Cisco Security Appliance Command Reference, Version 7.2 - About this Guide [Cisco ASA 5500 Series Adaptive Security Appliances]

Table Of Contents

About This Guide

Document Objectives

Audience

Document Organization

Document Conventions

Related Documentation

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Cisco Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information

About This Guide

This preface introduces the Cisco Security Appliance Command Reference.

This preface includes the following sections:

•Document Objectives

•Audience

•Document Organization

•Document Conventions

•Related Documentation

•Obtaining Documentation

•Documentation Feedback

•Cisco Product Security Overview

•Product Alerts and Field Notices

•Obtaining Technical Assistance

•Obtaining Additional Publications and Information

Document Objectives

This guide contains the commands available for use with the security appliance to protect your network from unauthorized use and to establish Virtual Private Networks to connect remote sites and users to your network.

You can also configure and monitor the security appliance by using ASDM, a web-based GUI application. ASDM includes configuration wizards to guide you through some common configuration scenarios, and online Help for less common scenarios. For more information, see: http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/index.htm.

This guide applies to the Cisco PIX 500 series security appliances (PIX 515/515E, PIX 525, and PIX 535) and the Cisco ASA 5500 series security appliances (ASA 5510, ASA 5520, and ASA 5540). Throughout this guide, the term "security appliance" applies generically to all supported models, unless specified otherwise. The PIX 501, PIX 506E, and PIX 520 security appliances are not supported in software Version 7.0(1).

Audience

This guide is for network managers who perform any of the following tasks:

•Manage network security

•Install and configure firewall/security appliances

•Configure VPNs

•Configure intrusion detection software

Use this guide with the Cisco Security Appliance Command Line Configuration Guide.

Document Organization

This guide includes the following chapters:

•"Using the Command-Line Interface," introduces you to the security appliance commands and access modes.

•"aaa accounting command through accounting-server-group Commands," provides detailed descriptions of the aaa accounting through accounting-server-group commands.

•"acl-netmask-convert through auto-update timeout Commands," provides detailed descriptions of the activation-key through auto-update timeout commands.

•"backup interface through browse-networks Commands," provides detailed descriptions of the backup-servers through boot commands.

•"cache through clear compression Commands," provides detailed descriptions of the cache-time through clear capture commands.

•"clear configure through clear configure zonelabs-integrity Commands," provides detailed descriptions of the clear configure through clear configure virtual commands.

•"clear console-output through clear xlate Commands," provides detailed descriptions of the clear console-output through clear xlate commands.

•"client-access-rule through crl configure Commands," provides detailed descriptions of the client-access-rule through crl-configure commands.

•"crypto ca authenticate through customization Commands," provides detailed descriptions of the crypto ca authenticate through crypto map set commands.

•"ddns through debug xdmcp Commands," provides detailed descriptions of the debug aaa through debug xdmcp commands.

•"default through duplex Commands," provides detailed descriptions of the default through duplex commands.

•"email through functions Commands," provides detailed descriptions of the email through functions commands.

•"gateway through hw-module module shutdown Commands," provides detailed descriptions of the gateway through hw-module module shutdown commands.

•"icmp through imap4s Commands," provides detailed descriptions of the icmp through imap4s commands.

•"inspect ctiqbe through inspect xdmcp Commands," provides detailed descriptions of the inspect ctiqbe through inspect xdmcp commands.

•"interface-dhcp through issuer-name Commands," provides detailed descriptions of the interface-dhcp through issuer-name commands.

•"java-trustpoint through kill Commands," provides detailed descriptions of the join-failover-group through kill commands.

•"l2tp tunnel hello through log-adj-changes Commands," provides detailed descriptions of the 12tp tunnel hello through login commands.

•"logging asdm through logout message Commands," provides detailed descriptions of the logging asdm through logout message commands.

•"mac address through multicast-routing Commands," provides detailed descriptions of the mac-address through multicast-routing commands.

•"nac through override-account-disable Commands," provides detailed descriptions of the name through outstanding commands.

