2. Installing the Chassis
The adaptive security appliance ships with a default configuration that includes two preconfigured networks (the Inside network and
the Outside network) and an Inside interface configured with dynamic addressing. Clients on the Inside network obtain a dynamic IP
address from the adaptive security appliance so that they can communicate with each other as well as with devices on the Internet.
Step 1 Connect one end of a yellow straight-through Ethernet cable to port 0 on the adaptive security appliance. (By default, switch
port 0 is the Outside interface.) Connect the other end to a cable/DSL/ISDN modem (the Outside network).
Step 2 Connect your devices (such as PCs, printers, and servers) with straight-through Ethernet cables to ports 1 through 7.
Note Connect a PC to the adaptive security appliance so that you can run Adaptive Security Device Manager (ASDM). See “4.
Initial Configuration Considerations.”
Step 3 Connect PoE devices (such as Cisco IP Phones or network cameras) with straight-through Ethernet cables to switch ports 6 or
7 (the only ports providing power to PoE devices).
Inside Network
Outside Network
Ports 1 − 7
Port 0
Inside Network Interfaces
Outside Network Interface
Security
Services
Console
Card Slot
2
POWER
48
VDC
RESET
1
7
6
5
4
3
2
1
0
POWER over ETHERNET
Internet
3
2
1
ISP Connection
Cisco IP Phone
Web Server
PC
If you connect a server (such as a web server) to the adaptive security appliance, you can use ASDM to make services on that server
accessible by internal and external users. See “7. (Optional) Making Internal Services Accessible from the Internet.”
4. Initial Configuration Considerations
The adaptive security appliance ships with a default configuration that, in most cases, is sufficient for your basic deployment. You
configure the adaptive security appliance by using Adaptive Security Device Manager (ASDM). ASDM is a graphical interface that allows
you to manage the adaptive security appliance from any location by using a web browser.
However, changing certain settings is recommended or required. For example, you should change the following settings from their
defaults:
• The privileged mode (enable) password that is required to administer the adaptive security appliance through ASDM and the CLI
• When using the adaptive security appliance as a VPN endpoint (using the SSL VPN features):
The hostname, domain name, and DNS server names
–
Setting a static Outside interface IP address
–
Creating an identity certificate
–
Configuring WINS names when access to Windows file shares is required
–
Use the Start up Wizard in ASDM to make these changes. See “6. Running the Startup Wizard in ASDM.”
Requirements for Running ASDM
The PC connected to the adaptive security appliance must meet the following requirements to run ASDM.
Operating System and Version
Browser
1
Microsoft Windows Vista
Internet Explorer 6.0 or higher with Sun Java (JRE)
5.0 (1.5) or 6.0
Microsoft Windows XP
Firefox 1.5 or higher with Sun Java (JRE) 5.0 (1.5) or 6.0
Microsoft Windows 2003 Server (English or Japanese)
Microsoft Windows 2000 (Service Pack 4 or higher)
®
Apple Macintosh
OS X
Firefox 1.5 or 2.0 or Safari 2.0 with Java SE Plug-in 1.4.2, 5.0 (1.5.0), or
2
6.0
Red Hat Linux Desktop
Firefox 1.5 or higher with Sun Java (JRE) 5.0 (1.5) or 6.0
Red Hat Enterprise Linux WS version 4 running
GNOME or KDE
.
1. Obtain Sun Java from
java.sun.com
2. With Apple Macintosh, only 32-bit Java SE will be supported. Currently, this also excludes Java 6. The 32-bit Java can run on a 64-bit Mac OS.
6. Running the Startup Wizard in ASDM
Run the Startup Wizard to modify the default configuration so that you can customize the security policy to suit your deployment.
What you set:
• Hostname
• Domain name
• Administrative
passwords
• IP address of
Outside interface
• Interfaces, such as
DMZ interfaces
• Address translation rules
• Dynamic IP address
settings for Inside interface
To run the Startup Wizard:
Step 1 In the main ASDM window, choose Wizards > Startup Wizard.
Step 2 Follow the instructions in the Startup Wizard to configure your adaptive security appliance.
If you get an error when launching the wizard requesting a DES license or a 3DES-AES license or you want to review your license
information, choose Configuration > Device Management > Licensing.
Step 3 While running the wizard, you can accept the default settings or change them as required. (For information about any wizard
field, click Help in the window.)
After running the Startup Wizard, you can run other wizards to configure remote access with the adaptive security appliance. See “8.
(Optional) Running the IPsec VPN Wizard in ASDM” and “9. (Optional) Running the SSL VPN Wizard in ASDM.”