Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 4.1
Index
Downloads: This chapterpdf (PDF - 641.0KB) The complete bookPDF (PDF - 8.06MB) | Feedback

Index

 

Symbols

/bits subnet masks E-3

?

command string C-4

help C-4

A

AAA

accounting 17-13

authentication

CLI access 23-10

CLI access, system 23-11

network access 17-1

privileged EXEC mode 23-13

authentication directly with the FWSM 17-3

authorization

commands 23-14

downloadable access lists 17-10

network access 17-9

clearing settings 26-6

local database support 11-6

maximum rules A-7

overview 11-1

password management 17-6

performance 17-1

prompts 17-6

server

adding 11-9

types 11-3

support summary 11-3

with web clients 17-6

abbreviating commands C-3

access lists

ACE logging, configuring 13-26

ACE order 13-2

comments 13-18

commitment 13-5

deny flows, managing 13-27

downloadable 17-10

EtherType, adding 13-10

expanded 13-6

extended, adding 13-6

extended, overview 13-6

implicit deny 13-3

inbound 15-1

interface, applying 15-4

IP address guidelines with NAT 13-3

logging 13-25

maximum rules 13-6

memory limits 13-6

NAT addresses 13-3

object grouping 13-11

outbound 15-1

overview 13-1

remarks 13-18

standard access lists, adding 13-11

accounting 17-13

ACEs

expanded 13-6

logging 13-25

maximum 13-6

order 13-2

Active/Active failover

about 14-13

actions 14-16

active state 14-13

command replication 14-14

configuration synchronization 14-14

configuring

failover 14-26

failover group preemption 14-29

HTTP replication 14-30

interface poll time 14-30

unit poll time 14-30

criteria for failover 14-30

device initialization 14-14

failover groups 14-13

primary status 14-13

saving the configuration 14-15

secondary status 14-13

standby state 14-13

status 14-35

synchronizing the configurations 14-15

triggers 14-15

Active/Standby failover

about 14-9

actions 14-12

active state 14-9

command replication 14-11

configuration synchronization 14-9

configuring

failover 14-21

HTTP replication 14-25

interface poll time 14-25

unit poll time 14-25

criteria for failover 14-25

device initializtion 14-9

primary status 14-9

saving the configuration 14-10

secondary status 14-9

standby state 14-9

status 14-32

synchronizing the configurations 14-10

triggers 14-11

Active Directory, password management 17-6

adaptive security algorithm 1-8

admin context

changing 4-33

overview 4-3

alternate-address (ICMP message) E-15

application inspection

about 22-2

applying 22-6

configuring 22-1, 22-6

inspection class map 20-10

inspection policy map 20-7

security level requirements 6-1

special actions 20-6

application partition passwords, clearing 26-6

ARP inspection

configuring 19-1

enabling 19-2

overview 19-1

static entry 19-2

ARP spoofing 19-2

ARP table, static entry 19-2

ASDM

allowing access 23-4

installation 24-8

maximum connections A-5

ASR 8-30

asymmetric routing support 8-30

AUS 24-18

authentication

CLI access 23-10

CLI access, system 23-11

FTP 17-3

HTTP 17-2

network access 17-1

overview 11-2

privileged EXEC mode 23-13

Telnet 17-2

web clients 17-6

authorization

commands 23-14

downloadable access lists 17-10

network access 17-9

overview 11-2

autostate messaging 2-9

Auto Update

configuring 24-18

status 24-20

B

bandwidth

limiting 4-21

maximum A-3

basic settings 7-1

BGP

configuring 8-7

limitations 8-7

monitoring 8-5, 8-8

restarting 8-9

support for 8-6

bits subnet masks E-3

booting

from the FWSM 26-6

from the switch 2-11

boot partitions 2-10

BPDUs

access list, EtherType 13-10

forwarding on the switch 2-9

bridge groups

IP addresses, assigning 6-6

overview 1-7

bridge table

See MAC address table

bufferwraps

save to interal Flash 25-10

send to FTP server 25-11

bypassing firewall checks 21-10

bypassing the firewall, in the switch 2-6

C

CA

CRs and 12-2

public key cryptography 12-1

revoked certificates 12-2

capturing packets 26-8

Catalyst 6500

See switch

CEF A-3

Certificate Revocation Lists

See CRLs

certification authority

See CA

changing between contexts 4-31

Cisco 7600

See switch

Cisco IP Phones

application inspection 22-89

with DHCP 8-38

Cisco VPN Client 23-6

Class A, B, and C addresses E-2

class-default class map 20-4

classes, logging

filtering messages by 25-13

message class variables 25-13

types 25-13

classes, MPF

See class map

classes, resource

See resource management

class map

inspection 20-10

