Cisco IOS Security Command Reference, Release 12.2 T - SR: Index [Cisco IOS Software Releases 12.2 T]

Table Of Contents

Index: Cisco IOS Security Command Reference, Release 12.2 T

A C D E F G H I K L M N P Q R S T U V W

A

AAA (authentication, authorization, and accounting)

resource accounting SR-99, SR-101

server groups SR-209

aaa accounting command SR-90

aaa accounting connection h323 command SR-94

aaa accounting delay-start command SR-96

aaa accounting nested command SR-98

aaa accounting resource start-stop group command SR-99

aaa accounting resource stop-failure group command SR-101

aaa accounting send stop-record authentication failure command SR-103

aaa accounting suppress null-username command SR-104

aaa accounting update command SR-105

aaa attribute command SR-122

aaa authentication arap command SR-4

aaa authentication attempts login command SR-6

aaa authentication banner command SR-7

aaa authentication enable default command SR-9

aaa authentication fail-message command SR-11

aaa authentication login command SR-13

aaa authentication password-prompt command SR-15

aaa authentication ppp command SR-17

aaa authentication username-prompt command SR-19

aaa authorization cache filterserver command SR-123

aaa authorization command SR-74

aaa authorization config-commands command SR-78

aaa authorization reverse-access command SR-79

aaa authorization template command SR-82

aaa dnis map accounting network command SR-107

aaa dnis map authentication login group command SR-21

aaa dnis map authentication ppp group command SR-23

aaa dnis map authorization network group command SR-83

aaa filterserver command SR-125

aaa group server radius command SR-127

aaa group server tacacs+ command SR-209

aaa nas port extended command SR-129

aaa nas redirected-station command SR-25

aaa new-model command SR-27

aaa pod server command SR-28

aaa preauth command SR-30

aaa processes command SR-32

aaa session-id command SR-109

aaa session-mib command SR-83, SR-111

aaa user profile command SR-131

access-enable command SR-238

access-list dynamic-extend command SR-240

access lists

dynamic, extending SR-240

reflexive SR-245

See also IPSec

access lists, clearing temporary entries SR-238

access-profile command SR-34

replace command form (caution) SR-35

using per-user configuration (caution) SR-35

access-template command SR-241

accounting (AAA) command SR-112

accounting (gatekeeper) command SR-114

accounting (server-group) command SR-132

acl command SR-544

address command SR-545

addressed-key command SR-546

AESOs (Auxiliary Extended Security Options), attaching to interfaces SR-660

arap authentication command SR-37

using list-names (caution) SR-37

attribute (server-group) command SR-134

authentication (IKE policy) command SR-548

authorization (server-group) command SR-136

authorization command SR-85

auto-enroll command SR-478

C

cache clear age command SR-138

cache disable command SR-139

cache max command SR-140

cache refresh command SR-141

call guard-timer command SR-143

ca trustpoint command SR-479

cautions

access-profile command

replace command form SR-35

using per-user configuration SR-35

arap authentication command, using list-names SR-37

enable password command, using encryption-type SR-630

enable secret command, using encryption-type SR-632

Java blocking SR-290

key config-key command, unrecoverable DES key SR-233

login authentication command, using list-names SR-46

ppp authentication command

using list-names (caution) SR-49

service password-encryption command, security level SR-641

CBAC (Context-based Access Control)

