Cisco Cisco SA530 Security Appliance Technical References
© 2010 Cisco Systems, Inc. All rights reserved.
Page 2 of 46
Overview
The Cisco SA 500 is a small business security router that provides SSL VPN access to remote users.
SSL VPN is a flexible and secure way to extend network resources to virtually any remote user who has
access to the Internet and a Web browser. A benefit is that you do not have to install and maintain VPN
client software on the remote machines. Users can remotely access the network by using a web browser.
When the tunnel is established, each user will have an IP address on the internal network to allow them
to use shared resources and applications. Alternatively, you can use SSL VPN Port Forwarding to
provide remote access to specific services and applications on your network:
SSL VPN is a flexible and secure way to extend network resources to virtually any remote user who has
access to the Internet and a Web browser. A benefit is that you do not have to install and maintain VPN
client software on the remote machines. Users can remotely access the network by using a web browser.
When the tunnel is established, each user will have an IP address on the internal network to allow them
to use shared resources and applications. Alternatively, you can use SSL VPN Port Forwarding to
provide remote access to specific services and applications on your network:
Active Directory is a centralized and standardized system that automates network management of user
data, security, and distributed resources, and enables interoperation with other directories. Active
Directory is designed especially for distributed networking environments.
data, security, and distributed resources, and enables interoperation with other directories. Active
Directory is designed especially for distributed networking environments.
You can use an Active Directory authentication server so that SSL VPN Clients can authenticate to the
SA 500 with their current Active Directory account. Before you begin, make sure that your users can
successfully authenticate to the Active Directory server. You can then use the Security Appliance
Configuration Utility to configure your SA 500.
SA 500 with their current Active Directory account. Before you begin, make sure that your users can
successfully authenticate to the Active Directory server. You can then use the Security Appliance
Configuration Utility to configure your SA 500.
Scope and Assumptions
The procedures and guidelines in this application note assume that your SA 500 is set up for Internet
connectivity and has a basic configuration. It only applies to a SA 500 running firmware version 1.1.62 or
later. Using different versions might display slightly different screens and configurations that what are
described in this document.
connectivity and has a basic configuration. It only applies to a SA 500 running firmware version 1.1.62 or
later. Using different versions might display slightly different screens and configurations that what are
described in this document.
Requirements
Before you begin the configuration, make sure that you have the following information:
•
Windows Active Directory server IP address and FQDN (Fully Qualified Domain Name
).
•
IP addresses, port numbers, and account information for application servers and computers.
Configuring the SA 500 for Active Directory Authentication of VPN Clients
Follow the steps in these sections to enable Active Directory authentication of VPN Clients:
•
•
•
•
•
•
•
•