ASDM 5.2 User Guide - ASDMhelp.fmx [Cisco Adaptive Security Device Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z

Index

A

AAA

authentication

direct 19-13

interactive 19-13

authorization

downloadable access lists 19-15

local fallback 10-3

overview 10-1

performance 19-1

support 10-2

AAA server group, add (group-policy) 27-6

ABR

definition of 14-1

Access Group panel 15-2

description 15-2

fields 15-2

access lists

downloadable 19-15

Accounting tab, tunnel group 27-46

ACE

add/edit/paste 27-13

Extended ACL tab 27-12

ACL

enabling IPSEC authenticated inbound sessions to bypass ACLs 27-59

extended 27-12

for WebVPN 27-40

standard 27-11

ACL Manager

Add/Edit/Paste ACE 27-13

dialog box 27-11

ACLs

defining traffic match criteria 21-4

Active/Active failover

about 12-2

command replication 12-2

configuration synchronization 12-2

Active/Standby failover 12-2

ActiveX

filtering option 20-8

object filtering, benefits of 20-5

Add/Edit Access Group dialog box 15-3

description 15-3

fields 15-3

Add/Edit Filtering Entry dialog box 14-9

description 14-9

fields 14-9

Add/Edit IGMP Join Group dialog box 15-4

description 15-4

fields 15-4

Add/Edit IGMP Static Group dialog box 15-7

description 15-7

fields 15-7

Add/Edit Multicast Group dialog box 15-18

description 15-18

fields 15-18

Add/Edit Multicast Route dialog box

description 15-8

fields 15-8

Add/Edit OSPF Area dialog box 14-5

description 14-5

fields 14-5

Add/Edit OSPF Neighbor Entry dialog box 14-17

description 14-17

fields 14-17

Restrictions 14-17

Add/Edit Periodic Time Range dialog box 6-111

Add/Edit Redistribution dialog box 14-15

description 14-15

fields 14-15

Add/Edit Rendezvous Point dialog box 15-16

description 15-16

fields 15-16

restrictions 15-16

Add/Edit Route Summarization dialog box 14-7

about 14-7

fields 14-8

Add/Edit SSH Configuration dialog box 11-8

description 11-8

fields 11-8

Add/Edit Summary Address dialog box

description 14-18

fields 14-18

Add/Edit Time Range dialog box 6-110

Add/Edit Virtual Link dialog box 14-19

description 14-19

fields 14-20

address assignment, client 27-46

Address Pool panel, VPN wizard 26-12

address pools, tunnel group 27-46

Address Translation Exemption panel, VPN wizard 26-13

admin context

overview 7-1

administrative access

using ICMP for 8-7

Advanced DHCP Options dialog box 9-7

description 9-7

fields 9-7

Advanced OSPF Interface Properties dialog box 14-13

description 14-13

fields 14-13

Advanced OSPF Virtual Link Properties dialog box 14-20

description 14-20

fields 14-20

Advanced tab, tunnel group 27-47

alternate address, ICMP message 8-8, 8-9

anti-replay window size 21-30, 26-14

APN, GTP application inspection 6-60

APPE command, denied request 6-53

application access

and e-mail proxy 29-7

and Web Access 29-7

configuring client applications 29-6

enabling cookies on browser 29-6

privileges 29-6

quitting properly 29-6

setting up on client 29-6

using e-mail 29-7

with IMAP client 29-7

application firewall 6-67

application inspection

described 6-29

enabling for different protocols 21-14

security level requirements 4-1

Apply button 1-24

Area/Networks tab 14-4

description 14-4

fields 14-5

area border router 14-1

ARP inspection

configuring 23-1

ARP spoofing 23-2

ARP table

monitoring 39-1

static entry 23-3

ASA 5505

Base license 5-14

client

Xauth 27-62

MAC addresses 5-16

maximum VLANs 5-14

power over Ethernet 5-16

Security Plus license 5-14

SPAN 5-16

ASBR

definition of 14-1

ASDM

version 1-26

ASR group 14-32

assured forwarding (AF), traffic match criteria 21-14

asynchronous routing support 14-32

attacks

DNS HINFO request 24-8

DNS request for all records 24-8

DNS zone transfer 24-8

DNS zone transfer from high port 24-8

fragmented ICMP traffic 24-7

IP fragment 24-6

IP impossible packet 24-6

large ICMP traffic 24-7

ping of death 24-8

proxied RPC request 24-9

statd buffer overflow 24-9

TCP FIN only flags 24-8

TCP NULL flags 24-8

TCP SYN+FIN flags 24-8

UDP bomb 24-8

UDP chargen DoS 24-8

UDP snork 24-8

Attributes Pushed to Client panel, VPN wizard 26-12

authenticating a certificate 32-1

authentication

FTP 19-5

HTTP 19-5, 19-13

Telnet 19-5

Authentication tab 14-10

description 14-10

fields 14-10

Authentication tab, tunnel group 27-44

Authorization tab, tunnel group 27-44

Auto Signon

group-policy 27-40

B

bandwidth 1-26

banner, view/configure 27-22

basic HTTP authentication

HTTP

basic authentication 19-13

Basic tab

general tab, tunnel group 27-42

IPSec LAN-to-LAN, General tab 27-50

tunnel group WebVPN Access, General tab 27-53

bridging

MAC address table

learning, disabling 23-6

overview 23-4

static entry 23-6

management IP address 8-1

Browse ICMP 27-16

Browse Other 27-17

Browse Source or Destination Address 27-14

Browse Source or Destination Port 27-15

Browse Time Range 27-8

building blocks 6-1

C

CA certificate 32-1

call agents

MGCP application inspection 6-83, 6-84

Cancel button 1-24

CDUP command, denied request 6-53

certificate

exporting 32-16

fingerprint 32-1

importing 32-17

installing 32-17

managing 32-5

certificate authentication 32-1

certificate enrollment 32-2

Cisco Client Parameters tab 27-22

classes

See resource management

Client Access Rule, add or edit 27-20

Client Address Assignment 27-46

Client Authentication panel, VPN wizard 26-10

Client Configuration tab 27-20

Client Firewall tab 27-25

client parameters, configuring 27-20

