Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.2F - Index [Cisco Adaptive Security Device Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

AAA

accounting 25-15

authentication

CLI access 16-25

network access 25-1

proxy limit 25-8

authorization

command 16-26

downloadable access lists 25-11

network access 25-9

disabling challenges 25-8

local database support 15-6

maximum rules 2-8

overview 15-1

performance 25-1

server

adding 15-7, 15-8

types 15-3

support summary 15-3

web clients 25-7

ABR

definition of 11-7

Access Group panel 12-2

description 12-2

fields 12-2

access lists

commitment 21-2

downloadable 25-11

expanded 21-3

implicit deny 21-2

inbound 21-3

IP address guidelines with NAT 21-5

maximum rules 21-3

memory limits 21-3

memory partitions 10-10

NAT addresses 21-5

outbound 21-3

overview 21-1

ACEs

expanded 21-3

maximum 21-3

Active/Active failover

about 14-2

command replication 14-2

configuration synchronization 14-2

Active/Standby failover 14-2

adaptive security algorithm 1-8

Add/Edit Access Group dialog box 12-3

description 12-3

fields 12-3

Add/Edit Filtering Entry dialog box 11-14

description 11-14

fields 11-14

Add/Edit IGMP Join Group dialog box 12-4

description 12-4

fields 12-4

Add/Edit IGMP Static Group dialog box 12-7

description 12-7

fields 12-7

Add/Edit Multicast Group dialog box 12-16

description 12-16

fields 12-16

Add/Edit Multicast Route dialog box

description 12-8

fields 12-8

Add/Edit OSPF Area dialog box 11-10

description 11-10

fields 11-11

Add/Edit OSPF Neighbor Entry dialog box 11-22

description 11-22

fields 11-23

Restrictions 11-22

Add/Edit Periodic Time Range dialog box 20-15

Add/Edit Redistribution dialog box 11-21

description 11-21

fields 11-21

Add/Edit Rendezvous Point dialog box 12-14

description 12-14

fields 12-15

restrictions 12-15

Add/Edit Route Summarization dialog box 11-13

about 11-13

fields 11-13

Add/Edit Summary Address dialog box

description 11-24

fields 11-24

Add/Edit Time Range dialog box 20-14

Add/Edit Virtual Link dialog box 11-25

description 11-25

fields 11-25

Addresses tab 20-2

admin context

overview 10-2

administrative distance 11-44

Advanced DHCP Options dialog box 13-6

description 13-6

fields 13-7

Advanced OSPF Interface Properties dialog box 11-19

description 11-19

fields 11-19

Advanced OSPF Virtual Link Properties dialog box 11-26

description 11-26

fields 11-26

alternate address, ICMP message 16-8

APN, GTP application inspection 24-84

APPE command, denied request 24-79

application firewall 24-87

application inspection

about 24-2

applying 24-4

configuring 24-4

described 24-58

enabling for different protocols 24-27

Apply button 3-9

Area/Networks tab 11-10

description 11-10

fields 11-10

area border router 11-7

ARP inspection

configuring 28-1

ARP spoofing 28-2

ARP table

monitoring 31-1

static entry 28-3

ASBR

definition of 11-7

ASDM

maximum connections 2-5

version 3-13

authenticating a certificate 18-1

authentication

CLI access 16-25

FTP 25-3

HTTP 25-2

network access 25-1

overview 15-2

Telnet 25-2

web clients 25-7

Authentication tab 11-15

description 11-15

fields 11-15

authorization

command 16-26

downloadable access lists 25-11

network access 25-9

overview 15-2

autostate messaging 5-15

B

bandwidth 3-14

limiting 10-17

maximum 2-4

BGP

monitoring 11-45

booting

from the switch 5-17

boot partitions 5-16

BPDUs

forwarding on the switch 5-14

bridge groups

overview 1-7

bridging

MAC address table

learning, disabling 28-6

overview 28-4

static entry 28-6

management IP address 8-1

building blocks 20-1

bypassing the firewall, in the switch 5-9

C

CA certificate 18-1

call agents

MGCP application inspection 24-101, 24-102

Cancel button 3-9

CDUP command, denied request 24-80

CEF 2-4

certificate

exporting 18-14

fingerprint 18-2

importing 18-15

installing 18-15

managing 18-5

certificate authentication 18-1

certificate enrollment 18-2

Cisco IOS versions 2-3

Cisco IP Phones, application inspection 24-21

classes

See resource management

command authorization

about 16-26

configuring 16-26

multiple contexts 16-28

Compact Flash 5-16

Configure IGMP Parameters dialog box 12-5

description 12-5

fields 12-5

connection

deleting 2-6

connection limits

TCP and UDP 27-1

connections per second 3-14

context mode

viewing 3-13

contexts

See security contexts

control plane path 1-8

conversion error, ICMP message 16-8

CPU usage 3-13

CRL

cache refresh time 18-13

checking 18-13

enforce next update 18-13

retrieval method 18-12

retrieval policy 18-11

CTIQBE

application inspection, enabling 24-27

cut-through proxy 25-1

D

default class 10-19

