Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Numerics
100BaseTX Ethernet6 - 86
10BaseT Ethernet6 - 86
3Com 10/100 Ethernet network interface card2 - 39
A
AAA2 - 36, 6 - 4, 6 - 9, 6 - 157
aaa authentication enable console, syslog messages
6 - 101
aaa command6 - 2
aaa-server command6 - 9
abbreviating commands1 - 13
access
control list6 - 115
limiting2 - 34
lists1 - 5
modes1 - 13
access lists, IPSec4 - 7, 4 - 8
creating6 - 13
peer mirror images4 - 10
access-group command6 - 11
access-list command5 - 27, 5 - 30, 6 - 12
AccessPro router6 - 128
ActiveX blocking3 - 11, 6 - 16, 6 - 76
Adaptive Security Algorithm (ASA)1 - 2, 1 - 5
address translations6 - 111
administer PIX Firewall from remote location5 - 25
age command3 - 17
AH5 - 29
alias command6 - 15, 6 - 148
alias option to arp command6 - 17
apply command6 - 114
ARP3 - 7
arp command6 - 17
ARP proxies6 - 144
assigning remote clients dynamic IP addressing4 - 30
authenticating the CA6 - 21
authentication and authorization, user2 - 36
authentication, authorization, and accounting6 - 2
auth-prompt command6 - 19
B
blocking ActiveX objects3 - 11
buffer allocation, interface6 - 87
C
CA
authenticating the CA6 - 21
configuring4 - 35
CRL4 - 34
declaring the CA6 - 25
deleting RSA keys6 - 25
digital certificates4 - 31
displaying public keys6 - 25
fingerprint6 - 20
generating RSA key pairs6 - 24
obtaining an updated CRL6 - 23
obtaining certificates6 - 23
peer authentication4 - 34
pre-shared keys4 - 34
public key cryptography4 - 31
Registration Authority (RA) mode6 - 21
revoked certificates4 - 34
revoking your certificate6 - 24
RSA public key record6 - 22
saving RSA Key pairs and certificates6 - 25
sending enrollment request6 - 23
serial number included in certificate6 - 24
server
pkiclient.exe6 - 25
signature4 - 32
ca command6 - 20
CCO upgrades2 - 4
certificate enrollment protocol4 - 35, 6 - 27
Certificate Revocation List
See CRL
certificates, digital5 - 46
Cisco Secure VPN Client4 - 29
CiscoSecure6 - 157
CiscoWorks for Windows3 - 15
clear blocks command6 - 129
clear flashfs6 - 80
clear uauth command6 - 157
client, remote4 - 29, 6 - 51
clock command6 - 27, 6 - 103
command
aaa6 - 2
aaa-server6 - 9
access-group6 - 11
access-list5 - 27, 5 - 30, 6 - 12
age3 - 17
alias6 - 15, 6 - 148
apply6 - 114
arp6 - 17
auth-prompt6 - 19
ca6 - 20
clear blocks6 - 129
clear flashs6 - 80
clear uauth6 - 157
clear xlate command6 - 167
clock6 - 27
conduit6 - 28
configure6 - 33
crypto5 - 27, 5 - 30
crypto dynamic-map6 - 36
crypto ipsec3 - 17, 6 - 40
crypto map6 - 48
crypto map interface4 - 10
debug6 - 61
disable6 - 64
domain-name6 - 65
enable6 - 66
enable password6 - 67
established6 - 69
exit6 - 72
failover3 - 5, 6 - 73
fixup protocol6 - 78
floodguard6 - 81
global6 - 82
help6 - 84
hostname6 - 85
interface6 - 86
ip address2 - 12, 6 - 89
ip local pool6 - 89
ipsec6 - 91
isakmp6 - 92
kill6 - 98
link3 - 17
linkpath3 - 17
logging6 - 99
monitor7 - 2
mtu6 - 107
name6 - 108
nameif2 - 10, 6 - 110
names6 - 108
nat6 - 111
outbound6 - 114
pager6 - 119
passwd6 - 120
perfmon6 - 121
ping6 - 122