Client Update, edit , Windows and VPN 3002 clients 27-3

Client Update window, Windows and VPN 3002 clients 27-1

configuration

context files 7-2

factory default 2-1

Configure IGMP Parameters dialog box 15-5

description 15-5

fields 15-5

configuring

CSC activation 35-8

CSC email 35-16

CSC file transfer 35-18

CSC IP address 35-9

CSC license 35-8

CSC management access 35-11

CSC notifications 35-10

CSC password 35-11

CSC Setup Wizard 35-13

CSC updates 35-19

CSC Web 35-15

CSC wizard summary 35-13

connections per second 1-26

Content Filtering tab 27-34

context mode

viewing 1-26

contexts

See security contexts

conversion error, ICMP message 8-8, 8-9

CPU usage 1-26

Create a Service Policy and Apply to group box 21-3

CRL

cache refresh time 32-15

enforce next update 32-15

retrieval method 32-12

retrieval policy 32-11

CSC activation

configuring 35-8

CSC CPU

monitoring 37-4

CSC email

configuring 35-16

CSC file transfer

configuring 35-18

CSC File Transfer panel

fields 35-18

CSC IP address

configuring 35-9

CSC license

configuring 35-8

CSC management access

configuring 35-11

CSC memory

monitoring 37-5

CSC notifications

configuring 35-10

CSC password

configuring 35-11

CSC security events

monitoring 37-2

CSC Setup Wizard 35-13

summary 35-13

CSC software updates

monitoring 37-3

CSC SSM

getting started 35-3

overview 35-1

what to scan 35-5

CSC threats

monitoring 37-1

CSC updates

configuring 35-19

CSC Web

configuring 35-15

CSD Setup 28-8

CSD support 1-9

CTIQBE

application inspection, enabling 21-14

cut-through proxy 19-1

D

data flow

routed firewall 16-3

transparent firewall 16-12

default class 7-12

default configuration 2-1

default inspection traffic 21-4

default routes

defining equal cost routes 14-28

definition of 14-28

for tunneled traffic 14-28

default tunnel gateway 27-4

destination address, browse 27-14

destination port, browse 27-15

device ID, including in messages 13-6

Device Pass-Through 27-63

DHCP

configuring 9-4

interface IP address 4-8, 5-20

monitoring

interface lease 39-2

IP addresses 39-2

server 39-2

statistics 39-3

services 9-1

statistics 39-3

DHCP relay

overview 9-1

DHCP Relay - Add/Edit DHCP Server dialog box 9-3

description 9-3

fields 9-3

restrictions 9-3

DHCP Relay panel 9-1

description 9-1

fields 9-2

prerequisites 9-2

restrictions 9-1

DHCP Server panel 9-4

description 9-4

fields 9-4

DHCP services 9-1

DiffServ, traffic match criteria 21-14

DiffServ preservation 21-29

digital certificates 32-1

direct authentication 19-13

disabling content rewrite 28-11

DNS

application inspection, enabling 21-15

DNS client 9-9

DNS HINFO request attack 24-8

DNS request for all records attack 24-8

DNS zone transfer attack 24-8

DNS zone transfer from high port attack 24-8

downloadable access lists

configuring 19-15

converting netmask expressions 19-19

DSCP

traffic match criteria 21-4, 21-14

DSCP preservation 21-29

duplex

interface 4-4, 4-11, 5-25

system 4-4

E

Easy VPN

client

Xauth 27-62

Easy VPN, advanced properties 27-63

Easy VPN client 27-61

Easy VPN Remote 27-61

echo reply, ICMP message 8-7

ECMP 14-28

Edit DHCP Relay Agent Settings dialog box 9-3

description 9-3

fields 9-3

prerequisites 9-3

restrictions 9-3

Edit DHCP Server dialog box 9-6

description 9-6

fields 9-6

Edit OSPF Interface Authentication dialog box 14-11

description 14-11

fields 14-11

Edit OSPF Interface Properties dialog box 14-12

fields 14-12

Edit OSPF Process Advanced Properties dialog box 14-3

description 14-3

fields 14-3

Edit PIM Protocol dialog box 15-12

description 15-12

fields 15-12

e-mail proxy

and WebVPN 29-7

Enable IPSec authenticated inbound sessions 27-59

enrolling

certificate 32-2

ESMTP

application inspection, enabling 21-15

established command

security level requirements 4-2

Ethernet

MTU 4-9, 5-22

expedited forwarding (EF), traffic match criteria 21-14

exporting a certificate 32-16

extended ACL 27-12

external filtering server 20-5

External Group Policy, add or edit 27-6

F

factory default configuration 2-1

failover

about virtual MAC addresses 12-21

criteria 12-20, 12-28

defining standby IP addresses 12-18, 12-19

defining virtual MAC addresses 12-22

enable 12-26

enabling Active/Standby 12-15

enabling LAN-based 12-16

enabling LAN-based failover 12-26

enabling Stateful Failover 12-16

graphs 38-4

in multiple context mode 12-26

interface 4-5

system 4-3

key 12-15, 12-26

make active 38-4

make standby 38-4

monitoring 38-1

monitoring interfaces 12-19

reload standby 38-4

reset 38-4, 38-8

stateful 12-3

Stateful Failover 12-27

stateless 12-3

status 38-1

failover groups

about 12-29

adding 12-30

editing 12-30

monitoring 38-8

reset 38-10

filtering

benefits of 20-5

rules 20-8

security level requirements 4-1

servers supported 20-1

URLs 20-1

filtering, Content Filtering tab 27-34

Filtering panel 14-8

benefits 14-8

description 14-8

fields 14-8

restrictions 14-8

fingerprint

certificate 32-1

firewall, client, configuring settings 27-25

firewall mode

configuring 2-5

overview 16-1

viewing 1-26

firewall server, Zone Labs 27-60

Flash memory, amount 1-26

fragmentation policy, IPSec 26-5

fragmented ICMP traffic attack 24-7

FTP

application inspection

enabling 21-15

viewing 6-31, 6-32, 6-33, 6-35, 6-41, 6-42, 6-43, 6-49, 6-50, 6-51, 6-56, 6-61, 6-62, 6-63, 6-69, 6-75, 6-79, 6-80, 6-82, 6-86, 6-88, 6-89, 6-90, 6-93, 6-94

