Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.2 - Index [Cisco Services Modules]

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

AAA

configuring authorization services2-15

deleting authorization caches2-196

setting up accounting2-2

setting up a server for2-15

specifying a server2-21

AAA challenge text

See authorization prompt

access group2-29

access list

adding comments2-41, 2-51

binding a group to an interface2-29

configuring CiscoSecure ACL attribute2-42, 2-51

creating2-34

creating for IPSec2-39, 2-49

downloading2-34, 2-42, 2-51

generating denied packet syslog message2-43, 2-52, 2-61

using RADIUS authorization2-42, 2-51

using vendor-specific identifiers2-42, 2-51

using with IPSec2-44, 2-54

access-list

adding comments2-41, 2-51

access lists

adding

standard lists2-65

adding EtherType access lists2-35

deleting EtherType access lists2-35

removing

standard lists2-65

accounting

providing user-based2-2, 2-112, 2-475

setting up2-2

using RADIUS2-2, 2-112, 2-113, 2-475

using TACACS+2-112, 2-113, 2-114, 2-475

ACL

See access list

activation key

displaying2-481

updating2-67

addressing

assigning global pools2-408

translations2-408, 2-409

address mask reply, ICMP message2-44, 2-53, 2-62

address mask request, ICMP message2-44, 2-53, 2-62

Address Resolution Protocol

See ARP

Address Resolution Protocol, setting parameters2-80

aliasing

configuring2-69

setting overlapping addresses for NAT2-69

specifying for a network2-70

alternate address, ICMP message2-43, 2-53, 2-62, 2-339

application inspection

See fixup protocol

ARP

adding

static entry2-78

changing2-78, 2-80

configuring

parameters2-78

persistence timer2-78

static proxy ARP mapping2-78

disabling

ARP inspection2-78

dislaying the cache2-78, 2-80

physical addressing2-78

removing

cache timeout2-78

setting

hardware MAC address2-78

setting the timeout value2-78, 2-80

audiencexvii

authentication

disabling

authentication verification2-11

globally2-6

on a specific access list2-13

enabling

authentication verification2-11

globally2-6

on a specific access list2-13

using certification authorities2-86

using LOCAL2-6

using RADIUS2-6, 2-9

using TACACS+2-9

using token-based2-239

using with crypto maps2-239

using with IPSec2-239

authentication, authorization, and accounting

See AAA

authorization

disabling2-17

for a specific access-list command name2-18

services2-14

enabling

for a specific access-list command name2-18

local or TACACS server2-17

service2-14

setting AAA challenge text2-82

B

buffer

packet capture2-103

buffering, circular2-104

C

caching

URL2-730

capture

enabling2-103

selecting options2-104

capturing

buffering2-104

certificate revocation list

See CRL, using

certification authority

authenticating2-86

See CA

certification authority (CA)

configuring the server2-96

declaring2-96

deleting RSA keys2-102

including serial number in certificate2-93

obtaining an updated certificate revocation list (CRL)2-91

obtaining an updated CRL2-90

obtaining certificates2-92

querying a certificate or CRL2-96

revoking certificates2-93

saving data to the Flash memory2-98

saving RSA key pairs and certificates2-98

sending enrollment request2-92

using LDAP2-96

using PKI protocol2-96

using RA mode2-87

using RSA public key record2-87

changing

firewall prompt label2-335

host name2-335

CiscoSecure 2.1, showing timeout values2-681

Cisco VPN 3000 Client, configuring support for2-740

Cisco VPN Client, setting up support for2-694, 2-739

clear2-110, 2-112, 2-146, 2-147

clearing

aaa accounting configuration2-112

AAA server configuration2-111, 2-116

access group configuration2-117

alias configuration2-120

authentication prompt2-123

clock settings2-206

commands2-110, 2-146, 2-147

configurations2-110, 2-146, 2-147

counters2-110, 2-146, 2-147

ISAKMP configuration2-355

local host network states2-161

logging2-162, 2-601

system buffer2-489

timeout values2-195

CLI

prompt, changing

clients

Oracle SQL*Net2-267

SQL*Net2-267

VPN2-240

clock

setting2-206

setting Daylight Saving time2-206

setting time zone2-206

command-line interface

See CLI

command modes

changing1-2

configuration1-3

enabling2-290

exiting2-438

privileged1-2

subconfiguration1-3

unprivileged1-2

commands

abbrievating1-2

changing modes1-2

completing1-2

firewall CLI help1-2

compatible2-206

conduit

adding or deleting2-207

configuration

designating a TFTP server2-208

displaying2-645

entering configure mode2-207

synchronization2-745

using configure factory-default command2-209

using IKE mode2-238, 2-240

using the configure command2-207

configuring

Diffie-Hellman groups2-356

FWSM2-209

interfaces2-405

interface security level2-405

IP addresses2-344, 2-346

NAT2-409

network address translation2-408

object groups2-413

privilege levels2-626

reverse path verfication2-348

saving configuration2-743

showing running configuration2-645

showing start up configuration2-657

Unicast RPF IP2-348

URL filtering server2-732

VPN support2-694, 2-739

connecting

embryonic process limit2-410

connection flags

H.2252-506

H.3232-506

console

changing settings2-717

setting a timeout2-210

using a session2-268

conversion error, ICMP message2-44, 2-53, 2-62, 2-339

copy

image or file2-218

running configuration2-225

CRL

See certificate revocation list

cryptography engine, running Known Answer Test2-521

crypto ipsec

clearing security associations2-138

creating dynamic map entries2-230

creating security associations2-233

deleting security association2-233

reinitializing security associations2-138

specifying the SPI2-137

crypto map

creating dynamic entry2-230

creating entries2-238

deleting dynamic entry2-230

deleting entries2-238

D

daisy-chaining2-7

debugging2-260

packet2-261

deleting

authorization caches2-196

DHCP

configuring a relay agent2-281

polling2-344, 2-346

relaying requests between interfaces2-281

Diffie-Hellman

Group 52-269

selecting a group2-249

Diffie-Hellman groups

configuring2-356

Group 12-355

Group 22-355

Group 52-595

disabling

command modes2-286

disk

copying files2-227

displaying

See also showing

software version2-690

documentation

organizationxvii

domain name, changing2-288, 2-543

dynamic map

creating2-289

viewing2-289

E

Easy VPN Remote

setting up support for2-739

echo literal2-43, 2-53

echo reply, ICMP message2-43, 2-53, 2-62, 2-339

EIGRP

not supportedA-2

EMBLEM, syslog message formatting2-367

embryonic connection limit2-410

enable2-290