default policy 23-2

default routes

defining equal cost routes 11-42

definition of 11-42

device ID, including in messages 17-8

DHCP

configuring 13-4

monitoring

interface lease 31-2

IP addresses 31-2

server 31-2

statistics 31-3

services 13-1

statistics 31-3

transparent firewall 21-8

DHCP relay

overview 13-1

DHCP Relay - Add/Edit DHCP Server dialog box 13-3

description 13-3, 13-4

fields 13-4

restrictions 13-3

DHCP Relay panel

description 13-1

fields 13-2

prerequisites 13-1

restrictions 13-1

DHCP Server panel 13-4

description 13-4

fields 13-5

DHCP services 13-1, 14-1

digital certificates 18-1

DMZ, definition 1-1

DNS

application inspection, enabling 24-27

inspection

about 24-7

managing 24-6

rewrite, about 24-7

DNS and NAT 22-15

DNS client 13-8

downloadable access lists

configuring 25-11

converting netmask expressions 25-15

DSCP bits 1-9

dynamic NAT

See NAT

E

ECMP 11-42

Edit DHCP Relay Agent Settings dialog box 13-3

description 13-3

fields 13-3

prerequisites 13-3

restrictions 13-3

Edit DHCP Server dialog box 13-6

description 13-6

fields 13-6

Edit OSPF Interface Authentication dialog box 11-16

description 11-16

fields 11-16

Edit OSPF Interface Properties dialog box 11-18

fields 11-18

Edit OSPF Process Advanced Properties dialog box 11-8

description 11-8

fields 11-8

Edit PIM Protocol dialog box 12-10

description 12-10

fields 12-10

EIGRP 21-8

enrolling

certificate 18-2

ESMTP

application inspection, enabling 24-27

established command

maximum rules 2-8

security level requirements 9-1

EtherChannel, backplane

load-balancing 5-14

overview 5-14

Ethernet

MTU 9-3, 9-7

EtherType access list

applying in both directions 21-8

compatibilty with extended access lists 21-2

implicit deny 21-2

MPLS, allowing 21-9

supported EtherTypes 21-8

exporting a certificate 18-14

external filtering server 26-7

F

failover

criteria 14-16, 14-22

defining standby IP addresses 14-14, 14-15

enable 14-20

enabling Active/Standby 14-12

enabling Stateful Failover 14-12

graphs 30-4

in multiple context mode 14-20

key 14-12, 14-20

make active 30-4

make standby 30-4

monitoring 30-1

PISA 27-7

reload standby 30-4

reset 30-4, 30-8

stateful 14-3

Stateful Failover 14-21

stateless 14-3

status 30-1

switch configuration 5-14

trunk 5-14

failover groups

about 14-23

adding 14-24

editing 14-24

monitoring 30-8

reset 30-10

filtering

benefits of 26-7

maximum rules 2-8

overview 26-1

rules 26-8

security level requirements 9-1

servers supported 26-2

URLs 26-2

Filtering panel 11-13

benefits 11-13

description 11-13

fields 11-14

restrictions 11-13

fingerprint

certificate 18-2

firewall mode

configuring 19-1

overview 19-1

viewing 3-13

Flash memory

overview 5-16

partitions 5-16

size 2-4

fragments 1-4

FTP

application inspection

enabling 24-27

viewing 24-60, 24-62, 24-69, 24-70, 24-76, 24-77, 24-85, 24-88, 24-95, 24-98, 24-101, 24-105, 24-107, 24-108, 24-112

filtering option 26-10

FTP inspection

about 24-8

configuring 24-8

G

gateways

MGCP application inspection 24-103

global addresses

guidelines 22-15

GRE tagging with PISA 27-6

GTP

application inspection

enabling 24-27

viewing 24-80

GTP inspection

configuring 24-10

H

H.323

transparent firewall guidelines 19-4

H.323 inspection

about 24-12

configuring 24-11

limitations 24-13

H225

application inspection, enabling 24-27

H323 RAS

application inspection, enabling 24-28

Help button 3-9

HELP command, denied request 24-80

Help menu 3-6

history metrics 8-2

HSRP 19-3

HTTP

application inspection

enabling 24-28

viewing 24-87

filtering

configuring 26-9

HTTP(S)

filtering 26-2

maximum connections 2-5

maximum rules 2-8

HTTP inspection

configuring 24-13

HTTPS

filtering option 26-10

HTTPS/Telnet/SSH

allowing network or host access to ASDM 16-1

I

ICMP

application inspection, enabling 24-28

maximum rules 2-8

ICMP Error

application inspection, enabling 24-28

IGMP

access groups 12-2

configuring interface parameters 12-5

group membership 12-3

interface parameters 12-5

static group assignment 12-6

IGMP panel

IGMP

overview 12-2

ILS

application inspection, enabling 24-28

ILS inspection 24-14

IM 24-20

import certificate panel 18-3

importing a certificate 18-15

inbound access lists 21-3

information reply, ICMP message 16-8

information request, ICMP message 16-8

inside, definition 1-1

inspection engines

security level requirements 9-1

See application inspection

installation

module verification 5-3

installing a certificate 18-15

Instant Messaging inspection 24-20

interface

MTU 9-3, 9-7

status 3-13

throughput 3-14

Interface panel 11-15

interfaces

maximum 2-5

monitoring 31-5

See also switch ports.