filtering option 20-9

Functions tab, WebVPN 27-31

G

gateway, default tunnel gateway 27-4

gateways

MGCP application inspection 6-84

General Client Parameters tab 27-21

Group Aliases and URLs, tunnel group 27-57

Group Policy window

add or edit, General tab 27-7

introduction 27-4

IPSec tab, add or edit 27-19

GTP

application inspection

enabling 21-15

viewing 6-55

H

H225

application inspection, enabling 21-15

H323 RAS

application inspection, enabling 21-15

Hardware Client tab 27-27

Help button 1-24

HELP command, denied request 6-53

Help menu 1-22

hierarchical policy, traffic shaping and priority queueing 21-29

history metrics 2-9

Homepage tab 27-34

HSRP 16-9

HTTP

application inspection

enabling 21-15

viewing 6-67

filtering 20-1

benefits of 20-5

configuring 20-9

HTTPS

authentication

redirect method 19-13

enabling access to ASDM 11-6

filtering option 20-9

I

ICMP

add group 27-17

application inspection, enabling 21-15

browse 27-16

rules for access to ADSM 8-7

ICMP Error

application inspection, enabling 21-15

ICMP Group 27-17

ICMP types

selecting 8-7, 8-8

IGMP

access groups 15-2

configuring interface parameters 15-5

group membership 15-3

interface parameters 15-4

static group assignment 15-6

IGMP panel

IGMP

overview 15-2

IKE Policy panel, VPN wizard 26-4

IKE tunnels, amount 1-26

ILS

application inspection, enabling 21-15

import certificate panel 32-3

importing a certificate 32-17

information reply, ICMP message 8-8, 8-9

information request, ICMP message 8-8, 8-9

installing a certificate 32-17

interactive authentication 19-13

interface

add

system 4-3

configuring

system 4-2

duplex 4-4, 4-11, 5-25

system 4-4

edit

system 4-3

failover 4-5

failover link

system 4-3

IP address

DHCP 4-8, 5-20

management only 4-7, 5-20

MTU 4-9, 5-22

name 4-7, 5-20

security level 4-7, 5-20

speed 4-5, 4-11

system 4-4

state link 4-5

status 1-26

subinterface, adding 4-7

throughput 1-26

Interface panel 14-10

interfaces

ASA 5505

MAC addresses 5-16

maximum VLANs 5-14

enabled status 4-2, 4-3, 4-4, 4-6, 4-7

monitoring 39-5

IP address 8-1

configuration 4-8, 5-20

configuring 4-6, 5-18

interface

DHCP 4-8, 5-20

management, transparent firewall 8-1

IP audit

enabling 24-3

monitoring 42-8

signatures 24-5

IP DiffServ CodePoints, traffic match criteria 21-4, 21-14

IP fragment attack 24-6

IP fragment database, defaults 24-11

IP fragment database, editing 24-13

IP impossible packet attack 24-6

IP overlapping fragments attack 24-6

IP precedence

traffic match criteria 21-4, 21-13

IPS

IP audit 24-3

IPSec

fragmentation policy 26-5

IPsec

Cisco VPN Client 26-12

IPSec Encryption and Authentication panel, VPN wizard 26-5

IPSec rules

anti-replay window size 21-30, 26-14

IPSec tab

internal group policy 27-19

IPSec LAN-to-LAN 27-51

tunnel group 27-48

IPSec tunnels, amount 1-26

IP teardrop attack 24-6

J

Java

applet filtering

benefits of 20-5

configuring 20-8

Join Group panel 15-3

description 15-3

fields 15-3

K

key pair panel

key-pair name 32-4

size 32-4

type 32-4

usage 32-4

key pairs 32-4

adding 32-4

showing details 32-5

L

large ICMP traffic attack 24-7

latency

configuring 21-26, 21-27

Layer 2 firewall

See transparent firewall

license 1-26

LLQ

See low-latency queue

Local Hosts and Networks panel, VPN wizard 26-6

login

FTP 19-5

low-latency queue

applying 21-26, 21-27

LSA

about Type 1 40-1

about Type 2 40-2

about Type 3 40-3

about Type 4 40-3

about Type 5 40-4

about Type 7 40-4

M

MAC addresses

ASA 5505 5-16

MAC address table 23-4

built-in-switch 23-5

learning, disabling 23-6

monitoring 39-4

overview 16-12, 23-4

static entry 23-6

management traffic 4-7, 5-20

managing

certificates 32-5

man-in-the-middle attack 23-2

mask reply, ICMP message 8-8, 8-9

mask request, ICMP message 8-8, 8-9

maximum sessions, IPSec 27-59

memory, amount

Flash 1-26

memory usage 1-26

menus 1-7

MGCP

application inspection

configuring 6-84

enabling 21-15

viewing 6-82

Microsoft client parameters, configuring 27-20

Microsoft Client Parameters tab 27-23

mobile redirection, ICMP message 8-8, 8-9

mode

context 7-9

firewall 2-5

model 1-26

monitoring

ARP table 39-1

CSC CPU 37-4

CSC memory 37-5

CSC security events 37-2

CSC software updates 37-3

CSC threats 37-1

DHCP

interface lease 39-2

IP addresses 39-2

server 39-2

statistics 39-3

failover 38-1, 38-5

failover groups 38-8

history metrics 2-9

interfaces 39-5

MAC address table 39-4

routes 40-7

monitoring interfaces 12-19

monitoring switch traffic, ASA 5505 5-16

MRoute panel 15-11

description 15-7

fields 15-7

MTU 4-9, 5-22

Multicast panel

description 15-1

fields 15-1

Multicast Route panel 15-11

multicast traffic 16-9

multiple mode, enabling 7-9

N

N2H2 filtering server 20-5

NAC tab (Network Admission Control) 27-30

name resolution 9-9

NAT

application inspection 6-29

security level requirements 4-2

transparent firewall 16-11

NETBIOS

application inspection, enabling 21-15

NetBIOS server

add/edit 27-56

tab 27-55

Network Address Translation

See NAT

New Authentication Server Group panel, VPN wizard 26-10

new features 1-2

O

Options menu 1-9

OSPF

about 14-1

adding an LSA filter 14-9

authentication settings 14-10

authentication support 14-1

configuring authentication 14-11

defining a static neighbor 14-17

defining interface properties 14-12

interaction with NAT 14-1, 14-2

interface properties 14-10, 14-12

LSA filtering 14-8

LSAs 14-2

LSA types 40-1

monitoring LSAs 40-1

neighbor states 40-5

route redistribution 14-14

static neighbor 14-16

summary address 14-17

virtual links 14-19

OSPF area

defining 14-4

OSPF Neighbors panel 40-5

description 40-5

fields 40-5

OSPF parameters

dead interval 14-14

hello interval 14-13

retransmit interval 14-14

transmit delay 14-14

OSPF route summarization

about 14-7

defining 14-7

Other tab, WebVPN 27-36

Outlook Web Access (OWA) and WebVPN 29-7

oversubscribing resources 7-11

P

packet

classifier 7-2

flow, transparent firewall 16-12

packet flow

routed firewall 16-3

packet trace, enabling 1-13

parameter problem, ICMP message 8-8, 8-9

password

restoring to default value 35-12

WebVPN 29-1

PDP context, GTP application inspection 6-56, 6-59

PIM

interface parameters 15-11

overview 15-11

register message filter 15-18

rendezvous points 15-16

shortest path tree settings 15-19

ping of death attack 24-8

platform model 1-26

PoE 5-16

Port Forwarding

configuring client applications 29-6

Port forwarding 27-35

port forwarding entry 27-36

port forwarding list 27-35

Posture Validation Exception, add/edit 27-31

power over Ethernet 5-16

pppoe_client 39-8

PPP tab, tunnel-group 27-49

PPTP

application inspection, enabling 21-16

priority queueing

hierarchical policy with traffic shaping 21-29

IPSec anti-replay window size 21-30, 26-14

Process Instances tab 14-3

description 14-3

fields 14-3

Properties tab 14-12

description 14-12

fields 14-12

Protocol and Service group box 21-11

Protocol Group, add 27-18

Protocol panel (IGMP) 15-4

description 15-4

fields 15-4

Protocol panel (PIM) 15-11

description 15-11

fields 15-11

proxied RPC request attack 24-9

proxy ARP, disabling 14-33

proxy bypass 28-18

Q

QoS

about 21-27

DiffServ preservation 21-29

DSCP preservation 21-29

feature interaction 21-28

priority queueing

hierarchical policy with traffic shaping 21-29

IPSec anti-replay window size 21-30, 26-14

token bucket 21-26

traffic match criteria 21-4, 21-14

traffic shaping

overview 21-28

queue, QoS

limit 21-26, 21-27

R

RADIUS

downloadable access lists 19-15

network access authorization 19-15

RAM, amount

memory, amount

RAM 1-26

rate limiting 21-27

recurring time range, add or edit 27-10

redirect, ICMP message 8-7, 8-9

Redistribution panel 14-14

description 14-14

fields 14-14

Remote Access Client panel, VPN wizard 26-8

Remote Site Peer panel, VPN wizard 26-3

Rendezvous Points panel 15-16

description 15-16

fields 15-16

Request Filter panel 15-18

description 15-18

fields 15-18

reset

inbound connections 24-13

outside connections 24-13

Reset button 1-24

resource management

configuring 7-10

default class 7-12

oversubscribing 7-11

overview 7-11

unlimited 7-11

restoring the default passord 35-12

rewrite, disabling 28-11

RIP

authentication 14-21

definition of 14-21

support for 14-21

RIP panel 14-21

fields 14-22

limitations 14-22

RIP Version 2 Notes 14-22

RNFR command, denied request 6-53

RNTO command, denied request 6-53

routed mode

setting 2-5

router advertisement, ICMP message 8-7, 8-8, 8-9

router solicitation, ICMP message 8-8, 8-9

Routes panel 40-7

description 40-7

fields 37-3, 40-7

Route Summarization tab 14-7

about 14-7

fields 14-7

Route Tree panel 15-19

description 15-19

fields 15-19

RPC

application inspection, enabling 21-16

RSH

application inspection, enabling 21-16

RTP

range in traffic match criteria 21-4, 21-13

RTSP

application inspection, enabling 21-16

rules

filtering 20-5

ICMP 8-7

service policy 21-1

S

same security level 4-5

Secure Computing SmartFilter filtering server

supported 20-1

URL for website 20-1

Secure Copy panel 8-12

description 8-12

fields 8-13

limitations 8-12

Secure Shell panel

description 11-7

fields 11-7, 11-11

security contexts

admin context

overview 7-1

cascading 7-7

classifier 7-2

configuration

files 7-2

logging in 7-8

multiple mode, enabling 7-9

nesting or cascading 7-8

overview 7-1

resource management 7-11

unsupported features 7-2

security level

configuration 4-7, 5-20

overview 4-1

same 4-5

segment size

maximum and minimum 24-13

Server and URL List

add/edit 27-37

Server or URL

dialog box 27-38

service policy rules 21-1

Setup panel 14-2

about 14-2

signatures

attack and informational 24-5

single mode

backing up configuration 7-9

configuration 7-9

enabling 7-9

restoring 7-10

SIP

application inspection, enabling 21-16

SITE command, denied request 6-53

Skinny

application inspection, enabling 21-16

SNMP

application inspection

enabling 21-16

viewing 6-100

software

license 1-26

version 1-26

source address, browse 27-14

source port, browse 27-15

Source Port group box 21-11

source quench, ICMP message 8-9

source-quench, ICMP message 8-7

SPAN 5-16

speed

interface 4-5, 4-11

system 4-4

spoofing, preventing 24-12

SQLNET

application inspection, enabling 21-16

SSL VPN Client 27-38

SSM

configuration

CSC SSM 35-3

Standard Access List Rule, add/edit 27-24

Standard ACL tab 27-11

startup configuration 7-2

statd buffer overflow attack 24-9

stateful application inspection 6-29

Stateful Failover 12-3

enabling 12-16

Logical Updates Statistics 38-7, 38-9

settings 12-27

stateful failover

interface 4-5

system 4-3

stateless failover 12-3

Static Group panel 15-6

description 15-6

fields 15-6

Static Neighbor panel 14-16

description 14-16

fields 14-16

static routes

about 14-28

floating 14-28

status bar 1-23

stealth firewall

See transparent firewall

STOU command, denied request 6-53

subinterface

add

system 4-3

adding 4-7

edit

system 4-3

subordinate certificate 32-1

Summary Address panel 14-17

description 14-17

fields 14-18

Summary panel, VPN wizard 26-7

Sun Microsystems Java™ Runtime Environment (JRE) and WebVPN 28-16, 29-6

SVC 27-38

switch MAC address table 23-5

switch ports

default configuration 5-16

SPAN 5-16

system

interface

add 4-3

duples 4-4

edit 4-3

failover link 4-3

speed 4-4

interface configuration 4-2

system configuration

network settings 7-2

overview 7-1

system messages

device ID, including 13-6

T

tail drop 21-27

TCP

application inspection 6-29

destination port in traffic match criteria 21-4, 21-12

maximum segment size 24-13

TIME_WAIT state 24-14

TCP FIN only flags attack 24-8

TCP NULL flags attack 24-8

TCP Service Group, add 27-16

TCP SYN+FIN flags attack 24-8

TFTP

application inspection, enabling 21-16

TIME_WAIT state 24-14

time exceeded, ICMP message 8-7, 8-8, 8-9

time range

add or edit 27-9

browse 27-8

recurring 27-10

timestamp reply, ICMP message 8-8, 8-9

timestamp request, ICMP message 8-8, 8-9

tocken bucket 21-26

Tools menu 1-11

traceroute, enabling 1-12, 1-17

traffic flow

routed firewall 16-3

transparent firewall 16-12

traffic match criteria 21-1

traffic shaping

overview 21-28

traffic usage 1-26

transmit queue ring limit 21-26, 21-27

transparent firewall

data flow 16-12

guidelines 16-10

HSRP 16-9

MAC address table

learning, disabling 23-6

overview 23-4

static entry 23-6

management IP address 8-1

multicast traffic 16-9

NAT 16-11

overview 16-9

VRRP 16-9

transparent mode

guidelines 16-10

overview 16-8

unsupported features 16-11

trustpoint

definition 32-7

trustpoint configuration panel 32-7

advanced options 32-15

CA certificate subject 32-7

certificate parameters 32-9

CRL retrieval method 32-12

CRL retrieval policy 32-11

device certificate subject 32-7

editing DN 32-10

enrollment settings 32-8

request CRL 32-7

trustpoint name 32-7

trustpoint export panel 32-16

trustpoint import panel 32-17

Tunneled Management 27-63

tunnel gateway, default 27-4

tunnel group

introduction 27-41

traffic match criteria 21-4

WebVPN Tab, Basic Tab 27-54

tx-ring-limit 21-26, 21-27

Type 1 panel 40-1

description 40-1

fields 40-1

Type 2 panel 40-2

description 40-2

fields 40-2

Type 3 panel 40-3

description 40-3

fields 40-3

Type 4 panel 40-3

description 40-3

fields 40-3

Type 5 panel 40-4

description 40-4

fields 40-4

Type 7 panel 40-4

description 40-4

fields 40-5

U

UDP

application inspection 6-29

bomb attack 24-8

chargen DoS attack 24-8

destination port in traffic match criteria 21-4, 21-12

snork attack 24-8

Unicast Reverse Path Forwarding 24-12

unreachable messages

ICMP type 8-7, 8-9

required for MTU discovery 8-7

uptime 1-26

URL

filtering

benefits of 20-5

configuring 20-9

URLs

filtering 20-1

filtering, configuration 20-4

User Accounts panel, VPN wizard 26-11

username

WebVPN 29-1

Xauth for Easy VPN client 27-62

V

version

ASDM 1-26

platform software 1-26

View/Config Banner 27-22

virtual firewalls

See security contexts

Virtual Link panel 14-19

description 14-19

fields 14-19

virtual MAC address

defining for Active/Active failover 12-31

virtual MAC addresses