Layer 3/4

match commands 20-5

through traffic 20-5

regular expression 20-14

clearing configuration settings 25-18

CLI

abbreviating commands C-3

adding comments C-5

authenticating access 23-10

command line editing C-3

command output paging C-5

displaying C-5

help C-4

paging C-5

syntax formatting C-3

command authorization

configuring 23-14

multiple contexts 23-15

overview 23-10

command prompts

configuring 7-4

overview C-2

comments

access lists 13-18

configuration C-5

Compact Flash 2-10

configuration

clearing 3-5

clearing settings 25-18

comments C-5

saving 3-3

switch 2-1

text file 3-6

URL for a context 4-29

viewing 3-5

configuration mode

accessing 3-2

prompt C-2

configuring 8-33

configuring RHI 8-33

connection

advanced features 21-1

blocking 21-15

deleting A-5

limits 21-1

rate-limiting 21-2

timeouts 21-1

connection limits

per context 4-26

console port, external 3-1

contexts

See security contexts

control plane path 1-8

conversion-error (ICMP message) E-15

crash dump 26-9

CTIQBE inspection

enabling 22-11

limitations and restrictions 22-10

monitoring 22-12

overview 22-10

cut-through proxy 17-1

D

data flow

routed firewall 5-2

transparent firewall 5-12

debug messages

failover 14-42

viewing 26-7

default class 4-23

default policy 20-3

deny flows, logging 13-27

device ID, including in messages 25-16

DHCP

Cisco IP Phones 8-38

configuring 8-35

relay 8-39

server 8-38

transparent firewall 13-7

disabling messages, specific message IDs 25-17

DMZ, definition 1-1

DNS and NAT 16-16

DNS inspection

configuring 22-24

managing 22-18

rewrite 22-19

domain name, setting 7-4

DoS attack, preventing 16-27

dotted decimal subnet masks E-3

downloadable access lists 17-10

DSCP bits 1-9

DUAL 8-23

dual IP stack 10-4

dynamic NAT

See NAT

E

eBGP 8-7

echo (ICMP message) E-15

echo-reply (ICMP message) E-15

editing command lines C-3

EIGRP 13-7

configuring 8-23

DUAL algorithm 8-23

hello interval 8-27

hello packets 8-22

hold time 8-23, 8-27

neighbor discovery 8-22

Overview 8-22

stub routing 8-24

stuck-in-active 8-23

EMBLEM format, using in logs 25-17

embryonic connection limits 21-2

ESMTP inspection

configuring 22-96

overview 22-94

established command

maximum rules A-7

security level requirements 6-2

EtherChannel, backplane

load-balancing 2-8

overview 2-8

EtherType access list

adding 13-10

applying in both directions 13-9

compatibilty with extended access lists 13-10

implicit deny 13-9

MPLS, allowing 13-10

supported EtherTypes 13-9

EtherType assigned numbers 13-10

F

facility, logging 25-5

failover

about 14-1

Active/Active

See Active/Active failover

Active/Standby

See Active/Standby failover

configuring

Active/Active 14-26

Active/Standby 14-21

debug messages 14-42

disabling 14-41

displaying the configuration 14-39

forcing 14-40

interface health monitoring 14-19

link

about 14-2

securing 14-31

module placement

inter-chassis 14-4

intra-chassis 14-3

PISA 21-6

requirements

license 14-2

software 14-2

restoring a failed unit 14-41

SNMP traps 14-42

Stateful

See Stateful Failover

switch configuration 2-9

system log messages 14-42

testing 14-39

transparent firewall considerations 14-7

trunk 2-9

unit health monitoring 14-19

upgrading software 24-9

failover groups

assigning contexts to 14-28

creating 14-27

definition of 14-13

preempt command 14-29

restoring to an unfailed state 14-41

filtering

ActiveX 18-1

exempting 18-8

FTP 18-9

HTTP 18-7

HTTPS 18-8

Java applets 18-3

long HTTP URLs

setting the size 18-7

truncating 18-8

maximum rules A-7

overview 18-1

security level requirements 6-1

servers supported 18-4

show command output C-4

URLs 18-4

firewall mode

configuring 5-1

overview 5-1

Flash memory

overview 2-10

partitions 2-10

size A-3

format of messages 25-19

fragments 1-4

limitations A-4

fragment size, configuring 21-15

FTP filtering 18-9

FTP inspection

configuring 22-32

overview 22-30

G

generating RSA keys 12-4

global addresses

guidelines 16-15

specifying 16-28

GRE tagging with PISA 21-5

GTP inspection

configuring 22-37

overview 22-35

H

H.225, configuring 22-50

H.245

monitoring 22-54

troubleshooting 22-54

H.323 inspection

configuring 22-51

limitations 22-49

overview 22-48

troubleshooting 22-54

half-closed connection limits 21-3

help, command line C-4

hostname, setting 7-3

hosts, subnet masks for E-3

HSRP 5-8

HTTP(S)