shared 10-6

IOS

upgrading 5-2

IOS versions 2-3

IP address 8-1

management, transparent firewall 8-1

IP addresses

overlapping between contexts 10-4

IP fragment database, editing 27-12

IPv6

duplicate address detection 9-8

ipv6

access rules 21-9

ipv6 addresses

about 9-8

configuring 9-7

link-local 9-11

IPX 5-9

ISNs, randomizing

using Modular Policy Framework 27-1

J

Java applet filtering 26-2

Java console 4-8

Join Group panel 12-3

description 12-3

fields 12-4

K

Kerberos

configuring 15-7

support 15-6

key pair panel

key-pair name 18-4

size 18-4

usage 18-4

key pairs 18-4

adding 18-4

showing details 18-5

L

Layer 2 firewall

See transparent firewall

Layer 3/4

matching multiple policy maps 23-4

LDAP

application inspection 24-14

attribute mapping 15-16

configuring 15-7

support 15-6

load-balancing, backplane EtherChannel 5-14

local user database

support 15-6

lockout recovery 16-35

logging

viewing last 10 messages 3-14

login

FTP 25-3

loops, avoiding 5-14

LSA

about Type 1 32-3

about Type 2 32-4

about Type 3 32-4

about Type 4 32-5

about Type 5 32-6

about Type 7 32-6

M

MAC address table 28-4

built-in-switch 28-5

learning, disabling 28-6

monitoring 31-4

overview 28-4

static entry 28-6

managing

certificates 18-5

man-in-the-middle attack 28-2

mask reply, ICMP message 16-8

mask request, ICMP message 16-8

memory

access list use of 21-3

Flash 2-4

RAM 2-4

rules use of 21-3

memory partitions 10-10

reallocating rules 10-15

setting the total number 10-11

sizes 10-12

memory usage 3-13

menus 3-4

MGCP

application inspection

configuring 24-103

enabling 24-28

viewing 24-101

MGCP inspection

configuring 24-15

MIBs

supported 16-10

mobile redirection, ICMP message 16-8

mode

context 10-9

Modular Policy Framework

See MPF

monitoring

ARP table 31-1

DHCP

interface lease 31-2

IP addresses 31-2

server 31-2

statistics 31-3

failover 30-1, 30-5

failover groups 30-8

history metrics 8-2

interfaces 31-5

MAC address table 31-4

routes 32-9

SNMP 16-10

MPF

about 23-1

default policy 23-2

features 23-1

flows 23-4

matching multiple policy maps 23-4

MPLS

LDP 21-9

router-id 21-9

TDP 21-9

MRoute panel 12-9

description 12-7

fields 12-7

MSFC

definition 2-2

overview 1-6

SVIs 5-9

MTU 9-3, 9-7

Multicast panel

description 12-1

fields 12-1

Multicast Route panel 12-9

multicast traffic 19-3

Multilayer Switch Feature Card

See MSFC

multiple mode, enabling 10-9

multiple SVIs 5-8

N

N2H2 filtering server 26-7

name resolution 13-8

NAT

application inspection 24-58

bypassing NAT

overview 22-10

DNS 22-15

dynamic NAT

configuring 22-24

implementation 22-18

overview 22-6

exemption from NAT

overview 22-10

identity NAT

overview 22-10

order of statements 22-14

overview 22-1

PAT

configuring 22-24

implementation 22-18

overview 22-8

policy NAT

maximum rules 2-8

overview 22-10

RPC not supported with 24-24

same security level 22-14

security level requirements 9-1

static NAT

configuring 22-28

overview 22-8

static PAT

overview 22-9

transparent mode 22-4

types 22-6

xlate bypass

overview 22-13

NETBIOS

application inspection, enabling 24-28

network objects 20-1

network processors 1-8

NPs 1-8

NTLM support 15-5

NT server

configuring 15-7

support 15-5

O

object groups

expanded 21-3

Options menu 3-5

OSPF

about 11-6

adding an LSA filter 11-14

authentication settings 11-15

authentication support 11-7

configuring authentication 11-16

defining a static neighbor 11-22

defining interface properties 11-18

interaction with NAT 11-7

interface properties 11-15, 11-17

LSA filtering 11-13

LSAs 11-7

LSA types 32-3

monitoring LSAs 32-3

neighbor states 32-7

route map 11-1

route redistribution 11-19

static neighbor 11-22

summary address 11-23

virtual links 11-24

OSPF area

defining 11-10

OSPF Neighbors panel 32-7

description 32-7

fields 32-7

OSPF parameters

dead interval 11-19

hello interval 11-19

retransmit interval 11-19

transmit delay 11-19

OSPF route summarization

about 11-12

defining 11-13

outbound access lists 21-3

outside, definition 1-1

oversubscribing resources 10-18

P

packet

classifier 10-3

parameter problem, ICMP message 16-8

partitions

application 5-16

boot 5-16

crash dump 5-16

Flash memory 5-16

maintenance 5-16

network configuration 5-16

PAT

See NAT

PDP context, GTP application inspection 24-83

PIM

interface parameters 12-9

overview 12-9

register message filter 12-16

rendezvous points 12-14

shortest path tree settings 12-18

PISA integration 27-5

policy map

Layer 3/4

flows 23-4

policy NAT

about 22-10

PortFast 5-5

PPTP

application inspection, enabling 24-28

Process Instances tab 11-8

description 11-8

fields 11-8

Properties tab 11-17

description 11-17

fields 11-17

Protocol panel (IGMP) 12-5

description 12-5

fields 12-5

Protocol panel (PIM) 12-9

description 12-9

fields 12-10

proxy ARP, disabling 11-48

proxy servers

SIP and 24-19

Q

QoS compatibility 1-9

R

RADIUS

configuring a server 15-7

downloadable access lists 25-11

network access authentication 25-3

network access authorization 25-11

support 15-4

RAM, amount

memory, amount

RAM 3-13

rapid link failure detection 5-15

RealPlayer 24-18

rebooting

from the switch 5-17

redirect, ICMP message 16-8

Redistribution panel 11-19

description 11-19

fields 11-20

Related Documentation 1-xxviii

reloading

from the switch 5-17

Rendezvous Points panel 12-14

description 12-14

fields 12-14

Request Filter panel 12-16

description 12-16

fields 12-16

requirements 2-2

Reset button 3-9

resetting