about 12-21, 12-32

defaults for Active/Active failover 12-31

defining 12-22

defining for Active/Standby failover 12-33

virtual private network

overview 26-2

VLANs

ASA 5505

MAC addresses 5-16

maximum 5-14

VPN

overview 26-1, 26-2

system options 27-59

VPN Client, IPsec attributes 26-12

VPN Tunnel Type panel, VPN wizard 26-2

VPN wizard 26-1

Address Pool panel 26-12

Address Translation Exemption panel 26-13

Attributes Pushed to Client panel 26-12

Client Authentication panel 26-10

IKE Policy panel 26-4

IPSec Encryption and AUthentication panel 26-5

Remote Access Client panel 26-8

Remote Site Peer panel 26-3

Summary panel 26-7

User Accounts panel 26-11

VPN Tunnel Type panel 26-2

VPNwizard

Local Hosts and Networks panel 26-6

New Authentication Server Group panel 26-10

VRRP 16-9

W

web browsing with WebVPN 29-4

Web Page (tunnel-group) tab 27-58

Websense filtering server 20-1, 20-5

WebVPN

client application requirements 29-2

client requirements 29-2

for file management 29-5

for network browsing 29-5

for port forwarding 29-6

for using applications 29-6

for web browsing 29-4

start-up 29-3

enable cookies for 29-6

end user set-up 29-1

printing and 29-3

remote system configuration and end-user requirements 29-3

security tips 29-2

supported applications 29-2

supported browsers 29-3

supported types of Internet connections 29-3

URL 29-3

username and password required 29-3

usernames and passwords 29-1

use suggestions 29-1, 29-2

WebVPN tab

Functions tab 27-31

Other tab 27-36

Wizards menu 1-22

X

Xauth, Easy VPN client 27-62

XDMCP

application inspection, enabling 21-16

Z

Zone Labs Integrity Server 27-60

	ASDM 5.2 User Guide
	ASDMhelp.fmx
ASDM 5.2 User Guide Preface Welcome to ASDM Before You Start Using the Startup Wizard Configuring Interfaces Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance Global Objects Configuring Security Contexts Configuring Device Properties DHCP and DNS Services Configuring AAA Servers Configuring Device Access Configuring Failover Configuring Logging Configuring Dynamic And Static Routing Configuring Multicast Routing Firewall Mode Overview Configuring Access Rules Configuring EtherType Rules Configuring AAA Rules Configuring Filter Rules Configuring Service Policy Rules NAT Configuring ARP Inspection and Bridging Parameters Preventing Network Attacks Configuring QoS VPN Wizard IKE VPN General WebVPN WebVPN End User Set-up E-Mail Proxy Configuring SSL Settings Configuring Certificates CSD Configuring IPS Configuring Trend Micro Content Security Monitoring System Log Messages Monitoring Trend Micro Content Security Monitoring Failover Monitoring Interfaces Monitoring Routing Monitoring VPN Monitoring Properties Feature Licenses and Specifications ASDMhelp.fmx	Download this chapter ASDMhelp.fmx Download the complete book Cisco ASDM User Guide, 5.2 (PDF - 10 MB) Feedback Table Of Contents A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z Index A AAA authentication direct 19-13 interactive 19-13 authorization downloadable access lists 19-15 local fallback 10-3 overview 10-1 performance 19-1 support 10-2 AAA server group, add (group-policy) 27-6 ABR definition of 14-1 Access Group panel 15-2 description 15-2 fields 15-2 access lists downloadable 19-15 Accounting tab, tunnel group 27-46 ACE add/edit/paste 27-13 Extended ACL tab 27-12 ACL enabling IPSEC authenticated inbound sessions to bypass ACLs 27-59 extended 27-12 for WebVPN 27-40 standard 27-11 ACL Manager Add/Edit/Paste ACE 27-13 dialog box 27-11 ACLs defining traffic match criteria 21-4 Active/Active failover about 12-2 command replication 12-2 configuration synchronization 12-2 Active/Standby failover 12-2 ActiveX filtering option 20-8 object filtering, benefits of 20-5 Add/Edit Access Group dialog box 15-3 description 15-3 fields 15-3 Add/Edit Filtering Entry dialog box 14-9 description 14-9 fields 14-9 Add/Edit IGMP Join Group dialog box 15-4 description 15-4 fields 15-4 Add/Edit IGMP Static Group dialog box 15-7 description 15-7 fields 15-7 Add/Edit Multicast Group dialog box 15-18 description 15-18 fields 15-18 Add/Edit Multicast Route dialog box description 15-8 fields 15-8 Add/Edit OSPF Area dialog box 14-5 description 14-5 fields 14-5 Add/Edit OSPF Neighbor Entry dialog box 14-17 description 14-17 fields 14-17 Restrictions 14-17 Add/Edit Periodic Time Range dialog box 6-111 Add/Edit Redistribution dialog box 14-15 description 14-15 fields 14-15 Add/Edit Rendezvous Point dialog box 15-16 description 15-16 fields 15-16 restrictions 15-16 Add/Edit Route Summarization dialog box 14-7 about 14-7 fields 14-8 Add/Edit SSH Configuration dialog box 11-8 description 11-8 fields 11-8 Add/Edit Summary Address dialog box description 14-18 fields 14-18 Add/Edit Time Range dialog box 6-110 Add/Edit Virtual Link dialog box 14-19 description 14-19 fields 14-20 address assignment, client 27-46 Address Pool panel, VPN wizard 26-12 address pools, tunnel group 27-46 Address Translation Exemption panel, VPN wizard 26-13 admin context overview 7-1 administrative access using ICMP for 8-7 Advanced DHCP Options dialog box 9-7 description 9-7 fields 9-7 Advanced OSPF Interface Properties dialog box 14-13 description 14-13 fields 14-13 Advanced OSPF Virtual Link Properties dialog box 14-20 description 14-20 fields 14-20 Advanced tab, tunnel group 27-47 alternate address, ICMP message 8-8, 8-9 anti-replay window size 21-30, 26-14 APN, GTP application inspection 6-60 APPE command, denied request 6-53 application access and e-mail proxy 29-7 and Web Access 29-7 configuring client applications 29-6 enabling cookies on browser 29-6 privileges 29-6 quitting properly 29-6 setting up on client 29-6 using e-mail 29-7 with IMAP client 29-7 application firewall 6-67 application inspection described 6-29 enabling for different protocols 21-14 security level requirements 4-1 Apply button 1-24 Area/Networks tab 14-4 description 14-4 fields 14-5 area border router 14-1 ARP inspection configuring 23-1 ARP spoofing 23-2 ARP table monitoring 39-1 static entry 23-3 ASA 5505 Base license 5-14 client Xauth 27-62 MAC addresses 5-16 maximum VLANs 5-14 power over Ethernet 5-16 Security Plus license 5-14 SPAN 5-16 ASBR definition of 14-1 ASDM version 1-26 ASR group 14-32 assured forwarding (AF), traffic match criteria 21-14 asynchronous routing support 14-32 attacks DNS HINFO request 24-8 DNS request for all records 24-8 DNS zone transfer 24-8 DNS zone transfer from high port 24-8 fragmented ICMP traffic 24-7 IP fragment 24-6 IP impossible packet 24-6 large ICMP traffic 24-7 ping of death 24-8 proxied RPC request 24-9 statd buffer overflow 24-9 TCP FIN only flags 24-8 TCP NULL flags 24-8 TCP SYN+FIN flags 24-8 UDP bomb 24-8 UDP chargen DoS 24-8 UDP snork 24-8 Attributes Pushed to Client panel, VPN wizard 26-12 authenticating a certificate 32-1 authentication FTP 19-5 HTTP 19-5, 19-13 Telnet 19-5 Authentication tab 14-10 description 14-10 fields 14-10 Authentication tab, tunnel group 27-44 Authorization tab, tunnel group 27-44 Auto Signon group-policy 27-40 B bandwidth 1-26 banner, view/configure 27-22 basic HTTP authentication HTTP basic authentication 