Cisco Security Appliance Configuration Guide using ASDM, 6.2 - Index [Cisco Adaptive Security Device Manager]

Table Of Contents

Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z

Index

Symbols

/bits subnet masks B-3

Numerics

4GE SSM

connector types 9-8

fiber 9-8

SFP 9-8

support 2-2, 3-2

802.1Q tagging 9-19

802.1Q trunk 9-13

A

AAA

about 16-1

accounting 24-15

authentication

CLI access 18-16

network access 24-1

proxy limit 24-9

authorization

command 18-18

downloadable access lists 24-10

network access 24-9

local database support 16-8

performance 24-1

server

adding 16-9, 16-10

types 16-3

support summary 16-3

web clients 24-5

AAA server group, add (group-policy) 36-6

ABR

definition of 12-2

Access Control Server 35-28

Access Group panel 13-2

description 13-2

fields 13-2

access lists

downloadable 24-11

implicit deny 21-3

inbound 21-4

NAT addresses 21-5

access ports 9-17

access rules

configuring 21-8

overview 21-1

Accounting tab, tunnel group 36-81

ACE

add/edit/paste 36-16

Extended ACL tab 36-15

ACL

configuring 21-8

enabling IPSEC authenticated inbound sessions to bypass ACLs 36-95, 36-107

extended 36-15

for Clientless SSL VPN 36-24, 36-28

implicit deny 21-4

inbound and outbound 21-4

IP address guidelines with NAT 21-5

overview 21-1

standard 36-15

ACL Manager

Add/Edit/Paste ACE 36-16

dialog box 36-14

activation key

entering 4-19

location 4-17

obtaining 4-18

Active/Active failover

about 17-2

command replication 17-3

configuration synchronization 17-3

Active/Standby failover 17-2

Active Directory proceduresC-16to ??

ActiveX

object filtering, benefits of 27-6

Adaptive Security Algorithm 3-17

Add/Edit Access Group dialog box 13-3

description 13-3

fields 13-3

Add/Edit Filtering Entry dialog box 12-9

description 12-9

fields 12-9

Add/Edit IGMP Join Group dialog box 13-4

description 13-4

fields 13-4

Add/Edit IGMP Static Group dialog box 13-7

description 13-7

fields 13-7

Add/Edit Multicast Group dialog box 13-18

description 13-18

fields 13-18

Add/Edit Multicast Route dialog box

description 13-8

fields 13-8

Add/Edit OSPF Area dialog box 12-5

description 12-5

fields 12-6

Add/Edit OSPF Neighbor Entry dialog box 12-18

description 12-18

fields 12-18

Restrictions 12-18

Add/Edit Periodic Time Range dialog box 20-17

Add/Edit Redistribution dialog box 12-16

description 12-16

fields 12-16

Add/Edit Rendezvous Point dialog box 13-16

description 13-16

fields 13-17

restrictions 13-17

Add/Edit Route Summarization dialog box 12-8

about 12-8

fields 12-8

Add/Edit Summary Address dialog box

description 12-19

fields 12-19

Add/Edit Time Range dialog box 20-15

Add/Edit Virtual Link dialog box 12-20

description 12-20

fields 12-20

address assignment, client 36-82

Address Pool panel, VPN wizard 33-11

address pools, tunnel group 36-82

Address Translation Exemption panel, VPN wizard 33-12

admin context

overview 11-1

administrative access

using ICMP for 18-8

Advanced DHCP Options dialog box 15-7

description 15-7

fields 15-7

Advanced OSPF Interface Properties dialog box 12-14

description 12-14

fields 12-14

Advanced OSPF Virtual Link Properties dialog box 12-21

description 12-21

fields 12-21

Advanced tab, tunnel group 36-82

ae_webtype_acl 21-14

AIP SSC

about 30-1

configuration 30-6

operating modes 30-2

traffic flow 30-2

AIP SSM

about 30-1

configuration 30-6

operating modes 30-2

sending traffic to 30-8

support 2-2, 3-2

traffic flow 30-2

alternate address, ICMP message 18-8, B-15

anti-replay window size 26-7, 35-11

APN, GTP application inspection 25-92

APPE command, denied request 25-86

application access

and e-mail proxy 38-7

and Web Access 38-7

configuring client applications 38-6

enabling cookies on browser 38-6

privileges 38-6

quitting properly 38-6

setting up on client 38-6

using e-mail 38-7

with IMAP client 38-7

application firewall 25-99

application inspection

about 25-2

applying 25-5

configuring 25-5

described 25-65

enabling for different protocols 25-32

security level requirements 9-5

Area/Networks tab 12-5

description 12-5

fields 12-5

area border router 12-2

ARP inspection

about 6-8

enabling 6-10

static entry 6-9

ARP spoofing 6-8

ARP table

monitoring 42-1

ASA (Adaptive Security Algorithm) 3-17

ASA 5505

Base license 9-2

client

Xauth 36-99

interfaces, about 9-1

MAC addresses 9-4

maximum VLANs 9-2

power over Ethernet 9-4

Security Plus license 9-2

SPAN 9-4

Spanning Tree Protocol, unsupported 9-18

ASA 5550 throughput 9-21

ASBR

definition of 12-2

asymmetric routing

TCP state bypass 28-9

attacks

DNS HINFO request 28-19

DNS request for all records 28-19

DNS zone transfer 28-19

DNS zone transfer from high port 28-19

fragmented ICMP traffic 28-18

IP fragment 28-16

IP impossible packet 28-16

large ICMP traffic 28-18

ping of death 28-18

proxied RPC request 28-19

statd buffer overflow 28-20

TCP FIN only flags 28-19

TCP NULL flags 28-18

TCP SYN+FIN flags 28-18

UDP bomb 28-19

UDP chargen DoS 28-19

UDP snork 28-19

attributes

RADIUS C-30

Attributes Pushed to Client panel, VPN wizard 33-12

attribute-value pairs

TACACS+ C-39

authenticating a certificate 34-2

authentication

about 16-2

CLI access 18-16

FTP 24-3

HTTP 24-2

network access 24-1

Telnet 24-2

web clients 24-5

Authentication tab 12-10

description 12-10

fields 12-10

Authentication tab, tunnel group 36-79

authorization

about 16-2

command 18-18

downloadable access lists 24-10

network access 24-9

Authorization tab, tunnel group 36-80

Auto-MDI/MDIX 9-4

B

backed up configurations

restoring 5-28

backing up configurations 5-27

banner, view/configure 36-33

Basic tab

IPSec LAN-to-LAN, General tab 36-86

basic threat detection

See threat detection

bits subnet masks B-3

Botnet Traffic Filter

actions 29-2

address categories 29-2

blacklist

adding entries 29-8

description 29-2

blocking traffic manually 29-12

classifying traffic 29-10

configuring 29-6

databases 29-2

default settings 29-6

DNS Reverse Lookup Cache

information about 29-3

maximum entries 29-4

using with dynamic database 29-9

DNS snooping 29-9

dropping traffic 29-10

graylist 29-10

dynamic database

enabling use of 29-7

files 29-3

information about 29-2

searching 29-13

updates 29-7

feature history 29-15

graylist

description 29-2

dropping traffic 29-10

guidelines and limitations 29-5

information about 29-1

licensing 29-5

monitoring 29-13

static database

adding entries 29-8

information about 29-3

syslog messages 29-13

task flow 29-6

threat level

dropping traffic 29-10

whitelist

adding entries 29-8

description 29-2

working overview 29-4

Browse ICMP 36-20

Browse Other 36-21

Browse Source or Destination Address 36-18

Browse Source or Destination Port 36-19

Browse Time Range 36-12

building blocks 20-1

C

CA

certificate validation, not done in WebVPN 39-1

CA certificate 34-1

CA certificates 34-2

call agents

MGCP application inspection 25-115, 25-116

capturing packets A-12

CDUP command, denied request 25-86

certificate

CA 34-2

code-signer 34-14

Identity 34-8

local CA 34-16

certificate authentication 34-2

certificate enrollment 34-3

CIFS mount point

accessing 5-21

Cisco-AV-Pair LDAP attributes C-13

Cisco Client Parameters tab 36-33

Cisco IP Phones, application inspection 25-26

Class A, B, and C addresses B-1

classes

See resource management

Client Access Rule, add or edit 36-31

Client Address Assignment 36-82

Client Authentication panel, VPN wizard 33-9

Client Configuration tab 36-31

Client Firewall tab 36-36

Clientless SSL VPN

client application requirements 38-2

client requirements 38-2

for file management 38-5

for network browsing 38-5

for web browsing 38-4

start-up 38-3

enable cookies for 38-6

end user set-up 38-1

printing and 38-3

remote requirements

for port forwarding 38-6

for using applications 38-6

remote system configuration and end-user requirements 38-3

security tips 38-2

supported applications 38-2

supported browsers 38-3

supported types of Internet connections 38-3

URL 38-3

username and password required 38-3

usernames and passwords 38-1

use suggestions 38-1

client parameters, configuring 36-31

Client Update, edit , Windows and VPN 3002 clients 36-3

Client Update window, Windows and VPN 3002 clients 36-1

cluster

mixed scenarios 35-21

code-signer certificate 34-14

command authorization

about 18-18

configuring 18-18

multiple contexts 18-20

configuration

context files 11-2

factory default 1-1

configurations, backing up 5-27

Configure IGMP Parameters dialog box 13-5

description 13-5

fields 13-5

configuring

CSC activation 31-4

CSC email 31-14

CSC file transfer 31-15

CSC IP address 31-5

CSC license 31-4

CSC management access 31-6

CSC notifications 31-5

CSC password 31-7

CSC Setup Wizard 31-8, 31-11

CSC Setup Wizard Activation Codes Configuration 31-8

CSC Setup Wizard Host Configuration 31-9

CSC Setup Wizard IP Configuration 31-9

CSC Setup Wizard Management Access Configuration 31-10

CSC Setup Wizard Password Configuration 31-10

CSC Setup Wizard Summary 31-12

CSC Setup Wizard Traffic Selection for CSC Scan 31-10

CSC updates 31-16

CSC Web 31-13

contexts

See security contexts

conversion error, ICMP message 18-9, B-16

crash dump A-12

CRL

cache refresh time 34-7

CSC 31-8

CSC activation

configuring 31-4

CSC CPU

monitoring 48-4

CSC email

configuring 31-14

CSC file transfer

configuring 31-15

CSC IP address

configuring 31-5

CSC license

configuring 31-4

CSC management access

configuring 31-6

CSC memory

monitoring 48-5

CSC notifications

configuring 31-5

CSC password

configuring 31-7

CSC security events

monitoring 48-2

CSC Setup Wizard 31-8

activation codes configuratrion 31-8

Host configuratrion 31-9

IP configuratrion 31-9

management access configuratrion 31-10

password configuratrion 31-10

specifying traffic for CSC Scanning 31-11

summary 31-12

traffic selection for CSC Scan 31-10

CSC software updates

monitoring 48-4

CSC SSM

about 31-1

support 2-2, 3-2

CSC SSM feature history 31-17

CSC SSM GUI

configuring 31-13

CSC threats

monitoring 48-1

CSC updates

configuring 31-16

CSC Web

configuring 31-13

CTIQBE

application inspection, enabling 25-32

cut-through proxy 24-1

D

data flow

routed firewall 6-14

transparent firewall 6-20

debug messages A-12

default class 11-12

default configuration 1-1

default policy 23-7

default routes

defining equal cost routes 12-41

definition of 12-41

for tunneled traffic 12-41

default tunnel gateway 36-4

destination address, browse 36-18

destination port, browse 36-19

device ID, including in messages 19-6

Device Pass-Through 36-100

DHCP

configuring 15-4

monitoring

interface lease 42-2

IP addresses 42-2

server 42-2

statistics 42-3

services 15-1

statistics 42-3

transparent firewall 21-8

DHCP relay

overview 15-1

DHCP Relay - Add/Edit DHCP Server dialog box 15-3

description 15-3

fields 15-3

restrictions 15-3

DHCP Relay panel 15-1

description 15-1

fields 15-2

prerequisites 15-2

restrictions 15-1

DHCP Server panel 15-4

description 15-4

fields 15-4

DHCP services 15-1

DiffServ preservation 26-5

digital certificates 34-1

directory hierarchy search C-4

disabling content rewrite 39-16

DMZ, definition 3-11

DNS

application inspection, enabling 25-32

inspection

about 25-7

managing 25-6

rewrite, about 25-7

NAT effect on 22-13

DNS client 15-9

DNS HINFO request attack 28-19

DNS request for all records attack 28-19

DNS zone transfer attack 28-19

DNS zone transfer from high port attack 28-19

dotted decimal subnet masks B-3

downloadable access lists

configuring 24-11

converting netmask expressions 24-15

DSCP preservation 26-5

dual IP stack, configuring 9-5

duplex

interface 9-18, 9-20

duplex, configuring 9-8

dynamic NAT

See NAT

E

Easy VPN

client

Xauth 36-99

Easy VPN, advanced properties 36-100

Easy VPN client 36-98

Easy VPN Remote 36-98

echo reply, ICMP message B-15

ECMP 12-41

Edit DHCP Relay Agent Settings dialog box 15-3

description 15-3

fields 15-3

prerequisites 15-3

restrictions 15-3

Edit DHCP Server dialog box 15-6

description 15-6

fields 15-6

Edit OSPF Interface Authentication dialog box 12-11

description 12-11

fields 12-11

Edit OSPF Interface Properties dialog box 12-13

fields 12-13

Edit OSPF Process Advanced Properties dialog box 12-3

description 12-3

fields 12-3

Edit PIM Protocol dialog box 13-12

description 13-12

fields 13-12

EIGRP 21-8

e-mail proxy

and Clientless SSL VPN 38-7

Enable IPSec authenticated inbound sessions 36-95, 36-107

enrolling

certificate 34-3

ESMTP

application inspection, enabling 25-32

established command, security level requirements 9-5

Ethernet

Auto-MDI/MDIX 9-4

duplex 9-8

jumbo frames, ASA 5580 9-32

jumbo frame support

single mode 9-26

MTU 9-26

speed 9-8

EtherType access list

implicit deny 21-3

evaluation license 4-9

extended ACL 36-15

extended ACLs

configuring

for management traffic 21-10

for network traffic 21-12

external filtering server 27-5

External Group Policy, add or edit 36-6

F

factory default configuration 1-1

failover

about virtual MAC addresses 17-21

criteria 17-20, 17-28

defining standby IP addresses 17-18, 17-19

defining virtual MAC addresses 17-22

enable 17-27

enabling Active/Standby 17-16

enabling Stateful Failover 17-16

graphs 47-5

in multiple context mode 17-26

key 17-16, 17-27

license, upgrading 4-20

MAC addresses

automatically assigning 11-19

make active 47-4

make standby 47-4

monitoring 47-1

monitoring interfaces 17-20

redundant interfaces 9-11

reload standby 47-4

reset 47-4, 47-8

stateful 17-4

Stateful Failover 17-27

stateless 17-3

status 47-1

Trusted Flow Acceleration 7-2, 31-3

failover groups

about 17-30

adding 17-31

editing 17-31

monitoring 47-9

reset 47-11

fast path 3-18

fiber interfaces 9-8

Fibre Channel interfaces

default settings 31-3

filtering

benefits of 27-5

rules 27-7

security level requirements 9-5

servers supported 27-1

URLs 27-1

Filtering panel 12-8

benefits 12-8

description 12-8

fields 12-9

restrictions 12-8

firewall, client, configuring settings 36-36

firewall mode

about 6-1

configuring 1-5, 6-1

firewall server, Zone Labs 36-96

flow control for 10 Gigabit Ethernet 9-9

fragmentation policy, IPsec 35-2

fragmented ICMP traffic attack 28-18

fragment protection 3-16

FTP

application inspection

enabling 25-32

viewing 23-17, 25-67, 25-69, 25-75, 25-76, 25-83, 25-93, 25-94, 25-100, 25-107, 25-110, 25-115, 25-118, 25-120, 25-121, 25-125

filtering option 27-9

FTP inspection

about 25-9

configuring 25-8

G

gateway, default tunnel gateway 36-4

gateways

MGCP application inspection 25-116

General Client Parameters tab 36-32

global addresses

recommendations 22-13

Group Policy window

add or edit, General tab 36-7, 36-11

introduction 36-5

IPSec tab, add or edit 36-29

GTP

application inspection

enabling 25-32

viewing 25-87

GTP inspection

configuring 25-10

H

H.323

transparent firewall guidelines 6-3

H.323 inspection

about 25-12

configuring 25-11

limitations 25-13

H225

application inspection, enabling 25-32

H323 RAS

application inspection, enabling 25-32

Hardware Client tab 36-38

HELP command, denied request 25-86

hierarchical policy, traffic shaping and priority queueing 26-8

history metrics 8-9

hosts, subnet masks for B-3

HSRP 6-3

HTTP

application inspection

enabling 25-32

viewing 25-99

filtering 27-1

benefits of 27-6

configuring 27-8

HTTP inspection

configuring 25-14

HTTPS

filtering option 27-9

HTTPS/Telnet/SSH

allowing network or host access to ASDM 18-1

I

ICMP

add group 36-21

application inspection, enabling 25-33

browse 36-20

rules for access to ADSM 18-8

testing connectivity A-1

type numbers B-15

ICMP Error

application inspection, enabling 25-33

ICMP Group 36-21

ICMP unreachable message limits 18-9

Identity Certificates 34-8

IGMP

access groups 13-2

configuring interface parameters 13-5

group membership 13-3

interface parameters 13-5

static group assignment 13-6

IGMP panel

IGMP

overview 13-2

IKE Policy panel, VPN wizard 33-5

ILS

application inspection, enabling 25-33

ILS inspection 25-15

IM 25-24

inbound access lists 21-4

information reply, ICMP message 18-9, B-15

information request, ICMP message 18-9, B-15

inside, definition 3-11

inspection engines

See application inspection

Instant Messaging inspection 25-24

interface

duplex 9-18, 9-20

MTU 9-26

subinterface, adding 9-14

Interface panel 12-10

interfaces

ASA 5505

about 9-1

enabled status 9-17

MAC addresses 9-4

maximum VLANs 9-2

switch port configuration 9-17

trunk ports 9-19

ASA 5550 throughput 9-21

default settings 31-3

duplex 9-8

fiber 9-8

jumbo frame support

single mode 9-26

monitoring 42-5

redundant 9-11

SFP 9-8

speed 9-8

subinterfaces 9-13

intrusion prevention configuration 30-6

IP addresses

classes B-1

private B-2

subnet mask B-4

IP audit

enabling 28-13

monitoring 45-16

signatures 28-15

statistics

IP audit

signature matches 1

IP fragment attack 28-16

IP fragment database, defaults 28-22

IP fragment database, editing 28-23

IP impossible packet attack 28-16

IP Options

application inspection, enabling 25-33

IP overlapping fragments attack 28-17

IPS

IP audit 28-13

See AIP SSM or AIP SSC

IPSec

anti-replay window 26-7

IPsec

Cisco VPN Client 35-9

fragmentation policy 35-2

IPSec Encryption and Authentication panel, VPN wizard 33-6

IPSec rules

anti-replay window size 26-7, 35-11

IPSec tab

internal group policy 36-29

IPSec LAN-to-LAN 36-88

tunnel group 36-83

IPS SSC 30-1

IP teardrop attack 28-17

IPv6

configuring alongside IPv4 9-5

dual IP stack 9-5

duplicate address detection 7-21, 9-27

router advertisement messages 7-22, 14-5

IPv6 addresses

anycast B-9

format B-5

multicast B-8

prefixes B-10

required B-10

types of B-6

unicast B-6

J

Java

applet filtering

benefits of 27-6

Java console 5-12

Join Group panel 13-3

description 13-3

fields 13-4

jumbo frames, ASA 5580 9-32

jumbo frame support

single mode 9-26

K

Kerberos

configuring 16-9

support 16-5

key pairs 34-9

L

large ICMP traffic attack 28-18

latency

about 26-1

configuring 26-2, 26-3

reducing 26-5

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

Layer 3/4

matching multiple policy maps 23-6

LDAP

application inspection 25-15

attribute mapping 16-22

Cisco-AV-pair C-13

configuring 16-9

configuring a AAA serverC-3to ??

directory search C-4

example configuration proceduresC-16to ??

hierarchy example C-4

SASL 16-6

server type 16-7

user authorization 16-7

licenses

activation key

entering 4-19

location 4-17

obtaining 4-18

ASA 5505 4-2

ASA 5510 4-3

ASA 5520 4-4

ASA 5540 4-5

ASA 5550 4-6

ASA 5580 4-7

default 4-9

evaluation 4-9

failover 4-17

guidelines 4-17

managing 4-1

preinstalled 4-9

Product Authorization Key 4-18

reload requirements 4-19

shared

backup server, information 4-13

client, configuring 4-23

communication issues 4-13

failover 4-14

maximum clients 4-15

monitoring 4-24

overview 4-12

server, configuring 4-22

SSL messages 4-13

temporary 4-9

upgrading, failover 4-20

viewing current 4-18

VPN Flex 4-9

licensing requirements

CSC SSM 31-2

LLQ

See low-latency queue

load balancing

mixed cluster scenarios 35-21

local CA 34-16

Local CA User Database 34-19

Local Hosts and Networks panel, VPN wizard 33-7

local user database

support 16-8

lockout recovery 18-27, A-6

login

FTP 24-3

low-latency queue

applying 26-2, 26-3

LSA

about Type 1 44-1

about Type 2 44-2

about Type 3 44-3

about Type 4 44-3

about Type 5 44-4

about Type 7 44-4

M

MAC address

redundant interfaces 9-12

MAC addresses

ASA 5505 9-4

MAC address table

about 6-20

built-in-switch 6-11

MAC learning, disabling 6-13

monitoring 42-4

static entry 6-13

MAC learning, disabling 6-13

management interfaces

default settings 31-3

man-in-the-middle attack 6-8

mask

reply, ICMP message B-16

request, ICMP message B-15

mask reply, ICMP message 18-9

mask request, ICMP message 18-9

maximum sessions, IPSec 36-95

media termination address, criteria 25-145

MGCP

application inspection

configuring 25-116

enabling 25-33

viewing 25-114

MGCP inspection

configuring 25-18

mgmt0 interfaces

default settings 31-3

Microsoft client parameters, configuring 36-31

mixed cluster scenarios, load balancing 35-21

mobile redirection, ICMP message 18-9, B-16

mode

context 11-9

firewall 1-5, 6-1

Modular Policy Framework

See MPF

monitoring

ARP table 42-1

CSC CPU 48-4

CSC memory 48-5

CSC security events 48-2

CSC software updates 48-4

CSC threats 48-1

DHCP

interface lease 42-2

IP addresses 42-2

server 42-2

statistics 42-3

failover 47-1, 47-6

failover groups 47-9

history metrics 8-9

interfaces 42-5

MAC address table 42-4

routes 44-8

monitoring interfaces 17-20

monitoring switch traffic, ASA 5505 9-4

MPF

about 23-1

default policy 23-7

feature directionality 23-3

features 23-2

flows 23-6

matching multiple policy maps 23-6

See also class map

See also policy map

MRoute panel 13-11

description 13-7

fields 13-7

MTU 9-26

Multicast panel

description 13-1

fields 13-1

Multicast Route panel 13-11

multicast traffic 6-3

multiple mode, enabling 11-9

N

N2H2 filtering server 27-5

name resolution 15-9

NAT

about 22-1

access rule guidelines 21-5

application inspection 25-65

bypassing NAT

about 22-10

DNS 22-13

dynamic NAT

about 22-6

configuring 22-22

implementation 22-16

exemption from NAT

about 22-10

identity NAT

about 22-10

order of statements 22-13

PAT

about 22-8

configuring 22-22

implementation 22-16

policy NAT

about 22-10

RPC not supported with 25-29

same security level 22-12

security level requirements 9-5

static NAT

about 22-8

configuring 22-26

static PAT

about 22-9

transparent mode 22-3

types 22-6

NETBIOS

application inspection, enabling 25-33

NetBIOS server

tab 36-61

NetFlow event

matching to configured collectors 19-19

Network Admission Control

uses, requirements, and limitations 35-27

New Authentication Server Group panel, VPN wizard 33-10

NTLM support 16-5

NT server

configuring 16-9

support 16-5

O

open ports B-14

OSPF

about 12-1

adding an LSA filter 12-9

authentication settings 12-10

authentication support 12-1

configuring authentication 12-11

defining a static neighbor 12-18

defining interface properties 12-13

interaction with NAT 12-2

interface properties 12-10, 12-12

LSA filtering 12-8

LSAs 12-2

LSA types 44-1

monitoring LSAs 44-1

neighbor states 44-5

route redistribution 12-15

static neighbor 12-17

summary address 12-18

virtual links 12-20

OSPF area

defining 12-5

OSPF Neighbors panel 44-5

description 44-5

fields 44-5

OSPF parameters

dead interval 12-14

hello interval 12-14

retransmit interval 12-14

transmit delay 12-14

OSPF route summarization

about 12-7

defining 12-8

Outlook Web Access (OWA) and Clientless SSL VPN 38-7

outside, definition 3-11

oversubscribing resources 11-11

P

packet

capture A-12

classifier 11-2

packet flow

routed firewall 6-14

transparent firewall 6-20

packet trace, enabling 5-7

parameter problem, ICMP message 18-8, B-15

password

Clientless SSL VPN 38-1

passwords

recovery A-7

PAT

See also NAT

pause frames for flow control 9-9

PDP context, GTP application inspection 25-90

PIM

interface parameters 13-12

overview 13-11

register message filter 13-18

rendezvous points 13-16

shortest path tree settings 13-20

ping

See ICMP

using 5-8

ping of death attack 28-18

PoE 9-4

policy, QoS 26-1

policy map

Layer 3/4

feature directionality 23-3

flows 23-6

policy NAT

about 22-10

Port Forwarding

configuring client applications 38-6

port forwarding entry 39-21

ports

open on device B-14

TCP and UDP B-11

posture validation

uses, requirements, and limitations 35-27

Posture Validation Exception, add/edit 35-29

power over Ethernet 9-4

PPP tab, tunnel-group 36-86

PPTP

application inspection, enabling 25-33

prerequisites for use

CSC SSM 31-2

priority queueing

hierarchical policy with traffic shaping 26-8

IPSec anti-replay window size 26-7, 35-11

private networks B-2

Process Instances tab 12-3

description 12-3

fields 12-3

Product Authorization Key 4-18

Properties tab 12-12

description 12-12

fields 12-12

Protocol Group, add 36-22

protocol numbers and literal values B-11

Protocol panel (IGMP) 13-5

description 13-5

fields 13-5

Protocol panel (PIM) 13-12

description 13-12

fields 13-12

proxied RPC request attack 28-19

proxy ARP, disabling 12-47

proxy bypass 39-28

proxy servers

SIP and 25-24

Q

QoS

about 26-1, 26-3

DiffServ preservation 26-5

DSCP preservation 26-5

feature interaction 26-4

policies 26-1

priority queueing

hierarchical policy with traffic shaping 26-8

IPSec anti-replay window 26-7

IPSec anti-replay window size 26-7, 35-11

token bucket 26-2

traffic shaping

overview 26-4

Quality of Service

See QoS

queue, QoS

latency, reducing 26-5

limit 26-2, 26-3

R

RADIUS

attributes C-30

Cisco AV pair C-13

configuring a AAA server C-30

configuring a server 16-9

downloadable access lists 24-11

network access authentication 24-4

network access authorization 24-10

support 16-4

rate limiting 26-3

RealPlayer 25-22

recurring time range, add or edit 36-14

redirect, ICMP message 18-8, B-15

Redistribution panel 12-15

description 12-15

fields 12-15

redundant interfaces

configuring 9-11

failover 9-11

MAC address 9-12

setting the active interface 9-13

reloading

security appliance A-6

Remote Access Client panel, VPN wizard 33-7

Remote Site Peer panel, VPN wizard 33-3

Rendezvous Points panel 13-16

description 13-16

fields 13-16

Request Filter panel 13-18

description 13-18

fields 13-18

reset

inbound connections 28-24

outside connections 28-24

resource management

configuring 11-10

default class 11-12

oversubscribing 11-11

overview 11-11

unlimited 11-11

restoring backups 5-28

rewrite, disabling 39-16

RIP

authentication 12-22

definition of 12-22

support for 12-22

RIP panel 12-22

fields 12-23

limitations 12-22

RIP Version 2 Notes 12-22

RNFR command, denied request 25-86

RNTO command, denied request 25-86

routed mode

about 6-1

setting 1-5, 6-1

router

advertisement, ICMP message B-15

solicitation, ICMP message B-15

router advertisement, ICMP message 18-8

router solicitation, ICMP message 18-8

Routes panel 44-8

description 44-8

fields 44-8

Route Summarization tab 12-7

about 12-7

fields 12-7

Route Tree panel 13-20

description 13-20

fields 13-20

routing

other protocols 21-7

RPC

application inspection, enabling 25-33

RSH

application inspection, enabling 25-33

RTSP

application inspection, enabling 25-33

RTSP inspection

about 25-22

configuring 25-22

rules

filtering 27-5

ICMP 18-8

S

same security level communication

enabling 9-31

NAT 22-12

SCCP (Skinny) inspection

about 25-26

configuration 25-26

configuring 25-25

SDI

configuring 16-9

support 16-5

Secure Computing SmartFilter filtering server

supported 27-1

URL for website 27-1

Secure Copy

configure server 18-5

security, WebVPN 39-1

security appliance

managing licenses 4-1

reloading A-6

security contexts

admin context

overview 11-1

cascading 11-7

classifier 11-2

command authorization 18-20

configuration

files 11-2

logging in 11-8

multiple mode, enabling 11-9

nesting or cascading 11-8

overview 11-1

resource management 11-11

unsupported features 11-2

security level

about 9-5

segment size

maximum and minimum 28-24

Server and URL List

add/edit 36-41

Server or URL

dialog box 36-41

service groups

managing with ACLs 21-20

session management path 3-18

Setup panel 12-2

about 12-2

shared license

backup server, information 4-13

client, configuring 4-23

communication issues 4-13

failover 4-14

maximum clients 4-15

monitoring 4-24

server, configuring 4-22

SSL messages 4-13

shun

duration 28-4

signatures

attack and informational 28-15

single mode

backing up configuration 11-9

configuration 11-10

enabling 11-9

restoring 11-10

SIP

application inspection, enabling 25-33

SIP inspection

about 25-24

configuring 25-23

instant messaging 25-24

SITE command, denied request 25-86

Skinny

application inspection, enabling 25-33

smart tunnels 39-33

SMTP inspection 25-27

SNMP

application inspection

enabling 25-33

viewing 25-131

SNMP Version 3 18-12

SNMP Versions 1 and 2c 18-12

source address, browse 36-18

source port, browse 36-19

source quench, ICMP message 18-8, B-15

SPAN 9-4

Spanning Tree Protocol, unsupported 9-18

specifying traffic for CSC scanning 31-11

speed, configuring 9-8

spoofing, preventing 28-23

SQLNET

application inspection, enabling 25-33

SSC

management interface 10-3

SSCMs

configuration

AIP SSC 30-6

SSCs

management access 10-1

management defaults 10-2

routing 10-2

SSMs

configuration

AIP SSM 30-6

management access 10-1

management defaults 10-2

routing 10-2

Standard Access List Rule, add/edit 36-35

standard ACLs

configuring 21-8

Standard ACL tab 36-15

startup configuration 11-2

Startup Wizard

acessing 7-1

licensing requirements 7-1

requirements for setup 7-2

statd buffer overflow attack 28-20

stateful application inspection 25-65

Stateful Failover 17-4

enabling 17-16

Logical Updates Statistics 47-7, 47-10

settings 17-27

stateful inspection 3-17

stateless failover 17-3

static ARP entry 6-9

static bridge entry 6-13

Static Group panel 13-6

description 13-6

fields 13-6

static NAT

See NAT

Static Neighbor panel 12-17

description 12-17

fields 12-17

static PAT

See PAT

static routes

about 12-40

configuring 12-41

deleting 12-46

editing 12-45

floating 12-41

stealth firewall

See transparent firewall

STOU command, denied request 25-86

subinterface

adding 9-14

subinterfaces, adding 9-13

subnet masks

/bits B-3

about B-2

address range B-4

determining B-3

dotted decimal B-3

number of hosts B-3

subordinate certificate 34-1

Summary Address panel 12-18

description 12-18

fields 12-18

Summary panel, VPN wizard 33-13

Sun Microsystems Java™ Runtime Environment (JRE) and Clientless SSL VPN 38-6

Sun RPC inspection

about 25-29

configuring 25-29

switch MAC address table 6-11

switch ports

access ports 9-17

SPAN 9-4

trunk ports 9-19

system configuration

network settings 11-2

overview 11-1

system messages

device ID, including 19-6

T

TACACS+

command authorization, configuring 18-23

configuring a server 16-9

network access authorization 24-9

support 16-4

tail drop 26-3

TCP

application inspection 25-65

maximum segment size 28-24

ports and literal values B-11

TIME_WAIT state 28-24

TCP FIN only flags attack 28-19

TCP Intercept

statistics 28-5

TCP NULL flags attack 28-18

TCP Service Group, add 36-19

TCP state bypass

AAA 28-10

failover 28-10

firewall mode 28-9

inspection 28-10

mutliple context mode 28-9

NAT 28-10

SSMs and SSCs 28-10

TCP Intercept 28-10

TCP normalization 28-10

unsupported features 28-10

TCP SYN+FIN flags attack 28-18

temporary license 4-9

testing configuration A-1

TFTP

application inspection, enabling 25-33

threat detection

basic

drop types 28-2

enabling 28-2

overview 28-2

rate intervals 28-2

system performance 28-2

scanning

default limits, changing 28-4

enabling 28-3

host database 28-3

overview 28-3

shunning attackers 28-4

system performance 28-4

scanning statistics

enabling 28-4

system performance 28-5

shun

duration 28-4

TIME_WAIT state 28-24

time exceeded, ICMP message 18-8, B-15

time range

add or edit 36-13

browse 36-12

recurring 36-14

timestamp reply, ICMP message 18-8, B-15

timestamp request, ICMP message 18-8, B-15

tocken bucket 26-2

traceroute, enabling 5-11

traffic flow

routed firewall 6-14

transparent firewall 6-20

traffic shaping

overview 26-4

transmit queue ring limit 26-2, 26-3

transparent firewall

about 6-2

ARP inspection

about 6-8

enabling 6-10

static entry 6-9

data flow 6-20

DHCP packets, allowing 21-8

guidelines 6-5

H.323 guidelines 6-3

HSRP 6-3

MAC learning, disabling 6-13

Management 0/0 IP address 9-21

multicast traffic 6-3

packet handling 21-7

static bridge entry 6-13

unsupported features 6-6

VRRP 6-3

transparent mode

NAT 22-3

trunk, 802.1Q 9-13

trunk ports 9-19

Trusted Flow Acceleration

failover 7-2, 31-3

modes 6-5, 6-9, 6-12, 7-2, 31-3

Tunneled Management 36-100

tunnel gateway, default 36-4

tx-ring-limit 26-2, 26-3

Type 1 panel 44-1

description 44-1

fields 44-2

Type 2 panel 44-2

description 44-2

fields 44-2

Type 3 panel 44-3

description 44-3

fields 44-3

Type 4 panel 44-3

description 44-3

fields 44-3

Type 5 panel 44-4

description 44-4

fields 44-4

Type 7 panel 44-4

description 44-4

fields 44-5

U

UDP

application inspection 25-65

bomb attack 28-19

chargen DoS attack 28-19

connection state information 3-18

ports and literal values B-11

snork attack 28-19

Unicast Reverse Path Forwarding 28-23

unreachable, ICMP message B-15

unreachable messages

ICMP type 18-8

required for MTU discovery 18-8

URL

filtering

benefits of 27-6

configuring 27-8

URLs

filtering 27-1

filtering, configuration 27-4

User Accounts panel, VPN wizard 33-11

username

Clientless SSL VPN 38-1

Xauth for Easy VPN client 36-99

V

View/Config Banner 36-33

virtual firewalls

See security contexts

See security contexts

virtual HTTP 24-3

Virtual Link panel 12-20

description 12-20

fields 12-20

virtual MAC address

defining for Active/Active failover 17-32

virtual MAC addresses

about 17-21, 17-33

defaults for Active/Active failover 17-32

defining 17-22

defining for Active/Standby failover 17-34

virtual private network

overview 33-2

virtual reassembly 3-16

VLANs 9-13

802.1Q trunk 9-13

ASA 5505

MAC addresses 9-4

maximum 9-2

subinterfaces 9-13

VoIP

proxy servers 25-24

VPN

address range, subnets B-4

overview 33-1, 33-2

system options 36-95

VPN Client, IPsec attributes 35-9

VPN flex license 4-9

VPN Tunnel Type panel, VPN wizard 33-3

VPN wizard 33-2

Address Pool panel 33-11

Address Translation Exemption panel 33-12

Attributes Pushed to Client panel 33-12

Client Authentication panel 33-9

IKE Policy panel 33-5

IPSec Encryption and AUthentication panel 33-6

Remote Access Client panel 33-7

Remote Site Peer panel 33-3

Summary panel 33-13

User Accounts panel 33-11

VPN Tunnel Type panel 33-3

VPNwizard

Local Hosts and Networks panel 33-7

New Authentication Server Group panel 33-10

VRRP 6-3

W

web browsing with Clientless SSL VPN 38-4

web clients, secure authentication 24-5

Websense filtering server 27-1, 27-5

webtype ACLs

configuring 21-14

WebVPN

CA certificate validation not done 39-1

security preautions 39-1

use suggestions 38-2

X

Xauth, Easy VPN client 36-99

XDMCP

application inspection, enabling 25-33

XOFF frames 9-9

Z

Zone Labs Integrity Server 36-96

	Cisco Security Appliance Configuration Guide using ASDM, 6.2
	Index
Cisco Security Appliance Configuration Guide using ASDM, 6.2 Index Preface Getting Started Before You Start Welcome to ASDM Introduction to the Security Appliance Managing Feature Licenses Defining Preferences and Using Configuration, Diagnostic, and File Management Tools Configuring the Transparent or Routed Firewall Device Setup and Management Using the Startup Wizard Configuring Basic Device Settings Configuring Interfaces Configuring the SSC Configuring Security Contexts Configuring Dynamic And Static Routing Configuring Multicast Routing Configuring IPv6 Neighbor Discovery DHCP, DNS and WCCP Services Configuring AAA Servers and the Local Database Configuring High Availability Managing Device Access Configuring Logging Configuring the Firewall Adding Global Objects Configuring Access Rules and EtherType Rules Configuring NAT Configuring Service Policy Rules Applying AAA for Network Access Configuring Application Layer Protocol Inspection Configuring QoS Configuring Filter Rules Configuring Advanced Firewall Protection Configuring the Botnet Traffic Filter Configuring IPS Configuring Trend Micro Content Security Configuring VPN Using the SSL VPN Wizard Using the VPNWizard Configuring Certificates Configuring IKE General VPN Setup Configuring Dynamic Access Policies Clientless SSL VPN End User Set-up Configuring Clientless SSL VPN Configuring the E-Mail Proxy Configuring SSL Settings Monitoring the Security Appliance Monitoring Interfaces Monitoring VPN Monitoring Routing Monitoring Properties Monitoring Logging Monitoring Failover Monitoring Trend Micro Content Security Reference Troubleshooting the Security Appliance Addresses, Protocols, and Ports Configuring an External Server for Authorization and Authentication	Download this chapter Index Download the complete book Full-Book PDF: Cisco ASDM User Guide, 6.2 (PDF - 15 MB) Table Of Contents Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z Index Symbols /bits subnet masks B-3 Numerics 4GE SSM connector types 9-8 fiber 9-8 SFP 9-8 support 2-2, 3-2 802.1Q tagging 9-19 802.1Q trunk 9-13 A AAA about 16-1 accounting 24-15 authentication CLI access 18-16 network access 24-1 proxy limit 24-9 authorization command 18-18 downloadable access lists 24-10 network access 24-9 local database support 16-8 performance 24-1 server adding 16-9, 16-10 types 16-3 support summary 16-3 web clients 24-5 AAA server group, add (group-policy) 36-6 ABR definition of 12-2 Access Control Server 35-28 Access Group panel 13-2 description 13-2 fields 13-2 access lists downloadable 24-11 implicit deny 21-3 inbound 21-4 NAT addresses 21-5 access ports 9-17 access rules configuring 21-8 overview 21-1 Accounting tab, tunnel group 36-81 ACE add/edit/paste 36-16 Extended ACL tab 36-15 ACL configuring 21-8 enabling IPSEC authenticated inbound sessions to bypass ACLs 36-95, 36-107 extended 36-15 for Clientless SSL VPN 36-24, 36-28 implicit deny 21-4 inbound and outbound 21-4 IP address guidelines with NAT 21-5 overview 21-1 standard 36-15 ACL Manager Add/Edit/Paste ACE 36-16 dialog box 36-14 activation key entering 4-19 location 4-17 obtaining 4-18 Active/Active failover about 17-2 command replication 17-3 configuration synchronization 17-3 Active/Standby failover 17-2 Active Directory proceduresC-16to ?? ActiveX object filtering, benefits of 27-6 Adaptive Security Algorithm 3-17 Add/Edit Access Group dialog box 13-3 description 13-3 fields 13-3 Add/Edit Filtering Entry dialog box 12-9 description 12-9 fields 12-9 Add/Edit IGMP Join Group dialog box 13-4 description 13-4 fields 13-4 Add/Edit IGMP Static Group dialog box 13-7 description 13-7 fields 13-7 Add/Edit Multicast Group dialog box 13-18 description 13-18 fields 13-18 Add/Edit Multicast Route dialog box description 13-8 fields 13-8 Add/Edit OSPF Area dialog box 12-5 description 12-5 fields 12-6 Add/Edit OSPF Neighbor Entry dialog box 12-18 description 12-18 fields 12-18 Restrictions 12-18 Add/Edit Periodic Time Range dialog box 20-17 Add/Edit Redistribution dialog box 12-16 description 12-16 fields 12-16 Add/Edit Rendezvous Point dialog box 13-16 description 13-16 fields 13-17 restrictions 13-17 Add/Edit Route Summarization dialog box 12-8 about 12-8 fields 12-8 Add/Edit Summary Address dialog box description 12-19 fields 12-19 Add/Edit Time Range dialog box 20-15 Add/Edit Virtual Link dialog box 12-20 description 12-20 fields 12-20 address assignment, client 36-82 Address Pool panel, VPN wizard 33-11 address pools, tunnel group 36-82 Address Translation Exemption panel, VPN wizard 33-12 admin context overview 11-1 administrative access using ICMP for 18-8 Advanced DHCP Options dialog box 15-7 description 15-7 fields 15-7 Advanced OSPF Interface Properties dialog box 12-14 description 12-14 fields 12-14 Advanced OSPF Virtual Link Properties dialog box 12-21 description 12-21 fields 12-21 Advanced tab, tunnel group 36-82 ae_webtype_acl 21-14 AIP SSC about 30-1 configuration 30-6 operating modes 30-2 traffic flow 30-2 AIP SSM about 30-1 configuration 30-6 operating modes 30-2 sending traffic to 30-8 support 2-2, 3-2 traffic flow 30-2 alternate address, ICMP message 18-8, B-15 anti-replay window size 26-7, 35-11 APN, GTP application inspection 25-92 APPE command, denied request 25-86 application access and e-mail proxy 38-7 and Web Access 38-7 configuring client applications 38-6 enabling cookies on browser 38-6 privileges 38-6 quitting properly 38-6 setting up on client 38-6 using e-mail 38-7 with IMAP client 38-7 application firewall 25-99 application inspection about 25-2 applying 25-5 configuring 25-5 described 25-65 enabling for different protocols 25-32 security level requirements 9-5 Area/Networks tab 12-5 description 12-5 fields 12-5 area border router 12-2 ARP inspection about 6-8 enabling 6-10 static entry 6-9 ARP spoofing 6-8 ARP table monitoring 42-1 ASA (Adaptive Security Algorithm) 3-17 ASA 5505 Base license 9-2 client Xauth 36-99 interfaces, about 9-1 MAC addresses 9-4 maximum VLANs 9-2 power over Ethernet 9-4 Security Plus license 9-2 SPAN 9-4 Spanning Tree Protocol, unsupported 9-18 ASA 5550 throughput 9-21 ASBR definition of 12-2 asymmetric routing TCP state bypass 28-9 attacks DNS HINFO request 28-19 DNS request for all records 28-19 DNS zone transfer 28-19 DNS zone transfer from high port 28-19 fragmented ICMP traffic 28-18 IP fragment 28-16 IP impossible packet 28-16 large ICMP traffic 28-18 ping of death 28-18 proxied RPC request 28-19 statd buffer overflow 28-20 TCP FIN only flags 28-19 TCP NULL flags 28-18 TCP SYN+FIN flags 28-18 UDP bomb 28-19 UDP chargen DoS 28-19 UDP snork 28-19 attributes RADIUS C-30 Attributes Pushed to Client panel, VPN wizard 33-12 attribute-value pairs TACACS+ C-39 authenticating a certificate 34-2 authentication about 16-2 CLI access 18-16 FTP 24-3 HTTP 24-2 network access 24-1 Telnet 24-2 web clients 24-5 Authentication tab 12-10 description 12-10 fields 12-10 Authentication tab, tunnel group 36-79 authorization about 16-2 command 18-18 downloadable access lists 24-10 network access 24-9 Authorization tab, tunnel group 36-80 Auto-MDI/MDIX 9-4 B backed up configurations restoring 5-28 backing up configurations 5-27 banner, view/configure 36-33 Basic tab IPSec LAN-to-LAN, General tab 36-86 basic threat detection See threat detection bits subnet masks B-3 Botnet Traffic Filter actions 29-2 address categories 29-2 blacklist adding entries 29-8 description 29-2 blocking traffic manually 29-12 classifying traffic 29-10 configuring 29-6 databases 29-2 default settings 29-6 DNS Reverse Lookup Cache information about 29-3 maximum entries 29-4 using with dynamic database 29-9 DNS snooping 29-9 dropping traffic 29-10 graylist 29-10 dynamic database enabling use of 29-7 files 29-3 information about 29-2 searching 29-13 updates 29-7 feature history 29-15 graylist description 29-2 dropping traffic 29-10 guidelines and limitations 29-5 information about 29-1 licensing 29-5 monitoring 29-13 static database adding entries 29-8 information about 29-3 syslog messages 29-13 task flow 29-6 threat level dropping traffic 29-10 whitelist adding entries 29-8 description 29-2 working overview 29-4 Browse ICMP 36-20 Browse Other 36-21 Browse Source or Destination Address 36-18 Browse Source or Destination Port 36-19 Browse Time Range 36-12 building blocks 20-1 C CA certificate validation, not done in WebVPN 39-1 CA certificate 34-1 CA certificates 34-2 call agents MGCP application inspection 25-115, 25-116 capturing packets A-12 CDUP command, denied request 25-86 certificate CA 34-2 code-signer 34-14 Identity 34-8 local CA 34-16 certificate authentication 34-2 certificate enrollment 34-3 CIFS mount point accessing 5-21 Cisco-AV-Pair LDAP attributes C-13 Cisco Client Parameters tab 36-33 Cisco IP Phones, application inspection 25-26 Class A, B, and C addresses B-1 classes See resource management Client Access Rule, add or edit 36-31 Client Address Assignment 36-82 Client Authentication panel, VPN wizard 33-9 Client Configuration tab 36-31 Client Firewall tab 36-36 Clientless SSL VPN client application requirements 38-2 client requirements 38-2 for file management 38-5 for network browsing 38-5 for web browsing 38-4 start-up 38-3 enable cookies for 38-6 end user set-up 38-1 printing and 38-3 remote requirements for port forwarding 38-6 for using applications 38-6 remote system configuration and end-user requirements 38-3 security tips 38-2 supported applications 38-2 supported browsers 38-3 supported types of Internet connections 38-3 URL 38-3 username and password required 38-3 usernames and passwords 38-1 use suggestions 38-1 client parameters, configuring 36-31 Client Update, edit , Windows and VPN 3002 clients 36-3 Client Update window, Windows and VPN 3002 clients 36-1 cluster mixed scenarios 35-21 code-signer certificate 34-14 command authorization about 18-18 configuring 18-18 multiple contexts 18-20 configuration context files 11-2 factory default 1-1 configurations, backing up 5-27 Configure IGMP Parameters dialog box 13-5 description 13-5 fields 13-5 configuring CSC activation 31-4 CSC email 31-14 CSC file transfer 31-15 CSC IP address 31-5 CSC license 31-4 CSC management access 31-6 CSC notifications 31-5 CSC password 31-7 CSC Setup Wizard 31-8, 31-11 CSC Setup Wizard Activation Codes Configuration 31-8 CSC Setup Wizard Host Configuration 31-9 CSC Setup Wizard IP Configuration 31-9 CSC Setup Wizard Management Access Configuration 31-10 CSC Setup Wizard Password Configuration 31-10 CSC Setup Wizard Summary 31-12 CSC Setup Wizard Traffic Selection for CSC Scan 31-10 CSC updates 31-16 CSC Web 31-13 contexts See security contexts conversion error, ICMP message 18-9, B-16 crash dump A-12 CRL cache refresh time 34-7 CSC 31-8 CSC activation configuring 31-4 CSC CPU monitoring 48-4 CSC email configuring 31-14 CSC file transfer configuring 31-15 CSC IP address configuring 31-5 CSC license configuring 31-4 CSC management access configuring 31-6 CSC memory monitoring 48-5 CSC notifications configuring 31-5 CSC password configuring 31-7 CSC security events monitoring 48-2 CSC Setup Wizard 31-8 activation codes configuratrion 31-8 Host configuratrion 31-9 IP configuratrion 31-9 management access configuratrion 31-10 password configuratrion 31-10 specifying traffic for CSC Scanning 31-11 summary 31-12 traffic selection for CSC Scan 31-10 CSC software updates monitoring 48-4 CSC SSM about 31-1 support 2-2, 3-2 CSC SSM feature history 31-17 CSC SSM GUI configuring 31-13 CSC threats monitoring 48-1 CSC updates configuring 31-16 CSC Web configuring 31-13 CTIQBE application inspection, enabling 25-32 cut-through proxy 24-1 D data flow routed firewall 6-14 transparent firewall 6-20 debug messages A-12 default class 11-12 default configuration 1-1 default policy 23-7 default routes defining equal cost routes 12-41 definition of 12-41 for tunneled traffic 12-41 default tunnel gateway 36-4 destination address, browse 36-18 destination port, browse 36-19 device ID, including in messages 19-6 Device Pass-Through 36-100 DHCP configuring 15-4 monitoring interface lease 42-2 IP addresses 42-2 server 42-2 statistics 42-3 services 15-1 statistics 42-3 transparent firewall 21-8 DHCP relay overview 15-1 DHCP Relay - Add/Edit DHCP Server dialog box 15-3 description 15-3 fields 15-3 restrictions 15-3 DHCP Relay panel 15-1 description 15-1 fields 15-2 prerequisites 15-2 restrictions 15-1 DHCP Server panel 15-4 description 15-4 fields 15-4 DHCP services 15-1 DiffServ preservation 26-5 digital certificates 34-1 directory hierarchy search C-4 disabling content rewrite 39-16 DMZ, definition 3-11 DNS application inspection, enabling 25-32 inspection about 25-7 managing 25-6 rewrite, about 25-7 NAT effect on 22-13 DNS client 15-9 DNS HINFO request attack 28-19 DNS request for all records attack 28-19 DNS zone transfer attack 28-19 DNS zone transfer from high port attack 28-19 dotted decimal subnet masks B-3 downloadable access lists configuring 24-11 converting netmask expressions 24-15 DSCP preservation 26-5 dual IP stack, configuring 9-5 duplex interface 9-18, 9-20 duplex, configuring 9-8 dynamic NAT See NAT E Easy VPN client Xauth 36-99 Easy VPN, advanced properties 36-100 Easy VPN client 36-98 Easy VPN Remote 36-98 echo reply, ICMP message B-15 ECMP 12-41 Edit DHCP Relay Agent Settings dialog box 15-3 description 15-3 fields 15-3 prerequisites 15-3 restrictions 15-3 Edit DHCP Server dialog box 15-6 description 15-6 fields 15-6 Edit OSPF Interface Authentication dialog box 12-11 description 12-11 fields 12-11 Edit OSPF Interface Properties dialog box 12-13 fields 12-13 Edit OSPF Process Advanced Properties dialog box 12-3 description 12-3 fields 12-3 Edit PIM Protocol dialog box 13-12 description 13-12 fields 13-12 EIGRP 21-8 e-mail proxy and Clientless SSL VPN 38-7 Enable IPSec authenticated inbound sessions 36-95, 36-107 enrolling certificate 34-3 ESMTP application inspection, enabling 25-32 established command, security level requirements 9-5 Ethernet Auto-MDI/MDIX 9-4 duplex 9-8 jumbo frames, ASA 5580 9-32 jumbo frame support single mode 9-26 MTU 9-26 speed 9-8 EtherType access list implicit deny 21-3 evaluation license 4-9 extended ACL 36-15 extended ACLs configuring for management traffic 21-10 for network traffic 21-12 external filtering server 27-5 External Group Policy, add or edit 36-6 F factory default configuration 1-1 failover about virtual MAC addresses 17-21 criteria 17-20, 17-28 defining standby IP addresses 17-18, 17-19 defining virtual MAC addresses 17-22 enable 17-27 enabling Active/Standby 17-16 enabling Stateful Failover 17-16 graphs 47-5 in multiple context mode 17-26 key 17-16, 17-27 license, upgrading 4-20 MAC addresses automatically assigning 11-19 make active 47-4 make standby 47-4 monitoring 47-1 monitoring interfaces 17-20 redundant interfaces 9-11 reload standby 47-4 reset 47-4, 47-8 stateful 17-4 Stateful Failover 17-27 stateless 17-3 status 47-1 Trusted Flow Acceleration 7-2, 31-3 failover groups about 17-30 adding 17-31 editing 17-31 monitoring 47-9 reset 47-11 fast path 3-18 fiber interfaces 9-8 Fibre Channel interfaces default settings 31-3 filtering benefits of 27-5 rules 27-7 security level requirements 9-5 servers supported 27-1 URLs 27-1 Filtering panel 12-8 benefits 12-8 description 12-8 fields 12-9 restrictions 12-8 firewall, client, configuring settings 36-36 firewall mode about 6-1 configuring 1-5, 6-1 firewall server, Zone Labs 36-96 flow control for 10 Gigabit Ethernet 9-9 fragmentation policy, IPsec 35-2 fragmented ICMP traffic attack 28-18 fragment protection 3-16 FTP application inspection enabling 25-32 viewing 23-17, 25-67, 25-69, 25-75, 25-76, 25-83, 25-93, 25-94, 25-100, 25-107, 25-110, 25-115, 25-118, 25-120, 25-121, 25-125 filtering option 27-9 FTP inspection about 25-9 configuring 25-8 G gateway, default tunnel gateway 36-4 gateways MGCP application inspection 25-116 General Client Parameters tab 36-32 global addresses recommendations 22-13 Group Policy window add or edit, General tab 36-7, 36-11 introduction 36-5 IPSec tab, add or edit 36-29 GTP application inspection enabling 25-32 viewing 25-87 GTP inspection configuring 25-10 H H.323 transparent firewall guidelines 6-3 H.323 inspection about 25-12 configuring 25-11 limitations 25-13 H225 application inspection, enabling 25-32 H323 RAS application inspection, enabling 25-32 Hardware Client tab 36-38 HELP command, denied request 25-86 hierarchical policy, traffic shaping and priority queueing 26-8 history metrics 8-9 hosts, subnet masks for B-3 HSRP 6-3 HTTP application inspection enabling 25-32 viewing 25-99 filtering 27-1 benefits of 27-6 configuring 27-8 HTTP inspection configuring 25-14 HTTPS filtering option 27-9 HTTPS/Telnet/SSH allowing network or host access to ASDM 18-1 I ICMP add group 36-21 application inspection, enabling 25-33 browse 36-20 rules for access to ADSM 18-8 testing connectivity A-1 type numbers B-15 ICMP Error application inspection, enabling 25-33 ICMP Group 36-21 ICMP unreachable message limits 18-9 Identity Certificates 34-8 IGMP access groups 13-2 configuring interface parameters 13-5 group membership 13-3 interface parameters 13-5 static group assignment 13-6 IGMP panel IGMP overview 13-2 IKE Policy panel, VPN wizard 33-5 ILS application inspection, enabling 25-33 ILS inspection 25-15 IM 25-24 inbound access lists 21-4 information reply, ICMP message 18-9, B-15 information request, ICMP message 18-9, B-15 inside, definition 3-11 inspection engines See application inspection Instant Messaging inspection 25-24 interface duplex 9-18, 9-20 MTU 9-26 subinterface, adding 9-14 Interface panel 12-10 interfaces ASA 5505 about 9-1 enabled status 9-17 MAC addresses 9-4 maximum VLANs 9-2 switch port configuration 9-17 trunk ports 9-19 ASA 5550 throughput 9-21 default settings 31-3 duplex 9-8 fiber 9-8 jumbo frame support single mode 9-26 monitoring 42-5 redundant 9-11 SFP 9-8 speed 9-8 subinterfaces 9-13 intrusion prevention configuration 30-6 IP addresses classes B-1 private B-2 subnet mask B-4 IP audit enabling 28-13 monitoring 45-16 signatures 28-15 statistics IP audit signature matches 1 IP fragment attack 28-16 IP fragment database, defaults 28-22 IP fragment database, editing 28-23 IP impossible packet attack 28-16 IP Options application inspection, enabling 25-33 IP overlapping fragments attack 28-17 IPS IP audit 28-13 See AIP SSM or AIP SSC IPSec anti-replay window 26-7 IPsec Cisco VPN Client 35-9 fragmentation policy 35-2 IPSec Encryption and Authentication panel, VPN wizard 33-6 IPSec rules anti-replay window size 26-7, 35-11 IPSec tab internal group policy 36-29 IPSec LAN-to-LAN 36-88 tunnel group 36-83 IPS SSC 30-1 IP teardrop attack 28-17 IPv6 configuring alongside IPv4 9-5 dual IP stack 9-5 duplicate address detection 7-21, 9-27 router advertisement messages 7-22, 14-5 IPv6 addresses anycast B-9 format B-5 multicast B-8 prefixes B-10 required B-10 types of B-6 unicast B-6 J Java applet filtering benefits of 27-6 Java console 5-12 Join Group panel 13-3 description 13-3 fields 13-4 jumbo frames, ASA 5580 9-32 jumbo frame support single mode 9-26 K Kerberos configuring 16-9 support 16-5 key pairs 34-9 L large ICMP traffic attack 28-18 latency about 26-1 configuring 26-2, 26-3 reducing 26-5 Layer 2 firewall See transparent firewall Layer 2 forwarding table See MAC address table Layer 3/4 matching multiple policy maps 23-6 LDAP application inspection 25-15 attribute mapping 16-22 Cisco-AV-pair C-13 configuring 16-9 configuring a AAA serverC-3to ?? directory search C-4 example configuration proceduresC-16to ?? hierarchy example C-4 SASL 16-6 server type 16-7 user authorization 16-7 licenses activation key entering 4-19 location 4-17 obtaining 4-18 ASA 5505 4-2 ASA 5510 4-3 ASA 5520 4-4 ASA 5540 4-5 ASA 5550 4-6 ASA 5580 4-7 default 4-9 evaluation 4-9 failover 4-17 guidelines 4-17 managing 4-1 preinstalled 4-9 Product Authorization Key 4-18 reload requirements 4-19 shared backup server, information 4-13 client, configuring 4-23 communication issues 4-13 failover 4-14 maximum clients 4-15 monitoring 4-24 overview 4-12 server, configuring 4-22 SSL messages 4-13 temporary 4-9 upgrading, failover 4-20 viewing current 4-18 VPN Flex 4-9 licensing requirements CSC SSM 31-2 LLQ See low-latency queue load balancing mixed cluster scenarios 35-21 local CA 34-16 Local CA User Database 34-19 Local Hosts and Networks panel, VPN wizard 33-7 local user database support 16-8 lockout recovery 18-27, A-6 login FTP 24-3 low-latency queue applying 26-2, 26-3 LSA about Type 1 44-1 about Type 2 44-2 about Type 3 44-3 about Type 4 44-3 about Type 5 44-4 about Type 7 44-4 M MAC address redundant interfaces 9-12 MAC addresses ASA 5505 9-4 MAC address table about 6-20 built-in-switch 6-11 MAC learning, disabling 6-13 monitoring 42-4 static entry 6-13 MAC learning, disabling 6-13 management interfaces default settings 31-3 man-in-the-middle attack 6-8 mask reply, ICMP message B-16 request, ICMP message B-15 mask reply, ICMP message 18-9 mask request, ICMP message 18-9 maximum sessions, IPSec 36-95 media termination address, criteria 25-145 MGCP application inspection configuring 25-116 enabling 25-33 viewing 25-114 MGCP inspection configuring 25-18 mgmt0 interfaces default settings 31-3 Microsoft client parameters, configuring 36-31 mixed cluster scenarios, load balancing 35-21 mobile redirection, ICMP message 18-9, B-16 mode context 11-9 firewall 1-5, 6-1 Modular Policy Framework See MPF monitoring ARP table 42-1 CSC CPU 48-4 CSC memory 48-5 CSC security events 48-2 CSC software updates 48-4 CSC threats 48-1 DHCP interface lease 42-2 IP addresses 42-2 server 42-2 statistics 42-3 failover 47-1, 47-6 failover groups 47-9 history metrics 8-9 interfaces 42-5 MAC address table 42-4 routes 44-8 monitoring interfaces 17-20 monitoring switch traffic, ASA 5505 9-4 MPF about 23-1 default policy 23-7 feature directionality 23-3 features 23-2 flows 23-6 matching multiple policy maps 23-6 See also class map See also policy map MRoute panel 13-11 description 13-7 fields 13-7 MTU 9-26 Multicast panel description 13-1 fields 13-1 Multicast Route panel 13-11 multicast traffic 6-3 multiple mode, enabling 11-9 N N2H2 filtering server 27-5 name resolution 15-9 NAT about 22-1 access rule guidelines 21-5 application inspection 25-65 bypassing NAT about 22-10 DNS 22-13 dynamic NAT about 22-6 configuring 22-22 implementation 22-16 exemption from NAT about 22-10 identity NAT about 22-10 order of statements 22-13 PAT about 22-8 configuring 22-22 implementation 22-16 policy NAT about 22-10 RPC not supported with 25-29 same security level 22-12 security level requirements 9-5 static NAT about 22-8 configuring 22-26 static PAT about 22-9 transparent mode 22-3 types 22-6 NETBIOS application inspection, enabling 25-33 NetBIOS server tab 36-61 NetFlow event matching to configured collectors 19-19 Network Admission Control uses, requirements, and limitations 35-27 New Authentication Server Group panel, VPN wizard 33-10 NTLM support 16-5 NT server configuring 16-9 support 16-5 O open ports B-14 OSPF about 12-1 adding an LSA filter 12-9 authentication settings 12-10 authentication support 12-1 configuring authentication 12-11 defining a static neighbor 12-18 defining interface properties 12-13 interaction with NAT 12-2 interface properties 12-10, 12-12 LSA filtering 12-8 LSAs 12-2 LSA types 44-1 monitoring LSAs 44-1 neighbor states 44-5 route redistribution 12-15 static neighbor 12-17 summary address 12-18 virtual links 12-20 OSPF area defining 12-5 OSPF Neighbors panel 44-5 description 44-5 fields 44-5 OSPF parameters dead interval 12-14 hello interval 12-14 retransmit interval 12-14 transmit delay 12-14 OSPF route summarization about 12-7 defining 12-8 Outlook Web Access (OWA) and Clientless SSL VPN 38-7 outside, definition 3-11 oversubscribing resources 11-11 P packet capture A-12 classifier 11-2 packet flow routed firewall 6-14 transparent firewall 6-20 packet trace, enabling 5-7 parameter problem, ICMP message 18-8, B-15 password Clientless SSL VPN 38-1 passwords recovery A-7 PAT See also NAT pause frames for flow control 9-9 PDP context, GTP application inspection 25-90 PIM interface parameters 13-12 overview 13-11 register message filter 13-18 rendezvous points 13-16 shortest path tree settings 13-20 ping See ICMP using 5-8 ping of death attack 28-18 PoE 9-4 policy, QoS 26-1 policy map Layer 3/4 feature directionality 23-3 flows 23-6 policy NAT about 22-10 Port Forwarding configuring client applications 38-6 port forwarding entry 39-21 ports open on device B-14 TCP and UDP B-11 posture validation uses, requirements, and limitations 35-27 Posture Validation Exception, add/edit 35-29 power over Ethernet 9-4 PPP tab, tunnel-group 36-86 PPTP application inspection, enabling 25-33 prerequisites for use CSC SSM 31-2 priority queueing hierarchical policy with traffic shaping 26-8 IPSec anti-replay window size 26-7, 35-11 private networks B-2 Process Instances tab 12-3 description 12-3 fields 12-3 Product Authorization Key 4-18 Properties tab 12-12 description 12-12 fields 12-12 Protocol Group, add 36-22 protocol numbers and literal values B-11 Protocol panel (IGMP) 13-5 description 13-5 fields 13-5 Protocol panel (PIM) 13-12 description 13-12 fields 13-12 proxied RPC request attack 28-19 proxy ARP, disabling 12-47 proxy bypass 39-28 proxy servers SIP and 25-24 Q QoS about 26-1, 26-3 DiffServ preservation 26-5 DSCP preservation 26-5 feature interaction 26-4 policies 26-1 priority queueing hierarchical policy with traffic shaping 26-8 IPSec anti-replay window 26-7 IPSec anti-replay window size 26-7, 35-11 token bucket 26-2 traffic shaping overview 26-4 Quality of Service See QoS queue, QoS latency, reducing 26-5 limit 26-2, 26-3 R RADIUS attributes C-30 Cisco AV pair C-13 configuring a AAA server C-30 configuring a server 16-9 downloadable access lists 24-11 network access authentication 24-4 network access authorization 24-10 support 16-4 rate limiting 26-3 RealPlayer 25-22 recurring time range, add or edit 36-14 redirect, ICMP message 18-8, B-15 Redistribution panel 12-15 description 12-15 fields 12-15 redundant interfaces configuring 9-11 failover 9-11 MAC address 9-12 setting the active interface 9-13 reloading security appliance A-6 Remote Access Client panel, VPN wizard 33-7 Remote Site Peer panel, VPN wizard 33-3 Rendezvous Points panel 13-16 description 13-16 fields 13-16 Request Filter panel 13-18 description 13-18 fields 13-18 reset inbound connections 28-24 outside connections 28-24 resource management configuring 11-10 default class 11-12 oversubscribing 11-11 overview 11-11 unlimited 11-11 restoring backups 5-28 rewrite, disabling 39-16 RIP authentication 12-22 definition of 12-22 support for 12-22 RIP panel 12-22 fields 12-23 limitations 12-22 RIP Version 2 Notes 12-22 RNFR command, denied request 25-86 RNTO command, denied request 25-86 routed mode about 6-1 setting 1-5, 6-1 router advertisement, ICMP message B-15 solicitation, ICMP message B-15 router advertisement, ICMP message 18-8 router solicitation, ICMP message 18-8 Routes panel 44-8 description 44-8 fields 44-8 Route Summarization tab 12-7 about 12-7 fields 12-7 Route Tree panel 13-20 description 13-20 fields 13-20 routing other protocols 21-7 RPC application inspection, enabling 25-33 RSH application inspection, enabling 25-33 RTSP application inspection, enabling 25-33 RTSP inspection about 25-22 configuring 25-22 rules filtering 27-5 ICMP 18-8 S same security level communication enabling 9-31 NAT 22-12 SCCP (Skinny) inspection about 25-26 configuration 25-26 configuring 25-25 SDI configuring 16-9 support 16-5 Secure Computing SmartFilter filtering server supported 27-1 URL for website 27-1 Secure Copy configure server 18-5 security, WebVPN 39-1 security appliance managing licenses 4-1 reloading A-6 security contexts admin context overview 11-1 cascading 11-7 classifier 11-2 command authorization 18-20 configuration files 11-2 logging in 11-8 multiple mode, enabling 11-9 nesting or cascading 11-8 overview 11-1 resource management 11-11 unsupported features 11-2 security level about 9-5 segment size maximum and minimum 28-24 Server and URL List add/edit 36-41 Server or URL dialog box 36-41 service groups managing with ACLs 21-20 session management path 3-18 Setup panel 12-2 about 12-2 shared license backup server, information 4-13 client, configuring 4-23 communication issues 4-13 failover 4-14 maximum clients 4-15 monitoring 4-24 server, configuring 4-22 SSL messages 4-13 shun duration 28-4 signatures attack and informational 28-15 single mode backing up configuration 11-9 configuration 11-10 enabling 11-9 restoring 11-10 SIP application inspection, enabling 25-33 SIP inspection about 25-24 configuring 25-23 instant messaging 25-24 SITE command, denied request 25-86 Skinny application inspection, enabling 25-33 smart tunnels 39-33 SMTP inspection 25-27 SNMP application inspection enabling 25-33 viewing 25-131 SNMP Version 3 18-12 SNMP Versions 1 and 2c 18-12 source address, browse 36-18 source port, browse 36-19 source quench, ICMP message 18-8, B-15 SPAN 9-4 Spanning Tree Protocol, unsupported 9-18 specifying traffic for CSC scanning 31-11 speed, configuring 9-8 spoofing, preventing 28-23 SQLNET application inspection, enabling 25-33 SSC management interface 10-3 SSCMs configuration AIP SSC 30-6 SSCs management access 10-1 management defaults 10-2 routing 10-2 SSMs configuration AIP SSM 30-6 management access 10-1 management defaults 10-2 routing 10-2 Standard Access List Rule, add/edit 36-35 standard ACLs configuring 21-8 Standard ACL tab 36-15 startup configuration 11-2 Startup Wizard acessing 7-1 licensing requirements 7-1 requirements for setup 7-2 statd buffer overflow attack 28-20 stateful application inspection 25-65 Stateful Failover 17-4 enabling 17-16 Logical Updates Statistics 47-7, 47-10 settings 17-27 stateful inspection 3-17 stateless failover 17-3 static ARP entry 6-9 static bridge entry 6-13 Static Group panel 13-6 description 13-6 fields 13-6 static NAT See NAT Static Neighbor panel 12-17 description 12-17 fields 12-17 static PAT See PAT static routes about 12-40 configuring 12-41 deleting 12-46 editing 12-45 floating 12-41 stealth firewall See transparent firewall STOU command, denied request 25-86 subinterface adding 9-14 subinterfaces, adding 9-13 subnet masks /bits B-3 about B-2 address range B-4 determining B-3 dotted decimal B-3 number of hosts B-3 subordinate certificate 34-1 Summary Address panel 12-18 description 12-18 fields 12-18 Summary panel, VPN wizard 33-13 Sun Microsystems Java™ Runtime Environment (JRE) and Clientless SSL VPN 38-6 Sun RPC inspection about 25-29 configuring 25-29 switch MAC address table 6-11 switch ports access ports 9-17 SPAN 9-4 trunk ports 9-19 system configuration network settings 11-2 overview 11-1 system messages device ID, including 19-6 T TACACS+ command authorization, configuring 18-23 configuring a server 16-9 network access authorization 24-9 support 16-4 tail drop 26-3 TCP application inspection 25-65 maximum segment size 28-24 ports and literal values B-11 TIME_WAIT state 28-24 TCP FIN only flags attack 28-19 TCP Intercept statistics 28-5 TCP NULL flags attack 28-18 TCP Service Group, add 36-19 TCP state bypass AAA 28-10 failover 28-10 firewall mode 28-9 inspection 28-10 mutliple context mode 28-9 NAT 28-10 SSMs and SSCs 28-10 TCP Intercept 28-10 TCP normalization 28-10 unsupported features 28-10 TCP SYN+FIN flags attack 28-18 temporary license 4-9 testing configuration A-1 TFTP application inspection, enabling 25-33 threat detection basic drop types 28-2 enabling 28-2 overview 28-2 rate intervals 28-2 system performance 28-2 scanning default limits, changing 28-4 enabling 28-3 host database 28-3 overview 28-3 shunning attackers 28-4 system performance 28-4 scanning statistics enabling 28-4 system performance 28-5 shun duration 28-4 TIME_WAIT state 28-24 time exceeded, ICMP message 18-8, B-15 time range add or edit 36-13 browse 36-12 recurring 36-14 timestamp reply, ICMP message 18-8, B-15 timestamp request, ICMP message 18-8, B-15 tocken bucket 26-2 traceroute, enabling 5-11 traffic flow routed firewall 6-14 transparent firewall 6-20 traffic shaping overview 26-4 transmit queue ring limit 26-2, 26-3 transparent firewall about 6-2 ARP inspection about 6-8 enabling 6-10 static entry 6-9 data flow 6-20 DHCP packets, allowing 21-8 guidelines 6-5 H.323 guidelines 6-3 HSRP 6-3 MAC learning, disabling 6-13 Management 0/0 IP address 9-21 multicast traffic 6-3 packet handling 21-7 static bridge entry 6-13 unsupported features 6-6 VRRP 6-3 transparent mode NAT 22-3 trunk, 802.1Q 9-13 trunk ports 9-19 Trusted Flow Acceleration failover 7-2, 31-3 modes 6-5, 6-9, 6-12, 7-2, 31-3 Tunneled Management 36-100 tunnel gateway, default 36-4 tx-ring-limit 26-2, 26-3 Type 1 panel 44-1 description 44-1 fields 44-2 Type 2 panel 44-2 description 44-2 fields 44-2 Type 3 panel 44-3 description 44-3 fields 44-3 Type 4 panel 44-3 description 44-3 fields 44-3 Type 5 panel 44-4 description 44-4 fields 44-4 Type 7 panel 44-4 description 44-4 fields 44-5 U UDP application inspection 25-65 bomb attack 28-19 chargen DoS attack 28-19 connection state information 3-18 ports and literal values B-11 snork attack 28-19 Unicast Reverse Path Forwarding 28-23 unreachable, ICMP message B-15 unreachable messages ICMP type 18-8 required for MTU discovery 18-8 URL filtering benefits of 27-6 configuring 27-8 URLs filtering 27-1 filtering, configuration 27-4 User Accounts panel, VPN wizard 33-11 username Clientless SSL VPN 38-1 Xauth for Easy VPN client 36-99 V View/Config Banner 36-33 virtual firewalls See security contexts See security contexts virtual HTTP 24-3 Virtual Link panel 12-20 description 12-20 fields 12-20 virtual MAC address defining for Active/Active failover 17-32 virtual MAC addresses about 17-21, 17-33 defaults for Active/Active failover 17-32 defining 17-22 defining for Active/Standby failover 17-34 virtual private network overview 33-2 virtual reassembly 3-16 VLANs 9-13 802.1Q trunk 9-13 ASA 5505 MAC addresses 9-4 maximum 9-2 subinterfaces 9-13 VoIP proxy servers 25-24 VPN address range, subnets B-4 overview 33-1, 33-2 system options 36-95 VPN Client, IPsec attributes 35-9 VPN flex license 4-9 VPN Tunnel Type panel, VPN wizard 33-3 VPN wizard 33-2 Address Pool panel 33-11 Address Translation Exemption panel 33-12 Attributes Pushed to Client panel 33-12 Client Authentication panel 33-9 IKE Policy panel 33-5 IPSec Encryption and AUthentication panel 33-6 Remote Access Client panel 33-7 Remote Site Peer panel 33-3 Summary panel 33-13 User Accounts panel 33-11 VPN Tunnel Type panel 33-3 VPNwizard Local Hosts and Networks panel 33-7 New Authentication Server Group panel 33-10 VRRP 6-3 W web browsing with Clientless SSL VPN 38-4 web clients, secure authentication 24-5 Websense filtering server 27-1, 27-5 webtype ACLs configuring 21-14 WebVPN CA certificate validation not done 39-1 security preautions 39-1 use suggestions 38-2 X Xauth, Easy VPN client 36-99 XDMCP application inspection, enabling 25-33 XOFF frames 9-9 Z Zone Labs Integrity Server 36-96
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks