Table Of Contents
Cisco PIX Device Manager Release Notes Version 3.0(3)
PIX Firewall System Interoperability with PDM
Maximum Configuration File Size
Upgrading to a New Software Release
New Features in PDM Version 3.0(3)
Features Introduced in PDM Version 3.0(2)
Virtual LAN (VLAN) support for PIX 506/506E
Filter except for HTTPS, FTP, Java, and ActiveX
Features Introduced in PDM Version 3.0(1)
Specify Interface as Address in ACLs
Verify Peer Certificate Distinguished Name (DN)
Change level for Syslog Messages
Ability to Disable SIP UDP Fixup
CLI Commands not Fully Supported in PIX Firewall
CLI Commands Ignored By PDM in PIX Firewall
Unsupported CLI Commands and Command Combinations
Resolved Caveats - Version 3.0(3)
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Cisco PIX Device Manager Release Notes Version 3.0(3)
April 2005
Contents
This document includes the following sections:
•
New Features in PDM Version 3.0(3)
•
•
•
•
Introduction
Cisco PIX Device Manager (PDM) is a browser-based Java application for configuring and monitoring the PIX Firewall Version 6.3 software. If the unit is currently running the PIX Firewall Version 6.3 software, the PDM Version 3.0 software is already loaded in the PIX Firewall Flash memory. You should verify that you are running PDM Version 3.0(3).
Note
PDM Software Overview
PDM Version 3.0(3) will work with all versions of PIX 6.3 and supports the new features in PIX 6.3(4).
PDM Version 3.0 is a single image, which supports only PIX Firewall Version 6.3, and is designed to provide secure administration of the PIX Firewall. PDM is implemented as a signed Java applet, which downloads to your PC or workstation when you point your browser.
PDM provides a graphical user interface to the firewall to administer it without requiring knowledge of the command-line interface (CLI). Additionally, PDM maintains compatibility with the firewall CLI and includes a tool for using the standard CLI commands within the PDM application. PDM lets you graph many aspects of the firewall, as well as print or export graphs of traffic through the firewall and system activity.
To help you use PDM, online help is provided throughout the application as well as a help table of contents, index, and glossary.
System Requirements
PDM is available on all Cisco PIX 501, PIX 506/506E, PIX 515/515E, PIX 520, PIX 525, and PIX 535 platforms running Version 6.3. PDM Version 3.0 is a single image which supports only PIX Firewall Version 6.3. The following sections list the system requirements for PDM Version 3.0 software.
PDM Requirements
PDM has the following system requirements:
•
•
Caution
This section includes the following topics:
•
•
•
PIX Firewall System Interoperability with PDM
Table 1 lists the PIX Firewall System requirements for PDM Version 3.0.
Table 1 PIX Firewall System Requirements for PDM Version 3.0
Platform
PIX 501, 506/506(E), 515/515(E), 520, 525, or 535
Random access memory
16 MB
Flash Memory
See Table 2
PIX Firewall operating system
Version 6.3
Encryption
DES, 3DES, or AES-enabled
The PIX Firewall system ships with PIX Firewall software Version 6.3, which includes a pre-installed DES activation key. If your PIX Firewall is not enabled for DES, 3DES, or AES, and you are a registered Cisco user, you can receive a DES, 3DES, or AES activation key by completing the form at the following URL: http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324. To become a registered Cisco user, go to http://tools.cisco.com/RPF/register/register.do.
Flash Memory Requirements
Table 2 lists Flash memory requirements for PIX Firewall software Version 6.3 in conjunction with PDM Version 3.0 by platform.
Maximum Configuration File Size
For optimum performance, we recommend a configuration file of no more than 100 KB (approximately 1500 lines) when using PDM.
PIX Firewall configuration files over 100 KB may interfere with the performance of PDM on your workstation in the following situations:
•
•
•
To determine the size of your configuration file, enter the show flashfs command at the PIX Firewall CLI prompt. View the output which begins with "file 1." The number labeled "length" on the same line is the configuration file size in bytes.
For example:
pixfirewall# show flashfsflash file system: version:3 magic:0x12345679file 0:origin: 0 length:1925176file 1:origin:2883584 length:2944file 2:origin:3014656 length:32file 3:origin: 0 length:0file 4:origin:3145728 length:131072file 5:origin:8257536 length:308PIX Firewall platforms have different configuration file size limitations than PDM. See Table 3 for the maximum recommended configuration file size by platform.