authentication 23-12

filtering 18-4

maximum connections A-5

maximum rules A-7

HTTP replication

configuring in Active/Active failover 14-30

configuring in Active/Standby failover 14-25

I

iBGP 8-7

ICMP

management access 23-9

maximum rules A-7

testing connectivity 26-1

type numbers E-15

IGMP 9-2

IKE 23-5

ILS application inspection 22-64

IM 22-77

importing certificates 12-5

inbound access lists 15-1

information-reply (ICMP message) E-15

information-request (ICMP message) E-15

inside, definition 1-1

inspection_default class-map 20-4

installation

ASDM 24-8

maintenance software 24-12

module verification 2-2

software, using the CLI 24-3

software, using the maintenance partition 24-5

Instant Messaging 22-77

interfaces

configuring poll times 14-25, 14-30

global addresses 16-28

health monitoring 14-19

maximum A-4

naming 6-3, 6-6, 6-7

shared 4-7

turning off 6-12

turning on 6-12

viewing monitored interface status 14-39

IOS

upgrading 2-1

IP addresses

classes E-2

interface 6-3, 6-8

overlapping between contexts 4-5

private E-2

routed mode 6-3, 6-8

subnet mask E-4

translating 16-1

transparent mode 6-4

VPN client 23-7

IPSec

basic settings 23-5

client 23-6

management access 23-4

transforms 23-5

IP spoofing, preventing 21-14

IPv6

access lists 10-5

default and static routes 10-5

dual IP stack, configuring 10-4

duplicate address detection 10-4

enabled commands 10-1

neighbor discovery 10-6

router advertisement messages 10-8

static neighbor 10-10

verifying configuration 10-10

viewing routes 10-11

IPX 2-6

ISAKMP 23-5

ISNs, randomizing

using Modular Policy Framework 21-1

J

Java applet filtering 18-2

K

Kerberos

configuring 11-9

support 11-6

L

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

Layer 3/4

matching multiple policy maps 20-18

LDAP

application inspection 22-64

configuring 11-9

support 11-6

licenses 24-1

load-balancing, backplane EtherChannel 2-8

local user database

adding a user 11-7

configuring 11-7

logging in 23-13

support 11-6

system execution space 23-13

lockout recovery 23-23

log bufferwraps

save to internal Flash 25-10

send to FTP server 25-11

logging

access lists 13-25

class

filtering messages by 25-12

types 25-13

device-id, including in system log messages 25-16

email

configuring as output destination 25-6

destination address 25-6

source address 25-6

EMBLEM format 25-16

facility option 25-5

filtering messages

by message class 25-13

by message list 25-14

logging queue, configuring 25-15

multiple context mode 25-2

output destinations

ASDM 25-7

email address 25-6

internal buffer 25-9

SNMP 25-34

SSH 25-8

switch session 25-8

syslog server 25-5

Telnet 25-8

queue

changing the size of 25-15

configuring 25-15

viewing queue statistics 25-15

severity level

changing 25-18

severity level, changing 25-18

timestamp, including 25-15

logging queue

configuring 25-15

login

banner 7-5

command 23-13

FTP 17-3

local user 23-13

session 3-2

SSH 3-2

system execution space 23-13

Telnet 3-2

loops, avoiding 2-9

M

MAC address table

adding an address 19-3

entry timeout 19-3

MAC learning, disabling 19-4

overview 5-12, 19-3

resource management 4-26

static entry 19-3

viewing 19-4

MAC learning, disabling 19-4

maintenance partition

installing application software from 24-5

IP address 24-7

password

clearing 26-7

setting 7-2

software installation 24-12

management IP address, transparent firewall 6-4

man-in-the-middle attack 19-2

mapped interface name 4-28

mapping

MIBs to CLIs D-1

mask-reply (ICMP message) E-15

mask-request (ICMP message) E-15

match commands

inspection class map 20-8

Layer 3/4 class map 20-5

memory

access list use of 13-6

Flash A-3

RAM A-3

rules use of 13-6

memory partitions 4-12

reallocating rules 4-19

setting the total number 4-13

sizes 4-14

message classes

about 25-12

list of 25-13

message list

creating 25-14

filtering by 25-14

message severity levels, list of 25-20

metacharacters, regular expression 20-11

MGCP inspection

configuring 22-67

overview 22-65

MIBs

supported 25-20

mobile-redirect (ICMP message) E-15

mode

CLI C-2

context 4-10

firewall 5-1

Modular Policy Framework

See MPF

monitoring

OSPF 8-20

resource management 4-36

SNMP 25-20

more prompt

disabling 23-1

overview C-5

MPF

about 20-1

default policy 20-3

features 20-1

flows 20-18

matching multiple policy maps 20-18

service policy, applying 20-20

MPLS

LDP 13-10

router-id 13-10

TDP 13-10

MSFC

definition A-1

overview 1-6

SVIs 2-6

multicast routing 9-1

multicast traffic 5-8

Multilayer Switch Feature Card

See MSFC

multiple context mode

See security contexts

multiple SVIs 2-5

N

naming an interface 6-3, 6-6, 6-7

NAT

bypassing NAT

configuration 16-34

overview 16-10

DNS 16-16

dynamic NAT

configuring 16-26

implementation 16-20

overview 16-6

examples 16-37

exemption from NAT

configuration 16-36

overview 16-10

identity NAT

configuration 16-34

overview 16-10

NAT ID 16-20

order of statements 16-15

overlapping addresses 16-38

overview 16-1

PAT

configuring 16-26

implementation 16-20

overview 16-8

static 16-31

policy NAT

dynamic, configuring 16-26

maximum rules A-7

overview 16-10

static, configuring 16-30

static PAT, configuring 16-32

port redirection 16-39

RPC not supported with 22-100

same security level 16-14

security level requirements 6-1

static identity, configuring 16-34

static NAT

configuring 16-29

overview 16-8

static PAT

configuring 16-31

overview 16-9

transparent mode 16-4

types 16-6

xlate bypass

configuring 16-19

overview 16-13

network processors 1-8

networks, overlapping 16-38

NPs 1-8

NTLM support 11-5

NT server

configuring 11-9

support 11-5

O

object groups

expanded 13-6

nesting 13-15

removing 13-17

open ports E-14

OSPF

area authentication 8-14

area MD5 authentication 8-14

area parameters 8-14

authentication key 8-12

cost 8-12

dead interval 8-12

default route 8-18

displaying update packet pacing 8-19

enabling 8-10

hello interval 8-12

interface parameters 8-12

link-state advertisement 8-10

logging neighbor states 8-19

MD5 authentication 8-12

monitoring 8-20

NSSA 8-15

overview 8-9

packet pacing 8-19

processes 8-10

redistributing routes 8-11

route calculation timers 8-18

route map 8-5

route summarization 8-17

stub area 8-14

summary route cost 8-14

outbound access lists 15-1

outside, definition 1-1

oversubscribing resources 4-22

P

packet

capture 26-8

classifier 4-3

flow

routed firewall 5-2

transparent firewall 5-12

paging screen displays C-5

parameter-problem (ICMP message) E-15

parameter problem, ICMP message E-15

partitions

application 2-10

boot 2-10

crash dump 2-10

Flash memory 2-10

maintenance 2-10

network configuration 2-10

password management, AAA 17-6

passwords

changing 7-1

clearing

application 26-6

maintenance 26-7

recovery 26-6

troubleshooting 26-6

PAT

See NAT

PIM features, configuring 9-6

ping

See ICMP

PISA integration 21-4

policy map

inspection 20-7

Layer 3/4

about 20-15

adding 20-18

default policy 20-18

flows 20-18

policy NAT

about 16-10

See NAT

pools, addresses

DHCP 8-36

global NAT 16-28

VPN 23-7

PORT command, FTP 22-31

ports

open on device E-14

redirection, NAT 16-39

private networks E-2

privileged EXEC mode

accessing 3-2

authentication 23-13

prompt C-2

prompts

command C-2

more C-5

setting 7-4

protocol numbers and literal values E-11

proxy servers, SIP 22-76

public key cryptography 12-1

Q

QoS compatibility 1-9

question mark

command string C-4

help C-4

queue, logging

changing the size of 25-15

viewing statistics 25-15

R

RADIUS

configuring a server 11-9

downloadable access lists 17-10

network access authentication 17-3

network access authorization 17-10

password management 17-6

support 11-4

rapid link failure detection 2-9

RAS H.323 troubleshooting 22-55

rate-limiting connections 21-2

RealPlayer 22-73

rebooting

from the FWSM CLI 26-6

from the switch 2-11

redirect (ICMP message) E-15

redirect, ICMP message E-15

Registration Authority description 12-2

regular expression 20-11

Related Documentation 3-xxviii

reloading

contexts 4-34

from the FWSM CLI 26-6

from the switch 2-11

remarks

access lists 13-18

configuration C-5

remote management

ASDM 23-4

SSH 23-2

Telnet 23-1

VPN 23-4

requirements A-1

resetting

from the FWSM CLI 26-6

from the switch 2-11

resource management

assigning a context to a class 4-30

class 4-24

configuring 4-21

default class 4-23

monitoring 4-36

oversubscribing 4-22

overview 4-22

resource types 4-26

unlimited 4-22

resource usage 4-39

revoked certificates 12-2

RHI 8-32, 8-33

RIP

default route updates 8-21

enabling 8-21

overview 8-21

passive 8-21

routed firewall

data flow 5-2

interfaces, configuring 6-3

setting 5-17

route health injection 8-32

router

advertisement, ICMP message E-15

solicitation, ICMP message E-15

router-advertisement (ICMP message) E-15

router-solicitation (ICMP message) E-15

routes

configuring 8-2

generating a default 8-18

logging neighbors 8-19

monitoring OSPF 8-20

summarization 8-17

routing

BGP stub 8-6

OSPF 8-21

other protocols 13-7

RIP 8-22

RSA

keys, generating 12-4

signatures, IKE authentication method 12-2

RSA keys, generating 23-3

RSH connections A-5

RTSP inspection

configuring 22-74

overview 22-73

rules

default allocation A-7

maximum 13-6

memory partitions 4-12

pools for contexts A-7

reallocating memory A-8

reallocating memory per partition 4-19

running configuration

backing up 24-17

clearing 3-5

downloading 24-15

saving 3-3

viewing 3-5

S

same security level communication

configuring 6-10

NAT 16-14

SCCP (Skinny) inspection

Cisco IP Phones, supporting 22-90

configuration 22-89

SDI

configuring 11-9

support 11-5

secure computing smartfilter 18-4

security contexts

adding 4-28

admin context

changing 4-33

overview 4-3

assigning to a resource class 4-30

changing between 4-31

classifier 4-3

command authorization 23-15

configuration

URL, changing 4-33

URL, setting 4-29

logging 25-2

logging in 4-9

managing 4-32

mapped interface name 4-28

memory partitions 4-12

monitoring 4-35

MSFC compatibility 1-7

multiple mode, enabling 4-10

overview 4-1

prompt C-2

reloading 4-34

removing 4-32

resource management 4-22

resource usage 4-39

saving all configurations 3-4

unsupported features 4-2

VLAN allocation 4-28

security level

configuring 6-3, 6-7

overview 6-1

service policy

applying 20-20

default 20-20

global 20-20

interface 20-20

sessioning from the switch 3-1

session management path 1-8

severity levels of system log messages

definition 25-20

list of 25-20

shared interfaces 4-7

shared VLANs 4-7

show command, filtering output C-4

shunning 21-15

single mode

backing up configuration 4-10

configuration 4-11

enabling 4-10

restoring 4-11

SIP inspection

instant messaging 22-77

overview 22-77

timeout values, configuring 22-82

troubleshooting 22-86

site-to-site tunnel 23-8

SMTP inspection

configuring 22-96

overview 22-94

SNMP

MIBs 25-20

overview 25-20

traps 25-32

software installation

any partition 24-5

current partition 24-3

maintenance 24-12

source-quench (ICMP message) E-15

source quench, ICMP message E-15

SPAN session 2-2

specifications A-1

SSH

authentication 23-12

concurrent connections 23-2

login 23-3

maximum rules A-7

username 23-3

startup configuration

backing up 24-17

copying to the running configuration 3-5

downloading 24-15

saving 3-3

viewing 3-5

Stateful Failover

overview 14-18

state information passed 14-18

state link 14-3

stateful inspection

bypassing 21-10

overview 1-8

state link

See Stateful Failover

static ARP entry 19-2

static MAC address entry 19-3

static NAT

See NAT

static PAT

See NAT

stealth firewall

See transparent firewall

Stub Multicast Routing 9-5

stuck-in-active 8-23

subnet masks

/bits E-3

address range E-4

dotted decimal E-3

number of hosts E-3

overview E-2

Sun RPC inspection

configuring 22-100

overview 22-100

SVIs

configuring 2-7

multiple 2-5

overview 2-5

switch

assigning VLANs to module 2-2

autostate messaging 2-9

BPDU forwarding 2-9

configuration 2-1

failover compatibility with transparent firewall 2-9

failover configuration 2-9

maximum modules A-3

resetting the module 2-11

sessioning to the module 3-1

system requirements A-1

trunk for failover 2-9

verifying module installation 2-2

switched virtual interfaces

See SVIs

Switch Fabric Module A-3

SYN attacks, monitoring 4-40

SYN cookies 4-40

syntax formatting C-3

syslog server

as output destination 25-4

designating 25-5

designating more than one 25-5

EMBLEM format

configuring 25-17

enabling 25-5

system execution space

configuration 4-2

local user database 11-7

login command 23-13

session authentication 23-11

username command 11-7

system log messages

classes 25-13

classes of

list of classes 25-13

configuring in groups

by message list 25-14

creating lists of 25-12

device ID, including 25-16

failover 14-42

filtering

by list 25-14

by message class 25-12

format of 25-19

managing in groups

by message class 25-13

creating a message list 25-12

multiple context mode 25-2

severity levels 25-20

timestamp, including 25-15

variables used in 25-19

system requirements A-1

T

TACACS+

command authorization 23-18

configuring a server 11-9

network access authorization 17-9

support 11-4

TCP

back-to-back connections A-5

connection, deleting A-5

connection limits 21-2

connection limits per context 4-26

ports and literal values E-11

sequence number randomization

disabling using Modular Policy Framework 21-2

sequence randomization 21-2

TCP Intercept

configuring for transparent mode 16-27

monitoring 4-40

TCP normalization, disabling 21-14

TCP state bypass 21-10

Telnet

authentication

enabling 23-12

session from switch 23-11

system execution space 23-11

concurrent connections 23-1

maximum rules A-7

testing configuration 26-1

time-exceeded (ICMP message) E-15

time exceeded, ICMP message E-15

time ranges, access lists 13-24

timestamp

reply, ICMP message E-15

timestamp, including in system log messages 25-15

timestamp-reply (ICMP message) E-15

traffic flow

routed firewall 5-2

transparent firewall 5-12

transparent firewall

ARP inspection

enabling 19-2

overview 19-1

static entry 19-2

data flow 5-12

DHCP packets, allowing 13-7

failover considerations 14-7

guidelines 5-10

HSRP 5-8

interfaces, configuring 6-4

MAC address timeout 19-3

MAC learning, disabling 19-4

management IP address 6-4

multicast traffic 5-8

overview 5-7

packet handling 13-7

setting 5-17

static MAC address entry 19-3

unsupported features 5-11

VRRP 5-8

transparent mode

NAT 16-4

traps, SNMP 25-32

troubleshooting

capturing packets 26-8

common problems 26-10

configuration 26-1

crash dump 26-9

debug messages 26-7

H.323 22-54

H.323 RAS 22-55

password recovery 26-6

SIP 22-86

trustpoint 12-3

tunnels

basic settings, configuring 23-5

site-to-site, configuring 23-8

VPN client access, configuring 23-6

U

UDP

connection limits 21-2

connection limits per context 4-26

connection state information 1-9

ports and literal values E-11

Unicast Reverse Path Forwarding 21-14

unit health monitoring 14-19

unit poll time, configuring

Active/Active 14-30

Active/Standby 14-25

unprivileged mode

accessing 3-2

prompt C-2

unreachable (ICMP message) E-15

upgrading

IOS 2-1

URLs

context configuration, changing 4-33

context configuration, setting 4-29

filtering 18-4

V

viewing logs 25-4

virtual firewalls

See security contexts

virtual HTTP 17-3

virtual reassembly 1-4

virtual SSH 17-3

virtual Telnet 17-3

VLANs

allocating to a context 4-28

assigning to FWSM 2-2

interfaces 2-2

mapped interface name 4-28

maximum A-4

shared 4-7

VoIP

proxy servers 22-76

troubleshooting 22-54

VPN

basic settings 23-5

client tunnel 23-6

management access 23-4

site-to-site tunnel 23-8

transforms 23-5

VRRP 5-8

W

WAN ports A-1

web clients, secure authentication 17-6

X

xlate bypass

configuring 16-19

overview 16-13