quit6 - 123
radius-server, replaced by aaa-server6 - 9
reload2 - 6, 6 - 124
rip6 - 125
route6 - 126
service6 - 127
session6 - 128
show6 - 129
show blocks6 - 129
show checksum6 - 130
show conn6 - 131
show flashfs6 - 80
show history6 - 132
show interface6 - 86
show ip6 - 89
show memory6 - 132
show processes6 - 133
show tech-support6 - 133
show traffic6 - 134
show uauth6 - 157
show version6 - 134
show who6 - 164
show xlate6 - 167
snmp-server6 - 136
static6 - 138
syslog6 - 143
sysopt6 - 144
sysopt connectin permit-ipsec4 - 7
sysopt connection permit-ipsec6 - 145
sysopt ipsec pl-compatible3 - 15, 3 - 19, 6 - 147
tacacs-server, replaced by aaa-server6 - 9
terminal6 - 153
tftp-server6 - 154
timeout6 - 155
url-cache6 - 158
url-server6 - 160
virtual6 - 161
who6 - 164
write6 - 165
command line
editing1 - 14
prompt6 - 85
command output paging1 - 14
compiling Cisco SMI MIB and syslog MIB3 - 15
conduit command6 - 28
conduits1 - 5, A - 7
configuration
mode6 - 34
PIX Firewall units for failover3 - 5
rechecking2 - 37
size1 - 14
configuration example
IPSec with manual keys5 - 27
multiple servers5 - 6
six interfaces with NAT5 - 20
three interfaces with NAT5 - 12
three interfaces without NAT5 - 10
two interfaces without NAT5 - 2
VPN tunnel using VeriSign digital certificates5 - 39
configure command6 - 33
configuring
CA4 - 35
dynamic IP addressing assignment4 - 30
IKE4 - 26
IKE Mode Configuration4 - 30
IPSec with IKE4 - 17
IPSec with pre-shared keys4 - 20
connection, state information1 - 3
console
authentication6 - 4
session6 - 62
contact, SNMP6 - 136
control list6 - 115
converting from Private Link to IPSec3 - 15, 3 - 19
CRL4 - 34
crypto command5 - 27, 5 - 30
crypto dynamic-map command6 - 36
crypto ipsec command3 - 17, 6 - 40
crypto map command6 - 48
crypto map interface command4 - 10
crypto maps
applying to interface4 - 16
dynamic4 - 14
entries4 - 12
load sharing4 - 13
cut-through proxies1 - 5
D
daisy-chain PIX Firewall units6 - 5
debug command6 - 61
default password6 - 67
default route
broadcast6 - 125
router and hosts2 - 6
DES5 - 29
digital certificates4 - 31, 5 - 39, 5 - 46
disable command6 - 64
diskette6 - 34
disk-full condition, recovering from2 - 32
displaying public keys6 - 25
DNS6 - 144
domain-name command6 - 65
download upgrades2 - 4
downloading image, TFTP7 - 2
downloading IP address to VPN client4 - 29
dynamic crypto maps4 - 14
entries4 - 15
referencing4 - 15
sets4 - 15
dynamic IP address assignment4 - 30
E
editing command lines1 - 14
EIGRPB - 2
embryonic connection6 - 111
enable command6 - 66
enable password command6 - 67
encryption, key6 - 9
enforcesubnet6 - 144
Entrust digital certificates5 - 46
ESMTP commands rejected by Mail Guard6 - 79
ESP5 - 29
established command6 - 69
Ethernet6 - 86, 6 - 110, 6 - 147, 7 - 1
examples
IPSec with manual keys5 - 27
multiple servers5 - 6
six interfaces with NAT5 - 20
three interfaces with NAT5 - 12
three interfaces without NAT5 - 10
two interfaces without NAT5 - 2
VPN client access with AAA and pre-shared keys5 - 58
VPN client access with manual IP address and pre-shared keys5 - 53