19-13 Basic tab general tab, tunnel group 27-42 IPSec LAN-to-LAN, General tab 27-50 tunnel group WebVPN Access, General tab 27-53 bridging MAC address table learning, disabling 23-6 overview 23-4 static entry 23-6 management IP address 8-1 Browse ICMP 27-16 Browse Other 27-17 Browse Source or Destination Address 27-14 Browse Source or Destination Port 27-15 Browse Time Range 27-8 building blocks 6-1 C CA certificate 32-1 call agents MGCP application inspection 6-83, 6-84 Cancel button 1-24 CDUP command, denied request 6-53 certificate exporting 32-16 fingerprint 32-1 importing 32-17 installing 32-17 managing 32-5 certificate authentication 32-1 certificate enrollment 32-2 Cisco Client Parameters tab 27-22 classes See resource management Client Access Rule, add or edit 27-20 Client Address Assignment 27-46 Client Authentication panel, VPN wizard 26-10 Client Configuration tab 27-20 Client Firewall tab 27-25 client parameters, configuring 27-20 Client Update, edit , Windows and VPN 3002 clients 27-3 Client Update window, Windows and VPN 3002 clients 27-1 configuration context files 7-2 factory default 2-1 Configure IGMP Parameters dialog box 15-5 description 15-5 fields 15-5 configuring CSC activation 35-8 CSC email 35-16 CSC file transfer 35-18 CSC IP address 35-9 CSC license 35-8 CSC management access 35-11 CSC notifications 35-10 CSC password 35-11 CSC Setup Wizard 35-13 CSC updates 35-19 CSC Web 35-15 CSC wizard summary 35-13 connections per second 1-26 Content Filtering tab 27-34 context mode viewing 1-26 contexts See security contexts conversion error, ICMP message 8-8, 8-9 CPU usage 1-26 Create a Service Policy and Apply to group box 21-3 CRL cache refresh time 32-15 enforce next update 32-15 retrieval method 32-12 retrieval policy 32-11 CSC activation configuring 35-8 CSC CPU monitoring 37-4 CSC email configuring 35-16 CSC file transfer configuring 35-18 CSC File Transfer panel fields 35-18 CSC IP address configuring 35-9 CSC license configuring 35-8 CSC management access configuring 35-11 CSC memory monitoring 37-5 CSC notifications configuring 35-10 CSC password configuring 35-11 CSC security events monitoring 37-2 CSC Setup Wizard 35-13 summary 35-13 CSC software updates monitoring 37-3 CSC SSM getting started 35-3 overview 35-1 what to scan 35-5 CSC threats monitoring 37-1 CSC updates configuring 35-19 CSC Web configuring 35-15 CSD Setup 28-8 CSD support 1-9 CTIQBE application inspection, enabling 21-14 cut-through proxy 19-1 D data flow routed firewall 16-3 transparent firewall 16-12 default class 7-12 default configuration 2-1 default inspection traffic 21-4 default routes defining equal cost routes 14-28 definition of 14-28 for tunneled traffic 14-28 default tunnel gateway 27-4 destination address, browse 27-14 destination port, browse 27-15 device ID, including in messages 13-6 Device Pass-Through 27-63 DHCP configuring 9-4 interface IP address 4-8, 5-20 monitoring interface lease 39-2 IP addresses 39-2 server 39-2 statistics 39-3 services 9-1 statistics 39-3 DHCP relay overview 9-1 DHCP Relay - Add/Edit DHCP Server dialog box 9-3 description 9-3 fields 9-3 restrictions 9-3 DHCP Relay panel 9-1 description 9-1 fields 9-2 prerequisites 9-2 restrictions 9-1 DHCP Server panel 9-4 description 9-4 fields 9-4 DHCP services 9-1 DiffServ, traffic match criteria 21-14 DiffServ preservation 21-29 digital certificates 32-1 direct authentication 19-13 disabling content rewrite 28-11 DNS application inspection, enabling 21-15 DNS client 9-9 DNS HINFO request attack 24-8 DNS request for all records attack 24-8 DNS zone transfer attack 24-8 DNS zone transfer from high port attack 24-8 downloadable access lists configuring 19-15 converting netmask expressions 19-19 DSCP traffic match criteria 21-4, 21-14 DSCP preservation 21-29 duplex interface 4-4, 4-11, 5-25 system 4-4 E Easy VPN client Xauth 27-62 Easy VPN, advanced properties 27-63 Easy VPN client 27-61 Easy VPN Remote 27-61 echo reply, ICMP message 8-7 ECMP 14-28 Edit DHCP Relay Agent Settings dialog box 9-3 description 9-3 fields 9-3 prerequisites 9-3 restrictions 9-3 Edit DHCP Server dialog box 9-6 description 9-6 fields 9-6 Edit OSPF Interface Authentication dialog box 14-11 description 14-11 fields 14-11 Edit OSPF Interface Properties dialog box 14-12 fields 14-12 Edit OSPF Process Advanced Properties dialog box 14-3 description 14-3 fields 14-3 Edit PIM Protocol dialog box 15-12 description 15-12 fields 15-12 e-mail proxy and WebVPN 29-7 Enable IPSec authenticated inbound sessions 27-59 enrolling certificate 32-2 ESMTP application inspection, enabling 21-15 established command security level requirements 4-2 Ethernet MTU 4-9, 5-22 expedited forwarding (EF), traffic match criteria 21-14 exporting a certificate 32-16 extended ACL 27-12 external filtering server 20-5 External Group Policy, add or edit 27-6 F factory default configuration 2-1 failover about virtual MAC addresses 12-21 criteria 12-20, 12-28 defining standby IP addresses 12-18, 12-19 defining virtual MAC addresses 12-22 enable 12-26 enabling Active/Standby 12-15 enabling LAN-based 12-16 enabling LAN-based failover 12-26 enabling Stateful Failover 12-16 graphs 38-4 in multiple context mode 12-26 interface 4-5 system 4-3 key 12-15, 12-26 make active 38-4 make standby 38-4 monitoring 38-1 monitoring interfaces 12-19 reload standby 38-4 reset 38-4, 38-8 stateful 12-3 Stateful Failover 12-27 stateless 12-3 status 38-1 failover groups about 12-29 adding 12-30 editing 12-30 monitoring 38-8 reset 38-10 filtering benefits of 20-5 rules 20-8 security level requirements 4-1 servers supported 20-1 URLs 20-1 filtering, Content Filtering tab 27-34 Filtering panel 14-8 benefits 14-8 description 14-8 fields 14-8 restrictions 14-8 fingerprint certificate 32-1 firewall, client, configuring settings 27-25 firewall mode configuring 2-5 overview 16-1 viewing 1-26 firewall server, Zone Labs 27-60 Flash memory, amount 1-26 fragmentation policy, IPSec 26-5 fragmented ICMP traffic attack 24-7 FTP application inspection enabling 21-15 viewing 6-31, 6-32, 6-33, 6-35, 6-41, 6-42, 6-43, 6-49, 6-50, 6-51, 6-56, 6-61, 6-62, 6-63, 6-69, 6-75, 6-79, 6-80, 6-82, 6-86, 6-88, 6-89, 6-90, 6-93, 6-94 filtering option 20-9 Functions tab, WebVPN 27-31 G gateway, default tunnel gateway 27-4 gateways MGCP application inspection 6-84 General Client Parameters tab 27-21 Group Aliases and URLs, tunnel group 27-57 Group Policy window add or edit, General tab 27-7 introduction 27-4 IPSec tab, add or edit 27-19 GTP application inspection enabling 21-15 viewing 6-55 H H225 application inspection, enabling 21-15 H323 RAS application inspection, enabling 21-15 Hardware Client tab 27-27 Help button 1-24 HELP command, denied request 6-53 Help menu 1-22 hierarchical policy, traffic shaping and priority queueing 21-29 history metrics 2-9 Homepage tab 27-34 HSRP 16-9 HTTP application inspection enabling 21-15 viewing 6-67 filtering 20-1 benefits of 20-5 configuring 20-9 HTTPS authentication redirect method 19-13 enabling access to ASDM 11-6 filtering option 20-9 I ICMP add group 27-17 application inspection, enabling 21-15 browse 27-16 rules for access to ADSM 8-7 ICMP Error application