Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 4.0
Index
Downloads: This chapterpdf (PDF - 859.0KB) The complete bookPDF (PDF - 4.66MB) | Feedback

Index

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Symbols

/bits subnet masks E-3

?

command string C-4

help C-4

A

AAA

accounting 16-13

authentication

CLI access 22-10

CLI access, system 22-11

network access 16-1

privileged EXEC mode 22-13

authentication directly with the FWSM 16-3

authorization

commands 22-14

downloadable access lists 16-10

network access 16-9

clearing settings 25-6

local database support 11-6

maximum rules A-7

overview 11-1

password management 16-6

performance 16-1

prompts 16-6

server

adding 11-9

types 11-3

support summary 11-3

with web clients 16-6

abbreviating commands C-3

access lists

ACE logging, configuring 12-26

ACE order 12-2

comments 12-18

commitment 12-5

deny flows, managing 12-27

downloadable 16-10

EtherType, adding 12-10

expanded 12-6

extended, adding 12-6

extended, overview 12-6

implicit deny 12-3

inbound 14-1

interface, applying 14-4

IP address guidelines with NAT 12-3

logging 12-25

maximum rules 12-6

memory limits 12-6

NAT addresses 12-3

object grouping 12-11

outbound 14-1

overview 12-1

remarks 12-18

standard access lists, adding 12-11

accounting 16-13

ACEs

expanded 12-6

logging 12-25

maximum 12-6

order 12-2

Active/Active failover

about 13-13

actions 13-16

active state 13-13

command replication 13-14

configuration synchronization 13-14

configuring

failover 13-26

failover group preemption 13-29

HTTP replication 13-30

interface poll time 13-30

unit poll time 13-30

criteria for failover 13-30

device initialization 13-14

failover groups 13-13

primary status 13-13

saving the configuration 13-15

secondary status 13-13

standby state 13-13

status 13-35

synchronizing the configurations 13-15

triggers 13-15

Active/Standby failover

about 13-9

actions 13-12

active state 13-9

command replication 13-11

configuration synchronization 13-9

configuring

failover 13-21

HTTP replication 13-25

interface poll time 13-25

unit poll time 13-25

criteria for failover 13-25

device initializtion 13-9

primary status 13-9

saving the configuration 13-10

secondary status 13-9

standby state 13-9

status 13-32

synchronizing the configurations 13-10

triggers 13-11

Active Directory, password management 16-6

adaptive security algorithm 1-9

admin context

changing 4-33

overview 4-3

alternate-address (ICMP message) E-15

application inspection

about 21-2

applying 21-6

configuring 21-1, 21-6

inspection class map 19-10

inspection policy map 19-7

security level requirements 6-1

special actions 19-6

application partition passwords, clearing 25-6

ARP inspection

configuring 18-1

enabling 18-2

overview 18-1

static entry 18-2

ARP spoofing 18-2

ARP table, static entry 18-2

ASDM

allowing access 22-4

installation 23-9

maximum connections A-5

ASR 8-30

asymmetric routing support 8-30

AUS 23-19

authentication

CLI access 22-10

CLI access, system 22-11

FTP 16-3

HTTP 16-2

network access 16-1

overview 11-2

privileged EXEC mode 22-13

Telnet 16-2

web clients 16-6

authorization

commands 22-14

downloadable access lists 16-10

network access 16-9

overview 11-2

autostate messaging 2-9

Auto Update

configuring 23-18

status 23-20

B

bandwidth

limiting 4-21

maximum A-3

basic settings 7-1

BGP

configuring 8-7

limitations 8-7

monitoring 8-5, 8-8

restarting 8-9

support for 8-6

bits subnet masks E-3

booting

from the FWSM 25-6

from the switch 2-11

boot partitions 2-10

BPDUs

access list, EtherType 12-10

forwarding on the switch 2-9

bridge groups

IP addresses, assigning 6-5

overview 1-8

bridge table

See MAC address table

bufferwraps

save to interal Flash 24-10

send to FTP server 24-10

bypassing firewall checks 20-10

bypassing the firewall, in the switch 2-6

C

capturing packets 25-8

Catalyst 6500

See switch

CEF A-3

changing between contexts 4-31

Cisco 7600

See switch

Cisco IOS versions A-2

Cisco IP Phones

application inspection 21-89

with DHCP 8-38

Cisco VPN Client 22-6

Class A, B, and C addresses E-2

class-default class map 19-4

classes, logging

filtering messages by 24-12

message class variables 24-12

types 24-12

classes, MPF

See class map

classes, resource

See resource management

class map

inspection 19-10

Layer 3/4

match commands 19-5

through traffic 19-5

regular expression 19-14

clearing configuration settings 24-17

CLI

abbreviating commands C-3

adding comments C-5

authenticating access 22-10

command line editing C-3

command output paging C-5

displaying C-5

help C-4

paging C-5

syntax formatting C-3

command authorization

configuring 22-14

multiple contexts 22-15

overview 22-10

command prompts

configuring 7-4

overview C-2

comments

access lists 12-18

configuration C-5

Compact Flash 2-10

configuration

clearing 3-5

clearing settings 24-17

comments C-5

saving 3-3

switch 2-1

text file 3-6

URL for a context 4-29

viewing 3-5

configuration mode

accessing 3-2

prompt C-2

configuring 8-33

configuring RHI 8-33

connection

advanced features 20-1

blocking 20-15

deleting A-5

limits 20-1

rate-limiting 20-2

timeouts 20-1

connection limits

per context 4-26

console port, external 3-1

contexts

See security contexts

control plane path 1-9

conversion-error (ICMP message) E-15

crash dump 25-9

CTIQBE inspection

enabling 21-11

limitations and restrictions 21-10

monitoring 21-12

overview 21-10

cut-through proxy 16-1

D

data flow

routed firewall 5-2

transparent firewall 5-12

debug messages

failover 13-42

viewing 25-7

default class 4-23

default policy 19-3

deny flows, logging 12-27

device ID, including in messages 24-15

DHCP

Cisco IP Phones 8-38

configuring 8-35

relay 8-39

server 8-38

transparent firewall 12-7

disabling messages, specific message IDs 24-16

DMZ, definition 1-1

DNS and NAT 15-15

DNS inspection

configuring 21-24

managing 21-17

rewrite 21-18

domain name, setting 7-4

DoS attack, preventing 15-26

dotted decimal subnet masks E-3

downloadable access lists 16-10

DSCP bits 1-10

DUAL 8-23

dual IP stack 10-4

dynamic NAT

See NAT

E

eBGP 8-7

echo (ICMP message) E-15

echo-reply (ICMP message) E-15

editing command lines C-3

EIGRP 12-7

configuring 8-23

DUAL algorithm 8-23

hello interval 8-27

hello packets 8-22

hold time 8-23, 8-27

neighbor discovery 8-22

Overview 8-22

stub routing 8-24

stuck-in-active 8-23

EMBLEM format, using in logs 24-16

embryonic connection limits 20-2

ESMTP inspection

configuring 21-96

overview 21-94

established command

maximum rules A-7

security level requirements 6-2

EtherChannel, backplane

load-balancing 2-8

overview 2-8

EtherType access list

adding 12-10

applying in both directions 12-9

compatibilty with extended access lists 12-10

implicit deny 12-9

MPLS, allowing 12-10

supported EtherTypes 12-9

EtherType assigned numbers 12-10

F

facility, logging 24-5

failover

about 13-1

Active/Active

See Active/Active failover

Active/Standby

See Active/Standby failover

configuring

Active/Active 13-26

Active/Standby 13-21

debug messages 13-42

disabling 13-41

displaying the configuration 13-39

forcing 13-40

interface health monitoring 13-19

link

about 13-2

securing 13-31

module placement

inter-chassis 13-4

intra-chassis 13-3

PISA 20-6

requirements

license 13-2

software 13-2

restoring a failed unit 13-41

SNMP traps 13-42

Stateful

See Stateful Failover

switch configuration 2-9

system log messages 13-42

testing 13-39

transparent firewall considerations 13-7

trunk 2-9

unit health monitoring 13-19

upgrading software 23-9

failover groups

assigning contexts to 13-28

creating 13-27

definition of 13-13

preempt command 13-29

restoring to an unfailed state 13-41

filtering

ActiveX 17-1

exempting 17-8

FTP 17-9

HTTP 17-7

HTTPS 17-8

Java applets 17-3

long HTTP URLs

setting the size 17-7

truncating 17-8

maximum rules A-7

overview 17-1

security level requirements 6-1

servers supported 17-4

show command output C-4

URLs 17-4

firewall mode

configuring 5-1

overview 5-1

Flash memory

overview 2-10

partitions 2-10

size A-3

format of messages 24-18

fragments 1-5

limitations A-4

fragment size, configuring 20-15

FTP filtering 17-9

FTP inspection

configuring 21-32

overview 21-30

G

global addresses

guidelines 15-15

specifying 15-27

GRE tagging with PISA 20-5

GTP inspection

configuring 21-37

overview 21-35

H

H.225, configuring 21-50

H.245

monitoring 21-54

troubleshooting 21-54

H.323

transparent firewall guidelines 5-9

H.323 inspection

configuring 21-51

limitations 21-49

overview 21-48

troubleshooting 21-54

half-closed connection limits 20-3

help, command line C-4

hostname, setting 7-3

hosts, subnet masks for E-3

HSRP 5-8

HTTP(S)

authentication 22-12

filtering 17-4

maximum connections A-5

maximum rules A-7

HTTP replication

configuring in Active/Active failover 13-30

configuring in Active/Standby failover 13-25

I

iBGP 8-7

ICMP

management access 22-9

maximum rules A-7

testing connectivity 25-1

type numbers E-15

IGMP 9-2

IKE 22-5

ILS application inspection 21-64

IM 21-77

inbound access lists 14-1

information-reply (ICMP message) E-15

information-request (ICMP message) E-15

inside, definition 1-1

inspection_default class-map 19-4

installation

ASDM 23-9

maintenance software 23-12

module verification 2-2

software, using the CLI 23-4

software, using the maintenance partition 23-5

Instant Messaging 21-77

interfaces

configuring poll times 13-25, 13-30

global addresses 15-27

health monitoring 13-19

maximum A-4

naming 6-2, 6-4

shared 4-7

turning off 6-8

turning on 6-8

viewing monitored interface status 13-39

IOS

upgrading 2-1

IOS versions A-2

IP addresses

classes E-2

interface 6-3

overlapping between contexts 4-5

private E-2

routed mode 6-3

subnet mask E-4

translating 15-1

transparent mode 6-3

VPN client 22-7

IPSec

basic settings 22-5

client 22-6

management access 22-4

transforms 22-6

IP spoofing, preventing 20-14

IPv6

access lists 10-5

default and static routes 10-5

dual IP stack, configuring 10-4

duplicate address detection 10-4

enabled commands 10-1

neighbor discovery 10-6

router advertisement messages 10-8

static neighbor 10-10

verifying configuration 10-10

viewing routes 10-11

IPX 2-6

ISAKMP 22-5

ISNs, randomizing

using Modular Policy Framework 20-1

J

Java applet filtering 17-2

K

Kerberos

configuring 11-9

support 11-6

L

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

Layer 3/4

matching multiple policy maps 19-18

LDAP

application inspection 21-64

configuring 11-9

support 11-6

licenses 23-1

load-balancing, backplane EtherChannel 2-8

local user database

adding a user 11-7

configuring 11-7

logging in 22-13

support 11-6

system execution space 22-13

lockout recovery 22-23

log bufferwraps

save to internal Flash 24-10

send to FTP server 24-10

logging

access lists 12-25

class

filtering messages by 24-11

types 24-12

device-id, including in system log messages 24-15

email

configuring as output destination 24-5

destination address 24-6

source address 24-6

EMBLEM format 24-16

facility option 24-5

filtering messages

by message class 24-12

by message list 24-13

logging queue, configuring 24-14

multiple context mode 24-2

output destinations

ASDM 24-6

email address 24-5

internal buffer 24-8

SNMP 24-33

SSH 24-7

switch session 24-7

syslog server 24-4

Telnet 24-7

queue

changing the size of 24-14

configuring 24-14

viewing queue statistics 24-14

severity level

changing 24-17

severity level, changing 24-17

timestamp, including 24-15

logging queue

configuring 24-14

login

banner 7-5

command 22-13

FTP 16-3

local user 22-13

session 3-2

SSH 3-2

system execution space 22-13

Telnet 3-2

loops, avoiding 2-9

M

MAC address table

adding an address 18-3

entry timeout 18-3

MAC learning, disabling 18-4

overview 5-12, 18-3

resource management 4-26

static entry 18-3

viewing 18-4

MAC learning, disabling 18-4

maintenance partition

installing application software from 23-5

IP address 23-7

password

clearing 25-7

setting 7-2

software installation 23-12

management IP address, transparent firewall 6-3

man-in-the-middle attack 18-2

mapped interface name 4-28

mapping

MIBs to CLIs D-1

mask-reply (ICMP message) E-15

mask-request (ICMP message) E-15

match commands

inspection class map 19-8

Layer 3/4 class map 19-5

memory

access list use of 12-6

Flash A-3

RAM A-3

rules use of 12-6

memory partitions 4-12

reallocating rules 4-19

setting the total number 4-13

sizes 4-14

message classes

about 24-11

list of 24-12

message list

creating 24-13

filtering by 24-13

message severity levels, list of 24-19

metacharacters, regular expression 19-11

MGCP inspection

configuring 21-67

overview 21-65

MIBs

supported 24-20

mobile-redirect (ICMP message) E-15

mode

CLI C-2

context 4-10

firewall 5-1

Modular Policy Framework

See MPF

monitoring

OSPF 8-20

resource management 4-36

SNMP 24-20

more prompt

disabling 22-1

overview C-5

MPF

about 19-1

default policy 19-3

features 19-1

flows 19-18

matching multiple policy maps 19-18

service policy, applying 19-20

MPLS

LDP 12-10

router-id 12-10

TDP 12-10

MSFC

definition A-1

overview 1-7

SVIs 2-6

multicast routing 9-1

multicast traffic 5-8

Multilayer Switch Feature Card

See MSFC

multiple context mode

See security contexts

multiple SVIs 2-5

N

naming an interface 6-2, 6-4

NAT

bypassing NAT

configuration 15-33

overview 15-10

DNS 15-15

dynamic NAT

configuring 15-25

implementation 15-19

overview 15-6

examples 15-36

exemption from NAT

configuration 15-35

overview 15-10

identity NAT

configuration 15-33

overview 15-10

NAT ID 15-19

order of statements 15-14

overlapping addresses 15-37

overview 15-1

PAT

configuring 15-25

implementation 15-19

overview 15-8

static 15-30

policy NAT

dynamic, configuring 15-25

maximum rules A-7

overview 15-10

static, configuring 15-29

static PAT, configuring 15-31

port redirection 15-38

RPC not supported with 21-100

same security level 15-14

security level requirements 6-1

static identity, configuring 15-33

static NAT

configuring 15-28

overview 15-8

static PAT

configuring 15-30

overview 15-9

transparent mode 15-4

types 15-6

xlate bypass

configuring 15-18

overview 15-13

network processors 1-9

networks, overlapping 15-37

NPs 1-9

NTLM support 11-5

NT server

configuring 11-9

support 11-5

O

object groups

expanded 12-6

nesting 12-15

removing 12-17

open ports E-14

OSPF

area authentication 8-14

area MD5 authentication 8-14

area parameters 8-14

authentication key 8-12

cost 8-12

dead interval 8-12

default route 8-18

displaying update packet pacing 8-19

enabling 8-10

hello interval 8-12

interface parameters 8-12

link-state advertisement 8-10

logging neighbor states 8-19

MD5 authentication 8-12

monitoring 8-20

NSSA 8-15

overview 8-9

packet pacing 8-19

processes 8-10

redistributing routes 8-11

route calculation timers 8-18

route map 8-5

route summarization 8-17

stub area 8-14

summary route cost 8-14

outbound access lists 14-1

outside, definition 1-1

oversubscribing resources 4-22

P

packet

capture 25-8

classifier 4-3

flow

routed firewall 5-2

transparent firewall 5-12

paging screen displays C-5

parameter-problem (ICMP message) E-15

parameter problem, ICMP message E-15

partitions

application 2-10

boot 2-10

crash dump 2-10

Flash memory 2-10

maintenance 2-10

network configuration 2-10

password management, AAA 16-6

passwords

changing 7-1

clearing

application 25-6

maintenance 25-7

recovery 25-6

troubleshooting 25-6

PAT

See NAT

PIM features, configuring 9-6

ping

See ICMP

PISA integration 20-4

policy map

inspection 19-7

Layer 3/4

about 19-15

adding 19-18

default policy 19-18

flows 19-18

policy NAT

about 15-10

See NAT

pools, addresses

DHCP 8-36

global NAT 15-27

VPN 22-7

PORT command, FTP 21-31

ports

open on device E-14

redirection, NAT 15-38

private networks E-2

privileged EXEC mode

accessing 3-2

authentication 22-13

prompt C-2

prompts

command C-2

more C-5

setting 7-4

protocol numbers and literal values E-11

proxy servers, SIP 21-76

Q

QoS compatibility 1-10

question mark

command string C-4

help C-4

queue, logging

changing the size of 24-14

viewing statistics 24-14

R

RADIUS

configuring a server 11-9

downloadable access lists 16-10

network access authentication 16-3

network access authorization 16-10

password management 16-6

support 11-4

rapid link failure detection 2-9

RAS H.323 troubleshooting 21-55

rate-limiting connections 20-2

RealPlayer 21-73

rebooting

from the FWSM CLI 25-6

from the switch 2-11

redirect (ICMP message) E-15

redirect, ICMP message E-15

regular expression 19-11

Related Documentation 3-xxx

reloading

contexts 4-34

from the FWSM CLI 25-6

from the switch 2-11

remarks

access lists 12-18

configuration C-5

remote management

ASDM 22-4

SSH 22-2

Telnet 22-1

VPN 22-4

requirements A-1

resetting

from the FWSM CLI 25-6

from the switch 2-11

resource management

assigning a context to a class 4-30

class 4-24

configuring 4-21

default class 4-23

monitoring 4-36

oversubscribing 4-22

overview 4-22

resource types 4-26

unlimited 4-22

resource usage 4-39

RHI 8-32, 8-33

RIP

default route updates 8-21

enabling 8-21

overview 8-21

passive 8-21

routed firewall

data flow 5-2

interfaces, configuring 6-2

setting 5-17

route health injection 8-32

router

advertisement, ICMP message E-15

solicitation, ICMP message E-15

router-advertisement (ICMP message) E-15

router-solicitation (ICMP message) E-15

routes

configuring 8-2

generating a default 8-18

logging neighbors 8-19

monitoring OSPF 8-20

summarization 8-17

routing

BGP stub 8-6

OSPF 8-21

other protocols 12-7

RIP 8-22

RSA keys, generating 22-3

RSH connections A-5

RTSP inspection

configuring 21-74

overview 21-73

rules

default allocation A-7

maximum 12-6

memory partitions 4-12

pools for contexts A-7

reallocating memory A-8

reallocating memory per partition 4-19

running configuration

backing up 23-17

clearing 3-5

downloading 23-16

saving 3-3

viewing 3-5

S

same security level communication

configuring 6-6

NAT 15-14

SCCP (Skinny) inspection

Cisco IP Phones, supporting 21-90

configuration 21-89

SDI

configuring 11-9

support 11-5

secure computing smartfilter 17-4

security contexts

adding 4-28

admin context

changing 4-33

overview 4-3

assigning to a resource class 4-30

changing between 4-31

classifier 4-3

command authorization 22-15

configuration

URL, changing 4-33

URL, setting 4-29

logging 24-2

logging in 4-9

managing 4-32

mapped interface name 4-28

memory partitions 4-12

monitoring 4-35

MSFC compatibility 1-8

multiple mode, enabling 4-10

overview 4-1

prompt C-2

reloading 4-34

removing 4-32

resource management 4-22

resource usage 4-39

saving all configurations 3-4

unsupported features 4-2

VLAN allocation 4-28

security level

configuring 6-3

overview 6-1

service policy

applying 19-20

default 19-20

global 19-20

interface 19-20

sessioning from the switch 3-1

session management path 1-9

severity levels of system log messages

definition 24-19

list of 24-19

shared interfaces 4-7

shared VLANs 4-7

show command, filtering output C-4

shunning 20-15

single mode

backing up configuration 4-10

configuration 4-11

enabling 4-10

restoring 4-11

SIP inspection

instant messaging 21-77

overview 21-77

timeout values, configuring 21-82

troubleshooting 21-86

site-to-site tunnel 22-8

SMTP inspection

configuring 21-96

overview 21-94

SNMP

MIBs 24-20

overview 24-20

traps 24-31

software installation

any partition 23-5

current partition 23-4

maintenance 23-12

source-quench (ICMP message) E-15

source quench, ICMP message E-15

SPAN session 2-2

specifications A-1

SSH

authentication 22-12

concurrent connections 22-2

login 22-3

maximum rules A-7

RSA key 22-3

username 22-4

startup configuration

backing up 23-17

copying to the running configuration 3-5

downloading 23-16

saving 3-3

viewing 3-5

Stateful Failover

overview 13-18

state information passed 13-18

state link 13-3

stateful inspection

bypassing 20-10

overview 1-9

state link

See Stateful Failover

static ARP entry 18-2

static MAC address entry 18-3

static NAT

See NAT

static PAT

See NAT

stealth firewall

See transparent firewall

Stub Multicast Routing 9-5

stuck-in-active 8-23

subnet masks

/bits E-3

address range E-4

dotted decimal E-3

number of hosts E-3

overview E-2

Sun RPC inspection

configuring 21-100

overview 21-100

supervisor engine versions A-2

supervisor IOS A-1

SVIs

configuring 2-7

multiple 2-5

overview 2-5

switch

assigning VLANs to module 2-2

autostate messaging 2-9

BPDU forwarding 2-9

configuration 2-1

failover compatibility with transparent firewall 2-9

failover configuration 2-9

maximum modules A-3

resetting the module 2-11

sessioning to the module 3-1

system requirements A-1

trunk for failover 2-9

verifying module installation 2-2

switched virtual interfaces

See SVIs

Switch Fabric Module A-3

SYN attacks, monitoring 4-40

SYN cookies 4-40

syntax formatting C-3

syslog server

as output destination 24-4

designating 24-4

designating more than one 24-4

EMBLEM format

configuring 24-16

enabling 24-4

system execution space

configuration 4-2

local user database 11-7

login command 22-13

session authentication 22-11

username command 11-7

system log messages

classes 24-12

classes of

list of classes 24-12

configuring in groups

by message list 24-13

creating lists of 24-11

device ID, including 24-15

failover 13-42

filtering

by list 24-13

by message class 24-11

format of 24-18

managing in groups

by message class 24-12

creating a message list 24-11

multiple context mode 24-2

severity levels 24-19

timestamp, including 24-15

variables used in 24-19

system requirements A-1

T

TACACS+

command authorization 22-18

configuring a server 11-9

network access authorization 16-9

support 11-4

TCP

back-to-back connections A-5

connection, deleting A-5

connection limits 20-2

connection limits per context 4-26

ports and literal values E-11

sequence number randomization

disabling using Modular Policy Framework 20-2

sequence randomization 20-2

TCP Intercept

configuring for transparent mode 15-26

monitoring 4-40

TCP normalization, disabling 20-14

TCP state bypass 20-10

Telnet

authentication

enabling 22-12

session from switch 22-11

system execution space 22-11

concurrent connections 22-1

maximum rules A-7

testing configuration 25-1

time-exceeded (ICMP message) E-15

time exceeded, ICMP message E-15

time ranges, access lists 12-24

timestamp

reply, ICMP message E-15

timestamp, including in system log messages 24-15

timestamp-reply (ICMP message) E-15

traffic flow

routed firewall 5-2

transparent firewall 5-12

transparent firewall

ARP inspection

enabling 18-2

overview 18-1

static entry 18-2

data flow 5-12

DHCP packets, allowing 12-7

failover considerations 13-7

guidelines 5-10

H.323 guidelines 5-9

HSRP 5-8

interfaces, configuring 6-3

MAC address timeout 18-3

MAC learning, disabling 18-4

management IP address 6-3

multicast traffic 5-8

overview 5-7

packet handling 12-7

setting 5-17

static MAC address entry 18-3

unsupported features 5-11

VRRP 5-8

transparent mode

NAT 15-4

traps, SNMP 24-31

troubleshooting

capturing packets 25-8

common problems 25-10

configuration 25-1

crash dump 25-9

debug messages 25-7

H.323 21-54

H.323 RAS 21-55

password recovery 25-6

SIP 21-86

tunnels

basic settings, configuring 22-5

site-to-site, configuring 22-8

VPN client access, configuring 22-6

U

UDP

connection limits 20-2

connection limits per context 4-26

connection state information 1-10

ports and literal values E-11

Unicast Reverse Path Forwarding 20-14

unit health monitoring 13-19

unit poll time, configuring

Active/Active 13-30

Active/Standby 13-25

unprivileged mode

accessing 3-2

prompt C-2

unreachable (ICMP message) E-15

upgrading

IOS 2-1

URLs

context configuration, changing 4-33

context configuration, setting 4-29

filtering 17-4

V

viewing logs 24-3

virtual firewalls

See security contexts

virtual HTTP 16-3

virtual reassembly 1-5

virtual SSH 16-3

virtual Telnet 16-3

VLANs

allocating to a context 4-28

assigning to FWSM 2-2

interfaces 2-2

mapped interface name 4-28

maximum A-4

shared 4-7

VoIP

proxy servers 21-76

troubleshooting 21-54

VPN

basic settings 22-5

client tunnel 22-6

management access 22-4

site-to-site tunnel 22-8

transforms 22-6

VRRP 5-8

W

WAN ports A-1

web clients, secure authentication 16-6

X

xlate bypass

configuring 15-18

overview 15-13