VPN tunnel using Entrust digital certificates5 - 46
VPN tunnel using VeriSign digital certificates5 - 39
working with IPSec and NAT on the PIX Firewall
5 - 65
exit command6 - 72
F
failover
command6 - 73
configuring on Active unit3 - 5
frequently asked questions3 - 9
interface tests3 - 9
saving configuration of Active unit on standby unit3 - 6
stateful6 - 74
syslog messages3 - 10
syslog messages, SNMP3 - 13
timeout feature6 - 74
upgrading3 - 8
failover command3 - 5
fault detection within failover PIX Firewall units3 - 10
FDDI network interfaces1 - 6
filtering
ActiveX3 - 11
URL3 - 12
fingerprint, CA6 - 20
fixup protocol command6 - 78
Flash memory
persistent data file6 - 24, 6 - 25
write configuration to6 - 166
flashfs6 - 80
Flood Defender6 - 81
floodguard command6 - 81
Frag Guard6 - 144
fragmentation6 - 144
FTP3 - 12, 6 - 78
full duplex6 - 86
G
generating RSA key pairs6 - 24
global command6 - 82
global IP addresses, associating network with6 - 111
GRE2 - 25, 6 - 31
H
H.3236 - 78, 6 - 142, 6 - 155
hardware
address6 - 17
ID6 - 86
speed6 - 86
help command6 - 84
help, command line1 - 16
host, SNMP6 - 136
hostname command6 - 85
HTML <object> tag blocking3 - 11
HTTP6 - 78
HyperTerminal, configuring2 - 2
I
IANA URL1 - 19
ICMP trace6 - 62
IDENT6 - 127
IKE5 - 29
authentication methods4 - 25
benefits4 - 22
configuring pre-shared keys4 - 28
creating policies4 - 25
disabling4 - 29
enabling and configuring4 - 26
policy parameters4 - 23
remote client4 - 29
IKE Mode Configuration
configuring4 - 30, 6 - 51
types4 - 30
interface
buffer allocation6 - 87
command6 - 86
name6 - 110
Internet Key Exchange
See IKE
Interrupt vector, interface cards6 - 87
ip address command2 - 12, 6 - 89
IP Frag Guard6 - 149
ip local pool command6 - 89
IPSec
access lists4 - 7, 4 - 8
creating6 - 13
keyword "any"4 - 10
peer mirror images4 - 10
configuring manually using pre-shared keys4 - 20
configuring with IKE4 - 17
crypto maps
entries4 - 12
load sharing4 - 13
digital certificates4 - 31
order of configuration4 - 5
security associations
clearing and reinitializing4 - 16
global lifetimes4 - 7
IKE4 - 14
manual using pre-shared keys4 - 14
supported standards4 - 2
transform sets4 - 11
using CAs4 - 34
view information4 - 17
without CAs4 - 32
ipsec command6 - 91
ipsec-isakmp option6 - 53
ipsec-manual option5 - 29, 6 - 53
isakmp command6 - 92
J
Java applets3 - 11, 6 - 114, 6 - 117
K
key, authentication6 - 9
kill command6 - 98
L
LDAP (Lightweight Directory Access Protocol6 - 25
LEDs, PIX 5157 - 1
line protocol up and down6 - 87
link command3 - 17
link up and link down6 - 87
link up and link down, SNMP3 - 13
linkpath command3 - 17
LINUX default route2 - 8
list ID2 - 35
literal names1 - 17
local pool6 - 89
LOCAL0 - LOCAL72 - 33, 6 - 100
location, SNMP6 - 136
logging2 - 32
logging command6 - 99
M
MAC address6 - 17, 6 - 87
MacOS default route2 - 9
Mail Guard
disabling6 - 79
feature description1 - 6
MD55 - 29
memory, OS and free6 - 132
MIB file, updating3 - 15
MIB-II groups, SNMP3 - 13
Microsoft
ExchangeC - 1
MS-Exchange advisory for Mail Guard6 - 79
Windows 95 and 98 default route2 - 8
Windows 95 or NT2 - 2
Windows NT default route2 - 8
monitor command7 - 2
MSRPCC - 4
MSS6 - 144
MTU2 - 39, 6 - 87
mtu command6 - 107
multimedia applications, supported1 - 20
N
name command6 - 108
nameif command2 - 10, 6 - 110
names command6 - 108
nat command6 - 111
net alias6 - 15
net static5 - 8
NETBIOS over IP1 - 7
netstat, setting a default route2 - 8
Network Address Translation (NAT), See nat command
newsreaders6 - 7
NFS
access5 - 8
testing with showmount5 - 8
nodnsalias6 - 144
noproxyarp6 - 144
norandomseq6 - 111, 6 - 138
O
object <object> tag blocking3 - 11
obtaining an updated CRL6 - 23
Oracle SQL*Net6 - 62
outbound command6 - 114
P
packet trace6 - 62
packets, received and sent6 - 87
pager command6 - 119
paging screen displays1 - 14
passwd command6 - 120
password, default6 - 67
PCNFSD, tracking activity5 - 8
perfmon command6 - 121
permit-ipsec6 - 144
PFSS6 - 104
physical address6 - 17
ping and ICMP trace6 - 62
ping command6 - 122
pings and AAA6 - 8
PIX 515
feature description1 - 7
LEDs7 - 1
upgrading activation key7 - 5
PIX Firewall
boot diskette, use for system recovery2 - 5
failures on failover units3 - 10
forcing to be active or go to standby3 - 6
image2 - 3
monitoring performance6 - 121
reboot and reload6 - 124
PIX Firewall Manager (PFM)2 - 3
PIX Firewall Manager, set password6 - 120
PIX Firewall Syslog Server (PFSS)2 - 3, 6 - 104
PKI protocol4 - 35, 6 - 25, 6 - 27
port literal names1 - 17
port, outbound6 - 114
portmapper6 - 31
PPTP2 - 25, 6 - 31
Private Link
commands mapped to IPSec commands3 - 16
conversion to IPSec3 - 15, 3 - 19
example of a network diagram3 - 18
privileged mode, start6 - 66
prompt host name label6 - 85
protocols1 - 19, 6 - 78
public key cryptography4 - 31
Q
querying a certificate or CRL6 - 25
quit command6 - 123
R
RA4 - 35
RADIUS6 - 2, 6 - 7
radius-server, replaced by aaa-server command6 - 9
rawrite.exe, conversion utility2 - 5
recovering from disk-full condition2 - 32
redirect6 - 30
Registration Authority
See RA
reload command2 - 6, 6 - 124
remote client4 - 29, 6 - 51
revoked certificates4 - 34
rip command6 - 125
route command6 - 126
router, in PIX Firewall6 - 128
router-advertisement6 - 30
RPC
conduit6 - 31
MSRPCC - 4
slot6 - 155
Sun5 - 8
testing with rpcinfo5 - 8
RSA public key record6 - 22
RSH6 - 78
S
saving configuration before upgrading2 - 1
screen paging, enabling or disabling6 - 119
security associations, IPSec
clearing and reinitializing4 - 16
global lifetimes4 - 7
IKE4 - 14
manual using pre-shared keys4 - 14
security level
assigning6 - 110
defaults6 - 110
security level, values2 - 12
serial number6 - 24
service command6 - 127
session command6 - 128
session key5 - 29
show blocks command6 - 129
show checksum command6 - 130
show command6 - 129
show conn command6 - 131
show flashfs6 - 80
show history command6 - 132
show interface command6 - 86
show ip command6 - 89
show memory command6 - 132
show processes command6 - 133
show tech-support command6 - 133
show traffic command6 - 134
show uauth command6 - 157
show version command6 - 134
show who command6 - 164
show xlate command6 - 167
showmount5 - 8
shutdown option to interface command6 - 86
SMTP6 - 78
SNMP
configuring3 - 13
contact, location, and host6 - 136
object ID (OID)3 - 14, 6 - 137
read-only (RO) values3 - 13
SNMPc (Cisco Works for Windows)3 - 15
syslog Enterprise MIB3 - 15
traps3 - 13
snmp-server command6 - 136
Solaris default route2 - 8
source-quench message type6 - 30
SPI5 - 29
SQL*Net6 - 62, 6 - 78
state information1 - 3
stateful1 - 3
stateful failover6 - 74
static command6 - 138
static translation1 - 4
subnet masksD - 1
Sun RPC5 - 8
SunOS default route2 - 8
supported standards, IPSec4 - 2
syslog3 - 10
command6 - 143
Enterprise MIB3 - 15
log file, UNIX2 - 34
message levels2 - 33
messages2 - 33, 6 - 104
MIB files3 - 15
server6 - 104
SNMP3 - 13
syslog.conf file (UNIX host)2 - 34
UNIX system, configuring2 - 34
viewing messages from console6 - 101
sysopt command6 - 144
sysopt connection permit-ipsec command4 - 7, 6 - 145
sysopt ipsec pl-compatible command3 - 15, 3 - 19, 6 - 147
system recovery, PIX Firewall boot diskette2 - 5
T
TACACS+6 - 2, 6 - 7
tacacs-server, replaced by aaa-server command6 - 9
TCP
maximum segment size6 - 144
port literals1 - 17
randomizing packet sequence number6 - 111
TCP maximum segment size, IPSec5 - 29
tcpclose6 - 144
tcpmss6 - 144
Telnet
configure console access2 - 21
console access6 - 4
console, debug6 - 62
console, syslog6 - 102
icmp trace6 - 62
interface1 - 8
set password6 - 120
terminating6 - 98
timeout feature6 - 150
Trace Channel6 - 62
terminal command6 - 153
terminology1 - 21
TFTP
configuration6 - 34, 6 - 154, 6 - 165
error codes7 - 2
tftp-server command6 - 154
time stamps6 - 100
TIME_WAIT state6 - 144
time-exceeded6 - 30
timeout command6 - 155
timewait6 - 144
Token Ring6 - 86, 6 - 110, 6 - 147
Trace Channel2 - 23, 6 - 62
trace ICMP, SQL*Net, and packets6 - 62
transform set
example configuration5 - 29
transform set, IPSec4 - 11
translation slots
UDP, RPC, H.3236 - 155
translations of addresses6 - 111
traps, SNMP3 - 13
Trivial File Transfer Protocol (TFTP)7 - 2
troubleshoot PIX Firewall from remote location5 - 25
U
uauth6 - 157
UDP
connection state information1 - 3
idle time until slot is freed6 - 155
port literals1 - 17
portmapper6 - 31
UNIX
creating a bootable disk from2 - 6
syslog configuration2 - 34
UNIX, getting console terminal2 - 2
upgrades, downloading2 - 4
upgrading failover3 - 8
upgrading, before2 - 1
URL
filtering3 - 12
logging3 - 12
url-cache command6 - 158
url-server command6 - 160
user authentication and authorization, providing2 - 36
user authentication, authorization, and accounting, providing6 - 2
V
validating a CA's signature4 - 32
VeriSign digital certificates5 - 39
video conferencing applications, supported1 - 20
virtual command6 - 161
Virtual Private Network
See VPN
VPN
client4 - 29
configuration example5 - 27
definition4 - 4
introduction4 - 5
W
WebSENSE server6 - 158
who command6 - 164
Windows HyperTerminal7 - 2
winipcfg, view default route2 - 8
write command6 - 165
X
xlate (translation slot)6 - 155, 6 - 167