inspection, enabling 21-15 ICMP Group 27-17 ICMP types selecting 8-7, 8-8 IGMP access groups 15-2 configuring interface parameters 15-5 group membership 15-3 interface parameters 15-4 static group assignment 15-6 IGMP panel IGMP overview 15-2 IKE Policy panel, VPN wizard 26-4 IKE tunnels, amount 1-26 ILS application inspection, enabling 21-15 import certificate panel 32-3 importing a certificate 32-17 information reply, ICMP message 8-8, 8-9 information request, ICMP message 8-8, 8-9 installing a certificate 32-17 interactive authentication 19-13 interface add system 4-3 configuring system 4-2 duplex 4-4, 4-11, 5-25 system 4-4 edit system 4-3 failover 4-5 failover link system 4-3 IP address DHCP 4-8, 5-20 management only 4-7, 5-20 MTU 4-9, 5-22 name 4-7, 5-20 security level 4-7, 5-20 speed 4-5, 4-11 system 4-4 state link 4-5 status 1-26 subinterface, adding 4-7 throughput 1-26 Interface panel 14-10 interfaces ASA 5505 MAC addresses 5-16 maximum VLANs 5-14 enabled status 4-2, 4-3, 4-4, 4-6, 4-7 monitoring 39-5 IP address 8-1 configuration 4-8, 5-20 configuring 4-6, 5-18 interface DHCP 4-8, 5-20 management, transparent firewall 8-1 IP audit enabling 24-3 monitoring 42-8 signatures 24-5 IP DiffServ CodePoints, traffic match criteria 21-4, 21-14 IP fragment attack 24-6 IP fragment database, defaults 24-11 IP fragment database, editing 24-13 IP impossible packet attack 24-6 IP overlapping fragments attack 24-6 IP precedence traffic match criteria 21-4, 21-13 IPS IP audit 24-3 IPSec fragmentation policy 26-5 IPsec Cisco VPN Client 26-12 IPSec Encryption and Authentication panel, VPN wizard 26-5 IPSec rules anti-replay window size 21-30, 26-14 IPSec tab internal group policy 27-19 IPSec LAN-to-LAN 27-51 tunnel group 27-48 IPSec tunnels, amount 1-26 IP teardrop attack 24-6 J Java applet filtering benefits of 20-5 configuring 20-8 Join Group panel 15-3 description 15-3 fields 15-3 K key pair panel key-pair name 32-4 size 32-4 type 32-4 usage 32-4 key pairs 32-4 adding 32-4 showing details 32-5 L large ICMP traffic attack 24-7 latency configuring 21-26, 21-27 Layer 2 firewall See transparent firewall license 1-26 LLQ See low-latency queue Local Hosts and Networks panel, VPN wizard 26-6 login FTP 19-5 low-latency queue applying 21-26, 21-27 LSA about Type 1 40-1 about Type 2 40-2 about Type 3 40-3 about Type 4 40-3 about Type 5 40-4 about Type 7 40-4 M MAC addresses ASA 5505 5-16 MAC address table 23-4 built-in-switch 23-5 learning, disabling 23-6 monitoring 39-4 overview 16-12, 23-4 static entry 23-6 management traffic 4-7, 5-20 managing certificates 32-5 man-in-the-middle attack 23-2 mask reply, ICMP message 8-8, 8-9 mask request, ICMP message 8-8, 8-9 maximum sessions, IPSec 27-59 memory, amount Flash 1-26 memory usage 1-26 menus 1-7 MGCP application inspection configuring 6-84 enabling 21-15 viewing 6-82 Microsoft client parameters, configuring 27-20 Microsoft Client Parameters tab 27-23 mobile redirection, ICMP message 8-8, 8-9 mode context 7-9 firewall 2-5 model 1-26 monitoring ARP table 39-1 CSC CPU 37-4 CSC memory 37-5 CSC security events 37-2 CSC software updates 37-3 CSC threats 37-1 DHCP interface lease 39-2 IP addresses 39-2 server 39-2 statistics 39-3 failover 38-1, 38-5 failover groups 38-8 history metrics 2-9 interfaces 39-5 MAC address table 39-4 routes 40-7 monitoring interfaces 12-19 monitoring switch traffic, ASA 5505 5-16 MRoute panel 15-11 description 15-7 fields 15-7 MTU 4-9, 5-22 Multicast panel description 15-1 fields 15-1 Multicast Route panel 15-11 multicast traffic 16-9 multiple mode, enabling 7-9 N N2H2 filtering server 20-5 NAC tab (Network Admission Control) 27-30 name resolution 9-9 NAT application inspection 6-29 security level requirements 4-2 transparent firewall 16-11 NETBIOS application inspection, enabling 21-15 NetBIOS server add/edit 27-56 tab 27-55 Network Address Translation See NAT New Authentication Server Group panel, VPN wizard 26-10 new features 1-2 O Options menu 1-9 OSPF about 14-1 adding an LSA filter 14-9 authentication settings 14-10 authentication support 14-1 configuring authentication 14-11 defining a static neighbor 14-17 defining interface properties 14-12 interaction with NAT 14-1, 14-2 interface properties 14-10, 14-12 LSA filtering 14-8 LSAs 14-2 LSA types 40-1 monitoring LSAs 40-1 neighbor states 40-5 route redistribution 14-14 static neighbor 14-16 summary address 14-17 virtual links 14-19 OSPF area defining 14-4 OSPF Neighbors panel 40-5 description 40-5 fields 40-5 OSPF parameters dead interval 14-14 hello interval 14-13 retransmit interval 14-14 transmit delay 14-14 OSPF route summarization about 14-7 defining 14-7 Other tab, WebVPN 27-36 Outlook Web Access (OWA) and WebVPN 29-7 oversubscribing resources 7-11 P packet classifier 7-2 flow, transparent firewall 16-12 packet flow routed firewall 16-3 packet trace, enabling 1-13 parameter problem, ICMP message 8-8, 8-9 password restoring to default value 35-12 WebVPN 29-1 PDP context, GTP application inspection 6-56, 6-59 PIM interface parameters 15-11 overview 15-11 register message filter 15-18 rendezvous points 15-16 shortest path tree settings 15-19 ping of death attack 24-8 platform model 1-26 PoE 5-16 Port Forwarding configuring client applications 29-6 Port forwarding 27-35 port forwarding entry 27-36 port forwarding list 27-35 Posture Validation Exception, add/edit 27-31 power over Ethernet 5-16 pppoe_client 39-8 PPP tab, tunnel-group 27-49 PPTP application inspection, enabling 21-16 priority queueing hierarchical policy with traffic shaping 21-29 IPSec anti-replay window size 21-30, 26-14 Process Instances tab 14-3 description 14-3 fields 14-3 Properties tab 14-12 description 14-12 fields 14-12 Protocol and Service group box 21-11 Protocol Group, add 27-18 Protocol panel (IGMP) 15-4 description 15-4 fields 15-4 Protocol panel (PIM) 15-11 description 15-11 fields 15-11 proxied RPC request attack 24-9 proxy ARP, disabling 14-33 proxy bypass 28-18 Q QoS about 21-27 DiffServ preservation 21-29 DSCP preservation 21-29 feature interaction 21-28 priority queueing hierarchical policy with traffic shaping 21-29 IPSec anti-replay window size 21-30, 26-14 token bucket 21-26 traffic match criteria 21-4, 21-14 traffic shaping overview 21-28 queue, QoS limit 21-26, 21-27 R RADIUS downloadable access lists 19-15 network access authorization 19-15 RAM, amount memory, amount RAM 1-26 rate limiting 21-27 recurring time range, add or edit 27-10 redirect, ICMP message 8-7, 8-9 Redistribution panel 14-14 description 14-14 fields 14-14 Remote Access Client panel, VPN wizard 26-8 Remote Site Peer panel, VPN wizard 26-3 Rendezvous Points panel 15-16 description 15-16 fields 15-16 Request Filter panel 15-18 description 15-18 fields 15-18 reset inbound connections 24-13 outside connections 24-13 Reset button 1-24 resource management configuring 7-10 default class 7-12 oversubscribing 7-11 overview 7-11 unlimited 7-11 restoring the default passord 35-12 rewrite, disabling 28-11 RIP authentication 14-21 definition of 14-21 support for 14-21 RIP panel 14-21 fields 14-22 limitations 14-22 RIP Version 2 Notes 14-22 RNFR command, denied request 6-53 RNTO command, denied request 6-53 routed mode setting 2-5 router advertisement, ICMP message 8-7, 8-8, 8-9 router solicitation, ICMP message 8-8, 8-9 Routes panel 40-7 description 40-7 fields 37-3, 40-7 Route Summarization tab 14-7 about 14-7 fields 14-7 Route Tree panel 15-19 description 15-19 fields 15-19 RPC application inspection, enabling 21-16 RSH application inspection, enabling 21-16 RTP range in traffic match criteria 21-4, 21-13 RTSP application inspection, enabling 21-16 rules filtering 20-5 ICMP 8-7 service policy 21-1 S same security level 4-5 Secure Computing SmartFilter filtering server supported 20-1 URL for website 20-1 Secure Copy panel 8-12 description 8-12 fields 8-13 limitations 8-12 Secure Shell panel description 11-7 fields 11-7, 11-11 security contexts admin context overview 7-1 cascading 7-7 classifier 7-2 configuration files 7-2 logging in 7-8 multiple mode, enabling 7-9 nesting or cascading 7-8 overview 7-1 resource management 7-11 unsupported features 7-2 security level configuration 4-7, 5-20 overview 4-1 same 4-5 segment size maximum and minimum 24-13 Server and URL List add/edit 27-37 Server or URL dialog box 27-38 service policy rules 21-1 Setup panel 14-2 about 14-2 signatures attack and informational 24-5 single mode backing up configuration 7-9 configuration 7-9 enabling 7-9 restoring 7-10 SIP application inspection, enabling 21-16 SITE command, denied request 6-53 Skinny application inspection, enabling 21-16 SNMP application inspection enabling 21-16 viewing 6-100 software license 1-26 version 1-26 source address, browse 27-14 source port, browse 27-15 Source Port group box 21-11 source quench, ICMP message 8-9 source-quench, ICMP message 8-7 SPAN 5-16 speed interface 4-5, 4-11 system 4-4 spoofing, preventing 24-12 SQLNET application inspection, enabling 21-16 SSL VPN Client 27-38 SSM configuration CSC SSM 35-3 Standard Access List Rule, add/edit 27-24 Standard ACL tab 27-11 startup configuration 7-2 statd buffer overflow attack 24-9 stateful application inspection 6-29 Stateful Failover 12-3 enabling 12-16 Logical Updates Statistics 38-7, 38-9 settings 12-27 stateful failover interface 4-5 system 4-3 stateless failover 12-3 Static Group panel 15-6 description 15-6 fields 15-6 Static Neighbor panel 14-16 description 14-16 fields 14-16 static routes about 14-28 floating 14-28 status bar 1-23 stealth firewall See transparent firewall STOU command, denied request 6-53 subinterface add system 4-3 adding 4-7 edit system 4-3 subordinate certificate 32-1 Summary Address panel 14-17 description 14-17 fields 14-18 Summary panel, VPN wizard 26-7 Sun Microsystems Java™ Runtime Environment (JRE) and WebVPN 28-16, 29-6 SVC 27-38 switch MAC address table 23-5 switch ports default configuration 5-16 SPAN 5-16 system interface add 4-3 duples 4-4 edit 4-3 failover link 4-3 speed 4-4 interface configuration 4-2 system configuration network settings 7-2 overview 7-1 system messages device ID, including 13-6 T tail drop 21-27 TCP application inspection 6-29 destination port in traffic match criteria 21-4, 21-12 maximum segment size 24-13 TIME_WAIT state 24-14 TCP FIN only flags attack 24-8 TCP NULL flags attack 24-8 TCP Service Group, add 27-16 TCP SYN+FIN flags attack 24-8 TFTP application inspection, enabling 21-16 TIME_WAIT state 24-14 time exceeded, ICMP message 8-7, 8-8, 8-9 time range add or edit 27-9 browse 27-8 recurring 27-10 timestamp reply, ICMP message 8-8, 8-9 timestamp request, ICMP message 8-8, 8-9 tocken bucket 21-26 Tools menu 1-11 traceroute, enabling 1-12, 1-17 traffic flow routed firewall 16-3 transparent firewall 16-12 traffic match criteria 21-1 traffic shaping overview 21-28 traffic usage 1-26 transmit queue ring limit 21-26, 21-27 transparent firewall data flow 16-12 guidelines 16-10 HSRP 16-9 MAC address table learning, disabling 23-6 overview 23-4 static entry 23-6 management IP address 8-1 multicast traffic 16-9 NAT 16-11 overview 16-9 VRRP 16-9 transparent mode guidelines 16-10 overview 16-8 unsupported features 16-11 trustpoint definition 32-7 trustpoint configuration panel 32-7 advanced options 32-15 CA certificate subject 32-7 certificate parameters 32-9 CRL retrieval method 32-12 CRL retrieval policy 32-11 device certificate subject 32-7 editing DN 32-10 enrollment settings 32-8 request CRL 32-7 trustpoint name 32-7 trustpoint export panel 32-16 trustpoint import panel 32-17 Tunneled Management 27-63 tunnel gateway, default 27-4 tunnel group introduction 27-41 traffic match criteria 21-4 WebVPN Tab, Basic Tab 27-54 tx-ring-limit 21-26, 21-27 Type 1 panel 40-1 description 40-1 fields 40-1 Type 2 panel 40-2 description 40-2 fields 40-2 Type 3 panel 40-3 description 40-3 fields 40-3 Type 4 panel 40-3 description 40-3 fields 40-3 Type 5 panel 40-4 description 40-4 fields 40-4 Type 7 panel 40-4 description 40-4 fields 40-5 U UDP application inspection 6-29 bomb attack 24-8 chargen DoS attack 24-8 destination port in traffic match criteria 21-4, 21-12 snork attack 24-8 Unicast Reverse Path Forwarding 24-12 unreachable messages ICMP type 8-7, 8-9 required for MTU discovery 8-7 uptime 1-26 URL filtering benefits of 20-5 configuring 20-9 URLs filtering 20-1 filtering, configuration 20-4 User Accounts panel, VPN wizard 26-11 username WebVPN 29-1 Xauth for Easy VPN client 27-62 V version ASDM 1-26 platform software 1-26 View/Config Banner 27-22 virtual firewalls See security contexts Virtual Link panel 14-19 description 14-19 fields 14-19 virtual MAC address defining for Active/Active failover 12-31 virtual MAC addresses about 12-21, 12-32 defaults for Active/Active failover 12-31 defining 12-22 defining for Active/Standby failover 12-33 virtual private network overview 26-2 VLANs ASA 5505 MAC addresses 5-16 maximum 5-14 VPN overview 26-1, 26-2 system options 27-59 VPN Client, IPsec attributes 26-12 VPN Tunnel Type panel, VPN wizard 26-2 VPN wizard 26-1 Address Pool panel 26-12 Address Translation Exemption panel 26-13 Attributes Pushed to Client panel 26-12 Client Authentication panel 26-10 IKE Policy panel 26-4 IPSec Encryption and AUthentication panel 26-5 Remote Access Client panel 26-8 Remote Site Peer panel 26-3 Summary panel 26-7 User Accounts panel 26-11 VPN Tunnel Type panel 26-2 VPNwizard Local Hosts and Networks panel 26-6 New Authentication Server Group panel 26-10 VRRP 16-9 W web browsing with WebVPN 29-4 Web Page (tunnel-group) tab 27-58 Websense filtering server 20-1, 20-5 WebVPN client application requirements 29-2 client requirements 29-2 for file management 29-5 for network browsing 29-5 for port forwarding 29-6 for using applications 29-6 for web browsing 29-4 start-up 29-3 enable cookies for 29-6 end user set-up 29-1 printing and 29-3 remote system configuration and end-user requirements 29-3 security tips 29-2 supported applications 29-2 supported browsers 29-3 supported types of Internet connections 29-3 URL 29-3 username and password required 29-3 usernames and passwords 29-1 use suggestions 29-1, 29-2 WebVPN tab Functions tab 27-31 Other tab 27-36 Wizards menu 1-22 X Xauth, Easy VPN client 27-62 XDMCP application inspection, enabling 21-16 Z Zone Labs Integrity Server 27-60
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks