Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.3 - Index [Cisco Services Modules]

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

AAA

configuring authorization services     2-16

deleting authorization caches     2-200

setting up accounting     2-2

setting up a server for     2-16

specifying a server     2-22

AAA challenge text

See authorization prompt

access group     2-30

access list

adding comments     2-42, 2-51

binding a group to an interface     2-30

configuring CiscoSecure ACL attribute     2-42, 2-51

creating     2-35

creating for IPSec     2-40, 2-49

downloading     2-35, 2-42, 2-51

generating denied packet syslog message     2-44, 2-52, 2-61

using RADIUS authorization     2-42, 2-51

using vendor-specific identifiers     2-42, 2-51

using with IPSec     2-45, 2-54

access-list

adding comments     2-42, 2-51

access list entries     2-493

access lists

adding

standard lists     2-65

adding EtherType access lists     2-36

deleting EtherType access lists     2-36

removing

standard lists     2-65

accounting

providing user-based     2-2, 2-114, 2-489

setting up     2-2

using RADIUS     2-2, 2-114, 2-115, 2-489

using TACACS+     2-114, 2-115, 2-116, 2-489

ACL

See access list

activation key

displaying     2-495

updating     2-67

addressing

assigning global pools     2-416

translations     2-416, 2-417

address mask reply, ICMP message     2-45, 2-53, 2-62

address mask request, ICMP message     2-44, 2-53, 2-62

Address Resolution Protocol

See ARP

Address Resolution Protocol, setting parameters     2-82

aliasing

configuring     2-69

setting overlapping addresses for NAT     2-69

specifying for a network     2-70

alternate address, ICMP message     2-44, 2-53, 2-62, 2-344

application inspection

See fixup protocol

ARP

adding

static entry     2-80

changing     2-80, 2-82

configuring

parameters     2-80

persistence timer     2-80

static proxy ARP mapping     2-80

disabling

ARP inspection     2-80

dislaying the cache     2-80, 2-82

physical addressing     2-80

removing

cache timeout     2-80

setting

hardware MAC address     2-80

setting the timeout value     2-80, 2-82

audience     xvii

authentication

disabling

authentication verification     2-11

globally     2-6

on a specific access list     2-13, 2-14

enabling

authentication verification     2-11

globally     2-6

on a specific access list     2-13, 2-14

using certification authorities     2-88

using LOCAL     2-6

using RADIUS     2-6, 2-9

using TACACS+     2-9

using token-based     2-243

using with crypto maps     2-243

using with IPSec     2-243

authentication, authorization, and accounting

See AAA

authorization

disabling     2-18

for a specific access-list command name     2-19

services     2-15

enabling

for a specific access-list command name     2-19

local or TACACS server     2-18

service     2-15

setting AAA challenge text     2-84

B

buffer

packet capture     2-105

buffering, circular     2-106

C

caching

URL     2-752

capture

enabling     2-105

selecting options     2-106

capturing

buffering     2-106

certificate revocation list

See CRL, using

certification authority

authenticating     2-88

See CA

certification authority (CA)

configuring the server     2-98

declaring     2-98

deleting RSA keys     2-104

including serial number in certificate     2-95

obtaining an updated certificate revocation list (CRL)     2-93

obtaining an updated CRL     2-92

obtaining certificates     2-94

querying a certificate or CRL     2-98

revoking certificates     2-95

saving data to the Flash memory     2-100

saving RSA key pairs and certificates     2-100

sending enrollment request     2-94

using LDAP     2-98

using PKI protocol     2-98

using RA mode     2-89

using RSA public key record     2-89

changing

firewall prompt label     2-341

host name     2-341

CiscoSecure 2.1, showing timeout values     2-703

Cisco VPN 3000 Client, configuring support for     2-762

Cisco VPN Client, setting up support for     2-716, 2-761

clear     2-112, 2-114, 2-149, 2-150

clearing

aaa accounting configuration     2-114

AAA server configuration     2-113, 2-118

access group configuration     2-119

alias configuration     2-122

authentication prompt     2-125

clock settings     2-210

commands     2-112, 2-149, 2-150

configurations     2-112, 2-149, 2-150

counters     2-112, 2-149, 2-150

ISAKMP configuration     2-360

local host network states     2-165

logging     2-166, 2-619

system buffer     2-503

timeout values     2-199

CLI

prompt, changing

clients

Oracle SQL*Net     2-270

SQL*Net     2-270

VPN     2-244

clock

setting     2-210

setting Daylight Saving time     2-210

setting time zone     2-210

command-line interface

See CLI

command modes

changing     1-2

configuration     1-3

enabling     2-295

exiting     2-447

privileged     1-2

subconfiguration     1-3

unprivileged     1-2

commands

abbrievating     1-2

changing modes     1-2

completing     1-2

firewall CLI help     1-2

compatible     2-210

conduit

adding or deleting     2-211

configuration

designating a TFTP server     2-212

displaying     2-667

entering configure mode     2-211

synchronization     2-769

using configure factory-default command     2-213

using IKE mode     2-242, 2-244

using the configure command     2-211

configuring

Diffie-Hellman groups     2-361

FWSM     2-213

interfaces     2-413

interface security level     2-413

IP addresses     2-349, 2-351

NAT     2-417

network address translation     2-416

object groups     2-422

privilege levels     2-646

reverse path verfication     2-353

saving configuration     2-766

showing running configuration     2-667

showing start up configuration     2-679

Unicast RPF IP     2-353

URL filtering server     2-754

VPN support     2-716, 2-761

connecting

embryonic process limit     2-418

connection flags

H.225     2-520

H.323     2-520

console

changing settings     2-739

setting a timeout     2-214

using a session     2-271

conversion error, ICMP message     2-45, 2-53, 2-62, 2-344

copy

image or file     2-222

running configuration     2-229

CRL

See certificate revocation list

cryptography engine, running Known Answer Test     2-535

crypto ipsec

clearing security associations     2-141

creating dynamic map entries     2-234

creating security associations     2-237

deleting security association     2-237

reinitializing security associations     2-141

specifying the SPI     2-140

crypto map

creating dynamic entry     2-234

deleting dynamic entry     2-234

D

daisy-chaining     2-7

debugging

packet     2-264

deleting

authorization caches     2-200

DHCP

configuring a relay agent     2-286

polling     2-349, 2-351

relaying requests between interfaces     2-286

Diffie-Hellman

Group 5     2-272

selecting a group     2-253

Diffie-Hellman groups

configuring     2-361

Group 1     2-360

Group 2     2-360

Group 5     2-613

disabling

command modes     2-291

disk

copying files     2-231

displaying

See also showing

software version     2-712

documentation

organization     xvii

domain name, changing     2-293, 2-557

dynamic map

creating     2-294

viewing     2-294

E

Easy VPN Remote

setting up support for     2-761

echo literal     2-44, 2-53

echo reply, ICMP message     2-44, 2-53, 2-62, 2-344

EIGRP

not supported     A-2

EMBLEM, syslog message formatting     2-373

embryonic connection limit     2-418

enable     2-295

enabling

privileged mode     2-295

resetting default password     2-295

encryption

enabling IPSec     2-360

encryption, key     2-22

Enhanced Interior Gateway Routing Protocol

See EIGRP

erasing configuration     2-766

established connections

using to permit connections     2-297

exiting

command modes     2-300

extended access lists

adding EtherType access lists     2-36

deleting EtherType access lists     2-36

F

failover

debugging     2-270

display     2-562

saving crash information     2-232

stateful failover

statistics     2-564

filtering

HTTPS     2-319

server     2-752

firewall modules

daisy chaining     2-7

Firewall Services Module

See also FWSM

fixup protocol

CTIQBE     2-324

FTPSQL*Net     2-324

H.323     2-324

HTTP     2-324

RSH     2-324

session initiation protocol, enabling     2-328

SIP

SMTP     2-324

fixup protocols

FTP     2-324

Flash memory

writing a configuration to     2-767

Flood Defender

See flood guard

flood guard

disabling     2-332

enabling     2-332

fragments

managing     2-155, 2-334, 2-336, 2-575, 2-576

NFS compatibility     2-155, 2-334, 2-336, 2-575, 2-576

free memory, showing     2-624

FTP

filtering     2-317

fixup protocol     2-325

FWSM     1-1

ACEs     2-58

AES support     2-240

cache     2-752

commands     1-1

configuration     2-766

configuring     2-213

route maps     2-705

configuring factory default     2-213

console     2-12

copying image or file     2-222

CPU     2-527

crashdump     2-232

displaying

configuration     2-667

factory default     2-213

file copy from disk     2-231

FTP filtering     2-317

global     2-337, 2-417, 2-729

HTTPS filtering     2-319

interface monitoring     2-313

mode     2-403

modes     1-2

packet debugging     2-264

PDM     2-437

port values     B-1

preconfiguring     2-483

protocol values     B-5

running configuration     2-229

software version     2-712

synchronizing configurations     2-769

G

global IP addresses, associating a network with     2-416

H

H.225

connection flag     2-520

hardware

ARP addressing     2-80

Help, firewall CLI     2-339

history, command     2-581

host name

changing      2-341

I

ICMP

debugging     2-269

tracing     2-270

ICMP messages

information reply     2-44, 2-53, 2-62

information request     2-44, 2-53, 2-62

network address translation of     2-326

ICMP message type     2-44, 2-53

ICMP redirection, ICMP message     2-344

ICMP types

interpreting     2-425

selecting     2-344

specifying selective access     2-44, 2-53, 2-62

using in access lists     2-44, 2-53, 2-62

IKE mode, configuring     2-242, 2-244

information reply, ICMP message     2-344

information request, ICMP message     2-344

interactive prompts     2-483

interfaces, firewall

binding an access list to     2-30

configuring     2-347

displaying parameters     2-347

static or default route     2-461

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

IP address

using in certificates     2-95

ISAKMP

enabling IPSec     2-355, 2-360

negotiating security associations     2-355, 2-360

setting keepalive interval     2-355

specifying the keepalive lifetime     2-355

ISAKMP policy

See ISAKMP

K

KAT, running     2-535

key, authentication     2-22

killing

Telnet session     2-363

Known Answer Test

See KAT     2-535

L

LDAP     2-98

using with a certification authority (CA)

Lightweight Directory Access Protocol

See LDAP

line numbers

setting     2-46, 2-55

literal names     B-1

local host

displaying detailed information     2-614

network states     2-614

local or TACACS server     2-18

logging

changing message levels     2-375

changing system message level     2-374

configuring time stamps     2-371

disabling     2-371

enabling     2-371

messages     2-617

monitoring     2-371

queue size     2-371

sending messages to console     2-373

setting facilities     2-371

SNMP

specifying a system log (syslog) server     2-371

specifying a system log server     2-371, 2-373

M

MAC address

configuring ARP     2-80

exempting a device based on     2-381

setting as ARP table entry     2-80

MAC address table

resource management     2-366

managing

with PDM     2-437

mask reply, ICMP message     2-344

mask request, ICMP message     2-344

maximum transmission unit

See MTU

maxium transmission unit (MTU)

specifying     2-409

message types     2-44, 2-53

mobile redirection, ICMP message     2-45, 2-53, 2-62, 2-344

modes     2-403

modes, command     1-2

monitoring

firewall performance     2-440

MTU

showing

specifying

multicasting

configuring a static route     2-403, 2-405

multiple mode     2-403

N

N2H2

caching server requests     2-752

specifying server parameters     2-754

URL filtering     2-752

naming

interfaces     2-413

NAT

aliasing     2-69

configuring     2-416

of ICMP messages     2-326

setting overlapping addresses     2-69

network alias, specifying     2-70

O

object grouping

defining     2-422

object groups

configuring     2-422

grouping     2-426

ICMP     2-422, 2-425

network     2-422, 2-426

protocol     2-422, 2-426

removing     2-424

services     2-422, 2-426

P

packet capture, enabling     2-105

packets

tracing     2-269

paging, screen

enabling or disabling     2-432

parameter-problem     2-44

parameter problem, ICMP message     2-44, 2-53, 2-62, 2-344

password

setting for console access     2-433

setting for Telnet     2-433

PAT

disabling     2-337

enabling     2-337

limitations     2-327

PDM

commands in firewall configuration     2-435

disconnecting     2-436

logging     2-435

showing PDM sessions     2-436

permitting

return connections on established connections     2-297

physical addressing, ARP     2-80

pinging

IP addresses     2-442

using with user authorization     2-17

ping message types     2-44, 2-53

Port Address Translation

See PAT

port literal names     B-1

port literals     B-1

port values for FWSM     B-1

prefix list     2-352

preshared key

configuring for VPN     2-763

privileged mode

starting     2-295

privilege levels

changing between     2-444

showing current     2-544

prompt

"(config)#"     1-3

protocols

using with port literals     B-5

protocol values     B-5

proxy server

using with VoIP     2-328

Q

quitting

configuration or privileged mode     2-447

R

RADIUS     2-6

randomizing, sequence numbers     2-416

rebooting

See reloading

redirect, ICMP message     2-44, 2-53, 2-62

redirection, ICMP message     2-344

Related Documentation     xviii

reloading

firewall configuration from Flash memory     2-450

saving configuration changes     2-450

without confirmation     2-450

resource management

resource types     2-366

RIP

broadcasting a default route     2-457

changing settings     2-457

enabling routing table updates

MD5 authentication     2-458

version 2 support     2-457

route

map configuration     2-705

route, static or default     2-461

router

changing default address sent     2-286, 2-287

router advertisement     2-44

router advertisement, ICMP message     2-44, 2-53, 2-62, 2-344

router solicitation     2-44

router solicitation, ICMP message     2-44, 2-53, 2-62, 2-344

Routing Information Protocol

See RIP

RSA public key record, using with a certification authority (CA)     2-89

running configuration, showing     2-667

S

saving

configuration to another location     2-766

configuration to Flash memory     2-766, 2-769

Secure Socket Layer

See SSH

security associations

creating     2-237

deleting     2-237

negotiating     2-355, 2-360

viewing     2-237

security level

assigning     2-413

Security Parameter Index

See SPI

sequence numbers, randomizing     2-416

server

specifying a TFTP server     2-766

specifying for AAA     2-22

services

enabling     2-475

handling IDENT connections     2-475

session, AccessPro     2-485

Session initiation protocol

See SIP

setting

DHCP polling     2-349, 2-351

IP addresses     2-349, 2-351

show     2-501

showing

AAA configuration     2-489

AAA proxy limit     2-490

AAA server configuration     2-491

aaa-server configuration     2-491

access-group configuration     2-492

access-list configuration     2-493, 2-494

active connections     2-518

alias configuration     2-497, 2-498

ARP timeout     2-500

authentication prompt     2-501

buffer utilization     2-503

CA certificates     2-506

checksum     2-511

command history     2-581

command information     2-485

current configuration     2-766, 2-769

current privilege levels     2-544

filtering displayed output     2-485

firewall performance     2-440

free memory     2-624

interface names     2-413

local host network states     2-614

MTU     2-631

privilege levels     2-646

processes     2-647

running configuration     2-667

software versions     2-712

start up configuration     2-679

system memory utilization     2-624

technical support output     2-685

Telnet sessions     2-765

timeout values     2-743

URL server     2-709

Simple Network Translation Protocol

See SNMP

single context     2-403

SIP     2-328

fixup protocol

session initiation protocol     2-328

setting protocol timer values     2-743

setting timeout values     2-743

SNMP

configuring contact, location, and host information     2-724

configuring on the firewall     2-724

logging

software version, showing     2-712

source     2-44, 2-53, 2-62

source quench, ICMP message     2-44, 2-53, 2-62, 2-344

SPI

coordinating with peer

specifying     2-140

split tunneling, using     2-762

SSH

debugging     2-270

specifying a host

supporting secure shell     2-726

standard access lists

adding     2-65

deleting     2-65

start up configuration, showing     2-679

storing configuration     2-766

synchronizing

configuration     2-769

syslog     2-44, 2-52, 2-61

syslog server

EMBLEM formatting     2-372, 2-373

system logging

See logging

system options

changing     2-733

disabling DNS A record replies     2-733

T

TACACS     2-114, 2-115, 2-116, 2-489

TCP

port literals     B-1

preventing packet randomization     2-728

randomizing packet sequence number     2-730

returning a reset flag (RST) to the source     2-475

Telnet

console debugging     2-270

icmp tracing     2-270

setting the console timeout     2-195, 2-736

setting the password     2-433

showing active sessions     2-765

terminating     2-363

terminating a session     2-363

using a Trace Channel     2-270

terminal

changing console settings     2-739

terminating

Telnet session     2-363

TFTP

configuring a server     2-212

saving configuration to another location     2-766

specifying a server     2-741

time-exceeded     2-44

time exceeded, ICMP message     2-44, 2-53, 2-62, 2-344

timestamp

reply, ICMP message     2-44, 2-53, 2-62, 2-344

request, ICMP message     2-44, 2-53, 2-62, 2-344

timestamp-reply     2-44

timing out

freeing an RPC slot     2-743

setting maximum idle time     2-743

setting translation slot value     2-743

tracing

ICMP, SQL*Net, and packets     2-269

translating

addresses     2-417

translation

setting timeout values     2-743

setting UDP, RPC, and H.323 timeout values     2-744

transparent mode     2-403

Trivial File Transfer Protocol

See TFTP

TurboACL

disabling     2-35

enabling     2-35

U

UDP

port literals     B-1

setting idle time until slot is freed     2-743

Unicast RPF IP

implementing     2-353

spoofing     2-353

unreachable, ICMP message     2-44, 2-53, 2-62, 2-344

URL

caching     2-752

configuring filtering server     2-754

filtering     2-321, 2-753

user accounting     2-2, 2-114, 2-489

user authentication

See authentication

utilization

CPU     2-527

V

version

displaying     2-712

viewing

Seeshowing

Virtual Private Network

See VPN

Voice over IP

See VoIP

VoIP

SIP fixup

using proxy servers     2-328

VPN

configuring a preshared key     2-763

configuring support     2-716, 2-761

creating a group policy     2-762

downloading group names     2-762

global lifetime timeout values     2-763

setting up support for Cisco VPN Client     2-761

setting up support for Easy VPN Remote     2-761

using remote clients     2-244

using split tunneling     2-762

W

Websense

caching server request     2-752

specifying as URL filtering server     2-754

specifying server parameters     2-754

specifying URL filtering server     2-755

URL filtering     2-752

web server

caching responses     2-752

writing

configuration to Flash memory     2-766, 2-769

writing a configuration     2-766

X

xlate

See translation

	Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.3
	Index
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.3 About This Guide Chapter 1 Using Firewall Services Module Commands A through B Commands C Commands D through F Commands G through L Commands M through R Commands S Commands T through Z Commands Appendix A: Acronyms Appendix B Port and Protocol Values Index Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Command Reference Guide Release 2.3	Download this chapter Index Download the complete book Book-level PDF: Firewall Services Module Command Reference, 2.3 (PDF - 7 MB) Table Of Contents A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Index A AAA configuring authorization services 2-16 deleting authorization caches 2-200 setting up accounting 2-2 setting up a server for 2-16 specifying a server 2-22 AAA challenge text See authorization prompt access group 2-30 access list adding comments 2-42, 2-51 binding a group to an interface 2-30 configuring CiscoSecure ACL attribute 2-42, 2-51 creating 2-35 creating for IPSec 2-40, 2-49 downloading 2-35, 2-42, 2-51 generating denied packet syslog message 2-44, 2-52, 2-61 using RADIUS authorization 2-42, 2-51 using vendor-specific identifiers 2-42, 2-51 using with IPSec 2-45, 2-54 access-list adding comments 2-42, 2-51 access list entries 2-493 access lists adding standard lists 2-65 adding EtherType access lists 2-36 deleting EtherType access lists 2-36 removing standard lists 2-65 accounting providing user-based 2-2, 2-114, 2-489 setting up 2-2 using RADIUS 2-2, 2-114, 2-115, 2-489 using TACACS+ 2-114, 2-115, 2-116, 2-489 ACL See access list activation key displaying 2-495 updating 2-67 addressing assigning global pools 2-416 translations 2-416, 2-417 address mask reply, ICMP message 2-45, 2-53, 2-62 address mask request, ICMP message 2-44, 2-53, 2-62 Address Resolution Protocol See ARP Address Resolution Protocol, setting parameters 2-82 aliasing configuring 2-69 setting overlapping addresses for NAT 2-69 specifying for a network 2-70 alternate address, ICMP message 2-44, 2-53, 2-62, 2-344 application inspection See fixup protocol ARP adding static entry 2-80 changing 2-80, 2-82 configuring parameters 2-80 persistence timer 2-80 static proxy ARP mapping 2-80 disabling ARP inspection 2-80 dislaying the cache 2-80, 2-82 physical addressing 2-80 removing cache timeout 2-80 setting hardware MAC address 2-80 setting the timeout value 2-80, 2-82 audience xvii authentication disabling authentication verification 2-11 globally 2-6 on a specific access list 2-13, 2-14 enabling authentication verification 2-11 globally 2-6 on a specific access list 2-13, 2-14 using certification authorities 2-88 using LOCAL 2-6 using RADIUS 2-6, 2-9 using TACACS+ 2-9 using token-based 2-243 using with crypto maps 2-243 using with IPSec 2-243 authentication, authorization, and accounting See AAA authorization disabling 2-18 for a specific access-list command name 2-19 services 2-15 enabling for a specific access-list command name 2-19 local or TACACS server 2-18 service 2-15 setting AAA challenge text 2-84 B buffer packet capture 2-105 buffering, circular 2-106 C caching URL 2-752 capture enabling 2-105 selecting options 2-106 capturing buffering 2-106 certificate revocation list See CRL, using certification authority authenticating 2-88 See CA certification authority (CA) configuring the server 2-98 declaring 2-98 deleting RSA keys 2-104 including serial number in certificate 2-95 obtaining an updated certificate revocation list (CRL) 2-93 obtaining an updated CRL 2-92 obtaining certificates 2-94 querying a certificate or CRL 2-98 revoking certificates 2-95 saving data to the Flash memory 2-100 saving RSA key pairs and certificates 2-100 sending enrollment request 2-94 using LDAP 2-98 using PKI protocol 2-98 using RA mode 2-89 using RSA public key record 2-89 changing firewall prompt label 2-341 host name 2-341 CiscoSecure 2.1, showing timeout values 2-703 Cisco VPN 3000 Client, configuring support for 2-762 Cisco VPN Client, setting up support for 2-716, 2-761 clear 2-112, 2-114, 2-149, 2-150 clearing aaa accounting configuration 2-114 AAA server configuration 2-113, 2-118 access group configuration 2-119 alias configuration 2-122 authentication prompt 2-125 clock settings 2-210 commands 2-112, 2-149, 2-150 configurations 2-112, 2-149, 2-150 counters 2-112, 2-149, 2-150 ISAKMP configuration 2-360 local host network states 2-165 logging 2-166, 2-619 system buffer 2-503 timeout values 2-199 CLI prompt, changing clients Oracle SQLNet 2-270 SQLNet 2-270 VPN 2-244 clock setting 2-210 setting Daylight Saving time 2-210 setting time zone 2-210 command-line interface See CLI command modes changing 1-2 configuration 1-3 enabling 2-295 exiting 2-447 privileged 1-2 subconfiguration 1-3 unprivileged 1-2 commands abbrievating 1-2 changing modes 1-2 completing 1-2 firewall CLI help 1-2 compatible 2-210 conduit adding or deleting 2-211 configuration designating a TFTP server 2-212 displaying 2-667 entering configure mode 2-211 synchronization 2-769 using configure factory-default command 2-213 using IKE mode 2-242, 2-244 using the configure command 2-211 configuring Diffie-Hellman groups 2-361 FWSM 2-213 interfaces 2-413 interface security level 2-413 IP addresses 2-349, 2-351 NAT 2-417 network address translation 2-416 object groups 2-422 privilege levels 2-646 reverse path verfication 2-353 saving configuration 2-766 showing running configuration 2-667 showing start up configuration 2-679 Unicast RPF IP 2-353 URL filtering server 2-754 VPN support 2-716, 2-761 connecting embryonic process limit 2-418 connection flags H.225 2-520 H.323 2-520 console changing settings 2-739 setting a timeout 2-214 using a session 2-271 conversion error, ICMP message 2-45, 2-53, 2-62, 2-344 copy image or file 2-222 running configuration 2-229 CRL See certificate revocation list cryptography engine, running Known Answer Test 2-535 crypto ipsec clearing security associations 2-141 creating dynamic map entries 2-234 creating security associations 2-237 deleting security association 2-237 reinitializing security associations 2-141 specifying the SPI 2-140 crypto map creating dynamic entry 2-234 deleting dynamic entry 2-234 D daisy-chaining 2-7 debugging packet 2-264 deleting authorization caches 2-200 DHCP configuring a relay agent 2-286 polling 2-349, 2-351 relaying requests between interfaces 2-286 Diffie-Hellman Group 5 2-272 selecting a group 2-253 Diffie-Hellman groups configuring 2-361 Group 1 2-360 Group 2 2-360 Group 5 2-613 disabling command modes 2-291 disk copying files 2-231 displaying See also showing software version 2-712 documentation organization xvii domain name, changing 2-293, 2-557 dynamic map creating 2-294 viewing 2-294 E Easy VPN Remote setting up support for 2-761 echo literal 2-44, 2-53 echo reply, ICMP message 2-44, 2-53, 2-62, 2-344 EIGRP not supported A-2 EMBLEM, syslog message formatting 2-373 embryonic connection limit 2-418 enable 2-295 enabling privileged mode 2-295 resetting default password 2-295 encryption enabling IPSec 2-360 encryption, key 2-22 Enhanced Interior Gateway Routing Protocol See EIGRP erasing configuration 2-766 established connections using to permit connections 2-297 exiting command modes 2-300 extended access lists adding EtherType access lists 2-36 deleting EtherType access lists 2-36 F failover debugging 2-270 display 2-562 saving crash information 2-232 stateful failover statistics 2-564 filtering HTTPS 2-319 server 2-752 firewall modules daisy chaining 2-7 Firewall Services Module See also FWSM fixup protocol CTIQBE 2-324 FTPSQLNet 2-324 H.323 2-324 HTTP 2-324 RSH 2-324 session initiation protocol, enabling 2-328 SIP SMTP 2-324 fixup protocols FTP 2-324 Flash memory writing a configuration to 2-767 Flood Defender See flood guard flood guard disabling 2-332 enabling 2-332 fragments managing 2-155, 2-334, 2-336, 2-575, 2-576 NFS compatibility 2-155, 2-334, 2-336, 2-575, 2-576 free memory, showing 2-624 FTP filtering 2-317 fixup protocol 2-325 FWSM 1-1 ACEs 2-58 AES support 2-240 cache 2-752 commands 1-1 configuration 2-766 configuring 2-213 route maps 2-705 configuring factory default 2-213 console 2-12 copying image or file 2-222 CPU 2-527 crashdump 2-232 displaying configuration 2-667 factory default 2-213 file copy from disk 2-231 FTP filtering 2-317 global 2-337, 2-417, 2-729 HTTPS filtering 2-319 interface monitoring 2-313 mode 2-403 modes 1-2 packet debugging 2-264 PDM 2-437 port values B-1 preconfiguring 2-483 protocol values B-5 running configuration 2-229 software version 2-712 synchronizing configurations 2-769 G global IP addresses, associating a network with 2-416 H H.225 connection flag 2-520 hardware ARP addressing 2-80 Help, firewall CLI 2-339 history, command 2-581 host name changing 2-341 I ICMP debugging 2-269 tracing 2-270 ICMP messages information reply 2-44, 2-53, 2-62 information request 2-44, 2-53, 2-62 network address translation of 2-326 ICMP message type 2-44, 2-53 ICMP redirection, ICMP message 2-344 ICMP types interpreting 2-425 selecting 2-344 specifying selective access 2-44, 2-53, 2-62 using in access lists 2-44, 2-53, 2-62 IKE mode, configuring 2-242, 2-244 information reply, ICMP message 2-344 information request, ICMP message 2-344 interactive prompts 2-483 interfaces, firewall binding an access list to 2-30 configuring 2-347 displaying parameters 2-347 static or default route 2-461 Internet Control Message Protocol See ICMP Internet Group Management Protocol See IGMP IP address using in certificates 2-95 ISAKMP enabling IPSec 2-355, 2-360 negotiating security associations 2-355, 2-360 setting keepalive interval 2-355 specifying the keepalive lifetime 2-355 ISAKMP policy See ISAKMP K KAT, running 2-535 key, authentication 2-22 killing Telnet session 2-363 Known Answer Test See KAT 2-535 L LDAP 2-98 using with a certification authority (CA) Lightweight Directory Access Protocol See LDAP line numbers setting 2-46, 2-55 literal names B-1 local host displaying detailed information 2-614 network states 2-614 local or TACACS server 2-18 logging changing message levels 2-375 changing system message level 2-374 configuring time stamps 2-371 disabling 2-371 enabling 2-371 messages 2-617 monitoring 2-371 queue size 2-371 sending messages to console 2-373 setting facilities 2-371 SNMP specifying a system log (syslog) server 2-371 specifying a system log server 2-371, 2-373 M MAC address configuring ARP 2-80 exempting a device based on 2-381 setting as ARP table entry 2-80 MAC address table resource management 2-366 managing with PDM 2-437 mask reply, ICMP message 2-344 mask request, ICMP message 2-344 maximum transmission unit See MTU maxium transmission unit (MTU) specifying 2-409 message types 2-44, 2-53 mobile redirection, ICMP message 2-45, 2-53, 2-62, 2-344 modes 2-403 modes, command 1-2 monitoring firewall performance 2-440 MTU showing specifying multicasting configuring a static route 2-403, 2-405 multiple mode 2-403 N N2H2 caching server requests 2-752 specifying server parameters 2-754 URL filtering 2-752 naming interfaces 2-413 NAT aliasing 2-69 configuring 2-416 of ICMP messages 2-326 setting overlapping addresses 2-69 network alias, specifying 2-70 O object grouping defining 2-422 object groups configuring 2-422 grouping 2-426 ICMP 2-422, 2-425 network 2-422, 2-426 protocol 2-422, 2-426 removing 2-424 services 2-422, 2-426 P packet capture, enabling 2-105 packets tracing 2-269 paging, screen enabling or disabling 2-432 parameter-problem 2-44 parameter problem, ICMP message 2-44, 2-53, 2-62, 2-344 password setting for console access 2-433 setting for Telnet 2-433 PAT disabling 2-337 enabling 2-337 limitations 2-327 PDM commands in firewall configuration 2-435 disconnecting 2-436 logging 2-435 showing PDM sessions 2-436 permitting return connections on established connections 2-297 physical addressing, ARP 2-80 pinging IP addresses 2-442 using with user authorization 2-17 ping message types 2-44, 2-53 Port Address Translation See PAT port literal names B-1 port literals B-1 port values for FWSM B-1 prefix list 2-352 preshared key configuring for VPN 2-763 privileged mode starting 2-295 privilege levels changing between 2-444 showing current 2-544 prompt "(config)#" 1-3 protocols using with port literals B-5 protocol values B-5 proxy server using with VoIP 2-328 Q quitting configuration or privileged mode 2-447 R RADIUS 2-6 randomizing, sequence numbers 2-416 rebooting See reloading redirect, ICMP message 2-44, 2-53, 2-62 redirection, ICMP message 2-344 Related Documentation xviii reloading firewall configuration from Flash memory 2-450 saving configuration changes 2-450 without confirmation 2-450 resource management resource types 2-366 RIP broadcasting a default route 2-457 changing settings 2-457 enabling routing table updates MD5 authentication 2-458 version 2 support 2-457 route map configuration 2-705 route, static or default 2-461 router changing default address sent 2-286, 2-287 router advertisement 2-44 router advertisement, ICMP message 2-44, 2-53, 2-62, 2-344 router solicitation 2-44 router solicitation, ICMP message 2-44, 2-53, 2-62, 2-344 Routing Information Protocol See RIP RSA public key record, using with a certification authority (CA) 2-89 running configuration, showing 2-667 S saving configuration to another location 2-766 configuration to Flash memory 2-766, 2-769 Secure Socket Layer See SSH security associations creating 2-237 deleting 2-237 negotiating 2-355, 2-360 viewing 2-237 security level assigning 2-413 Security Parameter Index See SPI sequence numbers, randomizing 2-416 server specifying a TFTP server 2-766 specifying for AAA 2-22 services enabling 2-475 handling IDENT connections 2-475 session, AccessPro 2-485 Session initiation protocol See SIP setting DHCP polling 2-349, 2-351 IP addresses 2-349, 2-351 show 2-501 showing AAA configuration 2-489 AAA proxy limit 2-490 AAA server configuration 2-491 aaa-server configuration 2-491 access-group configuration 2-492 access-list configuration 2-493, 2-494 active connections 2-518 alias configuration 2-497, 2-498 ARP timeout 2-500 authentication prompt 2-501 buffer utilization 2-503 CA certificates 2-506 checksum 2-511 command history 2-581 command information 2-485 current configuration 2-766, 2-769 current privilege levels 2-544 filtering displayed output 2-485 firewall performance 2-440 free memory 2-624 interface names 2-413 local host network states 2-614 MTU 2-631 privilege levels 2-646 processes 2-647 running configuration 2-667 software versions 2-712 start up configuration 2-679 system memory utilization 2-624 technical support output 2-685 Telnet sessions 2-765 timeout values 2-743 URL server 2-709 Simple Network Translation Protocol See SNMP single context 2-403 SIP 2-328 fixup protocol session initiation protocol 2-328 setting protocol timer values 2-743 setting timeout values 2-743 SNMP configuring contact, location, and host information 2-724 configuring on the firewall 2-724 logging software version, showing 2-712 source 2-44, 2-53, 2-62 source quench, ICMP message 2-44, 2-53, 2-62, 2-344 SPI coordinating with peer specifying 2-140 split tunneling, using 2-762 SSH debugging 2-270 specifying a host supporting secure shell 2-726 standard access lists adding 2-65 deleting 2-65 start up configuration, showing 2-679 storing configuration 2-766 synchronizing configuration 2-769 syslog 2-44, 2-52, 2-61 syslog server EMBLEM formatting 2-372, 2-373 system logging See logging system options changing 2-733 disabling DNS A record replies 2-733 T TACACS 2-114, 2-115, 2-116, 2-489 TCP port literals B-1 preventing packet randomization 2-728 randomizing packet sequence number 2-730 returning a reset flag (RST) to the source 2-475 Telnet console debugging 2-270 icmp tracing 2-270 setting the console timeout 2-195, 2-736 setting the password 2-433 showing active sessions 2-765 terminating 2-363 terminating a session 2-363 using a Trace Channel 2-270 terminal changing console settings 2-739 terminating Telnet session 2-363 TFTP configuring a server 2-212 saving configuration to another location 2-766 specifying a server 2-741 time-exceeded 2-44 time exceeded, ICMP message 2-44, 2-53, 2-62, 2-344 timestamp reply, ICMP message 2-44, 2-53, 2-62, 2-344 request, ICMP message 2-44, 2-53, 2-62, 2-344 timestamp-reply 2-44 timing out freeing an RPC slot 2-743 setting maximum idle time 2-743 setting translation slot value 2-743 tracing ICMP, SQLNet, and packets 2-269 translating addresses 2-417 translation setting timeout values 2-743 setting UDP, RPC, and H.323 timeout values 2-744 transparent mode 2-403 Trivial File Transfer Protocol See TFTP TurboACL disabling 2-35 enabling 2-35 U UDP port literals B-1 setting idle time until slot is freed 2-743 Unicast RPF IP implementing 2-353 spoofing 2-353 unreachable, ICMP message 2-44, 2-53, 2-62, 2-344 URL caching 2-752 configuring filtering server 2-754 filtering 2-321, 2-753 user accounting 2-2, 2-114, 2-489 user authentication See authentication utilization CPU 2-527 V version displaying 2-712 viewing Seeshowing Virtual Private Network See VPN Voice over IP See VoIP VoIP SIP fixup using proxy servers 2-328 VPN configuring a preshared key 2-763 configuring support 2-716, 2-761 creating a group policy 2-762 downloading group names 2-762 global lifetime timeout values 2-763 setting up support for Cisco VPN Client 2-761 setting up support for Easy VPN Remote 2-761 using remote clients 2-244 using split tunneling 2-762 W Websense caching server request 2-752 specifying as URL filtering server 2-754 specifying server parameters 2-754 specifying URL filtering server 2-755 URL filtering 2-752 web server caching responses 2-752 writing configuration to Flash memory 2-766, 2-769 writing a configuration 2-766 X xlate See translation
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.