•"packet-tracer through pwd Commands," provides detailed descriptions of the participate through pwd commands.

•"queue-limit through rtp-conformance Commands," provides detailed descriptions of the queue-limit through router ospf commands.

•"same-security-traffic through show asdm sessions Commands," provides detailed descriptions of the same-security-traffic through show asdm sessions commands.

•"show asp drop through show curpriv Commands," provides detailed descriptions of the show asp drop through show curpriv commands.

•"show ddns update interface through show ipv6 traffic Commands," provides detailed descriptions of the show debug through show ipv6 traffic commands.

•"show isakmp ipsec-over-tcp stats through show route Commands," provides detailed descriptions of the show isakmp sa through show route commands.

•"show running-config through show running-config isakmp Commands," provides detailed descriptions of the show running-config through show running-config isakmp commands.

•"show running-config ldap through show running-config wccp Commands," provides detailed descriptions of the show running-config logging through show running-config webvpn commands.

•"show service-policy through show webvpn svc Commands," provides detailed descriptions of the show service-policy through show xlate commands.

•"shun through sysopt radius ignore-secret Commands," provides detailed descriptions of the shun through sysopt uauth allow-http-cache commands.

•"tcp-map through type echo Commands," provides detailed descriptions of the tcp-map through tunnel-limit commands.

•"urgent-flag through zonelabs integrity ssl-client-authentication Commands," provides detailed descriptions of the urgent-flag through write terminal commands.

Document Conventions

Command descriptions use these conventions:

•Braces ({ }) indicate a required choice.

•Square brackets ([ ]) indicate optional elements.

•Vertical bars ( | ) separate alternative, mutually exclusive elements.

•Boldface indicates commands and keywords that are entered literally as shown.

•Italics indicate arguments for which you supply values.

Examples use these conventions:

•Examples depict screen displays and the command line in screen font.

•Information you need to enter in examples is shown in boldface screen font.

Note Variables for which you must supply a value are shown in italic screen font.Means reader take note. Notes contain helpful suggestions or references to material not addressed in the manual.

For information on modes, prompts, and syntax, see "Using the Command-Line Interface."

Related Documentation

For more information, refer to the following documentation:

•Cisco ASDM Release Notes

•Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide

•Cisco ASA 5500 Series Hardware Installation Guide

•Cisco ASA 5500 Series Quick Start Guide

•Cisco ASA 5500 Series Release Notes

•Cisco PIX Security Appliance Release Notes

•Cisco PIX 515E Quick Start Guide

•Cisco Security Appliance Command Line Configuration Guide

•Cisco Security Appliance System Log Messages

•Guide for Cisco PIX 6.2 and 6.3 Users Upgrading to Cisco PIX Software Version 7.0

•Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series

•Release Notes for Cisco Secure Desktop

•Migrating to ASA for VPN 3000 Concentrator Series Administrators

•Selected ASDM VPN Configuration Procedures for the Cisco ASA 5500 Series

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:

http://www.cisco.com/univercd/home/home.htm

The Product Documentation DVD is created and released regularly. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

Ordering Documentation

You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

If you do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Documentation Feedback

You can provide feedback about Cisco technical documentation on the Cisco Support site area by entering your comments in the feedback form available in every online document.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to do the following:

•Report security vulnerabilities in Cisco products

•Obtain assistance with security incidents that involve Cisco products

•Register to receive security information from Cisco

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

•For emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

•For nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

•1 877 228-7302

•1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.

Product Alerts and Field Notices

Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

To access the Product Alert Tool, you must be a registered Cisco.com user. Registered users can access the tool at this URL:

http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en

To register as a Cisco.com user, go to this URL:

http://tools.cisco.com/RPF/register/register.do

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Support website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Support Website

The Cisco Support website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:

http://www.cisco.com/en/US/support/index.html

Access to all tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Note Before you submit a request for service online or by phone, use the Cisco Product Identification Tool to locate your product serial number. You can access this tool from the Cisco Support website by clicking the Get Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Tip Displaying and Searching on Cisco.com

If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.

To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. After using the Search box on the Cisco.com home page, click the Advanced Search link next to the Search box on the resulting page and then click the Technical Support & Documentation radio button.

To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411
Australia: 1 800 805 227
EMEA: +32 2 704 55 55
USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•The Cisco Online Subscription Center is the website where you can sign up for a variety of Cisco e-mail newsletters and other communications. Create a profile and then select the subscriptions that you would like to receive. To visit the Cisco Online Subscription Center, go to this URL:

http://www.cisco.com/offer/subscribe

•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

•Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

•Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

•Internet Protocol Journal is s a quarterly journal published by Cisco for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

•Networking products offered by Cisco, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

•Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

•"What's New in Cisco Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of "What's New in Cisco Documentation" at this URL:

http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm

•World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

	Cisco Security Appliance Command Reference, Version 7.2
	About this Guide
Cisco Security Appliance Command Reference, Version 7.2 About this Guide Using the Command Line Interface aaa accounting command through accounting-server-group Commands acl-netmask-convert through auto-update timeout Commands backup interface through browse networks Commands cache through clear compression Commands clear conn through clear configure vpn-load-balancing Commands clear console-output through clear xlate Commands client-access-rule through crl-configure Commands crypto ca authenticate through customization Commands ddns through debug xdmcp Commands default through duplex Commands email through functions Commands gateway through hw-module module shutdown Commands icmp through imap4s Commands inspect ctiqbe through inspect xdmcp Commands intercept-dhcp through issuer-name Commands java-trustpoint through kill Commands l2tp tunnel hello through log-adj-changes Commands logging asdm through logout message Commands mac-address through multicast-routing Commands name through override-account-disable Commands packet-tracer through pwd Commands queue-limit through router rip Commands same-security-traffic through show asdm sessions Commands show asp drop through show curpriv Commands show ddns through show ipv6 traffic Commands show isakmp sa through show route Commands show running-config through show running-config isakmp Commands show running-config ldap through show running-config webvpn auto-signon Commands show service-policy through show xlate Commands shun through sysopt radius ignore-secret Commands tcp-map through tx-ring-limit Commands urgent-flag through write terminal Commands	Download this chapter About this Guide Download the complete book Cisco Security Appliance Command Reference Book, Version 7.2(2) -- Whole Book PDF (PDF - 21 MB) Table Of Contents About This Guide Document Objectives Audience Document Organization Document Conventions Related Documentation Obtaining Documentation Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Product Alerts and Field Notices Obtaining Technical Assistance Cisco Support Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information About This Guide This preface introduces the Cisco Security Appliance Command Reference. This preface includes the following sections: •Document Objectives •Audience •Document Organization •Document Conventions •Related Documentation •Obtaining Documentation •Documentation Feedback •Cisco Product Security Overview •Product Alerts and Field Notices •Obtaining Technical Assistance •Obtaining Additional Publications and Information Document Objectives This guide contains the commands available for use with the security appliance to protect your network from unauthorized use and to establish Virtual Private Networks to connect remote sites and users to your network. You can also configure and monitor the security appliance by using ASDM, a web-based GUI application. ASDM includes configuration wizards to guide you through some common configuration scenarios, and online Help for less common scenarios. For more information, see: http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/index.htm. This guide applies to the Cisco PIX 500 series security appliances (PIX 515/515E, PIX 525, and PIX 535) and the Cisco ASA 5500 series security appliances (ASA 5510, ASA 5520, and ASA 5540). Throughout this guide, the term "security appliance" applies generically to all supported models, unless specified otherwise. The PIX 501, PIX 506E, and PIX 520 security appliances are not supported in software Version 7.0(1). Audience This guide is for network managers who perform any of the following tasks: •Manage network security •Install and configure firewall/security appliances •Configure VPNs •Configure intrusion detection software Use this guide with the Cisco Security Appliance Command Line Configuration Guide. Document Organization This guide includes the following chapters: •"Using the Command-Line Interface," introduces you to the security appliance commands and access modes. •"aaa accounting command through accounting-server-group Commands," provides detailed descriptions of the aaa accounting through accounting-server-group commands. •"acl-netmask-convert through auto-update timeout Commands," provides detailed descriptions of the activation-key through auto-update timeout commands. •"backup interface through browse-networks Commands," provides detailed descriptions of the backup-servers through boot commands. •"cache through clear compression Commands," provides detailed descriptions of the cache-time through clear capture commands. •"clear configure through clear configure zonelabs-integrity Commands," provides detailed descriptions of the clear configure through clear configure virtual commands. •"clear console-output through clear xlate Commands," provides detailed descriptions of the clear console-output through clear xlate commands. •"client-access-rule through crl configure Commands," provides detailed descriptions of the client-access-rule through crl-configure commands. •"crypto ca authenticate through customization Commands," provides detailed descriptions of the crypto ca authenticate through crypto map set commands. •"ddns through debug xdmcp Commands," provides detailed descriptions of the debug aaa through debug xdmcp commands. •"default through duplex Commands," provides detailed descriptions of the default through duplex commands. •"email through functions Commands," provides detailed descriptions of the email through functions commands. •"gateway through hw-module module shutdown Commands," provides detailed descriptions of the gateway through hw-module module shutdown commands. •"icmp through imap4s Commands," provides detailed descriptions of the icmp through imap4s commands. •"inspect ctiqbe through inspect xdmcp Commands," provides detailed descriptions of the inspect ctiqbe through inspect xdmcp commands. •"interface-dhcp through issuer-name Commands," provides detailed descriptions of the interface-dhcp through issuer-name commands. •"java-trustpoint through kill Commands," provides detailed descriptions of the join-failover-group through kill commands. •"l2tp tunnel hello through log-adj-changes Commands," provides detailed descriptions of the 12tp tunnel hello through login commands. •"logging asdm through logout message Commands," provides detailed descriptions of the logging asdm through logout message commands. •"mac address through multicast-routing Commands," provides detailed descriptions of the mac-address through multicast-routing commands. •"nac through override-account-disable Commands," provides detailed descriptions of the name through outstanding commands. •"packet-tracer through pwd Commands," provides detailed descriptions of the participate through pwd commands. •"queue-limit through rtp-conformance Commands," provides detailed descriptions of the queue-limit through router ospf commands. •"same-security-traffic through show asdm sessions Commands," provides detailed descriptions of the same-security-traffic through show asdm sessions commands. •"show asp drop through show curpriv Commands," provides detailed descriptions of the show asp drop through show curpriv commands. •"show ddns update interface through show ipv6 traffic Commands," provides detailed descriptions of the show debug through show ipv6 traffic commands. •"show isakmp ipsec-over-tcp stats through show route Commands," provides detailed descriptions of the show isakmp sa through show route commands. •"show running-config through show running-config isakmp Commands," provides detailed descriptions of the show running-config through show running-config isakmp commands. •"show running-config ldap through show running-config wccp Commands," provides detailed descriptions of the show running-config logging through show running-config webvpn commands. •"show service-policy through show webvpn svc Commands," provides detailed descriptions of the show service-policy through show xlate commands. •"shun through sysopt radius ignore-secret Commands," provides detailed descriptions of the shun through sysopt uauth allow-http-cache commands. •"tcp-map through type echo Commands," provides detailed descriptions of the tcp-map through tunnel-limit commands. •"urgent-flag through zonelabs integrity ssl-client-authentication Commands," provides detailed descriptions of the urgent-flag through write terminal commands. Document Conventions Command descriptions use these conventions: •Braces ({ }) indicate a required choice. •Square brackets ([ ]) indicate optional elements. •Vertical bars ( \| ) separate alternative, mutually exclusive elements. •Boldface indicates commands and keywords that are entered literally as shown. •Italics indicate arguments for which you supply values. Examples use these conventions: •Examples depict screen displays and the command line in screen font. •Information you need to enter in examples is shown in boldface screen font. Note Variables for which you must supply a value are shown in italic screen font.Means reader take note. Notes contain helpful suggestions or references to material not addressed in the manual. For information on modes, prompts, and syntax, see "Using the Command-Line Interface." Related Documentation For more information, refer to the following documentation: •Cisco ASDM Release Notes •Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide •Cisco ASA 5500 Series Hardware Installation Guide •Cisco ASA 5500 Series Quick Start Guide •Cisco ASA 5500 Series Release Notes •Cisco PIX Security Appliance Release Notes •Cisco PIX 515E Quick Start Guide •Cisco Security Appliance Command Line Configuration Guide •Cisco Security Appliance System Log Messages •Guide for Cisco PIX 6.2 and 6.3 Users Upgrading to Cisco PIX Software Version 7.0 •Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series •Release Notes for Cisco Secure Desktop •Migrating to ASA for VPN 3000 Concentrator Series Administrators •Selected ASDM VPN Configuration Procedures for the Cisco ASA 5500 Series Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml Product Documentation DVD The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL: http://www.cisco.com/univercd/home/home.htm The Product Documentation DVD is created and released regularly. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL: http://www.cisco.com/go/marketplace/docstore Ordering Documentation You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL: http://www.cisco.com/go/marketplace/docstore If you do not have a user ID or password, you can register at this URL: http://tools.cisco.com/RPF/register/register.do Documentation Feedback You can provide feedback about Cisco technical documentation on the Cisco Support site area by entering your comments in the feedback form available in every online document. Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html From this site, you will find information about how to do the following: •Report security vulnerabilities in Cisco products •Obtain assistance with security incidents that involve Cisco products •Register to receive security information from Cisco A current list of security advisories, security notices, and security responses for Cisco products is available at this URL: http://www.cisco.com/go/psirt To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT: •For emergencies only — security-alert@cisco.com An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies. •For nonemergencies — psirt@cisco.com In an emergency, you can also reach PSIRT by telephone: •1 877 228-7302 •1 408 525-6532 Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x. Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html The link on this page has the current PGP key ID in use. If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material. Product Alerts and Field Notices Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information. To access the Product Alert Tool, you must be a registered Cisco.com user. Registered users can access the tool at this URL: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en To register as a Cisco.com user, go to this URL: http://tools.cisco.com/RPF/register/register.do Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Support website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller. Cisco Support Website The Cisco Support website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL: http://www.cisco.com/en/US/support/index.html Access to all tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL: http://tools.cisco.com/RPF/register/register.do Note Before you submit a request for service online or by phone, use the Cisco Product Identification Tool to locate your product serial number. You can access this tool from the Cisco Support website by clicking the Get Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call. Tip Displaying and Searching on Cisco.com If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5. To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. After using the Search box on the Cisco.com home page, click the Advanced Search link next to the Search box on the resulting page and then click the Technical Support & Documentation radio button. To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page. Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly. To open a service request by telephone, use one of the following numbers: Asia-Pacific: +61 2 8446 7411 Australia: 1 800 805 227 EMEA: +32 2 704 55 55 USA: 1 800 553 2447 For a complete list of Cisco TAC contacts, go to this URL: http://www.cisco.com/techsupport/contacts Definitions of Service Request Severity To ensure that all service requests are reported in a standard format, Cisco has established severity definitions. Severity 1 (S1)—An existing network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation. Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation. Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels. Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. •The Cisco Online Subscription Center is the website where you can sign up for a variety of Cisco e-mail newsletters and other communications. Create a profile and then select the subscriptions that you would like to receive. To visit the Cisco Online Subscription Center, go to this URL: http://www.cisco.com/offer/subscribe •The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL: http://www.cisco.com/go/guide •Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ •Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL: http://www.ciscopress.com •Internet Protocol Journal is s a quarterly journal published by Cisco for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj •Networking products offered by Cisco, as well as customer support services, can be obtained at this URL: http://www.cisco.com/en/US/products/index.html •Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL: http://www.cisco.com/discuss/networking •"What's New in Cisco Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of "What's New in Cisco Documentation" at this URL: http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm •World-class networking training is available from Cisco. You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.