ASDM 5.2 User Guide
ASDMhelp
Downloads: This chapterpdf (PDF - 865.0KB) The complete bookPDF (PDF - 11.14MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z

Index

A

AAA

authentication

direct 19-13

interactive 19-13

authorization

downloadable access lists 19-15

local fallback 10-3

overview 10-1

performance 19-1

support 10-2

AAA server group, add (group-policy) 27-6

ABR

definition of 14-1

Access Group panel 15-2

description 15-2

fields 15-2

access lists

downloadable 19-15

Accounting tab, tunnel group 27-46

ACE

add/edit/paste 27-13

Extended ACL tab 27-12

ACL

enabling IPSEC authenticated inbound sessions to bypass ACLs 27-59

extended 27-12

for WebVPN 27-40

standard 27-11

ACL Manager

Add/Edit/Paste ACE 27-13

dialog box 27-11

ACLs

defining traffic match criteria 21-4

Active/Active failover

about 12-2

command replication 12-2

configuration synchronization 12-2

Active/Standby failover 12-2

ActiveX

filtering option 20-8

object filtering, benefits of 20-5

Add/Edit Access Group dialog box 15-3

description 15-3

fields 15-3

Add/Edit Filtering Entry dialog box 14-9

description 14-9

fields 14-9

Add/Edit IGMP Join Group dialog box 15-4

description 15-4

fields 15-4

Add/Edit IGMP Static Group dialog box 15-7

description 15-7

fields 15-7

Add/Edit Multicast Group dialog box 15-18

description 15-18

fields 15-18

Add/Edit Multicast Route dialog box

description 15-8

fields 15-8

Add/Edit OSPF Area dialog box 14-5

description 14-5

fields 14-5

Add/Edit OSPF Neighbor Entry dialog box 14-17

description 14-17

fields 14-17

Restrictions 14-17

Add/Edit Periodic Time Range dialog box 6-111

Add/Edit Redistribution dialog box 14-15

description 14-15

fields 14-15

Add/Edit Rendezvous Point dialog box 15-16

description 15-16

fields 15-16

restrictions 15-16

Add/Edit Route Summarization dialog box 14-7

about 14-7

fields 14-8

Add/Edit SSH Configuration dialog box 11-8

description 11-8

fields 11-8

Add/Edit Summary Address dialog box

description 14-18

fields 14-18

Add/Edit Time Range dialog box 6-110

Add/Edit Virtual Link dialog box 14-19

description 14-19

fields 14-20

address assignment, client 27-46

Address Pool panel, VPN wizard 26-12

address pools, tunnel group 27-46

Address Translation Exemption panel, VPN wizard 26-13

admin context

overview 7-1

administrative access

using ICMP for 8-7

Advanced DHCP Options dialog box 9-7

description 9-7

fields 9-7

Advanced OSPF Interface Properties dialog box 14-13

description 14-13

fields 14-13

Advanced OSPF Virtual Link Properties dialog box 14-20

description 14-20

fields 14-20

Advanced tab, tunnel group 27-47

alternate address, ICMP message 8-8, 8-9

anti-replay window size 21-30, 26-14

APN, GTP application inspection 6-60

APPE command, denied request 6-53

application access

and e-mail proxy 29-7

and Web Access 29-7

configuring client applications 29-6

enabling cookies on browser 29-6

privileges 29-6

quitting properly 29-6

setting up on client 29-6

using e-mail 29-7

with IMAP client 29-7

application firewall 6-67

application inspection

described 6-29

enabling for different protocols 21-14

security level requirements 4-1

Apply button 1-24

Area/Networks tab 14-4

description 14-4

fields 14-5

area border router 14-1

ARP inspection

configuring 23-1

ARP spoofing 23-2

ARP table

monitoring 39-1

static entry 23-3

ASA 5505

Base license 5-14

client

Xauth 27-62

MAC addresses 5-16

maximum VLANs 5-14

power over Ethernet 5-16

Security Plus license 5-14

SPAN 5-16

ASBR

definition of 14-1

ASDM

version 1-26

ASR group 14-32

assured forwarding (AF), traffic match criteria 21-14

asynchronous routing support 14-32

attacks

DNS HINFO request 24-8

DNS request for all records 24-8

DNS zone transfer 24-8

DNS zone transfer from high port 24-8

fragmented ICMP traffic 24-7

IP fragment 24-6

IP impossible packet 24-6

large ICMP traffic 24-7

ping of death 24-8

proxied RPC request 24-9

statd buffer overflow 24-9

TCP FIN only flags 24-8

TCP NULL flags 24-8

TCP SYN+FIN flags 24-8

UDP bomb 24-8

UDP chargen DoS 24-8

UDP snork 24-8

Attributes Pushed to Client panel, VPN wizard 26-12

authenticating a certificate 32-1

authentication

FTP 19-5

HTTP 19-5, 19-13

Telnet 19-5

Authentication tab 14-10

description 14-10

fields 14-10

Authentication tab, tunnel group 27-44

Authorization tab, tunnel group 27-44

Auto Signon

group-policy 27-40

B

bandwidth 1-26

banner, view/configure 27-22

basic HTTP authentication

HTTP

basic authentication 19-13

Basic tab

general tab, tunnel group 27-42

IPSec LAN-to-LAN, General tab 27-50

tunnel group WebVPN Access, General tab 27-53

bridging

MAC address table

learning, disabling 23-6

overview 23-4

static entry 23-6

management IP address 8-1

Browse ICMP 27-16

Browse Other 27-17

Browse Source or Destination Address 27-14

Browse Source or Destination Port 27-15

Browse Time Range 27-8

building blocks 6-1

C

CA certificate 32-1

call agents

MGCP application inspection 6-83, 6-84

Cancel button 1-24

CDUP command, denied request 6-53

certificate

exporting 32-16

fingerprint 32-1

importing 32-17

installing 32-17

managing 32-5

certificate authentication 32-1

certificate enrollment 32-2

Cisco Client Parameters tab 27-22

classes

See resource management

Client Access Rule, add or edit 27-20

Client Address Assignment 27-46

Client Authentication panel, VPN wizard 26-10

Client Configuration tab 27-20

Client Firewall tab 27-25

client parameters, configuring 27-20

Client Update, edit , Windows and VPN 3002 clients 27-3

Client Update window, Windows and VPN 3002 clients 27-1

configuration

context files 7-2

factory default 2-1

Configure IGMP Parameters dialog box 15-5

description 15-5

fields 15-5

configuring

CSC activation 35-8

CSC email 35-16

CSC file transfer 35-18

CSC IP address 35-9

CSC license 35-8

CSC management access 35-11

CSC notifications 35-10

CSC password 35-11

CSC Setup Wizard 35-13

CSC updates 35-19

CSC Web 35-15

CSC wizard summary 35-13

connections per second 1-26

Content Filtering tab 27-34

context mode

viewing 1-26

contexts

See security contexts

conversion error, ICMP message 8-8, 8-9

CPU usage 1-26

Create a Service Policy and Apply to group box 21-3

CRL

cache refresh time 32-15

enforce next update 32-15

retrieval method 32-12

retrieval policy 32-11

CSC activation

configuring 35-8

CSC CPU

monitoring 37-4

CSC email

configuring 35-16

CSC file transfer

configuring 35-18

CSC File Transfer panel

fields 35-18

CSC IP address

configuring 35-9

CSC license

configuring 35-8

CSC management access

configuring 35-11

CSC memory

monitoring 37-5

CSC notifications

configuring 35-10

CSC password

configuring 35-11

CSC security events

monitoring 37-2

CSC Setup Wizard 35-13

summary 35-13

CSC software updates

monitoring 37-3

CSC SSM

getting started 35-3

overview 35-1

what to scan 35-5

CSC threats

monitoring 37-1

CSC updates

configuring 35-19

CSC Web

configuring 35-15

CSD Setup 28-8

CSD support 1-9

CTIQBE

application inspection, enabling 21-14

cut-through proxy 19-1

D

data flow

routed firewall 16-3

transparent firewall 16-12

default class 7-12

default configuration 2-1

default inspection traffic 21-4

default routes

defining equal cost routes 14-28

definition of 14-28

for tunneled traffic 14-28

default tunnel gateway 27-4

destination address, browse 27-14

destination port, browse 27-15

device ID, including in messages 13-6

Device Pass-Through 27-63

DHCP

configuring 9-4

interface IP address 4-8, 5-20

monitoring

interface lease 39-2

IP addresses 39-2

server 39-2

statistics 39-3

services 9-1

statistics 39-3

DHCP relay

overview 9-1

DHCP Relay - Add/Edit DHCP Server dialog box 9-3

description 9-3

fields 9-3

restrictions 9-3

DHCP Relay panel 9-1

description 9-1

fields 9-2

prerequisites 9-2

restrictions 9-1

DHCP Server panel 9-4

description 9-4

fields 9-4

DHCP services 9-1

DiffServ, traffic match criteria 21-14

DiffServ preservation 21-29

digital certificates 32-1

direct authentication 19-13

disabling content rewrite 28-11

DNS

application inspection, enabling 21-15

DNS client 9-9

DNS HINFO request attack 24-8

DNS request for all records attack 24-8

DNS zone transfer attack 24-8

DNS zone transfer from high port attack 24-8

downloadable access lists

configuring 19-15

converting netmask expressions 19-19

DSCP

traffic match criteria 21-4, 21-14

DSCP preservation 21-29

duplex

interface 4-4, 4-11, 5-25

system 4-4

E

Easy VPN

client

Xauth 27-62

Easy VPN, advanced properties 27-63

Easy VPN client 27-61

Easy VPN Remote 27-61

echo reply, ICMP message 8-7

ECMP 14-28

Edit DHCP Relay Agent Settings dialog box 9-3

description 9-3

fields 9-3

prerequisites 9-3

restrictions 9-3

Edit DHCP Server dialog box 9-6

description 9-6

fields 9-6

Edit OSPF Interface Authentication dialog box 14-11

description 14-11

fields 14-11

Edit OSPF Interface Properties dialog box 14-12

fields 14-12

Edit OSPF Process Advanced Properties dialog box 14-3

description 14-3

fields 14-3

Edit PIM Protocol dialog box 15-12

description 15-12

fields 15-12

e-mail proxy

and WebVPN 29-7

Enable IPSec authenticated inbound sessions 27-59

enrolling

certificate 32-2

ESMTP

application inspection, enabling 21-15

established command

security level requirements 4-2

Ethernet

MTU 4-9, 5-22

expedited forwarding (EF), traffic match criteria 21-14

exporting a certificate 32-16

extended ACL 27-12

external filtering server 20-5

External Group Policy, add or edit 27-6

F

factory default configuration 2-1

failover

about virtual MAC addresses 12-21

criteria 12-20, 12-28

defining standby IP addresses 12-18, 12-19

defining virtual MAC addresses 12-22

enable 12-26

enabling Active/Standby 12-15

enabling LAN-based 12-16

enabling LAN-based failover 12-26

enabling Stateful Failover 12-16

graphs 38-4

in multiple context mode 12-26

interface 4-5

system 4-3

key 12-15, 12-26

make active 38-4

make standby 38-4

monitoring 38-1

monitoring interfaces 12-19

reload standby 38-4

reset 38-4, 38-8

stateful 12-3

Stateful Failover 12-27

stateless 12-3

status 38-1

failover groups

about 12-29

adding 12-30

editing 12-30

monitoring 38-8

reset 38-10

filtering

benefits of 20-5

rules 20-8

security level requirements 4-1

servers supported 20-1

URLs 20-1

filtering, Content Filtering tab 27-34

Filtering panel 14-8

benefits 14-8

description 14-8

fields 14-8

restrictions 14-8

fingerprint

certificate 32-1

firewall, client, configuring settings 27-25

firewall mode

configuring 2-5

overview 16-1

viewing 1-26

firewall server, Zone Labs 27-60

Flash memory, amount 1-26

fragmentation policy, IPSec 26-5

fragmented ICMP traffic attack 24-7

FTP

application inspection

enabling 21-15

viewing 6-31, 6-32, 6-33, 6-35, 6-41, 6-42, 6-43, 6-49, 6-50, 6-51, 6-56, 6-61, 6-62, 6-63, 6-69, 6-75, 6-79, 6-80, 6-82, 6-86, 6-88, 6-89, 6-90, 6-93, 6-94

