implement your policy on the adaptive security
appliance. These reusable components, or objects, include the following:
Network Objects/Groups
Service Groups
Class Maps
Inspect Maps
Regular Expressions
TCP Maps
Global Pools
Time Ranges
• The Remote Access VPN pane lets you configure network client access, clientless SSL VPN
browser access and advanced web-related settings, AAA setup, certificate management, load
balancing, and perform additional advanced configuration, including the following:
–
Configure IPSec connections for VPN tunnels.
–
Configure clientless SSL VPN connections. Clientless SSL VPN lets users establish a secure,
remote-access VPN tunnel to the adaptive security appliance using a web browser.
–
IKE sets the IP addresses of clients after they connect through the VPN tunnel.
–
Load Balancing configures load balancing for VPN connections.
–
E-Mail Proxy configures e-mail proxies. E-mail proxies extend remote e-mail capability to
clientless SSL VPN users.
• The Site-to-Site VPN pane lets you configure site-to-site VPN connections, group policies,
certificate management, and perform advanced configuration, including the following:
–
IKE Policies and IKE Parameters (also called ISAKMP), which provide the negotiation protocol
that lets two hosts agree on how to build an IPSec security association.
• The Device Management pane lets you configure settings to access and manage the following:
–
ASDM and HTTP over SSL management sessions.
–
FTP and TFTP clients.