from the switch 5-17

resource management

default class 10-19

oversubscribing 10-18

overview 10-18

unlimited 10-18

RIP

authentication 11-27

definition of 11-27

support for 11-27

RIP panel 11-27

fields 11-28

limitations 11-27

RIP Version 2 Notes 11-27

RNFR command, denied request 24-80

RNTO command, denied request 24-80

route maps

uses 11-1

router advertisement, ICMP message 16-8

router solicitation, ICMP message 16-8

Routes panel 32-9

description 32-9

fields 32-9

Route Summarization tab 11-12

about 11-12

fields 11-12

Route Tree panel 12-18

description 12-18

fields 12-18

routing

other protocols 21-7

RPC

application inspection, enabling 24-28

RSH

application inspection, enabling 24-28

RSH connections 2-6

RTSP

application inspection, enabling 24-28

RTSP inspection

about 24-18

configuring 24-18

rules

default allocation 2-8

filtering 26-7

ICMP 16-7

maximum 21-3

memory partitions 10-10

pools for contexts 2-8

reallocating memory 2-8

reallocating memory per partition 10-15

S

same security level communication

configuring 9-12

NAT 22-14

SCCP (Skinny) inspection

about 24-21

configuration 24-21

configuring 24-21

SDI

configuring 15-7

support 15-5

secure computing smartfilter 26-2

security contexts

admin context

overview 10-2

classifier 10-3

command authorization 16-28

memory partitions 10-10

MSFC compatibility 1-7

multiple mode, enabling 10-9

overview 10-1

resource management 10-18

unsupported features 10-2

segment size

maximum and minimum 27-12

session management path 1-8

Setup panel 11-7

about 11-7

shared interfaces 10-6

shared VLANs 10-6

single mode

backing up configuration 10-9

configuration 10-9

enabling 10-9

restoring 10-9

SIP

application inspection, enabling 24-28

SIP inspection

about 24-19

configuring 24-19

instant messaging 24-20

SITE command, denied request 24-80

Skinny

application inspection, enabling 24-28

SMTP inspection 24-22

SNMP

application inspection

enabling 24-28

viewing 24-118

MIBs 16-10

overview 16-10

traps 16-22

software

version 3-13

source quench, ICMP message 16-8

SPAN session 5-2

specifications 2-1

spoofing, preventing 27-12

SQLNET

application inspection, enabling 24-28

SSH

maximum rules 2-8

stateful application inspection 24-58

Stateful Failover 14-3

enabling 14-12

Logical Updates Statistics 30-7, 30-9

settings 14-21

stateful inspection

overview 1-8

stateless failover 14-3

Static Group panel 12-6

description 12-6

fields 12-6

static NAT

See NAT

Static Neighbor panel 11-22

description 11-22

fields 11-22

static PAT

See NAT

static routes

about 11-41

floating 11-41

status bar 3-8

stealth firewall

See transparent firewall

STOU command, denied request 24-80

subordinate certificate 18-1

Summary Address panel 11-23

description 11-23

fields 11-23

Sun RPC inspection

about 24-24

configuring 24-24

supervisor engine versions 2-3

supervisor IOS 2-2

SVIs

configuring 5-10

dummy 5-15

multiple 5-8

overview 5-8

switch

ASDM

prerequisite configuration 5-3

supported features 5-1

assigning VLANs to FWSM 5-11

autostate messaging 5-15

BPDU forwarding 5-14

connecting to 5-4

failover compatibility with transparent firewall 5-14

failover configuration 5-14

maximum modules 2-4

resetting the module 5-17

SNMP 5-3

SSH 5-3

supported hardware and software 5-2

system requirements 2-2

trunk for failover 5-14

verifying module installation 5-3

VLAN addition 5-10

switched virtual interfaces

See SVIs

Switch Fabric Module 2-4

switch MAC address table 28-5

switch port

secured 5-6

switch ports

administrative state 5-5

mode 5-5

overview 5-5

PortFast 5-5

speed 5-5

VLAN assignment 5-6

system configuration

overview 10-2

system messages

device ID, including 17-8

viewing last 10 3-14

system requirements 2-2

T

TACACS+

command authorization, configuring 16-30

configuring a server 15-7

network access authorization 25-9

support 15-4

TCP

application inspection 24-58

back-to-back connections 2-6

connection, deleting 2-6

maximum segment size 27-12

sequence randomization 27-4

Telnet

maximum rules 2-8

TFTP

application inspection, enabling 24-28

time exceeded, ICMP message 16-8

timestamp reply, ICMP message 16-8

timestamp request, ICMP message 16-8

Tools menu 3-5

traffic usage 3-14

transparent firewall

DHCP packets, allowing 21-8

guidelines 19-5

H.323 guidelines 19-4

HSRP 19-3

MAC address table

learning, disabling 28-6

overview 28-4

static entry 28-6

management IP address 8-1

multicast traffic 19-3

overview 19-1

packet handling 21-7

unsupported features 19-6

VRRP 19-3

transparent mode

NAT 22-4

traps, SNMP 16-22

trustpoint

definition 18-7

trustpoint configuration panel 18-7

advanced options 18-13

CA certificate subject 18-8

certificate parameters 18-9

CRL retrieval method 18-12

CRL retrieval policy 18-11

device certificate subject 18-8

editing DN 18-10

enrollment settings 18-8

request CRL 18-8

trustpoint name 18-7

trustpoint export panel 18-14

trustpoint import panel 18-15

Type 1 panel 32-3

description 32-3

fields 32-3

Type 2 panel 32-4

description 32-4

fields 32-4

Type 3 panel 32-4

description 32-4

fields 32-5

Type 4 panel 32-5

description 32-5

fields 32-5

Type 5 panel 32-6

description 32-6

fields 32-6

Type 7 panel 32-6

description 32-6

fields 32-6

U

UDP

application inspection 24-58

connection state information 1-9

Unicast Reverse Path Forwarding 27-12

unreachable messages

ICMP type 16-7

required for MTU discovery 16-7

upgrading

IOS 5-2

uptime 3-13

URL

filtering

configuring 26-9

URLs

