Chapter 4
Using the Configuration Manager
Supporting Other Secure Protocols
Example: Configuring a Secure Mail Server
Note
Supporting FIPS
78-13124-05
Along with SSL, Cisco Secure Content Accelerator devices can support other
secure protocols using TLS v1.0, SSL v2.0, and SSL v3.0. IMAPS, POP3S,
NNTPS, and LDAPS are some examples. The steps below show how to configure
the SSL appliance for setting up a secure server to process only POP3S (S-POP)
mail.
The steps in this example are abbreviated to show only relevant
changes from the standard SSL server setup.
1.
Initiate a management session as described above. Enter Privileged and
Configuration modes. Enter a default router. Enter SSL Configuration mode.
2.
Enter Server Configuration mode and create a server named mySecureMail.
Assign an IP address and netmask. Assign port 995 for monitoring for POP3S
(S-POP) connections and port 110 for sending clear text. Assign the
appropriate key, certificate, and security policy. Return to Privileged mode.
(config-ssl[myDevice])# server mySecureMail create
(config-ssl-server[myServer])# sslport 995
(config-ssl-server[myServer])# remoteport 110
(config-ssl-server[myServer])# finished
SCA#
3.
Save the configuration to flash memory. If not saved, the configuration is lost
during a power cycle or when the reload command is used.
SCA# write flash
SCA#
Refer to Chapter 6, FIPS Operation, for instructions to use the Secure Content
Accelerator in FIPS-compliant operation mode.
Cisco 11000 Series Secure Content Accelerator Configuration Guide
Supporting Other Secure Protocols
4-27