filtering option 20-9

Functions tab, WebVPN 27-31

G

gateway, default tunnel gateway 27-4

gateways

MGCP application inspection 6-84

General Client Parameters tab 27-21

Group Aliases and URLs, tunnel group 27-57

Group Policy window

add or edit, General tab 27-7

introduction 27-4

IPSec tab, add or edit 27-19

GTP

application inspection

enabling 21-15

viewing 6-55

H

H225

application inspection, enabling 21-15

H323 RAS

application inspection, enabling 21-15

Hardware Client tab 27-27

Help button 1-24

HELP command, denied request 6-53

Help menu 1-22

hierarchical policy, traffic shaping and priority queueing 21-29

history metrics 2-9

Homepage tab 27-34

HSRP 16-9

HTTP

application inspection

enabling 21-15

viewing 6-67

filtering 20-1

benefits of 20-5

configuring 20-9

HTTPS

authentication

redirect method 19-13

enabling access to ASDM 11-6

filtering option 20-9

I

ICMP

add group 27-17

application inspection, enabling 21-15

browse 27-16

rules for access to ADSM 8-7

ICMP Error

application inspection, enabling 21-15

ICMP Group 27-17

ICMP types

selecting 8-7, 8-8

IGMP

access groups 15-2

configuring interface parameters 15-5

group membership 15-3

interface parameters 15-4

static group assignment 15-6

IGMP panel

IGMP

overview 15-2

IKE Policy panel, VPN wizard 26-4

IKE tunnels, amount 1-26

ILS

application inspection, enabling 21-15

import certificate panel 32-3

importing a certificate 32-17

information reply, ICMP message 8-8, 8-9

information request, ICMP message 8-8, 8-9

installing a certificate 32-17

interactive authentication 19-13

interface

add

system 4-3

configuring

system 4-2

duplex 4-4, 4-11, 5-25

system 4-4

edit

system 4-3

failover 4-5

failover link

system 4-3

IP address

DHCP 4-8, 5-20

management only 4-7, 5-20

MTU 4-9, 5-22

name 4-7, 5-20

security level 4-7, 5-20

speed 4-5, 4-11

system 4-4

state link 4-5

status 1-26

subinterface, adding 4-7

throughput 1-26

Interface panel 14-10

interfaces

ASA 5505

MAC addresses 5-16

maximum VLANs 5-14

enabled status 4-2, 4-3, 4-4, 4-6, 4-7

monitoring 39-5

IP address 8-1

configuration 4-8, 5-20

configuring 4-6, 5-18

interface

DHCP 4-8, 5-20

management, transparent firewall 8-1

IP audit

enabling 24-3

monitoring 42-8

signatures 24-5

IP DiffServ CodePoints, traffic match criteria 21-4, 21-14

IP fragment attack 24-6

IP fragment database, defaults 24-11

IP fragment database, editing 24-13

IP impossible packet attack 24-6

IP overlapping fragments attack 24-6

IP precedence

traffic match criteria 21-4, 21-13

IPS

IP audit 24-3

IPSec

fragmentation policy 26-5

IPsec

Cisco VPN Client 26-12

IPSec Encryption and Authentication panel, VPN wizard 26-5

IPSec rules

anti-replay window size 21-30, 26-14

IPSec tab

internal group policy 27-19

IPSec LAN-to-LAN 27-51

tunnel group 27-48

IPSec tunnels, amount 1-26

IP teardrop attack 24-6

J

Java

applet filtering

benefits of 20-5

configuring 20-8

Join Group panel 15-3

description 15-3

fields 15-3

K

key pair panel

key-pair name 32-4

size 32-4

type 32-4

usage 32-4

key pairs 32-4

adding 32-4

showing details 32-5

L

large ICMP traffic attack 24-7

latency

configuring 21-26, 21-27

Layer 2 firewall

See transparent firewall

license 1-26

LLQ

See low-latency queue

Local Hosts and Networks panel, VPN wizard 26-6

login

FTP 19-5

low-latency queue

applying 21-26, 21-27

LSA

about Type 1 40-1

about Type 2 40-2

about Type 3 40-3

about Type 4 40-3

about Type 5 40-4

about Type 7 40-4

M

MAC addresses

ASA 5505 5-16

MAC address table 23-4

built-in-switch 23-5

learning, disabling 23-6

monitoring 39-4

overview 16-12, 23-4

static entry 23-6

management traffic 4-7, 5-20

managing

certificates 32-5

man-in-the-middle attack 23-2

mask reply, ICMP message 8-8, 8-9

mask request, ICMP message 8-8, 8-9

maximum sessions, IPSec 27-59

memory, amount

Flash 1-26

memory usage 1-26

menus 1-7

MGCP

application inspection

configuring 6-84

enabling 21-15

viewing 6-82

Microsoft client parameters, configuring 27-20

Microsoft Client Parameters tab 27-23

mobile redirection, ICMP message 8-8, 8-9

mode

context 7-9

firewall 2-5

model 1-26

monitoring

ARP table 39-1

CSC CPU 37-4

CSC memory 37-5

CSC security events 37-2

CSC software updates 37-3

CSC threats 37-1

DHCP

interface lease 39-2

IP addresses 39-2

server 39-2

statistics 39-3

failover 38-1, 38-5

failover groups 38-8

history metrics 2-9

interfaces 39-5

MAC address table 39-4

routes 40-7

monitoring interfaces 12-19

monitoring switch traffic, ASA 5505 5-16

MRoute panel 15-11

description 15-7

fields 15-7

MTU 4-9, 5-22

Multicast panel

description 15-1

fields 15-1

Multicast Route panel 15-11

multicast traffic 16-9

multiple mode, enabling 7-9

N

N2H2 filtering server 20-5

NAC tab (Network Admission Control) 27-30

name resolution 9-9

NAT

application inspection 6-29

security level requirements 4-2

transparent firewall 16-11

NETBIOS

application inspection, enabling 21-15

NetBIOS server

add/edit 27-56

tab 27-55

Network Address Translation

See NAT

New Authentication Server Group panel, VPN wizard 26-10

new features 1-2

O

Options menu 1-9

OSPF

about 14-1

adding an LSA filter 14-9

authentication settings 14-10

authentication support 14-1

configuring authentication 14-11

defining a static neighbor 14-17

defining interface properties 14-12

interaction with NAT 14-1, 14-2

interface properties 14-10, 14-12

LSA filtering 14-8

LSAs 14-2

LSA types 40-1

monitoring LSAs 40-1

neighbor states 40-5

route redistribution 14-14

static neighbor 14-16

summary address 14-17

virtual links 14-19

OSPF area

defining 14-4

OSPF Neighbors panel 40-5

description 40-5

fields 40-5

OSPF parameters

dead interval 14-14

hello interval 14-13

retransmit interval 14-14

transmit delay 14-14

OSPF route summarization

about 14-7

defining 14-7

Other tab, WebVPN 27-36

Outlook Web Access (OWA) and WebVPN 29-7

oversubscribing resources 7-11

P

packet

classifier 7-2

flow, transparent firewall 16-12

packet flow

routed firewall 16-3

packet trace, enabling 1-13

parameter problem, ICMP message 8-8, 8-9

password

restoring to default value 35-12

WebVPN 29-1

PDP context, GTP application inspection 6-56, 6-59

PIM

interface parameters 15-11

overview 15-11

register message filter 15-18

rendezvous points 15-16

shortest path tree settings 15-19

ping of death attack 24-8

platform model 1-26

PoE 5-16

Port Forwarding

configuring client applications 29-6

Port forwarding 27-35

port forwarding entry 27-36

port forwarding list 27-35

Posture Validation Exception, add/edit 27-31

power over Ethernet 5-16

pppoe_client 39-8

PPP tab, tunnel-group 27-49

PPTP

application inspection, enabling 21-16

priority queueing

hierarchical policy with traffic shaping 21-29

IPSec anti-replay window size 21-30, 26-14

Process Instances tab 14-3

description 14-3

fields 14-3

Properties tab 14-12

description 14-12

fields 14-12

Protocol and Service group box 21-11

Protocol Group, add 27-18

Protocol panel (IGMP) 15-4

description 15-4

fields 15-4

Protocol panel (PIM) 15-11

description 15-11

fields 15-11

proxied RPC request attack 24-9

proxy ARP, disabling 14-33

proxy bypass 28-18

Q

QoS

about 21-27

DiffServ preservation 21-29

DSCP preservation 21-29

feature interaction 21-28

priority queueing

hierarchical policy with traffic shaping 21-29

IPSec anti-replay window size 21-30, 26-14

token bucket 21-26

traffic match criteria 21-4, 21-14

traffic shaping

overview 21-28

queue, QoS

limit 21-26, 21-27

R

RADIUS

downloadable access lists 19-15

network access authorization 19-15

RAM, amount

memory, amount

RAM 1-26

rate limiting 21-27

recurring time range, add or edit 27-10

redirect, ICMP message 8-7, 8-9

Redistribution panel 14-14

description 14-14

fields 14-14

Remote Access Client panel, VPN wizard 26-8

Remote Site Peer panel, VPN wizard 26-3

Rendezvous Points panel 15-16

description 15-16

fields 15-16

Request Filter panel 15-18

description 15-18

fields 15-18

reset

inbound connections 24-13

outside connections 24-13

Reset button 1-24

resource management

configuring 7-10

default class 7-12

oversubscribing 7-11

overview 7-11

unlimited 7-11

restoring the default passord 35-12

rewrite, disabling 28-11

RIP

authentication 14-21

definition of 14-21

support for 14-21

RIP panel 14-21

fields 14-22

limitations 14-22

RIP Version 2 Notes 14-22

RNFR command, denied request 6-53

RNTO command, denied request 6-53

routed mode

setting 2-5

router advertisement, ICMP message 8-7, 8-8, 8-9

router solicitation, ICMP message 8-8, 8-9

Routes panel 40-7

description 40-7

fields 37-3, 40-7

Route Summarization tab 14-7

about 14-7

fields 14-7

Route Tree panel 15-19

description 15-19

fields 15-19

RPC

application inspection, enabling 21-16

RSH

application inspection, enabling 21-16

RTP

range in traffic match criteria 21-4, 21-13

RTSP

application inspection, enabling 21-16

rules

filtering 20-5

ICMP 8-7

service policy 21-1

S

same security level 4-5

Secure Computing SmartFilter filtering server

supported 20-1

URL for website 20-1

Secure Copy panel 8-12

description 8-12

fields 8-13

limitations 8-12

Secure Shell panel

description 11-7

fields 11-7, 11-11

security contexts

admin context

overview 7-1

cascading 7-7

classifier 7-2

configuration

files 7-2

logging in 7-8

multiple mode, enabling 7-9

nesting or cascading 7-8

overview 7-1

resource management 7-11

unsupported features 7-2

security level

configuration 4-7, 5-20

overview 4-1

same 4-5

segment size

maximum and minimum 24-13

Server and URL List

add/edit 27-37

Server or URL

dialog box 27-38

service policy rules 21-1

Setup panel 14-2

about 14-2

signatures

attack and informational 24-5

single mode

backing up configuration 7-9

configuration 7-9

enabling 7-9

restoring 7-10

SIP

application inspection, enabling 21-16

SITE command, denied request 6-53

Skinny

application inspection, enabling 21-16

SNMP

application inspection

enabling 21-16

viewing 6-100

software

license 1-26

version 1-26

source address, browse 27-14

source port, browse 27-15

Source Port group box 21-11

source quench, ICMP message 8-9

source-quench, ICMP message 8-7

SPAN 5-16

speed

interface 4-5, 4-11

system 4-4

spoofing, preventing 24-12

SQLNET

application inspection, enabling 21-16

SSL VPN Client 27-38

SSM

configuration

CSC SSM 35-3

Standard Access List Rule, add/edit 27-24

Standard ACL tab 27-11

startup configuration 7-2

statd buffer overflow attack 24-9

stateful application inspection 6-29

Stateful Failover 12-3

enabling 12-16

Logical Updates Statistics 38-7, 38-9

settings 12-27

stateful failover

interface 4-5

system 4-3

stateless failover 12-3

Static Group panel 15-6

description 15-6

fields 15-6

Static Neighbor panel 14-16

description 14-16

fields 14-16

static routes

about 14-28

floating 14-28

status bar 1-23

stealth firewall

See transparent firewall

STOU command, denied request 6-53

subinterface

add

system 4-3

adding 4-7

edit

system 4-3

subordinate certificate 32-1

Summary Address panel 14-17

description 14-17

fields 14-18

Summary panel, VPN wizard 26-7

Sun Microsystems Java™ Runtime Environment (JRE) and WebVPN 28-16, 29-6

SVC 27-38

switch MAC address table 23-5

switch ports

default configuration 5-16

SPAN 5-16

system

interface

add 4-3

duples 4-4

edit 4-3

failover link 4-3

speed 4-4

interface configuration 4-2

system configuration

network settings 7-2

overview 7-1

system messages

device ID, including 13-6

T

tail drop 21-27

TCP

application inspection 6-29

destination port in traffic match criteria 21-4, 21-12

maximum segment size 24-13

TIME_WAIT state 24-14

TCP FIN only flags attack 24-8

TCP NULL flags attack 24-8

TCP Service Group, add 27-16

TCP SYN+FIN flags attack 24-8

TFTP

application inspection, enabling 21-16

TIME_WAIT state 24-14

time exceeded, ICMP message 8-7, 8-8, 8-9

time range

add or edit 27-9

browse 27-8

recurring 27-10

timestamp reply, ICMP message 8-8, 8-9

timestamp request, ICMP message 8-8, 8-9

tocken bucket 21-26

Tools menu 1-11

traceroute, enabling 1-12, 1-17

traffic flow

routed firewall 16-3

transparent firewall 16-12

traffic match criteria 21-1

traffic shaping

overview 21-28

traffic usage 1-26

transmit queue ring limit 21-26, 21-27

transparent firewall

data flow 16-12

guidelines 16-10

HSRP 16-9

MAC address table

learning, disabling 23-6

overview 23-4

static entry 23-6

management IP address 8-1

multicast traffic 16-9

NAT 16-11

overview 16-9

VRRP 16-9

transparent mode

guidelines 16-10

overview 16-8

unsupported features 16-11

trustpoint

definition 32-7

trustpoint configuration panel 32-7

advanced options 32-15

CA certificate subject 32-7

certificate parameters 32-9

CRL retrieval method 32-12

CRL retrieval policy 32-11

device certificate subject 32-7

editing DN 32-10

enrollment settings 32-8

request CRL 32-7

trustpoint name 32-7

trustpoint export panel 32-16

trustpoint import panel 32-17

Tunneled Management 27-63

tunnel gateway, default 27-4

tunnel group

introduction 27-41

traffic match criteria 21-4

WebVPN Tab, Basic Tab 27-54

tx-ring-limit 21-26, 21-27

Type 1 panel 40-1

description 40-1

fields 40-1

Type 2 panel 40-2

description 40-2

fields 40-2

Type 3 panel 40-3

description 40-3

fields 40-3

Type 4 panel 40-3

description 40-3

fields 40-3

Type 5 panel 40-4

description 40-4

fields 40-4

Type 7 panel 40-4

description 40-4

fields 40-5

U

UDP

application inspection 6-29

bomb attack 24-8

chargen DoS attack 24-8

destination port in traffic match criteria 21-4, 21-12

snork attack 24-8

Unicast Reverse Path Forwarding 24-12

unreachable messages

ICMP type 8-7, 8-9

required for MTU discovery 8-7

uptime 1-26

URL

filtering

benefits of 20-5

configuring 20-9

URLs

filtering 20-1

filtering, configuration 20-4

User Accounts panel, VPN wizard 26-11

username

WebVPN 29-1

Xauth for Easy VPN client 27-62

V

version

ASDM 1-26

platform software 1-26

View/Config Banner 27-22

virtual firewalls

See security contexts

Virtual Link panel 14-19

description 14-19

fields 14-19

virtual MAC address

defining for Active/Active failover 12-31

virtual MAC addresses

about 12-21, 12-32

defaults for Active/Active failover 12-31

defining 12-22

defining for Active/Standby failover 12-33

virtual private network

overview 26-2

VLANs

ASA 5505

MAC addresses 5-16

maximum 5-14

VPN

overview 26-1, 26-2

system options 27-59

VPN Client, IPsec attributes 26-12

VPN Tunnel Type panel, VPN wizard 26-2

VPN wizard 26-1

Address Pool panel 26-12

Address Translation Exemption panel 26-13

Attributes Pushed to Client panel 26-12

Client Authentication panel 26-10

IKE Policy panel 26-4

IPSec Encryption and AUthentication panel 26-5

Remote Access Client panel 26-8

Remote Site Peer panel 26-3

Summary panel 26-7

User Accounts panel 26-11

VPN Tunnel Type panel 26-2

VPNwizard

Local Hosts and Networks panel 26-6

New Authentication Server Group panel 26-10

VRRP 16-9

W

web browsing with WebVPN 29-4

Web Page (tunnel-group) tab 27-58

Websense filtering server 20-1, 20-5

WebVPN

client application requirements 29-2

client requirements 29-2

for file management 29-5

for network browsing 29-5

for port forwarding 29-6

for using applications 29-6

for web browsing 29-4

start-up 29-3

enable cookies for 29-6

end user set-up 29-1

printing and 29-3

remote system configuration and end-user requirements 29-3

security tips 29-2

supported applications 29-2

supported browsers 29-3

supported types of Internet connections 29-3

URL 29-3

username and password required 29-3

usernames and passwords 29-1

use suggestions 29-1, 29-2

WebVPN tab

Functions tab 27-31

Other tab 27-36

Wizards menu 1-22

X

Xauth, Easy VPN client 27-62

XDMCP

application inspection, enabling 21-16

Z

Zone Labs Integrity Server 27-60