Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.1F - Index [Cisco Adaptive Security Device Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

AAA

accounting 24-15

authentication

CLI access 15-25

network access 24-1

proxy limit 24-8

authorization

command 15-26

downloadable access lists 24-11

network access 24-9

disabling challenges 24-8

local database support 14-6

maximum rules 1-7

overview 14-1

performance 24-1

server

adding 14-7, 14-8

types 14-3

support summary 14-3

web clients 24-7

ABR

definition of 10-7

Access Group panel 11-2

description 11-2

fields 11-2

access lists

commitment 20-2

downloadable 24-11

expanded 20-3

implicit deny 20-2

inbound 20-3

IP address guidelines with NAT 20-5

maximum rules 20-3

memory limits 20-3

memory partitions 9-10

NAT addresses 20-5

outbound 20-3

overview 20-1

ACEs

expanded 20-3

maximum 20-3

Active/Active failover

about 13-2

command replication 13-2

configuration synchronization 13-2

Active/Standby failover 13-2

adaptive security algorithm 1-17

Add/Edit Access Group dialog box 11-3

description 11-3

fields 11-3

Add/Edit Filtering Entry dialog box 10-14

description 10-14

fields 10-14

Add/Edit IGMP Join Group dialog box 11-4

description 11-4

fields 11-4

Add/Edit IGMP Static Group dialog box 11-7

description 11-7

fields 11-7

Add/Edit Multicast Group dialog box 11-16

description 11-16

fields 11-16

Add/Edit Multicast Route dialog box

description 11-8

fields 11-8

Add/Edit OSPF Area dialog box 10-10

description 10-10

fields 10-11

Add/Edit OSPF Neighbor Entry dialog box 10-22

description 10-22

fields 10-23

Restrictions 10-22

Add/Edit Periodic Time Range dialog box 19-15

Add/Edit Redistribution dialog box 10-21

description 10-21

fields 10-21

Add/Edit Rendezvous Point dialog box 11-14

description 11-14

fields 11-15

restrictions 11-15

Add/Edit Route Summarization dialog box 10-13

about 10-13

fields 10-13

Add/Edit Summary Address dialog box

description 10-24

fields 10-24

Add/Edit Time Range dialog box 19-14

Add/Edit Virtual Link dialog box 10-25

description 10-25

fields 10-25

Addresses tab 19-2

admin context

overview 9-2

Advanced DHCP Options dialog box 12-6

description 12-6

fields 12-7

Advanced OSPF Interface Properties dialog box 10-19

description 10-19

fields 10-19

Advanced OSPF Virtual Link Properties dialog box 10-26

description 10-26

fields 10-26

alternate address, ICMP message 15-8

APN, GTP application inspection 23-84

APPE command, denied request 23-79

application firewall 23-87

application inspection

about 23-2

applying 23-4

configuring 23-4

described 23-58

enabling for different protocols 23-27

Apply button 2-10

Area/Networks tab 10-10

description 10-10

fields 10-10

area border router 10-7

ARP inspection

configuring 27-1

ARP spoofing 27-2

ARP table

monitoring 30-1

static entry 27-3

ASBR

definition of 10-7

ASDM

maximum connections 1-5

version 2-14

authenticating a certificate 17-1

authentication

CLI access 15-25

FTP 24-3

HTTP 24-2

network access 24-1

overview 14-2

Telnet 24-2

web clients 24-7

Authentication tab 10-15

description 10-15

fields 10-15

authorization

command 15-26

downloadable access lists 24-11

network access 24-9

overview 14-2

autostate messaging 4-15

B

bandwidth 2-15

limiting 9-16

maximum 1-4

BGP

monitoring 10-43

booting

from the switch 4-17

boot partitions 4-16

BPDUs

forwarding on the switch 4-14

bridge groups

overview 1-16

bridging

MAC address table

learning, disabling 27-6

overview 27-4

static entry 27-6

management IP address 7-1

building blocks 19-1

bypassing the firewall, in the switch 4-9

C

CA certificate 17-1

call agents

MGCP application inspection 23-101, 23-102

Cancel button 2-10

CDUP command, denied request 23-80

CEF 1-4

certificate

exporting 17-14

fingerprint 17-2

importing 17-15

installing 17-15

managing 17-5

certificate authentication 17-1

certificate enrollment 17-2

Cisco IOS versions 1-2, 1-3

Cisco IP Phones, application inspection 23-21

classes

See resource management

command authorization

about 15-26

configuring 15-26

multiple contexts 15-28

Compact Flash 4-16

Configure IGMP Parameters dialog box 11-5

description 11-5

fields 11-5

connection

deleting 1-6

connection limits

TCP and UDP 26-1

connections per second 2-15

context mode

viewing 2-14

contexts

See security contexts

control plane path 1-17

conversion error, ICMP message 15-8

CPU usage 2-14

CRL

cache refresh time 17-13

checking 17-13

enforce next update 17-13

retrieval method 17-12

retrieval policy 17-11

CTIQBE

application inspection, enabling 23-27

cut-through proxy 24-1

D

default class 9-18

default policy 22-2

default routes

defining equal cost routes 10-42

definition of 10-42

device ID, including in messages 16-8

DHCP

configuring 12-4

monitoring

interface lease 30-2

IP addresses 30-2

server 30-2

statistics 30-3

services 12-1

statistics 30-3

transparent firewall 20-8

DHCP relay

overview 12-1

DHCP Relay - Add/Edit DHCP Server dialog box 12-3

description 12-3, 12-4

fields 12-4

restrictions 12-3

DHCP Relay panel

description 12-1

fields 12-2

prerequisites 12-1

restrictions 12-1

DHCP Server panel 12-4

description 12-4

fields 12-5

DHCP services 12-1, 13-1

digital certificates 17-1

DMZ, definition 1-1

DNS

application inspection, enabling 23-27

inspection

about 23-6

managing 23-6

rewrite, about 23-7

DNS and NAT 21-15

DNS client 12-8

downloadable access lists

configuring 24-11

converting netmask expressions 24-15

DSCP bits 1-18

dynamic NAT

See NAT

E

ECMP 10-42

Edit DHCP Relay Agent Settings dialog box 12-3

description 12-3

fields 12-3

prerequisites 12-3

restrictions 12-3

Edit DHCP Server dialog box 12-6

description 12-6

fields 12-6

Edit OSPF Interface Authentication dialog box 10-16

description 10-16

fields 10-16

Edit OSPF Interface Properties dialog box 10-18

fields 10-18

Edit OSPF Process Advanced Properties dialog box 10-8

description 10-8

fields 10-8

Edit PIM Protocol dialog box 11-10

description 11-10

fields 11-10

EIGRP 20-8

enrolling

certificate 17-2

ESMTP

application inspection, enabling 23-27

established command

maximum rules 1-7

security level requirements 8-1

EtherChannel, backplane

load-balancing 4-14

overview 4-14

Ethernet

MTU 8-2, 8-5

EtherType access list

applying in both directions 20-8

compatibilty with extended access lists 20-2

implicit deny 20-2

MPLS, allowing 20-9

supported EtherTypes 20-8

exporting a certificate 17-14

external filtering server 25-7

F

failover

criteria 13-16, 13-22

defining standby IP addresses 13-14, 13-15

enable 13-20

enabling Active/Standby 13-11

enabling Stateful Failover 13-12

graphs 29-4

in multiple context mode 13-20

key 13-12, 13-20

make active 29-4

make standby 29-4

monitoring 29-1

PISA 26-7

reload standby 29-4

reset 29-4, 29-8

stateful 13-3

Stateful Failover 13-21

stateless 13-3

status 29-1

switch configuration 4-14

trunk 4-14

failover groups

about 13-23

adding 13-24

editing 13-24

monitoring 29-8

reset 29-10

filtering

benefits of 25-7

maximum rules 1-7

overview 25-1

rules 25-8

security level requirements 8-1

servers supported 25-2

URLs 25-2

Filtering panel 10-13

benefits 10-13

description 10-13

fields 10-14

restrictions 10-13

fingerprint

certificate 17-2

firewall mode

configuring 18-1

overview 18-1

viewing 2-14

Flash memory

overview 4-16

partitions 4-16

size 1-4

fragments 1-13

FTP

application inspection

enabling 23-27

viewing 23-60, 23-62, 23-69, 23-70, 23-76, 23-77, 23-85, 23-88, 23-95, 23-98, 23-101, 23-105, 23-107, 23-108, 23-112

filtering option 25-10

FTP inspection

about 23-8

configuring 23-8

G

gateways

MGCP application inspection 23-103

global addresses

guidelines 21-15

GRE tagging with PISA 26-6

GTP

application inspection

enabling 23-27

viewing 23-80

GTP inspection

configuring 23-10

H

H.323

transparent firewall guidelines 18-3

H.323 inspection

about 23-12

configuring 23-11

limitations 23-13

H225

application inspection, enabling 23-27

H323 RAS

application inspection, enabling 23-28

Help button 2-10

HELP command, denied request 23-80

Help menu 2-7

history metrics 7-2

HSRP 18-3

HTTP

application inspection

enabling 23-28

viewing 23-87

filtering

configuring 25-9

HTTP(S)

filtering 25-2

maximum connections 1-5

maximum rules 1-7

HTTP inspection

configuring 23-13

HTTPS

filtering option 25-10

HTTPS/Telnet/SSH

allowing network or host access to ASDM 15-1

I

ICMP

application inspection, enabling 23-28

maximum rules 1-7

ICMP Error

application inspection, enabling 23-28

IGMP

access groups 11-2

configuring interface parameters 11-5

group membership 11-3

interface parameters 11-5

static group assignment 11-6

IGMP panel

IGMP

overview 11-2

ILS

application inspection, enabling 23-28

ILS inspection 23-14

IM 23-20

import certificate panel 17-3

importing a certificate 17-15

inbound access lists 20-3

information reply, ICMP message 15-8

information request, ICMP message 15-8

inside, definition 1-1

inspection engines

security level requirements 8-1

See application inspection

installation

module verification 4-3

installing a certificate 17-15

Instant Messaging inspection 23-20

interface

MTU 8-2, 8-5

status 2-14

throughput 2-15

Interface panel 10-15

interfaces

maximum 1-4

monitoring 30-5

See also switch ports.

shared 9-6

IOS versions 1-2, 1-3

IP address 7-1

management, transparent firewall 7-1

IP addresses

overlapping between contexts 9-4

IP fragment database, editing 26-12

IPX 4-9

ISNs, randomizing

using Modular Policy Framework 26-1

J

Java applet filtering 25-2

Java console 3-8

Join Group panel 11-3

description 11-3

fields 11-4

K

Kerberos

configuring 14-7

support 14-6

key pair panel

key-pair name 17-4

size 17-4

usage 17-4

key pairs 17-4

adding 17-4

showing details 17-5

L

Layer 2 firewall

See transparent firewall

Layer 3/4

matching multiple policy maps 22-4

LDAP

application inspection 23-14

attribute mapping 14-16

configuring 14-7

support 14-6

load-balancing, backplane EtherChannel 4-14

local user database

support 14-6

lockout recovery 15-35

logging

viewing last 10 messages 2-15

login

FTP 24-3

loops, avoiding 4-14

LSA

about Type 1 31-3

about Type 2 31-4

about Type 3 31-4

about Type 4 31-5

about Type 5 31-6

about Type 7 31-6

M

MAC address table 27-4

built-in-switch 27-5

learning, disabling 27-6

monitoring 30-4

overview 27-4

static entry 27-6

managing

certificates 17-5

man-in-the-middle attack 27-2

mask reply, ICMP message 15-8

mask request, ICMP message 15-8

memory

access list use of 20-3

Flash 1-4

RAM 1-4

rules use of 20-3

memory partitions 9-10

reallocating rules 9-15

setting the total number 9-11

sizes 9-12

memory usage 2-14

menus 2-5

MGCP

application inspection

configuring 23-103

enabling 23-28

viewing 23-101

MGCP inspection

configuring 23-15

MIBs

supported 15-10

mobile redirection, ICMP message 15-8

mode

context 9-9

Modular Policy Framework

See MPF

monitoring

ARP table 30-1

DHCP

interface lease 30-2

IP addresses 30-2

server 30-2

statistics 30-3

failover 29-1, 29-5

failover groups 29-8

history metrics 7-2

interfaces 30-5

MAC address table 30-4

routes 31-9

SNMP 15-10

MPF

about 22-1

default policy 22-2

features 22-1

flows 22-4

matching multiple policy maps 22-4

MPLS

LDP 20-9

router-id 20-9

TDP 20-9

MRoute panel 11-9

description 11-7

fields 11-7

MSFC

definition 1-2

overview 1-15

SVIs 4-9

MTU 8-2, 8-5

Multicast panel

description 11-1

fields 11-1

Multicast Route panel 11-9

multicast traffic 18-3

Multilayer Switch Feature Card

See MSFC

multiple mode, enabling 9-9

multiple SVIs 4-8

N

N2H2 filtering server 25-7

name resolution 12-8

NAT

application inspection 23-58

bypassing NAT

overview 21-10

DNS 21-15

dynamic NAT

configuring 21-24

implementation 21-18

overview 21-6

exemption from NAT

overview 21-10

identity NAT

overview 21-10

order of statements 21-14

overview 21-1

PAT

configuring 21-24

implementation 21-18

overview 21-8

policy NAT

maximum rules 1-7

overview 21-10

RPC not supported with 23-24

same security level 21-14

security level requirements 8-1

static NAT

configuring 21-28

overview 21-8

static PAT

overview 21-9

transparent mode 21-3

types 21-6

xlate bypass

overview 21-13

NETBIOS

application inspection, enabling 23-28

network objects 19-1

network processors 1-17

NPs 1-17

NTLM support 14-5

NT server

configuring 14-7

support 14-5

O

object groups

expanded 20-3

Options menu 2-6

OSPF

about 10-6

adding an LSA filter 10-14

authentication settings 10-15

authentication support 10-7

configuring authentication 10-16

defining a static neighbor 10-22

defining interface properties 10-18

interaction with NAT 10-7

interface properties 10-15, 10-17

LSA filtering 10-13

LSAs 10-7

LSA types 31-3

monitoring LSAs 31-3

neighbor states 31-7

route map 10-1

route redistribution 10-19

static neighbor 10-22

summary address 10-23

virtual links 10-24

OSPF area

defining 10-10

OSPF Neighbors panel 31-7

description 31-7

fields 31-7

OSPF parameters

dead interval 10-19

hello interval 10-19

retransmit interval 10-19

transmit delay 10-19

OSPF route summarization

about 10-12

defining 10-13

outbound access lists 20-3

outside, definition 1-1

oversubscribing resources 9-17

P

packet

classifier 9-3

parameter problem, ICMP message 15-8

partitions

application 4-16

boot 4-16

crash dump 4-16

Flash memory 4-16

maintenance 4-16

network configuration 4-16

PAT

See NAT

PDP context, GTP application inspection 23-83

PIM

interface parameters 11-9

overview 11-9

register message filter 11-16

rendezvous points 11-14

shortest path tree settings 11-18

PISA integration 26-5

policy map

Layer 3/4

flows 22-4

policy NAT

about 21-10

PortFast 4-5

PPTP

application inspection, enabling 23-28

Process Instances tab 10-8

description 10-8

fields 10-8

Properties tab 10-17

description 10-17

fields 10-17

Protocol panel (IGMP) 11-5

description 11-5

fields 11-5

Protocol panel (PIM) 11-9

description 11-9

fields 11-10

proxy ARP, disabling 10-46

proxy servers

SIP and 23-19

Q

QoS compatibility 1-18

R

RADIUS

configuring a server 14-7

downloadable access lists 24-11

network access authentication 24-3

network access authorization 24-11

support 14-4

RAM, amount

memory, amount

RAM 2-14

rapid link failure detection 4-15

RealPlayer 23-18

rebooting

from the switch 4-17

redirect, ICMP message 15-8

Redistribution panel 10-19

description 10-19

fields 10-20

Related Documentation 1-4

reloading

from the switch 4-17

Rendezvous Points panel 11-14

description 11-14

fields 11-14

Request Filter panel 11-16

description 11-16

fields 11-16

requirements 1-2

reset

inbound connections 26-13

outside connections 26-13

Reset button 2-10

resetting

from the switch 4-17

resource management

default class 9-18

oversubscribing 9-17

overview 9-17

unlimited 9-17

RIP

authentication 10-27

definition of 10-27

support for 10-27

RIP panel 10-27

fields 10-28

limitations 10-27

RIP Version 2 Notes 10-27

RNFR command, denied request 23-80

RNTO command, denied request 23-80

route maps

uses 10-1

router advertisement, ICMP message 15-8

router solicitation, ICMP message 15-8

Routes panel 31-9

description 31-9

fields 31-9

Route Summarization tab 10-12

about 10-12

fields 10-12

Route Tree panel 11-18

description 11-18

fields 11-18

routing

other protocols 20-7

RPC

application inspection, enabling 23-28

RSH

application inspection, enabling 23-28

RSH connections 1-6

RTSP

application inspection, enabling 23-28

RTSP inspection

about 23-18

configuring 23-18

rules

default allocation 1-7

filtering 25-7

ICMP 15-7

maximum 20-3

memory partitions 9-10

pools for contexts 1-7

reallocating memory 1-8

reallocating memory per partition 9-15

S

same security level communication

NAT 21-14

SCCP (Skinny) inspection

about 23-21

configuration 23-21

configuring 23-21

SDI

configuring 14-7

support 14-5

secure computing smartfilter 25-2

security contexts

admin context

overview 9-2

classifier 9-3

command authorization 15-28

memory partitions 9-10

MSFC compatibility 1-16

multiple mode, enabling 9-9

overview 9-1

resource management 9-17

unsupported features 9-2

segment size

maximum and minimum 26-13

session management path 1-17

Setup panel 10-7

about 10-7

shared interfaces 9-6

shared VLANs 9-6

single mode

backing up configuration 9-9

configuration 9-9

enabling 9-9

restoring 9-9

SIP

application inspection, enabling 23-28

SIP inspection

about 23-19

configuring 23-19

instant messaging 23-20

SITE command, denied request 23-80

Skinny

application inspection, enabling 23-28

SMTP inspection 23-22

SNMP

application inspection

enabling 23-28

viewing 23-118

MIBs 15-10

overview 15-10

traps 15-22

software

version 2-14

source quench, ICMP message 15-8

SPAN session 4-2

specifications 1-1

spoofing, preventing 26-12

SQLNET

application inspection, enabling 23-28

SSH

maximum rules 1-7

stateful application inspection 23-58

Stateful Failover 13-3

enabling 13-12

Logical Updates Statistics 29-7, 29-9

settings 13-21

stateful inspection

overview 1-17

stateless failover 13-3

Static Group panel 11-6

description 11-6

fields 11-6

static NAT

See NAT

Static Neighbor panel 10-22

description 10-22

fields 10-22

static PAT

See NAT

static routes

about 10-41

floating 10-41

status bar 2-9

stealth firewall

See transparent firewall

STOU command, denied request 23-80

subordinate certificate 17-1

Summary Address panel 10-23

description 10-23

fields 10-23

Sun RPC inspection

about 23-24

configuring 23-24

supervisor engine versions 1-2, 1-3

supervisor IOS 1-2

SVIs

configuring 4-10

dummy 4-15

multiple 4-8

overview 4-8

switch

ASDM

prerequisite configuration 4-3

supported features 4-1

assigning VLANs to FWSM 4-11

autostate messaging 4-15

BPDU forwarding 4-14

connecting to 4-4

failover compatibility with transparent firewall 4-14

failover configuration 4-14

maximum modules 1-4

resetting the module 4-17

SNMP 4-3

SSH 4-3

supported hardware and software 4-2

system requirements 1-2

trunk for failover 4-14

verifying module installation 4-3

VLAN addition 4-10

switched virtual interfaces

See SVIs

Switch Fabric Module 1-4

switch MAC address table 27-5

switch port

secured 4-6

switch ports

administrative state 4-5

mode 4-5

overview 4-5

PortFast 4-5

speed 4-5

VLAN assignment 4-6

system configuration

overview 9-2

system messages

device ID, including 16-8

viewing last 10 2-15

system requirements 1-2

T

TACACS+

command authorization, configuring 15-30

configuring a server 14-7

network access authorization 24-9

support 14-4

TCP

application inspection 23-58

back-to-back connections 1-6

connection, deleting 1-6

maximum segment size 26-13

sequence randomization 26-4

TIME_WAIT state 26-13

Telnet

maximum rules 1-7

TFTP

application inspection, enabling 23-28

TIME_WAIT state 26-13

time exceeded, ICMP message 15-8

timestamp reply, ICMP message 15-8

timestamp request, ICMP message 15-8

Tools menu 2-6

traffic usage 2-15

transparent firewall

DHCP packets, allowing 20-8

guidelines 18-5

H.323 guidelines 18-3

HSRP 18-3

MAC address table

learning, disabling 27-6

overview 27-4

static entry 27-6

management IP address 7-1

multicast traffic 18-3

overview 18-1

packet handling 20-7

unsupported features 18-6

VRRP 18-3

transparent mode

NAT 21-3

traps, SNMP 15-22

trustpoint

definition 17-7

trustpoint configuration panel 17-7

advanced options 17-13

CA certificate subject 17-8

certificate parameters 17-9

CRL retrieval method 17-12

CRL retrieval policy 17-11

device certificate subject 17-8

editing DN 17-10

enrollment settings 17-8

request CRL 17-8

trustpoint name 17-7

trustpoint export panel 17-14

trustpoint import panel 17-15

Type 1 panel 31-3

description 31-3

fields 31-3

Type 2 panel 31-4

description 31-4

fields 31-4

Type 3 panel 31-4

description 31-4

fields 31-5

Type 4 panel 31-5

description 31-5

fields 31-5

Type 5 panel 31-6

description 31-6

fields 31-6

Type 7 panel 31-6

description 31-6

fields 31-6

U

UDP

application inspection 23-58

connection state information 1-18

Unicast Reverse Path Forwarding 26-12

unreachable messages

ICMP type 15-8

required for MTU discovery 15-7

uptime 2-14

URL

filtering

configuring 25-9

URLs

filtering 25-2

filtering, configuration 25-6

V

version

ASDM 2-14

platform software 2-14

virtual firewalls

See security contexts

Virtual Link panel 10-24

description 10-24

fields 10-24

virtual reassembly 1-13

VLAN groups

adding 4-12

assign to FWSM 4-12

guidelines 4-11

maximum 4-12

VLANs

adding to the switch 4-10

assigning to FWSM 4-11

firewall groups 4-11

guidelines 4-7

maximum 1-4

shared 9-6

switch port assignment 4-6

VoIP

proxy servers 23-19

VPN management connection 15-5

VRRP 18-3

W

WAN ports 1-2

web clients, secure authentication 24-7

Websense filtering server 25-7

Window menu 2-7

Wizards menu 2-7

X

XDMCP

application inspection, enabling 23-28

xlate bypass

overview 21-13

	Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.1F
	Index
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.1F About This Guide Getting Started Introduction to the Firewall Services Module Welcome to ASDM Defining Preferences and Using Configuration, Diagnostic, and File Management Tools Configuring the Switch for Use with the FWSM Before You Start Device Setup and Management Using the Startup Wizard Configuring Device Settings and Management Configuring Interfaces Configuring Security Contexts Configuring Dynamic And Static Routing Configuring Multicast Routing Configuring DHCP and DNS Configuring Failover Configuring AAA Servers and User Accounts Configuring Management Access Configuring Logging Configuring Certificates Configuring the Firewall Firewall Mode Overview Adding Global Objects Configuring Access Rules and EtherType Rules Configuring NAT Configuring Service Policy Rules Configuring Application Layer Protocol Inspection Configuring AAA Rules Configuring Filter Rules Configuring Advanced Connection Features Configuring ARP Inspection and Bridging Parameters Monitoring the Firewall Services Module Monitoring Logging Monitoring Failover Monitoring Interfaces Monitoring Routing Monitoring Properties Specifications Index	Download this chapter Index Download the complete book Full-Book PDF: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.1F (PDF - 9 MB) Table Of Contents A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Index A AAA accounting 24-15 authentication CLI access 15-25 network access 24-1 proxy limit 24-8 authorization command 15-26 downloadable access lists 24-11 network access 24-9 disabling challenges 24-8 local database support 14-6 maximum rules 1-7 overview 14-1 performance 24-1 server adding 14-7, 14-8 types 14-3 support summary 14-3 web clients 24-7 ABR definition of 10-7 Access Group panel 11-2 description 11-2 fields 11-2 access lists commitment 20-2 downloadable 24-11 expanded 20-3 implicit deny 20-2 inbound 20-3 IP address guidelines with NAT 20-5 maximum rules 20-3 memory limits 20-3 memory partitions 9-10 NAT addresses 20-5 outbound 20-3 overview 20-1 ACEs expanded 20-3 maximum 20-3 Active/Active failover about 13-2 command replication 13-2 configuration synchronization 13-2 Active/Standby failover 13-2 adaptive security algorithm 1-17 Add/Edit Access Group dialog box 11-3 description 11-3 fields 11-3 Add/Edit Filtering Entry dialog box 10-14 description 10-14 fields 10-14 Add/Edit IGMP Join Group dialog box 11-4 description 11-4 fields 11-4 Add/Edit IGMP Static Group dialog box 11-7 description 11-7 fields 11-7 Add/Edit Multicast Group dialog box 11-16 description 11-16 fields 11-16 Add/Edit Multicast Route dialog box description 11-8 fields 11-8 Add/Edit OSPF Area dialog box 10-10 description 10-10 fields 10-11 Add/Edit OSPF Neighbor Entry dialog box 10-22 description 10-22 fields 10-23 Restrictions 10-22 Add/Edit Periodic Time Range dialog box 19-15 Add/Edit Redistribution dialog box 10-21 description 10-21 fields 10-21 Add/Edit Rendezvous Point dialog box 11-14 description 11-14 fields 11-15 restrictions 11-15 Add/Edit Route Summarization dialog box 10-13 about 10-13 fields 10-13 Add/Edit Summary Address dialog box description 10-24 fields 10-24 Add/Edit Time Range dialog box 19-14 Add/Edit Virtual Link dialog box 10-25 description 10-25 fields 10-25 Addresses tab 19-2 admin context overview 9-2 Advanced DHCP Options dialog box 12-6 description 12-6 fields 12-7 Advanced OSPF Interface Properties dialog box 10-19 description 10-19 fields 10-19 Advanced OSPF Virtual Link Properties dialog box 10-26 description 10-26 fields 10-26 alternate address, ICMP message 15-8 APN, GTP application inspection 23-84 APPE command, denied request 23-79 application firewall 23-87 application inspection about 23-2 applying 23-4 configuring 23-4 described 23-58 enabling for different protocols 23-27 Apply button 2-10 Area/Networks tab 10-10 description 10-10 fields 10-10 area border router 10-7 ARP inspection configuring 27-1 ARP spoofing 27-2 ARP table monitoring 30-1 static entry 27-3 ASBR definition of 10-7 ASDM maximum connections 1-5 version 2-14 authenticating a certificate 17-1 authentication CLI access 15-25 FTP 24-3 HTTP 24-2 network access 24-1 overview 14-2 Telnet 24-2 web clients 24-7 Authentication tab 10-15 description 10-15 fields 10-15 authorization command 15-26 downloadable access lists 24-11 network access 24-9 overview 14-2 autostate messaging 4-15 B bandwidth 2-15 limiting 9-16 maximum 1-4 BGP monitoring 10-43 booting from the switch 4-17 boot partitions 4-16 BPDUs forwarding on the switch 4-14 bridge groups overview 1-16 bridging MAC address table learning, disabling 27-6 overview 27-4 static entry 27-6 management IP address 7-1 building blocks 19-1 bypassing the firewall, in the switch 4-9 C CA certificate 17-1 call agents MGCP application inspection 23-101, 23-102 Cancel button 2-10 CDUP command, denied request 23-80 CEF 1-4 certificate exporting 17-14 fingerprint 17-2 importing 17-15 installing 17-15 managing 17-5 certificate authentication 17-1 certificate enrollment 17-2 Cisco IOS versions 1-2, 1-3 Cisco IP Phones, application inspection 23-21 classes See resource management command authorization about 15-26 configuring 15-26 multiple contexts 15-28 Compact Flash 4-16 Configure IGMP Parameters dialog box 11-5 description 11-5 fields 11-5 connection deleting 1-6 connection limits TCP and UDP 26-1 connections per second 2-15 context mode viewing 2-14 contexts See security contexts control plane path 1-17 conversion error, ICMP message 15-8 CPU usage 2-14 CRL cache refresh time 17-13 checking 17-13 enforce next update 17-13 retrieval method 17-12 retrieval policy 17-11 CTIQBE application inspection, enabling 23-27 cut-through proxy 24-1 D default class 9-18 default policy 22-2 default routes defining equal cost routes 10-42 definition of 10-42 device ID, including in messages 16-8 DHCP configuring 12-4 monitoring interface lease 30-2 IP addresses 30-2 server 30-2 statistics 30-3 services 12-1 statistics 30-3 transparent firewall 20-8 DHCP relay overview 12-1 DHCP Relay - Add/Edit DHCP Server dialog box 12-3 description 12-3, 12-4 fields 12-4 restrictions 12-3 DHCP Relay panel description 12-1 fields 12-2 prerequisites 12-1 restrictions 12-1 DHCP Server panel 12-4 description 12-4 fields 12-5 DHCP services 12-1, 13-1 digital certificates 17-1 DMZ, definition 1-1 DNS application inspection, enabling 23-27 inspection about 23-6 managing 23-6 rewrite, about 23-7 DNS and NAT 21-15 DNS client 12-8 downloadable access lists configuring 24-11 converting netmask expressions 24-15 DSCP bits 1-18 dynamic NAT See NAT E ECMP 10-42 Edit DHCP Relay Agent Settings dialog box 12-3 description 12-3 fields 12-3 prerequisites 12-3 restrictions 12-3 Edit DHCP Server dialog box 12-6 description 12-6 fields 12-6 Edit OSPF Interface Authentication dialog box 10-16 description 10-16 fields 10-16 Edit OSPF Interface Properties dialog box 10-18 fields 10-18 Edit OSPF Process Advanced Properties dialog box 10-8 description 10-8 fields 10-8 Edit PIM Protocol dialog box 11-10 description 11-10 fields 11-10 EIGRP 20-8 enrolling certificate 17-2 ESMTP application inspection, enabling 23-27 established command maximum rules 1-7 security level requirements 8-1 EtherChannel, backplane load-balancing 4-14 overview 4-14 Ethernet MTU 8-2, 8-5 EtherType access list applying in both directions 20-8 compatibilty with extended access lists 20-2 implicit deny 20-2 MPLS, allowing 20-9 supported EtherTypes 20-8 exporting a certificate 17-14 external filtering server 25-7 F failover criteria 13-16, 13-22 defining standby IP addresses 13-14, 13-15 enable 13-20 enabling Active/Standby 13-11 enabling Stateful Failover 13-12 graphs 29-4 in multiple context mode 13-20 key 13-12, 13-20 make active 29-4 make standby 29-4 monitoring 29-1 PISA 26-7 reload standby 29-4 reset 29-4, 29-8 stateful 13-3 Stateful Failover 13-21 stateless 13-3 status 29-1 switch configuration 4-14 trunk 4-14 failover groups about 13-23 adding 13-24 editing 13-24 monitoring 29-8 reset 29-10 filtering benefits of 25-7 maximum rules 1-7 overview 25-1 rules 25-8 security level requirements 8-1 servers supported 25-2 URLs 25-2 Filtering panel 10-13 benefits 10-13 description 10-13 fields 10-14 restrictions 10-13 fingerprint certificate 17-2 firewall mode configuring 18-1 overview 18-1 viewing 2-14 Flash memory overview 4-16 partitions 4-16 size 1-4 fragments 1-13 FTP application inspection enabling 23-27 viewing 23-60, 23-62, 23-69, 23-70, 23-76, 23-77, 23-85, 23-88, 23-95, 23-98, 23-101, 23-105, 23-107, 23-108, 23-112 filtering option 25-10 FTP inspection about 23-8 configuring 23-8 G gateways MGCP application inspection 23-103 global addresses guidelines 21-15 GRE tagging with PISA 26-6 GTP application inspection enabling 23-27 viewing 23-80 GTP inspection configuring 23-10 H H.323 transparent firewall guidelines 18-3 H.323 inspection about 23-12 configuring 23-11 limitations 23-13 H225 application inspection, enabling 23-27 H323 RAS application inspection, enabling 23-28 Help button 2-10 HELP command, denied request 23-80 Help menu 2-7 history metrics 7-2 HSRP 18-3 HTTP application inspection enabling 23-28 viewing 23-87 filtering configuring 25-9 HTTP(S) filtering 25-2 maximum connections 1-5 maximum rules 1-7 HTTP inspection configuring 23-13 HTTPS filtering option 25-10 HTTPS/Telnet/SSH allowing network or host access to ASDM 15-1 I ICMP application inspection, enabling 23-28 maximum rules 1-7 ICMP Error application inspection, enabling 23-28 IGMP access groups 11-2 configuring interface parameters 11-5 group membership 11-3 interface parameters 11-5 static group assignment 11-6 IGMP panel IGMP overview 11-2 ILS application inspection, enabling 23-28 ILS inspection 23-14 IM 23-20 import certificate panel 17-3 importing a certificate 17-15 inbound access lists 20-3 information reply, ICMP message 15-8 information request, ICMP message 15-8 inside, definition 1-1 inspection engines security level requirements 8-1 See application inspection installation module verification 4-3 installing a certificate 17-15 Instant Messaging inspection 23-20 interface MTU 8-2, 8-5 status 2-14 throughput 2-15 Interface panel 10-15 interfaces maximum 1-4 monitoring 30-5 See also switch ports. shared 9-6 IOS versions 1-2, 1-3 IP address 7-1 management, transparent firewall 7-1 IP addresses overlapping between contexts 9-4 IP fragment database, editing 26-12 IPX 4-9 ISNs, randomizing using Modular Policy Framework 26-1 J Java applet filtering 25-2 Java console 3-8 Join Group panel 11-3 description 11-3 fields 11-4 K Kerberos configuring 14-7 support 14-6 key pair panel key-pair name 17-4 size 17-4 usage 17-4 key pairs 17-4 adding 17-4 showing details 17-5 L Layer 2 firewall See transparent firewall Layer 3/4 matching multiple policy maps 22-4 LDAP application inspection 23-14 attribute mapping 14-16 configuring 14-7 support 14-6 load-balancing, backplane EtherChannel 4-14 local user database support 14-6 lockout recovery 15-35 logging viewing last 10 messages 2-15 login FTP 24-3 loops, avoiding 4-14 LSA about Type 1 31-3 about Type 2 31-4 about Type 3 31-4 about Type 4 31-5 about Type 5 31-6 about Type 7 31-6 M MAC address table 27-4 built-in-switch 27-5 learning, disabling 27-6 monitoring 30-4 overview 27-4 static entry 27-6 managing certificates 17-5 man-in-the-middle attack 27-2 mask reply, ICMP message 15-8 mask request, ICMP message 15-8 memory access list use of 20-3 Flash 1-4 RAM 1-4 rules use of 20-3 memory partitions 9-10 reallocating rules 9-15 setting the total number 9-11 sizes 9-12 memory usage 2-14 menus 2-5 MGCP application inspection configuring 23-103 enabling 23-28 viewing 23-101 MGCP inspection configuring 23-15 MIBs supported 15-10 mobile redirection, ICMP message 15-8 mode context 9-9 Modular Policy Framework See MPF monitoring ARP table 30-1 DHCP interface lease 30-2 IP addresses 30-2 server 30-2 statistics 30-3 failover 29-1, 29-5 failover groups 29-8 history metrics 7-2 interfaces 30-5 MAC address table 30-4 routes 31-9 SNMP 15-10 MPF about 22-1 default policy 22-2 features 22-1 flows 22-4 matching multiple policy maps 22-4 MPLS LDP 20-9 router-id 20-9 TDP 20-9 MRoute panel 11-9 description 11-7 fields 11-7 MSFC definition 1-2 overview 1-15 SVIs 4-9 MTU 8-2, 8-5 Multicast panel description 11-1 fields 11-1 Multicast Route panel 11-9 multicast traffic 18-3 Multilayer Switch Feature Card See MSFC multiple mode, enabling 9-9 multiple SVIs 4-8 N N2H2 filtering server 25-7 name resolution 12-8 NAT application inspection 23-58 bypassing NAT overview 21-10 DNS 21-15 dynamic NAT configuring 21-24 implementation 21-18 overview 21-6 exemption from NAT overview 21-10 identity NAT overview 21-10 order of statements 21-14 overview 21-1 PAT configuring 21-24 implementation 21-18 overview 21-8 policy NAT maximum rules 1-7 overview 21-10 RPC not supported with 23-24 same security level 21-14 security level requirements 8-1 static NAT configuring 21-28 overview 21-8 static PAT overview 21-9 transparent mode 21-3 types 21-6 xlate bypass overview 21-13 NETBIOS application inspection, enabling 23-28 network objects 19-1 network processors 1-17 NPs 1-17 NTLM support 14-5 NT server configuring 14-7 support 14-5 O object groups expanded 20-3 Options menu 2-6 OSPF about 10-6 adding an LSA filter 10-14 authentication settings 10-15 authentication support 10-7 configuring authentication 10-16 defining a static neighbor 10-22 defining interface properties 10-18 interaction with NAT 10-7 interface properties 10-15, 10-17 LSA filtering 10-13 LSAs 10-7 LSA types 31-3 monitoring LSAs 31-3 neighbor states 31-7 route map 10-1 route redistribution 10-19 static neighbor 10-22 summary address 10-23 virtual links 10-24 OSPF area defining 10-10 OSPF Neighbors panel 31-7 description 31-7 fields 31-7 OSPF parameters dead interval 10-19 hello interval 10-19 retransmit interval 10-19 transmit delay 10-19 OSPF route summarization about 10-12 defining 10-13 outbound access lists 20-3 outside, definition 1-1 oversubscribing resources 9-17 P packet classifier 9-3 parameter problem, ICMP message 15-8 partitions application 4-16 boot 4-16 crash dump 4-16 Flash memory 4-16 maintenance 4-16 network configuration 4-16 PAT See NAT PDP context, GTP application inspection 23-83 PIM interface parameters 11-9 overview 11-9 register message filter 11-16 rendezvous points 11-14 shortest path tree settings 11-18 PISA integration 26-5 policy map Layer 3/4 flows 22-4 policy NAT about 21-10 PortFast 4-5 PPTP application inspection, enabling 23-28 Process Instances tab 10-8 description 10-8 fields 10-8 Properties tab 10-17 description 10-17 fields 10-17 Protocol panel (IGMP) 11-5 description 11-5 fields 11-5 Protocol panel (PIM) 11-9 description 11-9 fields 11-10 proxy ARP, disabling 10-46 proxy servers SIP and 23-19 Q QoS compatibility 1-18 R RADIUS configuring a server 14-7 downloadable access lists 24-11 network access authentication 24-3 network access authorization 24-11 support 14-4 RAM, amount memory, amount RAM 2-14 rapid link failure detection 4-15 RealPlayer 23-18 rebooting from the switch 4-17 redirect, ICMP message 15-8 Redistribution panel 10-19 description 10-19 fields 10-20 Related Documentation 1-4 reloading from the switch 4-17 Rendezvous Points panel 11-14 description 11-14 fields 11-14 Request Filter panel 11-16 description 11-16 fields 11-16 requirements 1-2 reset inbound connections 26-13 outside connections 26-13 Reset button 2-10 resetting from the switch 4-17 resource management default class 9-18 oversubscribing 9-17 overview 9-17 unlimited 9-17 RIP authentication 10-27 definition of 10-27 support for 10-27 RIP panel 10-27 fields 10-28 limitations 10-27 RIP Version 2 Notes 10-27 RNFR command, denied request 23-80 RNTO command, denied request 23-80 route maps uses 10-1 router advertisement, ICMP message 15-8 router solicitation, ICMP message 15-8 Routes panel 31-9 description 31-9 fields 31-9 Route Summarization tab 10-12 about 10-12 fields 10-12 Route Tree panel 11-18 description 11-18 fields 11-18 routing other protocols 20-7 RPC application inspection, enabling 23-28 RSH application inspection, enabling 23-28 RSH connections 1-6 RTSP application inspection, enabling 23-28 RTSP inspection about 23-18 configuring 23-18 rules default allocation 1-7 filtering 25-7 ICMP 15-7 maximum 20-3 memory partitions 9-10 pools for contexts 1-7 reallocating memory 1-8 reallocating memory per partition 9-15 S same security level communication NAT 21-14 SCCP (Skinny) inspection about 23-21 configuration 23-21 configuring 23-21 SDI configuring 14-7 support 14-5 secure computing smartfilter 25-2 security contexts admin context overview 9-2 classifier 9-3 command authorization 15-28 memory partitions 9-10 MSFC compatibility 1-16 multiple mode, enabling 9-9 overview 9-1 resource management 9-17 unsupported features 9-2 segment size maximum and minimum 26-13 session management path 1-17 Setup panel 10-7 about 10-7 shared interfaces 9-6 shared VLANs 9-6 single mode backing up configuration 9-9 configuration 9-9 enabling 9-9 restoring 9-9 SIP application inspection, enabling 23-28 SIP inspection about 23-19 configuring 23-19 instant messaging 23-20 SITE command, denied request 23-80 Skinny application inspection, enabling 23-28 SMTP inspection 23-22 SNMP application inspection enabling 23-28 viewing 23-118 MIBs 15-10 overview 15-10 traps 15-22 software version 2-14 source quench, ICMP message 15-8 SPAN session 4-2 specifications 1-1 spoofing, preventing 26-12 SQLNET application inspection, enabling 23-28 SSH maximum rules 1-7 stateful application inspection 23-58 Stateful Failover 13-3 enabling 13-12 Logical Updates Statistics 29-7, 29-9 settings 13-21 stateful inspection overview 1-17 stateless failover 13-3 Static Group panel 11-6 description 11-6 fields 11-6 static NAT See NAT Static Neighbor panel 10-22 description 10-22 fields 10-22 static PAT See NAT static routes about 10-41 floating 10-41 status bar 2-9 stealth firewall See transparent firewall STOU command, denied request 23-80 subordinate certificate 17-1 Summary Address panel 10-23 description 10-23 fields 10-23 Sun RPC inspection about 23-24 configuring 23-24 supervisor engine versions 1-2, 1-3 supervisor IOS 1-2 SVIs configuring 4-10 dummy 4-15 multiple 4-8 overview 4-8 switch ASDM prerequisite configuration 4-3 supported features 4-1 assigning VLANs to FWSM 4-11 autostate messaging 4-15 BPDU forwarding 4-14 connecting to 4-4 failover compatibility with transparent firewall 4-14 failover configuration 4-14 maximum modules 1-4 resetting the module 4-17 SNMP 4-3 SSH 4-3 supported hardware and software 4-2 system requirements 1-2 trunk for failover 4-14 verifying module installation 4-3 VLAN addition 4-10 switched virtual interfaces See SVIs Switch Fabric Module 1-4 switch MAC address table 27-5 switch port secured 4-6 switch ports administrative state 4-5 mode 4-5 overview 4-5 PortFast 4-5 speed 4-5 VLAN assignment 4-6 system configuration overview 9-2 system messages device ID, including 16-8 viewing last 10 2-15 system requirements 1-2 T TACACS+ command authorization, configuring 15-30 configuring a server 14-7 network access authorization 24-9 support 14-4 TCP application inspection 23-58 back-to-back connections 1-6 connection, deleting 1-6 maximum segment size 26-13 sequence randomization 26-4 TIME_WAIT state 26-13 Telnet maximum rules 1-7 TFTP application inspection, enabling 23-28 TIME_WAIT state 26-13 time exceeded, ICMP message 15-8 timestamp reply, ICMP message 15-8 timestamp request, ICMP message 15-8 Tools menu 2-6 traffic usage 2-15 transparent firewall DHCP packets, allowing 20-8 guidelines 18-5 H.323 guidelines 18-3 HSRP 18-3 MAC address table learning, disabling 27-6 overview 27-4 static entry 27-6 management IP address 7-1 multicast traffic 18-3 overview 18-1 packet handling 20-7 unsupported features 18-6 VRRP 18-3 transparent mode NAT 21-3 traps, SNMP 15-22 trustpoint definition 17-7 trustpoint configuration panel 17-7 advanced options 17-13 CA certificate subject 17-8 certificate parameters 17-9 CRL retrieval method 17-12 CRL retrieval policy 17-11 device certificate subject 17-8 editing DN 17-10 enrollment settings 17-8 request CRL 17-8 trustpoint name 17-7 trustpoint export panel 17-14 trustpoint import panel 17-15 Type 1 panel 31-3 description 31-3 fields 31-3 Type 2 panel 31-4 description 31-4 fields 31-4 Type 3 panel 31-4 description 31-4 fields 31-5 Type 4 panel 31-5 description 31-5 fields 31-5 Type 5 panel 31-6 description 31-6 fields 31-6 Type 7 panel 31-6 description 31-6 fields 31-6 U UDP application inspection 23-58 connection state information 1-18 Unicast Reverse Path Forwarding 26-12 unreachable messages ICMP type 15-8 required for MTU discovery 15-7 uptime 2-14 URL filtering configuring 25-9 URLs filtering 25-2 filtering, configuration 25-6 V version ASDM 2-14 platform software 2-14 virtual firewalls See security contexts Virtual Link panel 10-24 description 10-24 fields 10-24 virtual reassembly 1-13 VLAN groups adding 4-12 assign to FWSM 4-12 guidelines 4-11 maximum 4-12 VLANs adding to the switch 4-10 assigning to FWSM 4-11 firewall groups 4-11 guidelines 4-7 maximum 1-4 shared 9-6 switch port assignment 4-6 VoIP proxy servers 23-19 VPN management connection 15-5 VRRP 18-3 W WAN ports 1-2 web clients, secure authentication 24-7 Websense filtering server 25-7 Window menu 2-7 Wizards menu 2-7 X XDMCP application inspection, enabling 23-28 xlate bypass overview 21-13
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.