filtering 26-2

filtering, configuration 26-6

V

version

ASDM 3-13

platform software 3-13

virtual firewalls

See security contexts

Virtual Link panel 11-24

description 11-24

fields 11-24

virtual reassembly 1-4

VLAN groups

adding 5-12

assign to FWSM 5-12

guidelines 5-11

maximum 5-12

VLANs

adding to the switch 5-10

assigning to FWSM 5-11

firewall groups 5-11

guidelines 5-7

maximum 2-5

shared 10-6

switch port assignment 5-6

VoIP

proxy servers 24-19

VPN management connection 16-5

VRRP 19-3

W

WAN ports 2-2

web clients, secure authentication 25-7

Websense filtering server 26-7

Window menu 3-6

Wizards menu 3-6

X

XDMCP

application inspection, enabling 24-28

xlate bypass

overview 22-13

	Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.2F
	Index
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.2F About This Guide Getting Started Introduction to the Firewall Services Module Welcome to ASDM Defining Preferences and Using Configuration, Diagnostic, and File Management Tools Configuring the Switch for Use with the FWSM Before You Start Device Setup and Management Using the Startup Wizard Configuring Device Settings and Management Configuring Interfaces Configuring Security Contexts Configuring Dynamic And Static Routing Configuring Multicast Routing Configuring DHCP and DNS Configuring Failover Configuring AAA Servers and User Accounts Configuring Management Access Configuring Logging Configuring Certificates Configuring the Firewall Firewall Mode Overview Adding Global Objects Configuring Access Rules and EtherType Rules Configuring NAT Configuring Service Policy Rules Configuring Application Layer Protocol Inspection Configuring AAA Rules Configuring Filter Rules Configuring Advanced Connection Features Configuring ARP Inspection and Bridging Parameters Monitoring the Firewall Services Module Monitoring Logging Monitoring Failover Monitoring Interfaces Monitoring Properties Specifications Index	Download this chapter Index Download the complete book Full-Book PDF: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.2F (PDF - 4 MB) Feedback Table Of Contents A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Index A AAA accounting 25-15 authentication CLI access 16-25 network access 25-1 proxy limit 25-8 authorization command 16-26 downloadable access lists 25-11 network access 25-9 disabling challenges 25-8 local database support 15-6 maximum rules 2-8 overview 15-1 performance 25-1 server adding 15-7, 15-8 types 15-3 support summary 15-3 web clients 25-7 ABR definition of 11-7 Access Group panel 12-2 description 12-2 fields 12-2 access lists commitment 21-2 downloadable 25-11 expanded 21-3 implicit deny 21-2 inbound 21-3 IP address guidelines with NAT 21-5 maximum rules 21-3 memory limits 21-3 memory partitions 10-10 NAT addresses 21-5 outbound 21-3 overview 21-1 ACEs expanded 21-3 maximum 21-3 Active/Active failover about 14-2 command replication 14-2 configuration synchronization 14-2 Active/Standby failover 14-2 adaptive security algorithm 1-8 Add/Edit Access Group dialog box 12-3 description 12-3 fields 12-3 Add/Edit Filtering Entry dialog box 11-14 description 11-14 fields 11-14 Add/Edit IGMP Join Group dialog box 12-4 description 12-4 fields 12-4 Add/Edit IGMP Static Group dialog box 12-7 description 12-7 fields 12-7 Add/Edit Multicast Group dialog box 12-16 description 12-16 fields 12-16 Add/Edit Multicast Route dialog box description 12-8 fields 12-8 Add/Edit OSPF Area dialog box 11-10 description 11-10 fields 11-11 Add/Edit OSPF Neighbor Entry dialog box 11-22 description 11-22 fields 11-23 Restrictions 11-22 Add/Edit Periodic Time Range dialog box 20-15 Add/Edit Redistribution dialog box 11-21 description 11-21 fields 11-21 Add/Edit Rendezvous Point dialog box 12-14 description 12-14 fields 12-15 restrictions 12-15 Add/Edit Route Summarization dialog box 11-13 about 11-13 fields 11-13 Add/Edit Summary Address dialog box description 11-24 fields 11-24 Add/Edit Time Range dialog box 20-14 Add/Edit Virtual Link dialog box 11-25 description 11-25 fields 11-25 Addresses tab 20-2 admin context overview 10-2 administrative distance 11-44 Advanced DHCP Options dialog box 13-6 description 13-6 fields 13-7 Advanced OSPF Interface Properties dialog box 11-19 description 11-19 fields 11-19 Advanced OSPF Virtual Link Properties dialog box 11-26 description 11-26 fields 11-26 alternate address, ICMP message 16-8 APN, GTP application inspection 24-84 APPE command, denied request 24-79 application firewall 24-87 application inspection about 24-2 applying 24-4 configuring 24-4 described 24-58 enabling for different protocols 24-27 Apply button 3-9 Area/Networks tab 11-10 description 11-10 fields 11-10 area border router 11-7 ARP inspection configuring 28-1 ARP spoofing 28-2 ARP table monitoring 31-1 static entry 28-3 ASBR definition of 11-7 ASDM maximum connections 2-5 version 3-13 authenticating a certificate 18-1 authentication CLI access 16-25 FTP 25-3 HTTP 25-2 network access 25-1 overview 15-2 Telnet 25-2 web clients 25-7 Authentication tab 11-15 description 11-15 fields 11-15 authorization command 16-26 downloadable access lists 25-11 network access 25-9 overview 15-2 autostate messaging 5-15 B bandwidth 3-14 limiting 10-17 maximum 2-4 BGP monitoring 11-45 booting from the switch 5-17 boot partitions 5-16 BPDUs forwarding on the switch 5-14 bridge groups overview 1-7 bridging MAC address table learning, disabling 28-6 overview 28-4 static entry 28-6 management IP address 8-1 building blocks 20-1 bypassing the firewall, in the switch 5-9 C CA certificate 18-1 call agents MGCP