alert messages, enabling SR-277

application-layer protocols, configuring SR-289

audit trail messages

(example) SR-277

enabling SR-278

configurations, viewing SR-320

denial-of-service attacks, detection of SR-300

disabling SR-319

fragment inspection, configuring SR-291

H.323 inspection, configuring SR-290

half-open sessions

deleting, high threshold SR-282, SR-294

deleting, low threshold SR-284, SR-296

description SR-282

TCP threshold SR-300

inspection rules

applying (example) SR-280

defining SR-286

removing SR-280

viewing SR-320

Java

blocking SR-287

(caution) 1

inspection, configuring SR-289

RPC inspection, configuring SR-290

SMTP inspection, configuring SR-290

TCP inspection, configuring SR-289

timeouts

DNS idle, specifying SR-279

FIN-exchange, specifying SR-298

overriding SR-291

synwait, specifying SR-302

TCP idle, specifying SR-299

UDP idle, specifying SR-303

UDP inspection, configuring SR-289

certificate command SR-481

clear aaa cache filterserver acl command SR-142

clear access-template command SR-243

clear crypto engine accelerator counter command SR-368

clear crypto isakmp command SR-550

clear crypto sa command SR-372

clear ip audit configuration command SR-330

clear ip audit statistics command SR-331

clear ip auth-proxy cache command SR-348

clear ip trigger-authentication command SR-39

clear ip urlfilter cache command SR-276

clear kerberos creds command SR-222

clid command SR-144

client authentication list command SR-551

client configuration address command SR-552

crl command SR-483

crl optional command SR-485

crl query command SR-486

crypto ca authenticate command SR-487

crypto ca certificate chain command SR-489

crypto ca certificate map command SR-491

crypto ca certificate query (ca-trustpoint) command SR-495

crypto ca certificate query (global) command SR-494

crypto ca crl request command SR-497

crypto ca enroll command SR-498

crypto ca export pkcs12 SR-553

crypto ca identity command SR-501

crypto ca import command SR-502

crypto ca import pkcs12 command SR-555

crypto ca trusted-root command SR-503

crypto ca trustpoint command SR-504

crypto dynamic-map command SR-374

crypto engine accelerator command SR-377

crypto identity command SR-379

crypto ipsec client ezvpn (global) command SR-381

crypto ipsec client ezvpn (interface) command SR-384

crypto ipsec client ezvpn connect command SR-387

crypto ipsec client ezvpn xauth command SR-388

crypto ipsec df-bit (global) command SR-390

crypto ipsec df-bit (interface) command SR-391

crypto ipsec fragmentation (interface) command SR-394

crypto ipsec fragmentation command SR-393

crypto ipsec optional command SR-396

crypto ipsec optional retry command SR-397

crypto ipsec profile command SR-398

crypto ipsec security-association lifetime command SR-400

crypto ipsec transform-set command SR-402

crypto isakmp client configuration address-pool local command SR-557

crypto isakmp client configuration group command SR-558

crypto isakmp enable command SR-560

crypto isakmp identity command SR-561

crypto isakmp keepalive command SR-563

crypto isakmp key command SR-564

crypto isakmp nat keepalive command SR-406

crypto isakmp peer command SR-566

crypto isakmp policy command SR-568

crypto isakmp profile command SR-570

crypto key generate rsa (CA) command SR-506

crypto key generate rsa (IKE) command SR-572

crypto key pubkey-chain rsa command SR-575

crypto keyring command SR-577

crypto key zeroize rsa command SR-509

crypto map (global IPSec) command SR-407

crypto map (interface IPSec) command SR-413

crypto map client authentication list command SR-578

crypto map client configuration address command SR-580

crypto map isakmp authorization list command SR-581

crypto map isakmp-profile command SR-583

crypto map local-address command SR-415

crypto mib ipsec flowmib history failure size command SR-417

crypto mib ipsec flowmib history tunnel size command SR-418

crypto set security-association idle-time command SR-419

crypto xauth command SR-603

ctype command SR-146

D

deadtime (server-group configuration) command SR-148

default (ca-trustpoint) command SR-511

dialer aaa command SR-149

disconnect ssh command SR-686

dn command SR-421

dnis (authentication) command SR-40

dnis (RADIUS) command SR-150

dnis bypass (AAA preauthentication configuration) command SR-152

dns command SR-584

DNS idle timeout, specifying SR-279

DNSIX (Department of Defense Intelligence Information System Network Security for Information Exchange)

collection center, specifying SR-653

enabling SR-656

hosts that receive messages

alternate SR-655

primary SR-654

number of records in a packet, specifying SR-657

retransmit count SR-652

dnsix-dmdp retries command SR-652

dnsix-nat authorized-redirection command SR-653

dnsix-nat primary command SR-654

dnsix-nat secondary command SR-655

dnsix-nat source command SR-656

dnsix-nat transmit-count command SR-657

domain (isakmp group) command SR-585

dynamic ACL, extending SR-240

E

enable password command SR-630

using encryption-type (caution) SR-630

enable secret command SR-632

using encryption-type (caution) SR-632

encryption (IKE policy) command SR-586

enrollment command SR-512

enrollment http-proxy command SR-514

enrollment mode ra command SR-515

enrollment retry-count command SR-516

enrollment retry-period command SR-517

enrollment terminal command SR-518

enrollment url command SR-519

evaluate command SR-246

F

FIN-exchange timeout, specifying SR-298

fqdn command SR-423

G

gatekeepers, security, enabling SR-114

group (authentication) command SR-42

group (IKE policy) command SR-588

group (RADIUS) command SR-153

H

H.323 gatekeepers, enabling SR-114

hash (IKE policy) command SR-589

I

identity command SR-425

initiate-mode command SR-590

IP

See IPSO

ip-address (ca-trustpoint) command SR-520

ip audit attack command SR-333

ip audit command SR-332

ip audit info command SR-334

ip audit name command SR-335

ip audit notify command SR-336

ip audit po local command SR-337

ip audit po max-events command SR-338

ip audit po protected command SR-339

ip audit po remote command SR-340

ip audit signature command SR-342

ip audit smtp command SR-343

ip auth-proxy (global) command SR-349

ip auth-proxy (interface) command SR-350

ip auth-proxy auth-proxy-banner command SR-351

ip auth-proxy name command SR-353

ip http ezvpn command SR-427

ip http server command SR-427

ip inspect (interface configuration) command SR-280

ip inspect alert-off command SR-277

ip inspect audit trail command SR-278

ip inspect dns-timeout command SR-279

ip inspect hashtable command SR-281

ip inspect max-incomplete high command SR-282

ip inspect max-incomplete low command SR-284

ip inspect name command SR-286

ip inspect one-minute high command SR-294

ip inspect one-minute low command SR-296

ip inspect tcp finwait-time command SR-298

ip inspect tcp idle-time command SR-299

ip inspect tcp max-incomplete host command SR-300

ip inspect tcp synwait-time command SR-302

ip inspect udp idle-time command SR-303

ip port-map command SR-358

ip radius source-interface command SR-155

ip reflexive-list timeout command SR-248

ip scp server enable command SR-687

ip security add command SR-658

ip security aeso command SR-660

ip security dedicated command SR-661

ip security eso-info command SR-663

ip security eso-max command SR-664

ip security eso-min command SR-666

ip security extended-allowed command SR-668

ip security first command SR-669

ip security ignore-authorities command SR-670

ip security implicit-labelling command SR-671

ip security multilevel command SR-673

ip security reserved-allowed command SR-675

ip security strip command SR-677

IPSO (IP Security Option)

authorities and bit patterns

(table) SR-662

definition SR-662

basic configuring SR-658

extended

configuring SR-660

defaults SR-663

maximum sensitivity levels SR-664

minimum sensitivity levels SR-666

labels, definition of SR-662

levels and bit patterns SR-661

ip ssh command SR-689

ip ssh port command SR-690

ip tacacs source-interface command SR-211

ip tcp intercept connection-timeout command SR-256

ip tcp intercept drop-mode command SR-257

ip tcp intercept finrst-timeout command SR-259

ip tcp intercept list command SR-260

ip tcp intercept max-incomplete high command SR-261

ip tcp intercept max-incomplete low command SR-263

ip tcp intercept mode command SR-265

ip tcp intercept one-minute high command SR-266

ip tcp intercept one-minute low command SR-268

ip tcp intercept watch-timeout command SR-270

ip trigger-authentication (global) command SR-43

ip trigger-authentication (interface) command SR-45

ip urlfilter alert command SR-305

ip urlfilter allowmode command SR-307

ip urlfilter audit-trail command SR-308

ip urlfilter cache command SR-310

ip urlfilter exclusive-domain command SR-312

ip urlfilter max-request command SR-314

ip urlfilter max-resp-pak command SR-315

ip urlfilter server vendor command SR-316

ip urlfilter urlf-log command SR-318

ip verify unicast reverse path command SR-680

ip vrf forwarding command SR-157

isakmp authorization list command SR-591

K

keepalive (isakmp profile) command SR-592

kerberos clients mandatory command SR-223

kerberos credentials forward command SR-224

kerberos instance map command SR-225

kerberos local-realm command SR-226

kerberos preauth command SR-227

kerberos realm command SR-228

kerberos server command SR-229

kerberos srvtab entry command SR-230

kerberos srvtab remote command SR-232

key (isakmp group) command SR-593

key config-key command SR-233

unrecoverable DES key (caution) SR-233

keyring command SR-594

key-string (IKE) command SR-595

L

lifetime (IKE policy) command SR-597

lock-and-key

idle timeouts SR-238

temporary entries

clearing manually SR-238, SR-243

creating manually SR-241

enabling SR-238

login authentication command SR-46

using list-names (caution) SR-46

M

match address (IPSec) command SR-429

match certificate command SR-521

match identity command SR-599

match-identity command SR-594

mode (IPSec) command SR-431

N

named-key command SR-601

no ip inspect command SR-319

P

PAM (port to application mapping)

commands SR-357

password (ca-trustpoint) command SR-523

password command SR-158, SR-634

permit (reflexive) command SR-250

pool (isakmp-group) command SR-604

ppp accounting command SR-116

ppp authentication command SR-48

using list-names (caution) SR-49

ppp authentication ms-chap-v2 command SR-51

ppp authorization command SR-87

ppp chap hostname command SR-53

ppp chap password command SR-55

ppp chap refuse command SR-57

ppp chap wait command SR-59

ppp eap identity command SR-61

ppp eap local command SR-62

ppp eap password command SR-63

ppp eap refuse command SR-64

ppp eap wait command SR-65

ppp pap refuse command SR-66

ppp pap sent-username command SR-67

pre-shared-key command SR-605

primary command SR-524

privilege command SR-635

privilege level (line) command SR-639

privilege level command SR-639

Q

query url command SR-525

quit command SR-606

R

radius-server attribute 11 direction default command SR-161

radius-server attribute 188 format non-standard command SR-169

radius-server attribute 32 include-in-access-req command SR-162

radius-server attribute 44 extend-with-addr command SR-163

radius-server attribute 44 include-in-access-req command SR-164

radius-server attribute 44 sync-with-client command SR-165

radius-server attribute 55 include-in-acct-req command SR-166

radius-server attribute 69 clear command SR-168

radius-server attribute 8 include-in-access-req command SR-159

radius-server attribute list command SR-170

radius-server attribute nas-port extended command SR-172

radius-server attribute nas-port format command SR-173

radius-server challenge-noecho command SR-175

radius-server configure-nas command SR-176

radius-server deadtime command SR-177

radius-server directed-request command SR-178

radius-server domain-stripping command SR-179

radius-server extended-portnames command SR-180

radius-server host command SR-181

radius-server host non-standard command SR-184

radius-server key command SR-185

radius-server optional passwords command SR-187

radius-server retransmit command SR-188

radius-server timeout command SR-189

radius-server unique-ident command SR-190

radius-server vsa send command SR-192

Reflexive Access Lists

configuring (examples) SR-247, SR-252

temporary entries SR-252

timeouts, global (examples) SR-248

reverse-route command SR-433

root CEP command SR-528

root command SR-526

root PROXY command SR-529

root TFTP command SR-530

RPC inspection

See CBAC, RPC inspection

rsakeypair command SR-531

rsa-pubkey command SR-607

S

SCP (secure copy)

prerequisites SR-687

server-side functionality, enabling SR-687

self-identity command SR-608

serial-number command SR-532, SR-609

server (RADIUS) command SR-194

server (TACACS+) command SR-213

server groups SR-209

server hosts,TACACS+ SR-209

server-private command SR-196

service password-encryption command SR-641

security level (caution) SR-641

set aggressive-mode client-endpoint command SR-610

set aggressive-mode password command SR-612

set isakmp-profile command SR-613

set peer (IPSec) command SR-435

set peer command SR-435

set pfs command SR-437

set security-association level per-host command SR-439

set security-association lifetime command SR-441

set session-key command SR-444

set transform-set command SR-447

show aaa attributes command SR-198

show aaa cache filterserver command SR-199

show accounting command SR-117

show crypto ca certificates command SR-533

show crypto ca crls command SR-535

show crypto ca roots command SR-536

show crypto ca timers command SR-537

show crypto ca trustpoints command SR-538

show crypto dynamic-map command SR-449

show crypto engine accelerator logs command SR-450

show crypto engine accelerator ring command SR-452

show crypto engine accelerator sa-database command SR-454

show crypto ipsec client ezvpn command SR-459

show crypto ipsec sa command SR-455, SR-461, SR-464

show crypto ipsec security-association lifetime command SR-464

show crypto ipsec transform-set command SR-465

show crypto isakmp key command SR-614

show crypto isakmp policy command SR-615

show crypto isakmp profile command SR-617

show crypto isakmp sa command SR-619

show crypto key mypubkey rsa command SR-621

show crypto key pubkey-chain rsa command SR-622

show crypto map (IPSec) command SR-467

show crypto mib ipsec flowmib history failure size command SR-468

show crypto mib ipsec flowmib history tunnel size command SR-469

show crypto mib ipsec flowmib version command SR-470

show dnsix command SR-678

show ip audit configuration command SR-344

show ip audit interface command SR-345

show ip audit statistics command SR-346

show ip auth-proxy command SR-355

show ip inspect command SR-320

show ip port-map command SR-362

show ip ssh command SR-692

show ip trigger-authentication command SR-69

show ip urlfilter cache command SR-323

show ip urlfilter config command SR-325

show ip urlfilter statistics command SR-327

show kerberos creds command SR-234

show ppp queues command SR-70

show privilege command SR-643

show radius statistics command SR-201

show ssh command SR-693

show tacacs command SR-214

show tcp intercept connections command SR-271

show tcp intercept statistics command SR-273

snmp-server enable traps ipsec command SR-471

snmp-server enable traps isakmp command SR-473

source interface command SR-539

spam attack SR-343

SSH (Secure Shell)

tty line access, enabling SR-690

UNIX SR-691

SSH (Secure Shell), description SR-685

ssh command SR-694

subject-name command SR-541

T

TACACS+

command comparison (table) SR-207

server hosts SR-209

tacacs-server directed-request command SR-216

tacacs-server host command SR-217

tacacs-server key command SR-219

TCP idle timeout, specifying SR-299

TCP Intercept

enabling SR-260

modes

intercept mode SR-265

watch mode SR-265

timeouts SR-259

test aaa group command SR-203

timeout intervals

See CBAC, timeouts

timeout login response command SR-72

traffic filtering SR-255

tunnel protection command SR-475

U

UDP idle timeout, specifying SR-303

usage command SR-542

username command SR-644

username secret command SR-648

V

vpdn aaa attribute nas-port vpdn-nas command SR-205

vrf command SR-624

VSA (vendor-specific attribute) accounting, enabling SR-114

W

wins command SR-626

	Cisco IOS Security Command Reference, Release 12.2 T
	SR: Index
Cisco IOS Security Command Reference, Release 12.2 T Cisco IOS Firewall Intrusion Detection System Commands Kerberos Commands TACACS+ Commands Lock-and-Key Commands Port to Application Mapping Commands Reflexive Access List Commands Authorization Commands Internet Key Exchange Security Protocol Commands Authentication Proxy Commands Authentication Commands Accounting Commands Secure Shell Commands IP Security Options Commands Passwords and Privileges Commands Unicast Reverse Path Forwarding Commands Certification Authority Interoperability Commands IPSec Network Security Commands TCP Intercept Commands Context-Based Access Control Commands RADIUS Commands SR: Index	Download this chapter SR: Index Table Of Contents Index: Cisco IOS Security Command Reference, Release 12.2 T A C D E F G H I K L M N P Q R S T U V W A AAA (authentication, authorization, and accounting) resource accounting SR-99, SR-101 server groups SR-209 aaa accounting command SR-90 aaa accounting connection h323 command SR-94 aaa accounting delay-start command SR-96 aaa accounting nested command SR-98 aaa accounting resource start-stop group command SR-99 aaa accounting resource stop-failure group command SR-101 aaa accounting send stop-record authentication failure command SR-103 aaa accounting suppress null-username command SR-104 aaa accounting update command SR-105 aaa attribute command SR-122 aaa authentication arap command SR-4 aaa authentication attempts login command SR-6 aaa authentication banner command SR-7 aaa authentication enable default command SR-9 aaa authentication fail-message command SR-11 aaa authentication login command SR-13 aaa authentication password-prompt command SR-15 aaa authentication ppp command SR-17 aaa authentication username-prompt command SR-19 aaa authorization cache filterserver command SR-123 aaa authorization command SR-74 aaa authorization config-commands command SR-78 aaa authorization reverse-access command SR-79 aaa authorization template command SR-82 aaa dnis map accounting network command SR-107 aaa dnis map authentication login group command SR-21 aaa dnis map authentication ppp group command SR-23 aaa dnis map authorization network group command SR-83 aaa filterserver command SR-125 aaa group server radius command SR-127 aaa group server tacacs+ command SR-209 aaa nas port extended command SR-129 aaa nas redirected-station command SR-25 aaa new-model command SR-27 aaa pod server command SR-28 aaa preauth command SR-30 aaa processes command SR-32 aaa session-id command SR-109 aaa session-mib command SR-83, SR-111 aaa user profile command SR-131 access-enable command SR-238 access-list dynamic-extend command SR-240 access lists dynamic, extending SR-240 reflexive SR-245 See also IPSec access lists, clearing temporary entries SR-238 access-profile command SR-34 replace command form (caution) SR-35 using per-user configuration (caution) SR-35 access-template command SR-241 accounting (AAA) command SR-112 accounting (gatekeeper) command SR-114 accounting (server-group) command SR-132 acl command SR-544 address command SR-545 addressed-key command SR-546 AESOs (Auxiliary Extended Security Options), attaching to interfaces SR-660 arap authentication command SR-37 using list-names (caution) SR-37 attribute (server-group) command SR-134 authentication (IKE policy) command SR-548 authorization (server-group) command SR-136 authorization command SR-85 auto-enroll command SR-478 C cache clear age command SR-138 cache disable command SR-139 cache max command SR-140 cache refresh command SR-141 call guard-timer command SR-143 ca trustpoint command SR-479 cautions access-profile command replace command form SR-35 using per-user configuration SR-35 arap authentication command, using list-names SR-37 enable password command, using encryption-type SR-630 enable secret command, using encryption-type SR-632 Java blocking SR-290 key config-key command, unrecoverable DES key SR-233 login authentication command, using list-names SR-46 ppp authentication command using list-names (caution) SR-49 service password-encryption command, security level SR-641 CBAC (Context-based Access Control) alert messages, enabling SR-277 application-layer protocols, configuring SR-289 audit trail messages (example) SR-277 enabling SR-278 configurations, viewing SR-320 denial-of-service attacks, detection of SR-300 disabling SR-319 fragment inspection, configuring SR-291 H.323 inspection, configuring SR-290 half-open sessions deleting, high threshold SR-282, SR-294 deleting, low threshold SR-284, SR-296 description SR-282 TCP threshold SR-300 inspection rules applying (example) SR-280 defining SR-286 removing SR-280 viewing SR-320 Java blocking SR-287 (caution) 1 inspection, configuring SR-289 RPC inspection, configuring SR-290 SMTP inspection, configuring SR-290 TCP inspection, configuring SR-289 timeouts DNS idle, specifying SR-279 FIN-exchange, specifying SR-298 overriding SR-291 synwait, specifying SR-302 TCP idle, specifying SR-299 UDP idle, specifying SR-303 UDP inspection, configuring SR-289 certificate command SR-481 clear aaa cache filterserver acl command SR-142 clear access-template command SR-243 clear crypto engine accelerator counter command SR-368 clear crypto isakmp command SR-550 clear crypto sa command SR-372 clear ip audit configuration command SR-330 clear ip audit statistics command SR-331 clear ip auth-proxy cache command SR-348 clear ip trigger-authentication command SR-39 clear ip urlfilter cache command SR-276 clear kerberos creds command SR-222 clid command SR-144 client authentication list command SR-551 client configuration address command SR-552 crl command SR-483 crl optional command SR-485 crl query command SR-486 crypto ca authenticate command SR-487 crypto ca certificate chain command SR-489 crypto ca certificate map command SR-491 crypto ca certificate query (ca-trustpoint) command SR-495 crypto ca certificate query (global) command SR-494 crypto ca crl request command SR-497 crypto ca enroll command SR-498 crypto ca export pkcs12 SR-553 crypto ca identity command SR-501 crypto ca import command SR-502 crypto ca import pkcs12 command SR-555 crypto ca trusted-root command SR-503 crypto ca trustpoint command SR-504 crypto dynamic-map command SR-374 crypto engine accelerator command SR-377 crypto identity command SR-379 crypto ipsec client ezvpn (global) command SR-381 crypto ipsec client ezvpn (interface) command SR-384 crypto ipsec client ezvpn connect command SR-387 crypto ipsec client ezvpn xauth command SR-388 crypto ipsec df-bit (global) command SR-390 crypto ipsec df-bit (interface) command SR-391 crypto ipsec fragmentation (interface) command SR-394 crypto ipsec fragmentation command SR-393 crypto ipsec optional command SR-396 crypto ipsec optional retry command SR-397 crypto ipsec profile command SR-398 crypto ipsec security-association lifetime command SR-400 crypto ipsec transform-set command SR-402 crypto isakmp client configuration address-pool local command SR-557 crypto isakmp client configuration group command SR-558 crypto isakmp enable command SR-560 crypto isakmp identity command SR-561 crypto isakmp keepalive command SR-563 crypto isakmp key command SR-564 crypto isakmp nat keepalive command SR-406 crypto isakmp peer command SR-566 crypto isakmp policy command SR-568 crypto isakmp profile command SR-570 crypto key generate rsa (CA) command SR-506 crypto key generate rsa (IKE) command SR-572 crypto key pubkey-chain rsa command SR-575 crypto keyring command SR-577 crypto key zeroize rsa command SR-509 crypto map (global IPSec) command SR-407 crypto map (interface IPSec) command SR-413 crypto map client authentication list command SR-578 crypto map client configuration address command SR-580 crypto map isakmp authorization list command SR-581 crypto map isakmp-profile command SR-583 crypto map local-address command SR-415 crypto mib ipsec flowmib history failure size command SR-417 crypto mib ipsec flowmib history tunnel size command SR-418 crypto set security-association idle-time command SR-419 crypto xauth command SR-603 ctype command SR-146 D deadtime (server-group configuration) command SR-148 default (ca-trustpoint) command SR-511 dialer aaa command SR-149 disconnect ssh command SR-686 dn command SR-421 dnis (authentication) command SR-40 dnis (RADIUS) command SR-150 dnis bypass (AAA preauthentication configuration) command SR-152 dns command SR-584 DNS idle timeout, specifying SR-279 DNSIX (Department of Defense Intelligence Information System Network Security for Information Exchange) collection center, specifying SR-653 enabling SR-656 hosts that receive messages alternate SR-655 primary SR-654 number of records in a packet, specifying SR-657 retransmit count SR-652 dnsix-dmdp retries command SR-652 dnsix-nat authorized-redirection command SR-653 dnsix-nat primary command SR-654 dnsix-nat secondary command SR-655 dnsix-nat source command SR-656 dnsix-nat transmit-count command SR-657 domain (isakmp group) command SR-585 dynamic ACL, extending SR-240 E enable password command SR-630 using encryption-type (caution) SR-630 enable secret command SR-632 using encryption-type (caution) SR-632 encryption (IKE policy) command SR-586 enrollment command SR-512 enrollment http-proxy command SR-514 enrollment mode ra command SR-515 enrollment retry-count command SR-516 enrollment retry-period command SR-517 enrollment terminal command SR-518 enrollment url command SR-519 evaluate command SR-246 F FIN-exchange timeout, specifying SR-298 fqdn command SR-423 G gatekeepers, security, enabling SR-114 group (authentication) command SR-42 group (IKE policy) command SR-588 group (RADIUS) command SR-153 H H.323 gatekeepers, enabling SR-114 hash (IKE policy) command SR-589 I identity command SR-425 initiate-mode command SR-590 IP See IPSO ip-address (ca-trustpoint) command SR-520 ip audit attack command SR-333 ip audit command SR-332 ip audit info command SR-334 ip audit name command SR-335 ip audit notify command SR-336 ip audit po local command SR-337 ip audit po max-events command SR-338 ip audit po protected command SR-339 ip audit po remote command SR-340 ip audit signature command SR-342 ip audit smtp command SR-343 ip auth-proxy (global) command SR-349 ip auth-proxy (interface) command SR-350 ip auth-proxy auth-proxy-banner command SR-351 ip auth-proxy name command SR-353 ip http ezvpn command SR-427 ip http server command SR-427 ip inspect (interface configuration) command SR-280 ip inspect alert-off command SR-277 ip inspect audit trail command SR-278 ip inspect dns-timeout command SR-279 ip inspect hashtable command SR-281 ip inspect max-incomplete high command SR-282 ip inspect max-incomplete low command SR-284 ip inspect name command SR-286 ip inspect one-minute high command SR-294 ip inspect one-minute low command SR-296 ip inspect tcp finwait-time command SR-298 ip inspect tcp idle-time command SR-299 ip inspect tcp max-incomplete host command SR-300 ip inspect tcp synwait-time command SR-302 ip inspect udp idle-time command SR-303 ip port-map command SR-358 ip radius source-interface command SR-155 ip reflexive-list timeout command SR-248 ip scp server enable command SR-687 ip security add command SR-658 ip security aeso command SR-660 ip security dedicated command SR-661 ip security eso-info command SR-663 ip security eso-max command SR-664 ip security eso-min command SR-666 ip security extended-allowed command SR-668 ip security first command SR-669 ip security ignore-authorities command SR-670 ip security implicit-labelling command SR-671 ip security multilevel command SR-673 ip security reserved-allowed command SR-675 ip security strip command SR-677 IPSO (IP Security Option) authorities and bit patterns (table) SR-662 definition SR-662 basic configuring SR-658 extended configuring SR-660 defaults SR-663 maximum sensitivity levels SR-664 minimum sensitivity levels SR-666 labels, definition of SR-662 levels and bit patterns SR-661 ip ssh command SR-689 ip ssh port command SR-690 ip tacacs source-interface command SR-211 ip tcp intercept connection-timeout command SR-256 ip tcp intercept drop-mode command SR-257 ip tcp intercept finrst-timeout command SR-259 ip tcp intercept list command SR-260 ip tcp intercept max-incomplete high command SR-261 ip tcp intercept max-incomplete low command SR-263 ip tcp intercept mode command SR-265 ip tcp intercept one-minute high command SR-266 ip tcp intercept one-minute low command SR-268 ip tcp intercept watch-timeout command SR-270 ip trigger-authentication (global) command SR-43 ip trigger-authentication (interface) command SR-45 ip urlfilter alert command SR-305 ip urlfilter allowmode command SR-307 ip urlfilter audit-trail command SR-308 ip urlfilter cache command SR-310 ip urlfilter exclusive-domain command SR-312 ip urlfilter max-request command SR-314 ip urlfilter max-resp-pak command SR-315 ip urlfilter server vendor command SR-316 ip urlfilter urlf-log command SR-318 ip verify unicast reverse path command SR-680 ip vrf forwarding command SR-157 isakmp authorization list command SR-591 K keepalive (isakmp profile) command SR-592 kerberos clients mandatory command SR-223 kerberos credentials forward command SR-224 kerberos instance map command SR-225 kerberos local-realm command SR-226 kerberos preauth command SR-227 kerberos realm command SR-228 kerberos server command SR-229 kerberos srvtab entry command SR-230 kerberos srvtab remote command SR-232 key (isakmp group) command SR-593 key config-key command SR-233 unrecoverable DES key (caution) SR-233 keyring command SR-594 key-string (IKE) command SR-595 L lifetime (IKE policy) command SR-597 lock-and-key idle timeouts SR-238 temporary entries clearing manually SR-238, SR-243 creating manually SR-241 enabling SR-238 login authentication command SR-46 using list-names (caution) SR-46 M match address (IPSec) command SR-429 match certificate command SR-521 match identity command SR-599 match-identity command SR-594 mode (IPSec) command SR-431 N named-key command SR-601 no ip inspect command SR-319 P PAM (port to application mapping) commands SR-357 password (ca-trustpoint) command SR-523 password command SR-158, SR-634 permit (reflexive) command SR-250 pool (isakmp-group) command SR-604 ppp accounting command SR-116 ppp authentication command SR-48 using list-names (caution) SR-49 ppp authentication ms-chap-v2 command SR-51 ppp authorization command SR-87 ppp chap hostname command SR-53 ppp chap password command SR-55 ppp chap refuse command SR-57 ppp chap wait command SR-59 ppp eap identity command SR-61 ppp eap local command SR-62 ppp eap password command SR-63 ppp eap refuse command SR-64 ppp eap wait command SR-65 ppp pap refuse command SR-66 ppp pap sent-username command SR-67 pre-shared-key command SR-605 primary command SR-524 privilege command SR-635 privilege level (line) command SR-639 privilege level command SR-639 Q query url command SR-525 quit command SR-606 R radius-server attribute 11 direction default command SR-161 radius-server attribute 188 format non-standard command SR-169 radius-server attribute 32 include-in-access-req command SR-162 radius-server attribute 44 extend-with-addr command SR-163 radius-server attribute 44 include-in-access-req command SR-164 radius-server attribute 44 sync-with-client command SR-165 radius-server attribute 55 include-in-acct-req command SR-166 radius-server attribute 69 clear command SR-168 radius-server attribute 8 include-in-access-req command SR-159 radius-server attribute list command SR-170 radius-server attribute nas-port extended command SR-172 radius-server attribute nas-port format command SR-173 radius-server challenge-noecho command SR-175 radius-server configure-nas command SR-176 radius-server deadtime command SR-177 radius-server directed-request command SR-178 radius-server domain-stripping command SR-179 radius-server extended-portnames command SR-180 radius-server host command SR-181 radius-server host non-standard command SR-184 radius-server key command SR-185 radius-server optional passwords command SR-187 radius-server retransmit command SR-188 radius-server timeout command SR-189 radius-server unique-ident command SR-190 radius-server vsa send command SR-192 Reflexive Access Lists configuring (examples) SR-247, SR-252 temporary entries SR-252 timeouts, global (examples) SR-248 reverse-route command SR-433 root CEP command SR-528 root command SR-526 root PROXY command SR-529 root TFTP command SR-530 RPC inspection See CBAC, RPC inspection rsakeypair command SR-531 rsa-pubkey command SR-607 S SCP (secure copy) prerequisites SR-687 server-side functionality, enabling SR-687 self-identity command SR-608 serial-number command SR-532, SR-609 server (RADIUS) command SR-194 server (TACACS+) command SR-213 server groups SR-209 server hosts,TACACS+ SR-209 server-private command SR-196 service password-encryption command SR-641 security level (caution) SR-641 set aggressive-mode client-endpoint command SR-610 set aggressive-mode password command SR-612 set isakmp-profile command SR-613 set peer (IPSec) command SR-435 set peer command SR-435 set pfs command SR-437 set security-association level per-host command SR-439 set security-association lifetime command SR-441 set session-key command SR-444 set transform-set command SR-447 show aaa attributes command SR-198 show aaa cache filterserver command SR-199 show accounting command SR-117 show crypto ca certificates command SR-533 show crypto ca crls command SR-535 show crypto ca roots command SR-536 show crypto ca timers command SR-537 show crypto ca trustpoints command SR-538 show crypto dynamic-map command SR-449 show crypto engine accelerator logs command SR-450 show crypto engine accelerator ring command SR-452 show crypto engine accelerator sa-database command SR-454 show crypto ipsec client ezvpn command SR-459 show crypto ipsec sa command SR-455, SR-461, SR-464 show crypto ipsec security-association lifetime command SR-464 show crypto ipsec transform-set command SR-465 show crypto isakmp key command SR-614 show crypto isakmp policy command SR-615 show crypto isakmp profile command SR-617 show crypto isakmp sa command SR-619 show crypto key mypubkey rsa command SR-621 show crypto key pubkey-chain rsa command SR-622 show crypto map (IPSec) command SR-467 show crypto mib ipsec flowmib history failure size command SR-468 show crypto mib ipsec flowmib history tunnel size command SR-469 show crypto mib ipsec flowmib version command SR-470 show dnsix command SR-678 show ip audit configuration command SR-344 show ip audit interface command SR-345 show ip audit statistics command SR-346 show ip auth-proxy command SR-355 show ip inspect command SR-320 show ip port-map command SR-362 show ip ssh command SR-692 show ip trigger-authentication command SR-69 show ip urlfilter cache command SR-323 show ip urlfilter config command SR-325 show ip urlfilter statistics command SR-327 show kerberos creds command SR-234 show ppp queues command SR-70 show privilege command SR-643 show radius statistics command SR-201 show ssh command SR-693 show tacacs command SR-214 show tcp intercept connections command SR-271 show tcp intercept statistics command SR-273 snmp-server enable traps ipsec command SR-471 snmp-server enable traps isakmp command SR-473 source interface command SR-539 spam attack SR-343 SSH (Secure Shell) tty line access, enabling SR-690 UNIX SR-691 SSH (Secure Shell), description SR-685 ssh command SR-694 subject-name command SR-541 T TACACS+ command comparison (table) SR-207 server hosts SR-209 tacacs-server directed-request command SR-216 tacacs-server host command SR-217 tacacs-server key command SR-219 TCP idle timeout, specifying SR-299 TCP Intercept enabling SR-260 modes intercept mode SR-265 watch mode SR-265 timeouts SR-259 test aaa group command SR-203 timeout intervals See CBAC, timeouts timeout login response command SR-72 traffic filtering SR-255 tunnel protection command SR-475 U UDP idle timeout, specifying SR-303 usage command SR-542 username command SR-644 username secret command SR-648 V vpdn aaa attribute nas-port vpdn-nas command SR-205 vrf command SR-624 VSA (vendor-specific attribute) accounting, enabling SR-114 W wins command SR-626
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.