enabling

privileged mode2-290

resetting default password2-290

encryption

enabling IPSec2-355

encryption, key2-21

Enhanced Interior Gateway Routing Protocol

See EIGRP

erasing configuration2-743

established connections

using to permit connections2-292

exiting

command modes2-295

extended access lists

adding EtherType access lists2-35

deleting EtherType access lists2-35

F

failover

debugging2-267

saving crash information2-228

filtering

HTTPS2-312

server2-730

firewall modules

daisy chaining2-7

Firewall Services Module

See also FWSM

fixup protocol

CTIQBE2-316

FTPSQL*Net2-316

H.3232-316

HTTP2-316

RSH2-316

session initiation protocol, enabling2-320

SIP

SMTP2-316

fixup protocols

FTP2-316

Flash memory

writing a configuration to2-744

Flood Defender

See flood guard

flood guard

disabling2-325

enabling2-325

fragments

managing2-152, 2-328, 2-330, 2-558, 2-559

NFS compatibility2-152, 2-328, 2-330, 2-558, 2-559

free memory, showing2-605

FTP

filtering2-311

fixup protocol2-317

FWSM1-1

ACEs2-58

AES support2-236

cache2-730

commands1-1

configuration2-743

configuring2-209

route maps2-683

configuring factory defaul2-209

console2-12

copying image or file2-218

CPU2-513

crashdump2-228

debugging2-260

displaying

configuration2-645

factory default2-209

file copy from disk2-227

FTP filtering2-311

global2-331, 2-409, 2-707

HTTPS filtering2-312

interface monitoring2-308

mode2-395

modes1-2

packet debugging2-261

PDM2-428

port valuesB-1

preconfiguring2-469

protocol valuesB-5

running configuration2-225

software version2-690

synchronizing configurations2-745

G

global IP addresses, associating a network with2-408

H

H.225

connection flag2-506

hardware

ARP addressing2-78

Help, firewall CLI2-333

history, command2-564

host name

changing 2-335

I

ICMP

debugging2-266

tracing2-268

ICMP messages

information reply2-44, 2-53, 2-62

information request2-44, 2-53, 2-62

network address translation of2-318

ICMP message type2-43, 2-53

ICMP redirection, ICMP message2-339

ICMP types

interpreting2-416

selecting2-339

specifying selective access2-43, 2-53, 2-62

using in access lists2-43, 2-53, 2-62

IKE mode, configuring2-238, 2-240

information reply, ICMP message2-339

information request, ICMP message2-339

interactive prompts2-469

interfaces, firewall

binding an access list to2-29

configuring2-342

displaying parameters2-342

static or default route2-447

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

IP address

using in certificates2-93

ISAKMP

enabling IPSec2-350, 2-355

negotiating security associations2-350, 2-355

setting keepalive interval2-350

specifying the keepalive lifetime2-350

ISAKMP policy

See ISAKMP

K

KAT, running2-521

key, authentication2-21

killing

Telnet session2-358

Known Answer Test

See KAT2-521

L

LDAP2-96

using with a certification authority (CA)

Lightweight Directory Access Protocol

See LDAP

line numbers

setting2-45, 2-55, 2-479

literal namesB-1

local host

displaying detailed information2-596

network states2-596

local or TACACS server2-17

logging

changing message levels2-369

changing system message level2-368

configuring time stamps2-365

disabling2-365

enabling2-365

messages2-599

monitoring2-365

queue size2-365

sending messages to console2-367

setting facilities2-365

SNMP

specifying a system log (syslog) server2-365

specifying a system log server2-365, 2-367

M

MAC address

configuring ARP2-78

exempting a device based on2-375, 2-377

setting as ARP table entry2-78

managing

with PDM2-428

mask reply, ICMP message2-339

mask request, ICMP message2-339

maximum transmission unit

See MTU

maxium transmission unit (MTU)

specifying2-401

message types2-43, 2-53

mobile redirection, ICMP message2-44, 2-53, 2-62, 2-339

modes2-395

modes, command1-2

monitoring

firewall performance2-431

MTU

showing

specifying

multicasting

configuring a static route2-395, 2-397

multiple mode2-395

N

N2H2

caching server requests2-730

specifying server parameters2-732

URL filtering2-730

naming

interfaces2-405

NAT

aliasing2-69

configuring2-408

of ICMP messages2-318

setting overlapping addresses2-69

network alias, specifying2-70

O

object grouping

defining2-413

object groups

configuring2-413

grouping2-417

ICMP2-413, 2-416

network2-413, 2-417

protocol2-413, 2-417

removing2-415

services2-413, 2-417

P

packet capture, enabling2-103

packets

tracing2-266

paging, screen

enabling or disabling2-423

parameter-problem2-44

parameter problem, ICMP message2-44, 2-53, 2-62, 2-339

password

setting for console access2-424

setting for Telnet2-424

PAT

disabling2-331

enabling2-331

limitations2-319

PDM

commands in firewall configuration2-426

disconnecting2-427

logging2-426

showing PDM sessions2-427

permitting

return connections on established connections2-292

physical addressing, ARP2-78

pinging

IP addresses2-433

using with user authorization2-16

ping message types2-43, 2-53

Port Address Translation

See PAT

port literal namesB-1

port literalsB-1

port values for FWSMB-1

prefix list2-347

preshared key

configuring for VPN2-741

privileged mode

starting2-290

privilege levels

changing between2-435

showing current2-530

prompt

"(config)#"1-3

protocols

using with port literalsB-5

protocol valuesB-5

proxy server

using with VoIP2-320

Q

quitting

configuration or privileged mode2-438

R

RADIUS2-6

randomizing, sequence numbers2-408

rebooting

See reloading

redirect, ICMP message2-43, 2-53, 2-62

redirection, ICMP message2-339

Related Documentationxviii

reloading

firewall configuration from Flash memory2-441

saving configuration changes2-441

without confirmation2-441

RIP

broadcasting a default route2-444

changing settings2-444

enabling routing table updates

MD5 authentication2-445

version 2 support2-444

route

map configuration2-683

route, static or default2-447

router

changing default address sent2-281, 2-282

router advertisement2-44

router advertisement, ICMP message2-44, 2-53, 2-62, 2-339

router solicitation2-44

router solicitation, ICMP message2-44, 2-53, 2-62, 2-339

Routing Information Protocol

See RIP

RSA public key record, using with a certification authority (CA)2-87

running configuration, showing2-645

S

saving

configuration to another location2-743

configuration to Flash memory2-743, 2-745

Secure Socket Layer

See SSH

security associations

creating2-233

deleting2-233

negotiating2-350, 2-355

viewing2-233

security level

assigning2-405

Security Parameter Index

See SPI

sequence numbers, randomizing2-408

server

specifying a TFTP server2-743

specifying for AAA2-21

services

enabling2-460

handling IDENT connections2-460

session, AccessPro2-471

Session initiation protocol

See SIP

setting

DHCP polling2-344, 2-346

IP addresses2-344, 2-346

show2-487

showing

AAA configuration2-475

AAA proxy limit2-476

AAA server configuration2-477

aaa-server configuration2-477

access-group configuration2-478

access-list configuration2-479, 2-480

active connections2-504

alias configuration2-483, 2-484

ARP timeout2-486

authentication prompt2-487

buffer utilization2-489

CA certificates2-492

checksum2-497

command history2-564

command information2-471

current configuration2-743, 2-745

current privilege levels2-530

filtering displayed output2-471

firewall performance2-431

free memory2-605

interface names2-405

local host network states2-596

MTU2-611

privilege levels2-626

processes2-627

running configuration2-645

software versions2-690

start up configuration2-657

system memory utilization2-605

technical support output2-663

Telnet sessions2-742

timeout values2-721

URL server2-687

Simple Network Translation Protocol

See SNMP

single context2-395

SIP2-320

fixup protocol

session initiation protocol2-320

setting protocol timer values2-721

setting timeout values2-721

SNMP

configuring contact, location, and host information2-702

configuring on the firewall2-702

logging

software version, showing2-690

source2-43, 2-53, 2-62

source quench, ICMP message2-43, 2-53, 2-62, 2-339

SPI

coordinating with peer

specifying2-137

split tunneling, using2-740

SSH

debugging2-267

specifying a host

supporting secure shell2-704

standard access lists

adding2-65

deleting2-65

start up configuration, showing2-657

storing configuration2-743

synchronizing

configuration2-745

syslog2-43, 2-52, 2-61

syslog server

EMBLEM formatting2-366, 2-367

system logging

See logging

system options

changing2-711

disabling DNS A record replies2-711

T

TACACS2-112, 2-113, 2-114, 2-475

TCP

port literalsB-1

preventing packet randomization2-706

randomizing packet sequence number2-708

returning a reset flag (RST) to the source2-460

Telnet

console debugging2-268

icmp tracing2-268

setting the console timeout2-191, 2-714

setting the password2-424

showing active sessions2-742

terminating2-358

terminating a session2-358

using a Trace Channel2-268

terminal

changing console settings2-717

terminating

Telnet session2-358

TFTP

configuring a server2-208

saving configuration to another location2-743

specifying a server2-719

time-exceeded2-44

time exceeded, ICMP message2-44, 2-53, 2-62, 2-339

timestamp

reply, ICMP message2-44, 2-53, 2-62, 2-339

request, ICMP message2-44, 2-53, 2-62, 2-339

timestamp-reply2-44

timing out

freeing an RPC slot2-721

setting maximum idle time2-721

setting translation slot value2-721

tracing

ICMP, SQL*Net, and packets2-266

translating

addresses2-409

translation

setting timeout values2-721

setting UDP, RPC, and H.323 timeout values2-722

transparent mode2-395

Trivial File Transfer Protocol

See TFTP

TurboACL

disabling2-34

enabling2-34

U

UDP

port literalsB-1

setting idle time until slot is freed2-721

Unicast RPF IP

implementing2-348

spoofing2-348

unreachable, ICMP message2-43, 2-53, 2-62, 2-339

URL

caching2-730

configuring filtering server2-732

filtering2-313, 2-731

user accounting2-2, 2-112, 2-475

user authentication

See authentication

utilization

CPU2-513

V

version

displaying2-690

viewing

Seeshowing

Virtual Private Network

See VPN

Voice over IP

See VoIP

VoIP

SIP fixup

using proxy servers2-320

VPN

configuring a preshared key2-741

configuring support2-694, 2-739

creating a group policy2-740

downloading group names2-740

global lifetime timeout values2-741

setting up support for Cisco VPN Client2-739

setting up support for Easy VPN Remote2-739

using remote clients2-240

using split tunneling2-740

W

Websense

caching server request2-730

specifying as URL filtering server2-732

specifying server parameters2-732

specifying URL filtering server2-733

URL filtering2-730

web server

caching responses2-730

writing

configuration to Flash memory2-743, 2-745

writing a configuration2-743

X

xlate

See translation

	Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.2
	Index
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.2 About This Guide Chapter 1 Using Firewall Services Module Commands A through B Commands C Commands D through F Commands G through L Commands M through R Commands S Commands T through Z Commands Appendix A: Acronyms Appendix B Port and Protocol Values Index	Download this chapter Index Download the complete book Book-level PDF: Firewall Services Module Command Reference, 2.2 (PDF - 6 MB) Table Of Contents A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Index A AAA configuring authorization services2-15 deleting authorization caches2-196 setting up accounting2-2 setting up a server for2-15 specifying a server2-21 AAA challenge text See authorization prompt access group2-29 access list adding comments2-41, 2-51 binding a group to an interface2-29 configuring CiscoSecure ACL attribute2-42, 2-51 creating2-34 creating for IPSec2-39, 2-49 downloading2-34, 2-42, 2-51 generating denied packet syslog message2-43, 2-52, 2-61 using RADIUS authorization2-42, 2-51 using vendor-specific identifiers2-42, 2-51 using with IPSec2-44, 2-54 access-list adding comments2-41, 2-51 access lists adding standard lists2-65 adding EtherType access lists2-35 deleting EtherType access lists2-35 removing standard lists2-65 accounting providing user-based2-2, 2-112, 2-475 setting up2-2 using RADIUS2-2, 2-112, 2-113, 2-475 using TACACS+2-112, 2-113, 2-114, 2-475 ACL See access list activation key displaying2-481 updating2-67 addressing assigning global pools2-408 translations2-408, 2-409 address mask reply, ICMP message2-44, 2-53, 2-62 address mask request, ICMP message2-44, 2-53, 2-62 Address Resolution Protocol See ARP Address Resolution Protocol, setting parameters2-80 aliasing configuring2-69 setting overlapping addresses for NAT2-69 specifying for a network2-70 alternate address, ICMP message2-43, 2-53, 2-62, 2-339 application inspection See fixup protocol ARP adding static entry2-78 changing2-78, 2-80 configuring parameters2-78 persistence timer2-78 static proxy ARP mapping2-78 disabling ARP inspection2-78 dislaying the cache2-78, 2-80 physical addressing2-78 removing cache timeout2-78 setting hardware MAC address2-78 setting the timeout value2-78, 2-80 audiencexvii authentication disabling authentication verification2-11 globally2-6 on a specific access list2-13 enabling authentication verification2-11 globally2-6 on a specific access list2-13 using certification authorities2-86 using LOCAL2-6 using RADIUS2-6, 2-9 using TACACS+2-9 using token-based2-239 using with crypto maps2-239 using with IPSec2-239 authentication, authorization, and accounting See AAA authorization disabling2-17 for a specific access-list command name2-18 services2-14 enabling for a specific access-list command name2-18 local or TACACS server2-17 service2-14 setting AAA challenge text2-82 B buffer packet capture2-103 buffering, circular2-104 C caching URL2-730 capture enabling2-103 selecting options2-104 capturing buffering2-104 certificate revocation list See CRL, using certification authority authenticating2-86 See CA certification authority (CA) configuring the server2-96 declaring2-96 deleting RSA keys2-102 including serial number in certificate2-93 obtaining an updated certificate revocation list (CRL)2-91 obtaining an updated CRL2-90 obtaining certificates2-92 querying a certificate or CRL2-96 revoking certificates2-93 saving data to the Flash memory2-98 saving RSA key pairs and certificates2-98 sending enrollment request2-92 using LDAP2-96 using PKI protocol2-96 using RA mode2-87 using RSA public key record2-87 changing firewall prompt label2-335 host name2-335 CiscoSecure 2.1, showing timeout values2-681 Cisco VPN 3000 Client, configuring support for2-740 Cisco VPN Client, setting up support for2-694, 2-739 clear2-110, 2-112, 2-146, 2-147 clearing aaa accounting configuration2-112 AAA server configuration2-111, 2-116 access group configuration2-117 alias configuration2-120 authentication prompt2-123 clock settings2-206 commands2-110, 2-146, 2-147 configurations2-110, 2-146, 2-147 counters2-110, 2-146, 2-147 ISAKMP configuration2-355 local host network states2-161 logging2-162, 2-601 system buffer2-489 timeout values2-195 CLI prompt, changing clients Oracle SQLNet2-267 SQLNet2-267 VPN2-240 clock setting2-206 setting Daylight Saving time2-206 setting time zone2-206 command-line interface See CLI command modes changing1-2 configuration1-3 enabling2-290 exiting2-438 privileged1-2 subconfiguration1-3 unprivileged1-2 commands abbrievating1-2 changing modes1-2 completing1-2 firewall CLI help1-2 compatible2-206 conduit adding or deleting2-207 configuration designating a TFTP server2-208 displaying2-645 entering configure mode2-207 synchronization2-745 using configure factory-default command2-209 using IKE mode2-238, 2-240 using the configure command2-207 configuring Diffie-Hellman groups2-356 FWSM2-209 interfaces2-405 interface security level2-405 IP addresses2-344, 2-346 NAT2-409 network address translation2-408 object groups2-413 privilege levels2-626 reverse path verfication2-348 saving configuration2-743 showing running configuration2-645 showing start up configuration2-657 Unicast RPF IP2-348 URL filtering server2-732 VPN support2-694, 2-739 connecting embryonic process limit2-410 connection flags H.2252-506 H.3232-506 console changing settings2-717 setting a timeout2-210 using a session2-268 conversion error, ICMP message2-44, 2-53, 2-62, 2-339 copy image or file2-218 running configuration2-225 CRL See certificate revocation list cryptography engine, running Known Answer Test2-521 crypto ipsec clearing security associations2-138 creating dynamic map entries2-230 creating security associations2-233 deleting security association2-233 reinitializing security associations2-138 specifying the SPI2-137 crypto map creating dynamic entry2-230 creating entries2-238 deleting dynamic entry2-230 deleting entries2-238 D daisy-chaining2-7 debugging2-260 packet2-261 deleting authorization caches2-196 DHCP configuring a relay agent2-281 polling2-344, 2-346 relaying requests between interfaces2-281 Diffie-Hellman Group 52-269 selecting a group2-249 Diffie-Hellman groups configuring2-356 Group 12-355 Group 22-355 Group 52-595 disabling command modes2-286 disk copying files2-227 displaying See also showing software version2-690 documentation organizationxvii domain name, changing2-288, 2-543 dynamic map creating2-289 viewing2-289 E Easy VPN Remote setting up support for2-739 echo literal2-43, 2-53 echo reply, ICMP message2-43, 2-53, 2-62, 2-339 EIGRP not supportedA-2 EMBLEM, syslog message formatting2-367 embryonic connection limit2-410 enable2-290 enabling privileged mode2-290 resetting default password2-290 encryption enabling IPSec2-355 encryption, key2-21 Enhanced Interior Gateway Routing Protocol See EIGRP erasing configuration2-743 established connections using to permit connections2-292 exiting command modes2-295 extended access lists adding EtherType access lists2-35 deleting EtherType access lists2-35 F failover debugging2-267 saving crash information2-228 filtering HTTPS2-312 server2-730 firewall modules daisy chaining2-7 Firewall Services Module See also FWSM fixup protocol CTIQBE2-316 FTPSQLNet2-316 H.3232-316 HTTP2-316 RSH2-316 session initiation protocol, enabling2-320 SIP SMTP2-316 fixup protocols FTP2-316 Flash memory writing a configuration to2-744 Flood Defender See flood guard flood guard disabling2-325 enabling2-325 fragments managing2-152, 2-328, 2-330, 2-558, 2-559 NFS compatibility2-152, 2-328, 2-330, 2-558, 2-559 free memory, showing2-605 FTP filtering2-311 fixup protocol2-317 FWSM1-1 ACEs2-58 AES support2-236 cache2-730 commands1-1 configuration2-743 configuring2-209 route maps2-683 configuring factory defaul2-209 console2-12 copying image or file2-218 CPU2-513 crashdump2-228 debugging2-260 displaying configuration2-645 factory default2-209 file copy from disk2-227 FTP filtering2-311 global2-331, 2-409, 2-707 HTTPS filtering2-312 interface monitoring2-308 mode2-395 modes1-2 packet debugging2-261 PDM2-428 port valuesB-1 preconfiguring2-469 protocol valuesB-5 running configuration2-225 software version2-690 synchronizing configurations2-745 G global IP addresses, associating a network with2-408 H H.225 connection flag2-506 hardware ARP addressing2-78 Help, firewall CLI2-333 history, command2-564 host name changing 2-335 I ICMP debugging2-266 tracing2-268 ICMP messages information reply2-44, 2-53, 2-62 information request2-44, 2-53, 2-62 network address translation of2-318 ICMP message type2-43, 2-53 ICMP redirection, ICMP message2-339 ICMP types interpreting2-416 selecting2-339 specifying selective access2-43, 2-53, 2-62 using in access lists2-43, 2-53, 2-62 IKE mode, configuring2-238, 2-240 information reply, ICMP message2-339 information request, ICMP message2-339 interactive prompts2-469 interfaces, firewall binding an access list to2-29 configuring2-342 displaying parameters2-342 static or default route2-447 Internet Control Message Protocol See ICMP Internet Group Management Protocol See IGMP IP address using in certificates2-93 ISAKMP enabling IPSec2-350, 2-355 negotiating security associations2-350, 2-355 setting keepalive interval2-350 specifying the keepalive lifetime2-350 ISAKMP policy See ISAKMP K KAT, running2-521 key, authentication2-21 killing Telnet session2-358 Known Answer Test See KAT2-521 L LDAP2-96 using with a certification authority (CA) Lightweight Directory Access Protocol See LDAP line numbers setting2-45, 2-55, 2-479 literal namesB-1 local host displaying detailed information2-596 network states2-596 local or TACACS server2-17 logging changing message levels2-369 changing system message level2-368 configuring time stamps2-365 disabling2-365 enabling2-365 messages2-599 monitoring2-365 queue size2-365 sending messages to console2-367 setting facilities2-365 SNMP specifying a system log (syslog) server2-365 specifying a system log server2-365, 2-367 M MAC address configuring ARP2-78 exempting a device based on2-375, 2-377 setting as ARP table entry2-78 managing with PDM2-428 mask reply, ICMP message2-339 mask request, ICMP message2-339 maximum transmission unit See MTU maxium transmission unit (MTU) specifying2-401 message types2-43, 2-53 mobile redirection, ICMP message2-44, 2-53, 2-62, 2-339 modes2-395 modes, command1-2 monitoring firewall performance2-431 MTU showing specifying multicasting configuring a static route2-395, 2-397 multiple mode2-395 N N2H2 caching server requests2-730 specifying server parameters2-732 URL filtering2-730 naming interfaces2-405 NAT aliasing2-69 configuring2-408 of ICMP messages2-318 setting overlapping addresses2-69 network alias, specifying2-70 O object grouping defining2-413 object groups configuring2-413 grouping2-417 ICMP2-413, 2-416 network2-413, 2-417 protocol2-413, 2-417 removing2-415 services2-413, 2-417 P packet capture, enabling2-103 packets tracing2-266 paging, screen enabling or disabling2-423 parameter-problem2-44 parameter problem, ICMP message2-44, 2-53, 2-62, 2-339 password setting for console access2-424 setting for Telnet2-424 PAT disabling2-331 enabling2-331 limitations2-319 PDM commands in firewall configuration2-426 disconnecting2-427 logging2-426 showing PDM sessions2-427 permitting return connections on established connections2-292 physical addressing, ARP2-78 pinging IP addresses2-433 using with user authorization2-16 ping message types2-43, 2-53 Port Address Translation See PAT port literal namesB-1 port literalsB-1 port values for FWSMB-1 prefix list2-347 preshared key configuring for VPN2-741 privileged mode starting2-290 privilege levels changing between2-435 showing current2-530 prompt "(config)#"1-3 protocols using with port literalsB-5 protocol valuesB-5 proxy server using with VoIP2-320 Q quitting configuration or privileged mode2-438 R RADIUS2-6 randomizing, sequence numbers2-408 rebooting See reloading redirect, ICMP message2-43, 2-53, 2-62 redirection, ICMP message2-339 Related Documentationxviii reloading firewall configuration from Flash memory2-441 saving configuration changes2-441 without confirmation2-441 RIP broadcasting a default route2-444 changing settings2-444 enabling routing table updates MD5 authentication2-445 version 2 support2-444 route map configuration2-683 route, static or default2-447 router changing default address sent2-281, 2-282 router advertisement2-44 router advertisement, ICMP message2-44, 2-53, 2-62, 2-339 router solicitation2-44 router solicitation, ICMP message2-44, 2-53, 2-62, 2-339 Routing Information Protocol See RIP RSA public key record, using with a certification authority (CA)2-87 running configuration, showing2-645 S saving configuration to another location2-743 configuration to Flash memory2-743, 2-745 Secure Socket Layer See SSH security associations creating2-233 deleting2-233 negotiating2-350, 2-355 viewing2-233 security level assigning2-405 Security Parameter Index See SPI sequence numbers, randomizing2-408 server specifying a TFTP server2-743 specifying for AAA2-21 services enabling2-460 handling IDENT connections2-460 session, AccessPro2-471 Session initiation protocol See SIP setting DHCP polling2-344, 2-346 IP addresses2-344, 2-346 show2-487 showing AAA configuration2-475 AAA proxy limit2-476 AAA server configuration2-477 aaa-server configuration2-477 access-group configuration2-478 access-list configuration2-479, 2-480 active connections2-504 alias configuration2-483, 2-484 ARP timeout2-486 authentication prompt2-487 buffer utilization2-489 CA certificates2-492 checksum2-497 command history2-564 command information2-471 current configuration2-743, 2-745 current privilege levels2-530 filtering displayed output2-471 firewall performance2-431 free memory2-605 interface names2-405 local host network states2-596 MTU2-611 privilege levels2-626 processes2-627 running configuration2-645 software versions2-690 start up configuration2-657 system memory utilization2-605 technical support output2-663 Telnet sessions2-742 timeout values2-721 URL server2-687 Simple Network Translation Protocol See SNMP single context2-395 SIP2-320 fixup protocol session initiation protocol2-320 setting protocol timer values2-721 setting timeout values2-721 SNMP configuring contact, location, and host information2-702 configuring on the firewall2-702 logging software version, showing2-690 source2-43, 2-53, 2-62 source quench, ICMP message2-43, 2-53, 2-62, 2-339 SPI coordinating with peer specifying2-137 split tunneling, using2-740 SSH debugging2-267 specifying a host supporting secure shell2-704 standard access lists adding2-65 deleting2-65 start up configuration, showing2-657 storing configuration2-743 synchronizing configuration2-745 syslog2-43, 2-52, 2-61 syslog server EMBLEM formatting2-366, 2-367 system logging See logging system options changing2-711 disabling DNS A record replies2-711 T TACACS2-112, 2-113, 2-114, 2-475 TCP port literalsB-1 preventing packet randomization2-706 randomizing packet sequence number2-708 returning a reset flag (RST) to the source2-460 Telnet console debugging2-268 icmp tracing2-268 setting the console timeout2-191, 2-714 setting the password2-424 showing active sessions2-742 terminating2-358 terminating a session2-358 using a Trace Channel2-268 terminal changing console settings2-717 terminating Telnet session2-358 TFTP configuring a server2-208 saving configuration to another location2-743 specifying a server2-719 time-exceeded2-44 time exceeded, ICMP message2-44, 2-53, 2-62, 2-339 timestamp reply, ICMP message2-44, 2-53, 2-62, 2-339 request, ICMP message2-44, 2-53, 2-62, 2-339 timestamp-reply2-44 timing out freeing an RPC slot2-721 setting maximum idle time2-721 setting translation slot value2-721 tracing ICMP, SQLNet, and packets2-266 translating addresses2-409 translation setting timeout values2-721 setting UDP, RPC, and H.323 timeout values2-722 transparent mode2-395 Trivial File Transfer Protocol See TFTP TurboACL disabling2-34 enabling2-34 U UDP port literalsB-1 setting idle time until slot is freed2-721 Unicast RPF IP implementing2-348 spoofing2-348 unreachable, ICMP message2-43, 2-53, 2-62, 2-339 URL caching2-730 configuring filtering server2-732 filtering2-313, 2-731 user accounting2-2, 2-112, 2-475 user authentication See authentication utilization CPU2-513 V version displaying2-690 viewing Seeshowing Virtual Private Network See VPN Voice over IP See VoIP VoIP SIP fixup using proxy servers2-320 VPN configuring a preshared key2-741 configuring support2-694, 2-739 creating a group policy2-740 downloading group names2-740 global lifetime timeout values2-741 setting up support for Cisco VPN Client2-739 setting up support for Easy VPN Remote2-739 using remote clients2-240 using split tunneling2-740 W Websense caching server request2-730 specifying as URL filtering server2-732 specifying server parameters2-732 specifying URL filtering server2-733 URL filtering2-730 web server caching responses2-730 writing configuration to Flash memory2-743, 2-745 writing a configuration2-743 X xlate See translation
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.