application inspection 24-101, 24-102 Cancel button 3-9 CDUP command, denied request 24-80 CEF 2-4 certificate exporting 18-14 fingerprint 18-2 importing 18-15 installing 18-15 managing 18-5 certificate authentication 18-1 certificate enrollment 18-2 Cisco IOS versions 2-3 Cisco IP Phones, application inspection 24-21 classes See resource management command authorization about 16-26 configuring 16-26 multiple contexts 16-28 Compact Flash 5-16 Configure IGMP Parameters dialog box 12-5 description 12-5 fields 12-5 connection deleting 2-6 connection limits TCP and UDP 27-1 connections per second 3-14 context mode viewing 3-13 contexts See security contexts control plane path 1-8 conversion error, ICMP message 16-8 CPU usage 3-13 CRL cache refresh time 18-13 checking 18-13 enforce next update 18-13 retrieval method 18-12 retrieval policy 18-11 CTIQBE application inspection, enabling 24-27 cut-through proxy 25-1 D default class 10-19 default policy 23-2 default routes defining equal cost routes 11-42 definition of 11-42 device ID, including in messages 17-8 DHCP configuring 13-4 monitoring interface lease 31-2 IP addresses 31-2 server 31-2 statistics 31-3 services 13-1 statistics 31-3 transparent firewall 21-8 DHCP relay overview 13-1 DHCP Relay - Add/Edit DHCP Server dialog box 13-3 description 13-3, 13-4 fields 13-4 restrictions 13-3 DHCP Relay panel description 13-1 fields 13-2 prerequisites 13-1 restrictions 13-1 DHCP Server panel 13-4 description 13-4 fields 13-5 DHCP services 13-1, 14-1 digital certificates 18-1 DMZ, definition 1-1 DNS application inspection, enabling 24-27 inspection about 24-7 managing 24-6 rewrite, about 24-7 DNS and NAT 22-15 DNS client 13-8 downloadable access lists configuring 25-11 converting netmask expressions 25-15 DSCP bits 1-9 dynamic NAT See NAT E ECMP 11-42 Edit DHCP Relay Agent Settings dialog box 13-3 description 13-3 fields 13-3 prerequisites 13-3 restrictions 13-3 Edit DHCP Server dialog box 13-6 description 13-6 fields 13-6 Edit OSPF Interface Authentication dialog box 11-16 description 11-16 fields 11-16 Edit OSPF Interface Properties dialog box 11-18 fields 11-18 Edit OSPF Process Advanced Properties dialog box 11-8 description 11-8 fields 11-8 Edit PIM Protocol dialog box 12-10 description 12-10 fields 12-10 EIGRP 21-8 enrolling certificate 18-2 ESMTP application inspection, enabling 24-27 established command maximum rules 2-8 security level requirements 9-1 EtherChannel, backplane load-balancing 5-14 overview 5-14 Ethernet MTU 9-3, 9-7 EtherType access list applying in both directions 21-8 compatibilty with extended access lists 21-2 implicit deny 21-2 MPLS, allowing 21-9 supported EtherTypes 21-8 exporting a certificate 18-14 external filtering server 26-7 F failover criteria 14-16, 14-22 defining standby IP addresses 14-14, 14-15 enable 14-20 enabling Active/Standby 14-12 enabling Stateful Failover 14-12 graphs 30-4 in multiple context mode 14-20 key 14-12, 14-20 make active 30-4 make standby 30-4 monitoring 30-1 PISA 27-7 reload standby 30-4 reset 30-4, 30-8 stateful 14-3 Stateful Failover 14-21 stateless 14-3 status 30-1 switch configuration 5-14 trunk 5-14 failover groups about 14-23 adding 14-24 editing 14-24 monitoring 30-8 reset 30-10 filtering benefits of 26-7 maximum rules 2-8 overview 26-1 rules 26-8 security level requirements 9-1 servers supported 26-2 URLs 26-2 Filtering panel 11-13 benefits 11-13 description 11-13 fields 11-14 restrictions 11-13 fingerprint certificate 18-2 firewall mode configuring 19-1 overview 19-1 viewing 3-13 Flash memory overview 5-16 partitions 5-16 size 2-4 fragments 1-4 FTP application inspection enabling 24-27 viewing 24-60, 24-62, 24-69, 24-70, 24-76, 24-77, 24-85, 24-88, 24-95, 24-98, 24-101, 24-105, 24-107, 24-108, 24-112 filtering option 26-10 FTP inspection about 24-8 configuring 24-8 G gateways MGCP application inspection 24-103 global addresses guidelines 22-15 GRE tagging with PISA 27-6 GTP application inspection enabling 24-27 viewing 24-80 GTP inspection configuring 24-10 H H.323 transparent firewall guidelines 19-4 H.323 inspection about 24-12 configuring 24-11 limitations 24-13 H225 application inspection, enabling 24-27 H323 RAS application inspection, enabling 24-28 Help button 3-9 HELP command, denied request 24-80 Help menu 3-6 history metrics 8-2 HSRP 19-3 HTTP application inspection enabling 24-28 viewing 24-87 filtering configuring 26-9 HTTP(S) filtering 26-2 maximum connections 2-5 maximum rules 2-8 HTTP inspection configuring 24-13 HTTPS filtering option 26-10 HTTPS/Telnet/SSH allowing network or host access to ASDM 16-1 I ICMP application inspection, enabling 24-28 maximum rules 2-8 ICMP Error application inspection, enabling 24-28 IGMP access groups 12-2 configuring interface parameters 12-5 group membership 12-3 interface parameters 12-5 static group assignment 12-6 IGMP panel IGMP overview 12-2 ILS application inspection, enabling 24-28 ILS inspection 24-14 IM 24-20 import certificate panel 18-3 importing a certificate 18-15 inbound access lists 21-3 information reply, ICMP message 16-8 information request, ICMP message 16-8 inside, definition 1-1 inspection engines security level requirements 9-1 See application inspection installation module verification 5-3 installing a certificate 18-15 Instant Messaging inspection 24-20 interface MTU 9-3, 9-7 status 3-13 throughput 3-14 Interface panel 11-15 interfaces maximum 2-5 monitoring 31-5 See also switch ports. shared 10-6 IOS upgrading 5-2 IOS versions 2-3 IP address 8-1 management, transparent firewall 8-1 IP addresses overlapping between contexts 10-4 IP fragment database, editing 27-12 IPv6 duplicate address detection 9-8 ipv6 access rules 21-9 ipv6 addresses about 9-8 configuring 9-7 link-local 9-11 IPX 5-9 ISNs, randomizing using Modular Policy Framework 27-1 J Java applet filtering 26-2 Java console 4-8 Join Group panel 12-3 description 12-3 fields 12-4 K Kerberos configuring 15-7 support 15-6 key pair panel key-pair name 18-4 size 18-4 usage 18-4 key pairs 18-4 adding 18-4 showing details 18-5 L Layer 2 firewall See transparent firewall Layer 3/4 matching multiple policy maps 23-4 LDAP application inspection 24-14 attribute mapping 15-16 configuring 15-7 support 15-6 load-balancing, backplane EtherChannel 5-14 local user database support 15-6 lockout recovery 16-35 logging viewing last 10 messages 3-14 login FTP 25-3 loops, avoiding 5-14 LSA about Type 1 32-3 about Type 2 32-4 about Type 3 32-4 about Type 4 32-5 about Type 5 32-6 about Type 7 32-6 M MAC address table 28-4 built-in-switch 28-5 learning, disabling 28-6 monitoring 31-4 overview 28-4 static entry 28-6 managing certificates 18-5 man-in-the-middle attack 28-2 mask reply, ICMP message 16-8 mask request, ICMP message 16-8 memory access list use of 21-3 Flash 2-4 RAM 2-4 rules use of 21-3 memory partitions 10-10 reallocating rules 10-15 setting the total number 10-11 sizes 10-12 memory usage 3-13 menus 3-4 MGCP application inspection configuring 24-103 enabling 24-28 viewing 24-101 MGCP inspection configuring 24-15 MIBs supported 16-10 mobile redirection, ICMP message 16-8 mode context 10-9 Modular Policy Framework See MPF monitoring ARP table 31-1 DHCP interface lease 31-2 IP addresses 31-2 server 31-2 statistics 31-3 failover 30-1, 30-5 failover groups 30-8 history metrics 8-2 interfaces 31-5 MAC address table 31-4 routes 32-9 SNMP 16-10 MPF about 23-1 default policy 23-2 features 23-1 flows 23-4 matching multiple policy maps 23-4 MPLS LDP 21-9 router-id 21-9 TDP 21-9 MRoute panel 12-9 description 12-7 fields 12-7 MSFC definition 2-2 overview 1-6 SVIs 5-9 MTU 9-3, 9-7 Multicast panel description 12-1 fields 12-1 Multicast Route panel 12-9 multicast traffic 19-3 Multilayer Switch Feature Card See MSFC multiple mode, enabling 10-9 multiple SVIs 5-8 N N2H2 filtering server 26-7 name resolution 13-8 NAT application inspection 24-58 bypassing NAT overview 22-10 DNS 22-15 dynamic NAT configuring 22-24 implementation 22-18 overview 22-6 exemption from NAT overview 22-10 identity NAT overview 22-10 order of statements 22-14 overview 22-1 PAT configuring 22-24 implementation 22-18 overview 22-8 policy NAT maximum rules 2-8 overview 22-10 RPC not supported with 24-24 same security level 22-14 security level requirements 9-1 static NAT configuring 22-28 overview 22-8 static PAT overview 22-9 transparent mode 22-4 types 22-6 xlate bypass overview 22-13 NETBIOS application inspection, enabling 24-28 network objects 20-1 network processors 1-8 NPs 1-8 NTLM support 15-5 NT server configuring 15-7 support 15-5 O object groups expanded 21-3 Options menu 3-5 OSPF about 11-6 adding an LSA filter 11-14 authentication settings 11-15 authentication support 11-7 configuring authentication 11-16 defining a static neighbor 11-22 defining interface properties 11-18 interaction with NAT 11-7 interface properties 11-15, 11-17 LSA filtering 11-13 LSAs 11-7 LSA types 32-3 monitoring LSAs 32-3 neighbor states 32-7 route map 11-1 route redistribution 11-19 static neighbor 11-22 summary address 11-23 virtual links 11-24 OSPF area defining 11-10 OSPF Neighbors panel 32-7 description 32-7 fields 32-7 OSPF parameters dead interval 11-19 hello interval 11-19 retransmit interval 11-19 transmit delay 11-19 OSPF route summarization about 11-12 defining 11-13 outbound access lists 21-3 outside, definition 1-1 oversubscribing resources 10-18 P packet classifier 10-3 parameter problem, ICMP message 16-8 partitions application 5-16 boot 5-16 crash dump 5-16 Flash memory 5-16 maintenance 5-16 network configuration 5-16 PAT See NAT PDP context, GTP application inspection 24-83 PIM interface parameters 12-9 overview 12-9 register message filter 12-16 rendezvous points 12-14 shortest path tree settings 12-18 PISA integration 27-5 policy map Layer 3/4 flows 23-4 policy NAT about 22-10 PortFast 5-5 PPTP application inspection, enabling 24-28 Process Instances tab 11-8 description 11-8 fields 11-8 Properties tab 11-17 description 11-17 fields 11-17 Protocol panel (IGMP) 12-5 description 12-5 fields 12-5 Protocol panel (PIM) 12-9 description 12-9 fields 12-10 proxy ARP, disabling 11-48 proxy servers SIP and 24-19 Q QoS compatibility 1-9 R RADIUS configuring a server 15-7 downloadable access lists 25-11 network access authentication 25-3 network access authorization 25-11 support 15-4 RAM, amount memory, amount RAM 3-13 rapid link failure detection 5-15 RealPlayer 24-18 rebooting from the switch 5-17 redirect, ICMP message 16-8 Redistribution panel 11-19 description 11-19 fields 11-20 Related Documentation 1-xxviii reloading from the switch 5-17 Rendezvous Points panel 12-14 description 12-14 fields 12-14 Request Filter panel 12-16 description 12-16 fields 12-16 requirements 2-2 Reset button 3-9 resetting from the switch 5-17 resource management default class 10-19 oversubscribing 10-18 overview 10-18 unlimited 10-18 RIP authentication 11-27 definition of 11-27 support for 11-27 RIP panel 11-27 fields 11-28 limitations 11-27 RIP Version 2 Notes 11-27 RNFR command, denied request 24-80 RNTO command, denied request 24-80 route maps uses 11-1 router advertisement, ICMP message 16-8 router solicitation, ICMP message 16-8 Routes panel 32-9 description 32-9 fields 32-9 Route Summarization tab 11-12 about 11-12 fields 11-12 Route Tree panel 12-18 description 12-18 fields 12-18 routing other protocols 21-7 RPC application inspection, enabling 24-28 RSH application inspection, enabling 24-28 RSH connections 2-6 RTSP application inspection, enabling 24-28 RTSP inspection about 24-18 configuring 24-18 rules default allocation 2-8 filtering 26-7 ICMP 16-7 maximum 21-3 memory partitions 10-10 pools for contexts 2-8 reallocating memory 2-8 reallocating memory per partition 10-15 S same security level communication configuring 9-12 NAT 22-14 SCCP (Skinny) inspection about 24-21 configuration 24-21 configuring 24-21 SDI configuring 15-7 support 15-5 secure computing smartfilter 26-2 security contexts admin context overview 10-2 classifier 10-3 command authorization 16-28 memory partitions 10-10 MSFC compatibility 1-7 multiple mode, enabling 10-9 overview 10-1 resource management 10-18 unsupported features 10-2 segment size maximum and minimum 27-12 session management path 1-8 Setup panel 11-7 about 11-7 shared interfaces 10-6 shared VLANs 10-6 single mode backing up configuration 10-9 configuration 10-9 enabling 10-9 restoring 10-9 SIP application inspection, enabling 24-28 SIP inspection about 24-19 configuring 24-19 instant messaging 24-20 SITE command, denied request 24-80 Skinny application inspection, enabling 24-28 SMTP inspection 24-22 SNMP application inspection enabling 24-28 viewing 24-118 MIBs 16-10 overview 16-10 traps 16-22 software version 3-13 source quench, ICMP message 16-8 SPAN session 5-2 specifications 2-1 spoofing, preventing 27-12 SQLNET application inspection, enabling 24-28 SSH maximum rules 2-8 stateful application inspection 24-58 Stateful Failover 14-3 enabling 14-12 Logical Updates Statistics 30-7, 30-9 settings 14-21 stateful inspection overview 1-8 stateless failover 14-3 Static Group panel 12-6 description 12-6 fields 12-6 static NAT See NAT Static Neighbor panel 11-22 description 11-22 fields 11-22 static PAT See NAT static routes about 11-41 floating 11-41 status bar 3-8 stealth firewall See transparent firewall STOU command, denied request 24-80 subordinate certificate 18-1 Summary Address panel 11-23 description 11-23 fields 11-23 Sun RPC inspection about 24-24 configuring 24-24 supervisor engine versions 2-3 supervisor IOS 2-2 SVIs configuring 5-10 dummy 5-15 multiple 5-8 overview 5-8 switch ASDM prerequisite configuration 5-3 supported features 5-1 assigning VLANs to FWSM 5-11 autostate messaging 5-15 BPDU forwarding 5-14 connecting to 5-4 failover compatibility with transparent firewall 5-14 failover configuration 5-14 maximum modules 2-4 resetting the module 5-17 SNMP 5-3 SSH 5-3 supported hardware and software 5-2 system requirements 2-2 trunk for failover 5-14 verifying module installation 5-3 VLAN addition 5-10 switched virtual interfaces See SVIs Switch Fabric Module 2-4 switch MAC address table 28-5 switch port secured 5-6 switch ports administrative state 5-5 mode 5-5 overview 5-5 PortFast 5-5 speed 5-5 VLAN assignment 5-6 system configuration overview 10-2 system messages device ID, including 17-8 viewing last 10 3-14 system requirements 2-2 T TACACS+ command authorization, configuring 16-30 configuring a server 15-7 network access authorization 25-9 support 15-4 TCP application inspection 24-58 back-to-back connections 2-6 connection, deleting 2-6 maximum segment size 27-12 sequence randomization 27-4 Telnet maximum rules 2-8 TFTP application inspection, enabling 24-28 time exceeded, ICMP message 16-8 timestamp reply, ICMP message 16-8 timestamp request, ICMP message 16-8 Tools menu 3-5 traffic usage 3-14 transparent firewall DHCP packets, allowing 21-8 guidelines 19-5 H.323 guidelines 19-4 HSRP 19-3 MAC address table learning, disabling 28-6 overview 28-4 static entry 28-6 management IP address 8-1 multicast traffic 19-3 overview 19-1 packet handling 21-7 unsupported features 19-6 VRRP 19-3 transparent mode NAT 22-4 traps, SNMP 16-22 trustpoint definition 18-7 trustpoint configuration panel 18-7 advanced options 18-13 CA certificate subject 18-8 certificate parameters 18-9 CRL retrieval method 18-12 CRL retrieval policy 18-11 device certificate subject 18-8 editing DN 18-10 enrollment settings 18-8 request CRL 18-8 trustpoint name 18-7 trustpoint export panel 18-14 trustpoint import panel 18-15 Type 1 panel 32-3 description 32-3 fields 32-3 Type 2 panel 32-4 description 32-4 fields 32-4 Type 3 panel 32-4 description 32-4 fields 32-5 Type 4 panel 32-5 description 32-5 fields 32-5 Type 5 panel 32-6 description 32-6 fields 32-6 Type 7 panel 32-6 description 32-6 fields 32-6 U UDP application inspection 24-58 connection state information 1-9 Unicast Reverse Path Forwarding 27-12 unreachable messages ICMP type 16-7 required for MTU discovery 16-7 upgrading IOS 5-2 uptime 3-13 URL filtering configuring 26-9 URLs filtering 26-2 filtering, configuration 26-6 V version ASDM 3-13 platform software 3-13 virtual firewalls See security contexts Virtual Link panel 11-24 description 11-24 fields 11-24 virtual reassembly 1-4 VLAN groups adding 5-12 assign to FWSM 5-12 guidelines 5-11 maximum 5-12 VLANs adding to the switch 5-10 assigning to FWSM 5-11 firewall groups 5-11 guidelines 5-7 maximum 2-5 shared 10-6 switch port assignment 5-6 VoIP proxy servers 24-19 VPN management connection 16-5 VRRP 19-3 W WAN ports 2-2 web clients, secure authentication 25-7 Websense filtering server 26-7 Window menu 3-6 Wizards menu 3-6 X XDMCP application inspection, enabling 24-28 xlate bypass overview 22-13
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks