Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.1
Index
Downloads: This chapterpdf (PDF - 709.0KB) The complete bookPDF (PDF - 14.32MB) | The complete bookePub (ePub - 2.89MB) | The complete bookMobi (Mobi - 4.37MB) | Feedback

Table Of Contents

Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Symbols

/bits subnet masks 49-3

?

command string 48-4

help 48-4

Numerics

4GE SSM

connector types 9-15

fiber 9-15

SFP 9-15

802.1Q tagging 10-9

802.1Q trunk 9-33

A

AAA

about 32-1, 33-1, 34-1, 35-1, 37-1

authentication

CLI access 45-19

privileged EXEC mode 45-20

authorization

command 45-27

server 41-4

adding 34-15, 36-7, 37-3, 37-4

types 32-1

support summary 32-3

abbreviating commands 48-3

ABR

definition of 27-2

Access Group pane

description 30-8

access lists

about 18-1

ACE logging, configuring 23-1

deny flows, managing 23-5

implicit deny 18-3

IP address guidelines 18-3

logging 23-1

NAT guidelines 18-3

remarks 19-9

scheduling activation 19-2

types 18-1

access ports 10-7

ACEs

See access lists

activation key

entering 4-36

location 4-34

obtaining 4-35

Active/Active failover

about 7-22

actions 7-23

configuring

asymmetric routing support 7-39

failover group preemption 7-37

duplicate MAC addresses, avoiding 7-8

primary status 7-22

secondary status 7-22

Active/Standby failover

about 7-20

actions 7-20

command replication 7-19

configuration synchronization 7-18

device initialization 7-18

primary unit 7-20

secondary unit 7-20

Adaptive Security Algorithm 1-19

Add/Edit Access Group dialog box

description 30-8

Add/Edit IGMP Join Group dialog box

description 30-7

Add/Edit OSPF Neighbor Entry dialog box 27-15, 27-33

admin context

about 6-2

changing 6-26

administrative access

using ICMP for 45-11

administrative distance 25-3, 25-5

AIP SSM

port-forwarding

enabling 11-7, 12-9

alternate address, ICMP message 49-15

analyzing syslog messages 41-2

application inspection

security level requirements 11-2, 12-2

area border router 27-2

ARP inspection

about 5-6

enabling 5-11

static entry 5-10

ARP spoofing 5-6

ARP test, failover 7-17

ASA (Adaptive Security Algorithm) 1-19

ASA 5505

Base license 10-2

MAC addresses 10-4

maximum VLANs 10-2

native VLAN support 10-10

non-forwarding interface 10-7

power over Ethernet 10-4

protected switch ports 10-8, 10-10

Security Plus license 10-2

SPAN 10-4

Spanning Tree Protocol, unsupported 10-8

ASA 5550 throughput 11-7, 12-10

ASBR

definition of 27-2

ASDM software

allowing access 45-6

installing 46-13

ASR 7-39

ASR groups 7-39

asymmetric routing support 7-39

attributes

RADIUS 34-3

attribute-value pairs

TACACS+ 35-1

authentication

about 32-1

CLI access 45-19

privileged EXEC mode 45-20

authorization

about 32-2

command 45-27

Auto-MDI/MDIX 9-2, 10-4

autostate messaging 2-9

Auto-Update, configuring 46-29

B

Baltimore Technologies, CA server support 40-4

bits subnet masks 49-3

BPDUs

forwarding on the switch 2-9

bridge

entry timeout 5-12

table, See MAC address table

broadcast Ping test 7-17

building blocks 17-1

bypassing the firewall, in the switch 2-3

C

CA

CRs and 40-2

public key cryptography 40-2

revoked certificates 40-2

supported servers 40-4

capturing packets 47-2

CA server

Digicert 40-4

Geotrust 40-4

Godaddy 40-4

iPlanet 40-4

Netscape 40-4

RSA Keon 40-4

Thawte 40-4

Catalyst 6500

See switch

certificate

enrollment protocol 40-13

Certificate Revocation Lists

See CRLs

change query interval 30-9

change query response time 30-9

change query timeout value 30-9

changing between contexts 6-24

changing the severity level 41-19

Cisco 14-7

Cisco 7600

See switch

Cisco IOS CS CA

server support 40-4

Cisco IP Phones

DHCP 14-7

Class A, B, and C addresses 49-1

classes, logging

filtering messages by 41-17

message class variables 41-4

types 41-4

classes, resource

See resource management

class map

regular expression 17-17

CLI

abbreviating commands 48-3

adding comments 48-6

command line editing 48-3

command output paging 48-5

displaying 48-5

help 48-4

paging 48-5

syntax formatting 48-3

clustering

ASDM connection certificate IP address mismatch 8-12

backup owner 8-10

cabling 8-32

cluster control link

configuring 8-42, 8-49

failure 8-9

MTU 8-44

overview 8-7

redundancy 8-8

size 8-7

configuration

examples 8-61

replication 8-10

connection

new, ownership 8-18

rebalancing 8-48

console replication 8-48

context mode 8-27

data path connection state replication 8-10

device-local EtherChannels, configuring on switch 8-29

executing a command cluster-wide 8-56

failover 8-27

feature history 8-76

features

centralized 8-20

individual units 8-21

NAT 8-23

SNMP 8-25

syslog and netflow 8-25

unsupported 8-19

VPN 8-25

guidelines and limitations 8-27

high availability 8-9

individual cluster interfaces, configuring 8-35

interface monitoring 8-9

IPv6 8-27

key 8-45, 8-52

licensing 8-26

management

interface, configuring 8-35

interface, overview 8-11

network 8-11

overview 8-10

master unit

changing 8-55

election 8-3

maximum members 8-26

member requirements 8-3

model support 8-27

monitoring 8-57

overview

bootstrap configuration 8-3

cluster control link 8-7

Equal-Cost Multi-Path Routing 8-15

interfaces 8-4

load balancing 8-12

management 8-10

master unit 8-3

Policy-Based Routing 8-14

spanned EtherChannel 8-12

performance scaling factor 8-2

prerequisites 8-26

rebalancing new connections 8-19

removing a member 8-53

RSA key replication 8-12

software requirements 8-3

spanned EtherChannel

benefits 8-12

configuring 8-37

load balancing 8-13

maximum throughput 8-13

overview 8-12

redundancy 8-13

VSS or vPC 8-13

spanning-tree portfast 8-27

unit failure 8-9

unit health monitoring 8-9

upgrading software 8-3

command authorization

about 45-15

configuring 45-27

multiple contexts 45-17

command prompts 48-2

comments

configuration 48-6

configuration

clearing 3-27

comments 48-6

factory default

commands 3-18

restoring 3-19

saving 3-25

switch 2-1

text file 3-28

URL for a context 6-22

viewing 3-27

configuration examples

logging 41-21

configuration examples for SNMP 42-28

configuration mode

accessing 3-2, 3-4

prompt 48-2

connection limits

per context 6-17

console port logging 41-12

context mode 29-3

context modes 25-2, 26-3, 27-3, 28-3, 30-3

contexts

See security contexts

conversion error, ICMP message 49-16

copying files using copy smb

command 46-20

Coredump 47-6

crash dump 47-6

creating a custom event list 41-14

custom messages list

logging output destination 41-5

D

data flow

routed firewall 5-14

transparent firewall 5-20

date and time in messages 41-19

DDNS 15-2

debug messages 47-1

default

class 6-9

routes, defining equal cost routes 25-4

default configuration

commands 3-18

restoring 3-19

default routes

about 25-4

configuring 25-4

delay sending flow-create events

flow-create events

delay sending 43-9

deleting files from Flash 46-12

deny flows, logging 23-5

device ID, including in messages 41-18

device ID in messages 41-18

DHCP

Cisco IP Phones 14-7

options 14-6

relay 14-8

server 14-5

DHCP Relay panel 15-9

DHCP services 13-8

directory hierarchy search 36-3

disabling messages 41-19

disabling messages, specific message IDs 41-19

DMZ, definition 1-15

DNS

server, configuring 13-13

domain name 13-4

dotted decimal subnet masks 49-3

dual IP stack, configuring 11-2

dual-ISP support 25-6

duplex, configuring 9-15, 10-6

E

echo reply, ICMP message 49-15

ECMP 25-3

editing command lines 48-3

EIGRP

DUAL algorithm 29-2

hello interval 29-15

hello packets 29-1

hold time 29-2, 29-15

neighbor discovery 29-1

stub routing 29-4

stuck-in-active 29-2

enable command 3-1

enabling logging 41-7

enabling secure logging 41-17

Entrust, CA server support 40-4

established command, security level requirements 11-2, 12-2

EtherChannel

adding interfaces 9-30

channel group 9-30

compatibility 9-5

converting existing interfaces 9-16

example 9-37

failover 9-13

guidelines 9-13

interface requirements 9-5

LACP 9-6

load balancing

configuring 9-32

overview 9-7

MAC address 9-8

management interface 9-30

maximum interfaces 9-32

minimum interfaces 9-32

mode

active 9-7

on 9-7

passive 9-7

monitoring 9-36

overview 9-5

port priority 9-30

system priority 9-32

Ethernet

Auto-MDI/MDIX 9-2, 10-4

duplex 9-15, 10-6

jumbo frames, ASA 5580 9-35

MTU 11-12, 12-15

speed 9-15, 10-6

evaluation license 4-24

exporting NetFlow records 43-5

extended ACLs

configuring

for management traffic 19-4

F

facility, syslog 41-9

factory default configuration

commands 3-18

restoring 3-19

failover

about 7-1

Active/Active, See Active/Active failover

Active/Standby, See Active/Standby failover

configuration file

terminal messages, Active/Standby 7-18

contexts 7-20

debug messages 7-48

disabling 7-43

Ethernet failover cable 7-4

failover link 7-3

forcing 7-42

guidelines 42-17

health monitoring 7-16

interface health 7-17

interface monitoring 7-17

interface tests 7-17

link communications 7-3

MAC addresses

about 7-20

automatically assigning 6-12

module placement

inter-chassis 7-9

intra-chassis 7-8

monitoring, health 7-16

network tests 7-17

primary unit 7-20

redundant interfaces 9-13

restoring a failed group 7-44

restoring a failed unit 7-44

secondary unit 7-20

SNMP syslog traps 7-48

Stateful Failover, See Stateful Failover

state link 7-4

switch configuration 2-9

system log messages 7-48

system requirements 7-2

testing 7-44

trunk 2-9

unit health 7-16

fast path 1-20

fiber interfaces 9-15

Fibre Channel interfaces

default settings 20-2, 21-2, 22-2

filtering

security level requirements 11-2, 12-2

show command output 48-5

filtering messages 41-4

firewall mode

about 5-1

configuring 5-1

Flash memory

removing files 46-12

flash memory available for logs 41-16

flow control for 10 Gigabit Ethernet 9-26

flow-export actions 43-4

format of messages 41-3

fragment protection 1-17

G

generating RSA keys 39-16, 39-18, 39-20, 39-22, 40-11

groups

SNMP 42-16

H

H.323

transparent firewall guidelines 5-6

help, command line 48-4

high availability

about 7-1

host

SNMP 42-16

hostname

configuring 13-3

in banners 13-3

multiple context mode 13-3

hosts, subnet masks for 49-3

HSRP 5-5

HTTP(S)

authentication 45-20

HTTPS/Telnet/SSH

allowing network or host access to ASDM 45-1

I

ICMP

rules for access to ADSM 45-11

type numbers 49-15

implementing SNMP 42-16

information reply, ICMP message 49-15

information request, ICMP message 49-15

inside, definition 1-15

installation

module verification 2-4

interface

MTU 11-12, 12-15

interfaces

ASA 5505

enabled status 10-7

MAC addresses 10-4

maximum VLANs 10-2

non-forwarding 10-7

protected switch ports 10-8, 10-10

switch port configuration 10-7

trunk ports 10-9

ASA 5550 throughput 11-7, 12-10

default settings 20-2, 21-2, 22-2

duplex 9-15, 10-6

enabling 9-27

failover monitoring 7-17

fiber 9-15

IDs 9-26

IP address 11-8, 12-13

MAC addresses

automatically assigning 6-24

manually assigning to interfaces 11-11, 12-15

mapped name 6-21

naming, physical and subinterface 11-8, 12-11, 12-12

redundant 9-28

SFP 9-15

speed 9-15, 10-6

subinterfaces 9-33

turning off 11-17, 12-19

turning on 11-17, 12-19

IOS

upgrading 2-2

IP addresses

classes 49-1

interface 11-8, 12-13

management, transparent firewall 12-8

private 49-2

subnet mask 49-4

IPv6

configuring alongside IPv4 11-2

default route 25-5

dual IP stack 11-2

duplicate address detection 31-2

neighbor discovery 31-1

router advertisement messages 31-3

static neighbors 31-4

static routes 25-5

IPv6 addresses

anycast 49-9

format 49-5

multicast 49-8

prefixes 49-10

required 49-10

types of 49-6

unicast 49-6

IPv6 prefixes 31-12

IPX 2-3

J

Join Group pane

description 30-7

jumbo frames, ASA 5580 9-35

K

Kerberos

configuring 34-15, 36-7, 37-3

L

LACP 9-6

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

LDAP

attribute mapping 36-5

configuring 34-15, 36-7, 37-3

directory search 36-3

hierarchy example 36-2

SASL 36-2

user authorization 36-10

licenses

activation key

entering 4-36

location 4-34

obtaining 4-35

ASA 5505 4-3

ASA 5510 4-4, 4-9

ASA 5520 4-5

ASA 5540 4-6

ASA 5550 4-7

ASA 5580 4-8, 4-17

ASA 5585-X 4-16

default 4-24

evaluation 4-24

failover 4-34

guidelines 4-33

managing 4-1

preinstalled 4-24

Product Authorization Key 4-35

shared

backup server, configuring 4-39

backup server, information 4-28

client, configuring 4-39

communication issues 4-28

failover 4-29

maximum clients 4-29

monitoring 4-49

overview 4-27

server, configuring 4-37

SSL messages 4-28

temporary 4-24

viewing current 4-40

VPN Flex 4-24

licensing requirements

logging 41-5

licensing requirements for SNMP 42-17

link up/down test 7-17

local user database

adding a user 33-4

configuring 33-4

logging in 45-21

lockout recovery 45-35

logging

access lists 23-1

classes

filtering messages by 41-4

types 41-4, 41-17

device-id, including in system log messages 41-18

e-mail

source address 41-11

EMBLEM format 41-15

facility option 41-9

filtering

by message class 41-17

by message list 41-5

by severity level 41-1

logging queue, configuring 41-16

output destinations 41-8

console port 41-8, 41-11, 41-12

internal buffer 41-1, 41-7

Telnet or SSH session 41-7

queue

changing the size of 41-16

configuring 41-16

viewing queue statistics 41-20

severity level, changing 41-20

timestamp, including 41-19

logging feature history 41-21

logging queue

configuring 41-16

login

banner, configuring 45-7

console 3-1

enable 3-1

global configuration mode 3-2

local user 45-21

password 13-2

session 3-4

SSH 3-4, 45-5

Telnet 3-4, 13-2

loops, avoiding 2-9

M

MAC address

redundant interfaces 9-5

MAC addresses

ASA 5505 10-4

automatically assigning 6-24

failover 7-20

manually assigning to interfaces 11-11, 12-15

security context classification 6-3

MAC address table

about 5-20

built-in-switch 5-7

entry timeout 5-12

MAC learning, disabling 5-13

resource management 6-18

static entry 5-12

MAC learning, disabling 5-13

management interfaces

default settings 20-2, 21-2, 22-2

management IP address, transparent firewall 12-8

man-in-the-middle attack 5-6

mapped interface name 6-21

mask

reply, ICMP message 49-15

request, ICMP message 49-15

Master Passphrase 13-8

message filtering 41-4

message list

filtering by 41-5

message-of-the-day banner 45-8

messages, logging

classes

about 41-4

list of 41-4

component descriptions 41-3

filtering by message list 41-5

format of 41-3

message list, creating 41-14

severity levels 41-3

messages classes 41-4

messages in EMBLEM format 41-15

metacharacters, regular expression 17-15

mgmt0 interfaces

default settings 20-2, 21-2, 22-2

MIBs 42-3

MIBs for SNMP 42-29

Microsoft Windows CA, supported 40-4

mobile redirection, ICMP message 49-16

mode

context 6-16

firewall 5-1

modular policy framework

configuring flow-export actions for NetFlow 43-6

monitoring

failover 7-16

OSPF 27-44

resource management 6-30

SNMP 42-1

monitoring logging 41-20

monitoring NSEL 43-10

monitoring switch traffic, ASA 5505 10-4

More prompt 48-5

MRoute pane

description 30-5

MSFC

overview 1-14

SVIs 2-3

MTU 11-12, 12-15

multicast traffic 5-5

multiple context mode

logging 41-2

See security contexts

multiple SVIs 2-3

N

naming an interface

other models 11-8, 12-11, 12-12

NAT

disabling proxy ARP for global addresses 24-11

native VLAN support 10-10

neighbor reachable time 31-2

neighbor solicitation messages 31-2

neighrbor advertisement messages 31-2

NetFlow

overview 43-1

NetFlow collector

configuring 43-5

NetFlow event

matching to configured collectors 43-6

NetFlow event logging

disabling 43-9

Network Activity test 7-17

No Payload Encryption 4-32

NSEL and syslog messages

redundant messages 43-2

NSEL configuration examples 43-12

NSEL feature history 43-14

NSEL licensing requirements 43-4

NSEL runtime counters

clearing 43-10

NT server

configuring 34-15, 36-7, 37-3

O

open ports 49-14

OSPF

area authentication 27-13

area MD5 authentication 27-13

area parameters 27-12

authentication key 27-10

authentication support 27-2

cost 27-11

dead interval 27-11

defining a static neighbor 27-15, 27-33

interaction with NAT 27-2

interface parameters 27-10

link-state advertisement 27-2

logging neighbor states 27-16

LSAs 27-2

MD5 authentication 27-11

monitoring 27-44

NSSA 27-13

packet pacing 27-44, 27-45

processes 27-2

redistributing routes 27-7

route calculation timers 27-16

route summarization 27-9

output destination 41-5

output destinations 41-1, 41-7

e-mail address 41-1, 41-7

SNMP management station 41-1, 41-7

Telnet or SSH session 41-1, 41-7

outside, definition 1-15

oversubscribing resources 6-10

P

packet

capture 47-2

classifier 6-3

packet capture, enabling 47-3

packet flow

routed firewall 5-14

transparent firewall 5-20

paging screen displays 48-5

parameter problem, ICMP message 49-15

passwords

changing 13-3

recovery 13-14

security appliance 13-2

pause frames for flow control 9-26

PKI protocol 40-13

PoE 10-4

pools, address

DHCP 14-5

port-forwarding

enabling 11-7, 12-9

ports

open on device 49-14

TCP and UDP 49-11

power over Ethernet 10-4

primary unit, failover 7-20

private networks 49-2

privileged EXEC mode

accessing 3-4

privileged EXEC mode, accessing 3-1

privileged mode

accessing 3-1

prompt 48-2

Product Authorization Key 4-35

prompts

command 48-2

more 48-5

protocol numbers and literal values 49-11

Protocol pane (PIM)

description 30-10

proxy ARP, disabling 24-11

public key cryptography 40-2

Q

question mark

command string 48-4

help 48-4

queue, logging

changing the size of 41-16

viewing statistics 41-20

R

RADIUS

attributes 34-3

configuring a server 34-15, 36-7, 37-3

support 34-1

rapid link failure detection 2-9

rate limit 41-20

redirect, ICMP message 49-15

redundant interface

EtherChannel

converting existing interfaces 9-16

redundant interfaces

configuring 9-28

failover 9-13

MAC address 9-5

setting the active interface 9-30

Registration Authority description 40-2

regular expression 17-14

reloading

context 6-27

security appliance 3-29

Request Filter pane

description 30-12

resetting the services module 2-10

resource management

about 6-10

assigning a context 6-22

class 6-17

configuring 6-8

default class 6-9

monitoring 6-30

oversubscribing 6-10

resource types 6-17

unlimited 6-11

resource usage 6-33

revoked certificates 40-2

RFCs for SNMP 42-29

RIP

authentication 28-2

definition of 28-1

enabling 28-4

support for 28-2

RIP panel

limitations 28-3

RIP Version 2 Notes 28-3

routed mode

about 5-1

setting 5-1

route map

definition 26-1

route maps

defining 26-4

uses 26-1

router

advertisement, ICMP message 49-15

solicitation, ICMP message 49-15

router advertisement messages 31-3

router advertisement transmission interval 31-8

router lifetime value 31-9

routes

about default 25-4

configuring default routes 25-4

configuring IPv6 default 25-5

configuring IPv6 static 25-5

configuring static routes 25-3

RSA

keys, generating 39-16, 39-18, 39-20, 39-22, 40-11, 45-4

rules

ICMP 45-10

running configuration

copying 46-19

saving 3-25

S

same security level communication

enabling 11-15, 12-18

SDI

configuring 34-15, 36-7, 37-3

secondary unit, failover 7-20

security appliance

CLI 48-1

connecting to 3-1

managing licenses 4-1

managing the configuration 3-24

reloading 3-29

upgrading software 46-13

viewing files in Flash memory 46-12

security contexts

about 6-1

adding 6-19

admin context

about 6-2

changing 6-26

assigning to a resource class 6-22

cascading 6-6

changing between 6-24

classifier 6-3

command authorization 45-17

configuration

URL, changing 6-26

URL, setting 6-22

logging in 6-7

MAC addresses

automatically assigning 6-24

classifying using 6-3

managing 6-1, 6-25

mapped interface name 6-21

monitoring 6-28

MSFC compatibility 1-15

multiple mode, enabling 6-16

nesting or cascading 6-7

prompt 48-2

reloading 6-27

removing 6-25

resource management 6-10

resource usage 6-33

saving all configurations 3-26

unsupported features 6-14

VLAN allocation 6-21

security level

about 11-2

interface 11-9, 12-11, 12-13

security models for SNMP 42-16

segment size

maximum and minimum 11-10

maximum and minimum, overview 9-8

sending messages to an e-mail address 41-11

sending messages to an SNMP server 41-12

sending messages to ASDM 41-12

sending messages to a specified output destination 41-17

sending messages to a syslog server 41-8

sending messages to a Telnet or SSH session 41-13

sending messages to the console port 41-12

sending messages to the internal log buffer 41-9

session management path 1-19

severity levels, of system log messages

changing 41-1

filtering by 41-1

list of 41-3

severity levels, of system messages

definition 41-3

shared license

backup server, configuring 4-39

backup server, information 4-28

client, configuring 4-39

communication issues 4-28

failover 4-29

maximum clients 4-29

monitoring 4-49

server, configuring 4-37

SSL messages 4-28

show command, filtering output 48-5

single mode

backing up configuration 6-16

configuration 6-16

enabling 6-16

restoring 6-16

Smart Call Home monitoring 44-22

SNMP

about 42-1

failover 42-17

management station 41-1, 41-7

prerequisites 42-17

SNMP configuration 42-18

SNMP groups 42-16

SNMP hosts 42-16

SNMP monitoring 42-26, 42-27

SNMP terminology 42-2

SNMP traps 42-3

SNMP users 42-16

SNMP Version 3 42-15, 42-23

SNMP Versions 1 and 2c 42-22

source quench, ICMP message 49-15

SPAN 10-4

Spanning Tree Protocol, unsupported 10-8

SPAN session 2-4

speed, configuring 9-15, 10-6

SSH

authentication 45-20

concurrent connections 45-2

login 45-5

password 13-2

RSA key 45-4

username 45-5

startup configuration

copying 46-19

saving 3-25

Stateful Failover

about 7-13

state information 7-13

state link 7-4

stateful inspection 1-19

state information 7-13

state link 7-4

static ARP entry 5-10

static bridge entry 5-12

Static Group pane

description 30-7

static routes

configuring 25-3

stealth firewall

See transparent firewall

stuck-in-active 29-2

subcommand mode prompt 48-2

subinterfaces, adding 9-33

subnet masks

/bits 49-3

about 49-2

address range 49-4

determining 49-3

dotted decimal 49-3

number of hosts 49-3

SVIs

configuring 2-8

multiple 2-3

overview 2-3

switch

assigning VLANs to module 2-5

autostate messaging 2-9

BPDU forwarding 2-9

configuration 2-1

failover compatibility with transparent firewall 2-9

failover configuration 2-9

trunk for failover 2-9

verifying module installation 2-4

switched virtual interfaces

See SVIs

switch MAC address table 5-7

switch ports

access ports 10-7

protected 10-8, 10-10

SPAN 10-4

trunk ports 10-9

SYN attacks, monitoring 6-34

SYN cookies 6-34

syntax formatting 48-3

syslogd server program 41-5

syslog messages

analyzing 41-2

syslog messaging for SNMP 42-27

syslog server

designating more than one as output destination 41-5

EMBLEM format

configuring 41-15

enabling 41-8, 41-15

system configuration 6-2

system log messages

classes 41-4

classes of 41-4

configuring in groups

by message list 41-5

by severity level 41-1

device ID, including 41-18

disabling logging of 41-1

filtering by message class 41-4

managing in groups

by message class 41-17

output destinations 41-1, 41-7

syslog message server 41-7

Telnet or SSH session 41-7

severity levels

about 41-3

changing the severity level of a message 41-1

timestamp, including 41-19

T

TACACS+

command authorization, configuring 45-32

configuring a server 34-15, 36-7, 37-3

TCP

connection limits per context 6-17

maximum segment size 11-10

maximum segment size, overview 9-8

ports and literal values 49-11

TCP Intercept

monitoring 6-34

TCP MSS

overview 9-8

Telnet

allowing management access 45-1

authentication 45-20

concurrent connections 45-2

login 45-3

password 13-2

template timeout intervals

configuring for flow-export actions 43-7

temporary license 4-24

time exceeded, ICMP message 49-15

time ranges, access lists 19-2

timestamp, including in system log messages 41-19

timestamp reply, ICMP message 49-15

timestamp request, ICMP message 49-15

traffic flow

routed firewall 5-14

transparent firewall 5-20

transparent firewall

about 5-2

ARP inspection

about 5-6

enabling 5-11

static entry 5-10

data flow 5-20

guidelines 5-8

H.323 guidelines 5-6

HSRP 5-5

MAC address timeout 5-12

MAC learning, disabling 5-13

management IP address 12-8

multicast traffic 5-5

static bridge entry 5-12

unsupported features 5-9

VRRP 5-5

troubleshooting SNMP 42-24

trunk, 802.1Q 9-33

trunk ports 10-9

Trusted Flow Acceleration

modes 5-8

trustpoint 40-3

U

UDP

connection limits per context 6-17

connection state information 1-19

ports and literal values 49-11

unprivileged mode

accessing 3-4

unreachable, ICMP message 49-15

unreachable messages

required for MTU discovery 45-10

upgrading

IOS 2-2

URLs

context configuration, changing 6-26

context configuration, setting 6-22

user EXEC mode

accessing 3-1

prompt 48-2

username

adding 33-4

encrypted 33-4

password 33-4

users

SNMP 42-16

using clustering 41-5, 43-3

V

VeriSign, configuring CAs example 40-4

viewing RMS 46-35

virtual firewalls

See security contexts

virtual reassembly 1-17

VLANs 9-33

802.1Q trunk 9-33

allocating to a context 6-21

ASA 5505

MAC addresses 10-4

maximum 10-2

assigning to FWSM 2-5

interfaces 2-5

mapped interface name 6-21

subinterfaces 9-33

VPN

address range, subnets 49-4

VPN flex license 4-24

VRRP 5-5

W

WCCP 16-1

web caching 16-1

X

XOFF frames 9-26