Cisco ASA 1000V ASDM Configuration Guide, 6.7
Index
Downloads: This chapterpdf (PDF - 446.0KB) The complete bookPDF (PDF - 11.09MB) | Feedback

Index

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Symbols

/bits subnet masks A-3

A

AAA

about 20-1

authentication

CLI access 20-23

authorization

command 20-25

local database support 20-8

server 32-4

adding 20-11, 20-12

types 20-1

support summary 20-5

AAA server group, add (group-policy) 30-4

access lists

global access rules 18-2

implicit deny 18-3

inbound 18-3

outbound 18-3

overview 18-1

access rules

turn off expansion 18-8

ACE

Extended ACL tab 13-2

ACL

enabling IPSEC authenticated inbound sessions to bypass ACLs 30-12

extended 13-2

standard 13-2

ACL Manager

dialog box 13-1

Active/Standby failover

about 7-2

actions 7-5

command replication 7-3

configuration synchronization 7-3

device initialization 7-3

primary unit 7-2

secondary unit 7-2

triggers 7-4

Active Directory proceduresB-16to ??

Adaptive Security Algorithm 1-11

Add/Edit Periodic Time Range dialog box 12-17

Add/Edit Time Range dialog box 12-15

administrative access

using ICMP for 19-10

administrative distance 11-6

Advanced DHCP Options dialog box

description 10-6

AIP SSM

port-forwarding

enabling 8-6

alternate address, ICMP message A-9

analyzing syslog messages 32-2

anti-replay window size 29-10

APPE command, denied request 23-19

application inspection

about 22-1

applying 22-5

configuring 22-5

Apply button 3-11

ARP

NAT 14-21

ARP table

monitoring 8-13

ARP test, failover 7-13

ASA (Adaptive Security Algorithm) 1-11

asymmetric routing

TCP state bypass 27-4

attacks

DNS HINFO request 28-9

DNS request for all records 28-10

DNS zone transfer 28-10

DNS zone transfer from high port 28-10

fragmented ICMP traffic 28-9

IP fragment 28-7

IP impossible packet 28-7

large ICMP traffic 28-9

ping of death 28-9

proxied RPC request 28-10

statd buffer overflow 28-11

TCP FIN only flags 28-9

TCP NULL flags 28-9

TCP SYN+FIN flags 28-9

UDP bomb 28-9

UDP chargen DoS 28-9

UDP snork 28-9

attributes

RADIUS B-27

attribute-value pairs

TACACS+ B-37

authentication

about 20-2

CLI access 20-23

authorization

about 20-2

command 20-25

B

backed up configurations

restoring 35-15

backing up configurations 35-13

Backing Up the Local CA Server 35-15

bandwidth 3-17

bits subnet masks A-3

broadcast Ping test 7-13

Browse ICMP 13-7

Browse Other 13-8

Browse Source or Destination Address 13-5

Browse Source or Destination Port 13-6

building blocks 12-1

bypassing firewall checks 27-3

C

call agents

MGCP application inspection 24-15, 24-16

Cancel button 3-11

CDUP command, denied request 23-19

changing the severity level 32-20

CIFS mount point

accessing 35-4

Cisco-AV-Pair LDAP attributes B-13

Cisco IP Phones, application inspection 24-33

Class A, B, and C addresses A-1

classes, logging

message class variables 32-3

types 32-3

class map

regular expression 12-14

command authorization

about 20-3

configuring 20-25

configuration mode

accessing 2-3

configurations, backing up 35-13

connection limits

configuring 27-1

console port logging 32-15

conversion error, ICMP message A-9

creating a custom event list 32-15

custom messages list

logging output destination 32-4

D

date and time in messages 32-19

default

routes, defining equal cost routes 11-4

default policy 17-6

default routes

about 11-4

configuring 11-4

default tunnel gateway 30-1

destination address, browse 13-5

destination port, browse 13-6

device ID, including in messages 32-19

device ID in messages 32-19

DHCP

configuring 10-4

monitoring

interface lease 8-14

IP addresses 8-13

server 8-13

statistics 8-15

statistics 8-15

DHCP relay

overview 10-2

DHCP Relay - Add/Edit DHCP Server dialog box

description 10-4

restrictions 10-4

DHCP Relay pane

description 10-2

DHCP Relay panel 10-2

prerequisites 10-2

restrictions 10-2

DHCP Server pane

description 10-4

DHCP Server panel 10-4

DHCP services 9-4

directory hierarchy search B-3

disabling messages 32-20

disabling messages, specific message IDs 32-20

DMZ, definition 1-9

DNS

inspection

about 23-2

managing 23-1

rewrite, about 23-3

rewrite, configuring 23-3

NAT effect on 14-23

server, configuring 9-6

DNS HINFO request attack 28-9

DNS request for all records attack 28-10

DNS zone transfer attack 28-10

DNS zone transfer from high port attack 28-10

dotted decimal subnet masks A-3

dual-ISP support 11-9

duplex, configuring 8-5

dynamic NAT

about 14-9

network object NAT 15-3

twice NAT 16-3

dynamic PAT

network object NAT 15-8

See also NAT

twice NAT 16-10

E

echo reply, ICMP message A-9

ECMP 11-5

Edit DHCP Relay Agent Settings dialog box

description 10-3

prerequisites 10-3

restrictions 10-3

Edit DHCP Server dialog box

description 10-5

enable command 2-2

Enable IPSec authenticated inbound sessions 30-12

enabling logging 32-6

enabling secure logging 32-19

Ethernet

duplex 8-5

MTU 8-9

speed 8-5

extended ACL 13-2

external group policy, configuring 30-3

F

failover

about 7-1

about virtual MAC addresses 7-19

Active/Standby, See Active/Standby failover

configuration file

terminal messages, Active/Standby 7-3

criteria 7-18

debug messages 7-14

defining standby IP addresses 7-17

disabling 7-21

enabling Stateful Failover 7-16

Ethernet failover cable 1-10, 7-6

failover link 7-6

forcing 7-20

guidelines 33-4

health monitoring 7-12

interface health 7-13

interface monitoring 7-13

interface tests 7-13

link communications 7-6

MAC addresses

about 7-2

monitoring, health 7-12

network tests 7-13

primary unit 7-2

restoring a failed group 7-21

restoring a failed unit 7-21

secondary unit 7-2

SNMP syslog traps 7-14

Stateful Failover, See Stateful Failover

state link 7-7

system log messages 7-14

unit health 7-13

fast path 1-11

Fibre Channel interfaces

default settings 18-4

filtering messages 32-3

editing 32-24

flash memory available for logs 32-18

format of messages 32-2

fragmentation policy, IPsec 29-1

fragmented ICMP traffic attack 28-9

Fragment panel 28-2

fragment protection 1-10

fragment size 28-2

FTP

application inspection

viewing 23-8, 23-16, 23-17, 23-28, 23-34, 23-35, 24-7, 24-8, 24-15, 24-18, 24-26, 24-34, 24-35, 26-2, 26-6

FTP inspection

about 23-12

configuring 23-12

G

gateway, default tunnel gateway 30-1

gateways

MGCP application inspection 24-16

graphs

bookmarking 8-18

interface monitoring 8-18

printing 8-18

group policy

external, configuring 30-3

Group Policy window

add or edit, General tab 30-4

introduction 30-1

groups

SNMP 33-3

H

H.323 inspection

about 24-3

configuring 24-2

limitations 24-4

HA Wizard

accessing 6-1

requirements for setup 6-1

Help button 3-11

HELP command, denied request 23-19

Help menu 3-8

high availability

about 7-1

history metrics 3-21

host

SNMP 33-3

hosts, subnet masks for A-3

HTTP inspection

configuring 23-21

HTTPS/Telnet/SSH

allowing network or host access to ASDM 19-1

I

ICMP

add group 13-8

browse 13-7

rules for access to ADSM 19-10

testing connectivity 36-1

type numbers A-9

ICMP Group 13-8

ICMP unreachable message limits 19-11

identity NAT

about 14-12

network object NAT 15-14

twice NAT 16-20

ILS inspection 25-1

IM 24-21

implementing SNMP 33-3

inbound access lists 18-3

individual syslog messages

assigning or changing rate limits 32-21

information reply, ICMP message A-9

information request, ICMP message A-9

inside, definition 1-9

inspection engines

See application inspection

Instant Messaging inspection 24-21

interface

MTU 8-9

status 3-17

throughput 3-17

interfaces

default settings 18-4

duplex 8-5

failover monitoring 7-13

monitoring 8-16

speed 8-5

IP addresses

classes A-1

private A-2

subnet mask A-4

IP audit

enabling 28-5

signatures 28-6

IP fragment attack 28-7

IP fragment database, displaying 28-2

IP fragment database, editing 28-3

IP impossible packet attack 28-7

IP overlapping fragments attack 28-7

IPS

IP audit 28-5

IPsec

Cisco VPN Client 29-8

fragmentation policy 29-1

IPSec rules

anti-replay window size 29-10

IP spoofing, preventing 28-1

IP teardrop attack 28-7

J

Java console 36-12

K

Kerberos

configuring 20-11

support 20-7

L

large ICMP traffic attack 28-9

Layer 3/4

matching multiple policy maps 17-5

LDAP

application inspection 25-1

attribute mapping 20-18

Cisco-AV-pair B-13

configuring 20-11

configuring a AAA serverB-2to ??

directory search B-3

example configuration proceduresB-16to ??

hierarchy example B-3

SASL 20-7

user authentication 20-7

link up/down test 7-13

local user database

adding a user 20-19

configuring 20-19

support 20-8

lockout recovery 20-32

logging

classes

filtering messages by 32-4

types 32-3

filtering

by message list 32-4

by severity level 32-1

output destinations

internal buffer 32-1, 32-6

Telnet or SSH session 32-6

queue

changing the size of 32-18

configuring 32-18

logging feature history 32-25

logging queue

configuring 32-18

login

banner, configuring 19-4

enable 2-2

global configuration mode 2-3

SSH 19-4

log viewers

executing certain commands 32-25

M

MAC addresses

failover 7-2

management interfaces

default settings 18-4

mapped addresses

guidelines 14-20

mask

reply, ICMP message A-9

request, ICMP message A-9

Master Passphrase 9-4

maximum sessions, IPSec 30-12

menus 3-4

message filtering 32-3

message list

filtering by 32-4

messages, logging

classes

about 32-4

list of 32-3

component descriptions 32-2

filtering by message list 32-4

format of 32-2

severity levels 32-3

messages classes 32-3

messages in EMBLEM format 32-16, 32-17

metacharacters, regular expression 12-11

MGCP

application inspection

configuring 24-16

viewing 24-14

MGCP inspection

about 24-12

configuring 24-12

mgmt0 interfaces

default settings 18-4

MIBs for SNMP 33-10

mobile redirection, ICMP message A-9

monitoring

ARP table 8-13

DHCP

interface lease 8-14

IP addresses 8-13

server 8-13

statistics 8-15

failover 7-12

history metrics 3-21

interfaces 8-16

SNMP 33-1

monitoring logging 32-22

MPF

default policy 17-6

features 17-1

flows 17-5

matching multiple policy maps 17-5

See also policy map

MTU 8-9

N

NAT

about 14-1

bidirectional initiation 14-3

disabling proxy ARP for global addresses 11-8

DNS 14-23

dynamic

about 14-9

dynamic NAT

network object NAT 15-3

twice NAT 16-3

dynamic PAT

about 14-11

network object NAT 15-8

twice NAT 16-10

identity

about 14-12

identity NAT

network object NAT 15-14

twice NAT 16-20

implementation 14-14

interfaces 14-19

mapped address guidelines 14-20

network object

comparison with twice NAT 14-14

network object NAT

about 14-15

configuring 15-1

dynamic NAT 15-3

dynamic PAT 15-8

examples 15-19

guidelines 15-2

identity NAT 15-14

monitoring 15-18

prerequisites 15-2

static NAT 15-11

no proxy ARP 15-17

object

extended PAT 15-3

flat range for PAT 15-3

route lookup 15-17, 16-25

RPC not supported with 25-3

rule order 14-18

static

about 14-4

few-to-many mapping 14-8

many-to-few mapping 14-7, 14-8

one-to-many 14-7

static NAT

network object NAT 15-11

twice NAT 16-15

static with port translation

about 14-4

terminology 14-3

twice

extended PAT 16-3

flat range for PAT 16-3

twice NAT

about 14-15

comparison with network object NAT 14-14

configuring 16-1

dynamic NAT 16-3

dynamic PAT 16-10

examples 16-26

guidelines 16-2

identity NAT 16-20

monitoring 16-25

prerequisites 16-2

static NAT 16-15

types 14-3

VPN 14-13

VPN client rules 14-18

Network Activity test 7-13

network object NAT

about 14-15

comparison with twice NAT 14-14

configuring 15-1

dynamic NAT 15-3

dynamic PAT 15-8

examples 15-19

guidelines 15-2

identity NAT 15-14

monitoring 15-18

prerequisites 15-2

static NAT 15-11

NTLM support 20-7

NT server

configuring 20-11

support 20-7

O

object NAT

See network object NAT

open ports A-8

Options menu 3-5

outbound access lists 18-3

output destination 32-5

output destinations 32-1, 32-6

e-mail address 32-1, 32-6

SNMP management station 32-1, 32-6

Telnet or SSH session 32-1, 32-6

outside, definition 1-9

P

packet trace, enabling 36-7

parameter problem, ICMP message A-9

PAT

See dynamic PAT

PAT pool 15-6, 16-7

round robin 15-6, 16-8

ping

See ICMP

using 36-3

ping of death attack 28-9

policy map

Layer 3/4

about 17-1

flows 17-5

port-forwarding

enabling 8-6

ports

open on device A-8

TCP and UDP A-5

port translation

about 14-4

primary unit, failover 7-2

printing

graphs 8-18

priority queueing

IPSec anti-replay window size 29-10

private networks A-2

privileged EXEC mode, accessing 2-2

privileged mode

accessing 2-2

Protocol Group, add 13-9

protocol numbers and literal values A-5

proxied RPC request attack 28-10

proxy ARP

NAT

NAT

proxy ARP     1

proxy ARP, disabling 11-8

proxy servers

SIP and 24-20

Q

QoS

priority queueing

IPSec anti-replay window size 29-10

queue, logging

changing the size of 32-18

R

RADIUS

attributes B-27

Cisco AV pair B-13

configuring a AAA server B-27

configuring a server 20-11

support 20-5

rate limit 32-20

RealPlayer 24-17

redirect, ICMP message A-9

regular expression 12-10

reset

inbound connections 28-3

outside connections 28-3

Reset button 3-11

restoring backups 35-15

RFCs for SNMP 33-10

RNFR command, denied request 23-19

RNTO command, denied request 23-19

router

advertisement, ICMP message A-9

solicitation, ICMP message A-9

routes

about default 11-4

configuring default routes 11-4

configuring static routes 11-5

RTSP inspection

about 24-17

configuring 24-16

rules

ICMP 19-10

S

SCCP (Skinny) inspection

about 24-33

configuration 24-33

configuring 24-32

SDI

configuring 20-11

support 20-6

secondary unit, failover 7-2

Secure Copy

configure server 19-7

security appliance

connecting to 2-2

security models for SNMP 33-3

segment size

maximum and minimum 28-3

sending messages to an e-mail address 32-11

sending messages to a specified output destination 32-19

sending messages to a syslog server 32-7

sending messages to a Telnet or SSH session 32-15

sending messages to the console port 32-15

sending messages to the internal log buffer 32-10

session management path 1-11

severity levels, of system log messages

changing 32-1

filtering by 32-1

list of 32-3

severity levels, of system messages

definition 32-3

signatures

attack and informational 28-6

SIP inspection

about 24-20

configuring 24-20

instant messaging 24-21

SITE command, denied request 23-19

Smart Call Home monitoring 34-10

SMTP inspection 23-32

SNMP

about 33-1

application inspection

viewing 26-8

failover 33-4

management station 32-1, 32-6

prerequisites 33-4

SNMP configuration 33-5

SNMP groups 33-3

SNMP hosts 33-3

SNMP management station

adding 33-5

SNMP monitoring 33-9

SNMP terminology 33-2

SNMP users 33-3

SNMP Version 3 33-2, 33-7

SNMP Versions 1 and 2c 33-7

source address, browse 13-5

source port, browse 13-6

source quench, ICMP message A-9

speed, configuring 8-5

SSH

concurrent connections 19-2

login 19-4

username 19-4

Standard ACL tab 13-2

Startup Wizard

acessing 4-1

statd buffer overflow attack 28-11

Stateful Failover

about 7-9

enabling 7-16

state information 7-9

state link 7-7

stateful inspection 1-11

bypassing 27-3

state information 7-9

state link 7-7

static NAT

about 14-4

few-to-many mapping 14-8

many-to-few mapping 14-7, 14-8

network object NAT 15-11

twice NAT 16-15

static NAT with port translation

about 14-4

static routes

configuring 11-5

deleting 11-8

status bar 3-10

STOU command, denied request 23-19

subnet masks

/bits A-3

about A-2

address range A-4

determining A-3

dotted decimal A-3

number of hosts A-3

Sun RPC inspection

about 25-3

configuring 25-3

syslogd server program 32-5

syslog message filtering

using log viewers 32-23

syslog messages

analyzing 32-2

syslog messaging for SNMP 33-9

syslog server

designating more than one as output destination 32-5

EMBLEM format

configuring 32-17

system log messages

classes 32-3

classes of 32-4

configuring in groups

by message list 32-4

by severity level 32-1

device ID, including 32-19

disabling logging of 32-1

filtering by message class 32-4

output destinations 32-1, 32-6

syslog message server 32-6

Telnet or SSH session 32-6

severity levels

about 32-3

changing the severity level of a message 32-1

timestamp, including 32-19

T

TACACS+

command authorization, configuring 20-30

configuring a server 20-11

support 20-6

TCP

maximum segment size 28-3

ports and literal values A-5

TIME_WAIT state 28-4

TCP FIN only flags attack 28-9

TCP normalization 27-3

TCP NULL flags attack 28-9

TCP Service Group, add 13-6

TCP state bypass

AAA 27-5

configuring 27-8

inspection 27-5

NAT 27-5

SSMs and SSCs 27-5

TCP Intercept 27-5

TCP normalization 27-5

unsupported features 27-5

TCP SYN+FIN flags attack 28-9

Telnet

allowing management access 19-1

concurrent connections 19-2

login 19-4

testing configuration 36-1

TIME_WAIT state 28-4

time exceeded, ICMP message A-9

timestamp, including in system log messages 32-19

timestamp reply, ICMP message A-9

timestamp request, ICMP message A-9

Tools menu 3-6

traceroute, enabling 3-6, 36-6

tunnel gateway, default 30-1

twice NAT

about 14-15

comparison with network object NAT 14-14

configuring 16-1

dynamic NAT 16-3

dynamic PAT 16-10

examples 16-26

guidelines 16-2

identity NAT 16-20

monitoring 16-25

prerequisites 16-2

static NAT 16-15

U

UDP

bomb attack 28-9

chargen DoS attack 28-9

connection state information 1-11

ports and literal values A-5

snork attack 28-9

unreachable, ICMP message A-9

unreachable messages

required for MTU discovery 19-10

user EXEC mode

accessing 2-2

username

adding 20-19

users

SNMP 33-3

V

virtual MAC addresses

about 7-19

virtual private network

overview 5-1

virtual reassembly 1-10

VoIP

proxy servers 24-20

VPN

address range, subnets A-4

overview 5-1

system options 30-12

VPN client

NAT rules 14-18

VPN Client, IPsec attributes 29-8

VPN wizard 5-1

W

Window menu 3-8

Wizards menu 3-7