Table 3 Maximum Recommended Configuration File Size by Platform
PIX 501
256 KB
PIX 506/506E, 515/515E, 520
1 MB
PIX 525, PIX 535 1
2 MB
1 This applies to PIX Firewall software Version 5.3(2) and later versions. The maximum recommended configuration file size for PIX Firewall software Versions 5.3(1) and earlier is 1 MB.
Software Requirements
PIX Firewall software Version 6.3 has the following software requirements:
•
•
•
•
Upgrading to a New Software Release
If you registered Cisco user, refer to the Upgrading Software for the Cisco Secure PIX Firewall document at the following URL: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml
PC/Workstation Requirements
PDM requirements vary depending on the platform.
Note
Note the following when using PDM to access the PIX Firewall unit:
•
•
•
Supported Platforms
This section includes the following topics:
Microsoft Windows
Table 4 and Table 5 list the requirements for Windows platforms using PDM 3.0.
Table 5 Supported and Recommended Windows Platforms for PDM 3.0
Microsoft Windows 2000 (Service Pack 4), or
Microsoft Windows XP (English or Japanese versions)Internet Explorer 6.0
Native1 JVM (VM 3809)
or
Java Plug-in 1.4.2 or 1.5.0Netscape 7.1
Java Plug-in 1.4.2 or 1.5.0
1 Native refers to the built-in JVM that ships with the browser.
Note
Sun Solaris
Table 6 and Table 7 list the requirements for Sun Solaris platforms using PDM 3.0.
Table 7 Supported and Recommended Sun Solaris Platforms for PDM 3.0
Sun Solaris 2.8 or 2.9
Mozilla 1.4
Java Plug-in 1.4.2
1 Sun Solaris running OpenWindows is not supported.
Red Hat Linux
Table 8 and Table 9 list the requirements for Red Hat Linux platforms using PDM 3.0.
New Features in PDM Version 3.0(3)
This release of PDM Version 3.0(3) was created to fix a compatibility issue with the version 1.42_08 of the Java Plug-in.
Features Introduced in PDM Version 3.0(2)
The following newfeatures are available in PDM Version 3.0(2). Many of these features were introduced to support changes with PIX Firewall Version 6.3(4).
AAA Fallback
By default, a AAA server failure would prevent you from authenticating and/or authorizing. This feature lets you optionally choose to use the LOCAL database on the Cisco PIX Firewall for authentication and/or authorization in the event of a AAA server failure. You can optionally use the LOCAL Cisco PIX Firewall database for:
1.
2.
This feature was introduced with PIX Firewall version 6.3(4).
Virtual LAN (VLAN) support for PIX 506/506E
PDM supports VLANs on the PIX 506/506E. A maximum of two logical interfaces can be configured on these two interface platforms because there is a four interface limit.
Filter except for HTTPS, FTP, Java, and ActiveX
PDM 3.0 allows additional filter actions, namely "do not filter ActiveX," "do not filter Java Applet," "do not filter HTTPS," and "do not filter FTP." These filters let you specify hosts or networks that should not be filtered. For example, if the host or network you specify is included in a Filter ActiveX rule, then you can create a Do Not Filter ActiveX rule to create an exception.
SIP IP Address Privacy
If any two SIP endpoints participating in an IP phone call or instant messaging session use the same internal firewall interface to contact their SIP proxy server on an external firewall interface, enabling SIP IP Address Privacy ensures that all SIP signaling messages go through the SIP proxy server.
This feature is in effect when SIP over TCP Fixup or SIP over UDP Fixup is enabled. By default, this feature is disabled.
If SIP IP Address Privacy is enabled, the firewall will not translate internal and external host IP addresses embedded in the TCP or UDP payload of inbound SIP traffic, ignoring translation rules for those IP addresses.
ISAKMP (IKE) Event Tracing
ISAKMP Event Tracing includes a simple event tracing buffer for troubleshooting. It is helpful for detailed troubleshooting when a syslog server is unavailable, such as in a PIX 501 Easy VPN Remote deployment. You can configure the number of events to log. By default, event tracing is disabled.
Support Netmask in Local Pool
This feature lets you optionally configure a netmask for the IP local pool. This information is sent to the VPN client when it sends a mode configuration request for the netmask. Without this feature, a VPN client such as the Windows VPN 4.x client will simply use the classful netmask because none is provided.
SNMP Fixup
This feature lets you inspect SNMP traffic passing through the firewall. By default, SNMP inspection is disabled.
In addition, you can filter out traffic based on the SNMP protocol version. The SNMP versions are version 1, 2, 2c, and 3.
Extended DNS (EDNS0) Fixup
The Extended DNS (EDNS0) feature adds support for the DNS fixup and support for a UDP DNS response packet greater than 512 bytes. Support for greater than 512 bytes is defined in RFC 2671. Prior to this feature, the firewall simply dropped UDP DNS response packets greater than 512 bytes.
TFTP Fixup
Trivial File Transfer Protocol (TFTP) is a very simple protocol used to transfer files between hosts. The fixup is enabled by default and uses port 69. The ports for TFTP are configurable. This feature was introduced in PIX 6.3(2).
Display VAC Information
The PDM Home Page now indicates whether a VPN accelerator card (VAC) or VAC+ is present or not.
Features Introduced in PDM Version 3.0(1)
The following features were introduced in PDM Version 3.0(1).
VLAN-Based Virtual Interfaces
802.1Q VLAN support comes to the PIX Firewall, providing added flexibility in managing and provisioning the firewall. This feature enables the decoupling of IP interfaces from physical interfaces (hence making it possible to configure logical IP interfaces independent of the number of interface cards installed), and supplies appropriate handling for IEEE 802.1Q tags.
OSPF Dynamic Routing
Route propagation and greatly reduced route convergence times are two of the many benefits that arrive with Open Shortest Path First (OSPF). The PIX Firewall implementation will support intra-area, inter-area and external routes. The distribution of static and connected routes to OSPF processes, and route redistribution between OSPF processes are also included.
PAT for ESP Tunnels
Provides the ability to PAT IP protocol 50 to support a single IPSec user outbound access.
NAT Traversal
This feature addresses most of the known incompatibilities between NAT and IPSec that have become a major barrier to the deployment of IPSec. The design is based on the IETF NAT wrapper draft to ensure maximum interoperability with Cisco NAT products as well as non-Cisco NAT platforms.
DHCP Relay
Acting as a DHCP relay agent, the PIX Firewall can assist in dynamic configuration of IP hosts on any of its interfaces. It receives requests from hosts on a given interface and forwards them to a user-configured DHCP server on another interface.
Comments in ACLs
This feature allows users to include comments in access lists to make the ACL easier to understand and scan.
Syslog by ACL
This feature allows users to configure a specific ACL entry with a logging option. When such an option is configured, statistics for each flow that matches the permit or deny conditions of the ACL entry are logged.
AES
This feature adds support for AES on PIX Firewall. It is anticipated that the IETF will mandate AES as required privacy transforms for both IPSec and IKE in the near future. AES supports 128-bit, 192-bit, and 256-bit encryption.
Diffie-Hellman Group 5
This feature adds support for 1536-bit MODP group that has been given the group 5 identifier.
Specify Interface as Address in ACLs
Users running the DHCP client on the PIX Firewall outside interface will no longer have to adjust their access lists every time the outside DHCP address gets changed by their ISP.
New Fixups
CTIQBE, MGCP, PAT for PPTP, PAT for ESP Tunnels, ICMP Error, PAT for Skinny.
CA Enrollment Using X.500
Aggressive Mode is used for preshared keys, and Main Mode (MM) can now be used for RSA-IG based key exchange. This is in conformance with 3002 behavior, where MM is performed whenever possible.
HTTPS Authentication Proxy
This new feature provides a secure method of exchanging information between an HTTP client and PIX Firewall by using HTTPS for the transaction.
Verify Peer Certificate Distinguished Name (DN)
You can now verify and filter out valid but unexpected peers using certificate DN values during IKE negotiation.
VPN Interoperability
In PDM you can specify a key-id or a string for interoperability with other headend VPN devices.
Change level for Syslog Messages
This feature allows users to change the default logging level for a specific ACL entry with a logging option. When such an option is configured, statistics for each flow that matches the permit or deny conditions of the ACL entry are logged.
AAA Proxy Limit
You can limit the number of concurrent proxy connections allowed.
HTTPS/FTP Using Websense
This feature extends the existing Websense-based URL filtering to HTTPS and FTP.
SIP over TCP
You can configure the ports on which the firewall listens for SIP over TCP traffic.
Ability to Disable SIP UDP Fixup
This adds support for valid non-SIP packets being dropped by the PIX Firewall when they use a SIP UDP port.
DHCP Server on any Interface
Any interface can now be configured as a DHCP server.
Management Feature Access
You can now perform PIX Firewall management functions, such as running PDM, on an internal interface with a fixed IP address over an IPSec VPN tunnel.
Console Timeout
The new Console panel lets you set the time a console connection remains open when idle.
Banner
The new Banner panel lets you configure message of the day, login, and session banners.
Improved Printing
Printing has been improved so access lists can be printed and viewed more easily.
RME Syslog Compatibility
This new feature provides the ability to log messages in Cisco EMBLEM format to a syslog server. This feature allows the RME (Resource Manager Essentials) syslog analyzer to parse PIX Firewall messages sent to a syslog host.
PDM Home Page
The new PDM home page lets you view, at a glance, important information about your PIX Firewall such as the status of your interfaces, the version you are running, licensing information, and performance.
Batch Mode when Sending CLIs
PDM is faster in the method it uses to send a series of CLI commands to the firewall. It allows all CLIs to be sent and configured, even if you end up losing the connection because of the changes you make.
Important Notes
This section describes important notes for PDM software Version 3.0.
Interface Security Level
Because traffic is not permitted between interfaces configured with the same security level, PDM does not support this configuration.
CLI Command Support
PDM Version 3.0 adds support to the PIX Firewall CLI command syntax. Refer to PDM online Help for more information on the supported CLI commands.
Fully Supported CLI Commands
PDM parses these commands when uploading or creating the PIX Firewall configuration and grants you full access to all PDM user-interface tabs.
Exceptions are noted in the table and occur when PDM cannot parse certain combinations of command statements. Commands that PDM cannot parse stay in the configuration, their values cannot be changed with PDM, and they appear in the list of unparseable commands.
Table 10 lists the CLI commands that PDM fully supports. PDM parses these commands in the firewall configuration and allows PDM to operate successfully.
CLI Commands not Fully Supported in PIX Firewall
Table 11 lists commands that cannot be changed. PDM parses these commands in the firewall configuration and handles them transparently.
CLI Commands Ignored By PDM in PIX Firewall
These CLI commands are displayed in the list of unparseable commands in PDM. However, PDM does not change or remove these commands from your configuration, and the presence of these commands does not limit your access to the user-interface tabs in PDM.
The following commands are otherwise ignored by PDM except that they are displayed in the list of unparseable commands:
•
For example:
access-list eng permit ip any server1 255.255.255.255access-list eng permit ip any server2 255.255.255.255access-list eng permit ip any server3 255.255.255.255access-list eng deny ip any any•
•
Note
Unsupported CLI Commands and Command Combinations
The following CLI commands or command combinations allow only monitoring and not configuration facilities.
Table 12 lists commands that PDM does not support in a configuration. If the commands are present in your configuration, you can only use the Monitoring tab.
Table 12 CLI Commands That Limit You to the PDM Monitoring Tab
alias
outbound id except
access-list acl1 deny igmp any any
access-group acl1
In addition, the following command combinations also limit your access to the Monitoring tab only:
•
access-list 101 permit tcp any anyaaa authentication include http inside 1.1.1.1 255.255.255.255 0.0.0.0 0.0.0.0 portalaaa accounting match 101 inside portalYou can fix this by changing aaa commands exclusively to either the match acl style or to the include/exclude style.
•
access-list 101 permit ip 172.21.3.0 255.255.0.0 172.22.2.0 255.255.0.0access-group 101 in interface outsideconduit permit icmp any any
Note
•
access-group eng in interface perimaccess-group eng in interface outside•
access-list acl_out permit tcp 10.16.1.0 255.255.255.0 209.165.201.0 255.255.255.224access-group acl_out in interface outsideaaa authentication match acl_out outside AuthInIn this example, the access-list command statement is applied to the outside interface by the access-group command. The same ACL name cannot then be used by the aaa command statement. You can fix this example by creating an access-list command statement without an accompanying access-group command statement and then applying that to the aaa command statement.
For example:
access-list acl_out2 permit tcp 10.16.1.0 255.255.255.0 209.165.201.0 255.255.255.224aaa authentication match acl_out2 outside AuthIn•
access-list acl_out2 permit tcp 10.16.1.0 255.255.255.0 209.165.201.0 255.255.255.224aaa authentication match acl_out2 outside AuthInaaa authorization match acl_out2 outside AuthInIn this example, the access-list command statement is applied to the outside interface by the aaa authentication command. Using the acl_out2 ACL name for both authentication and authorization cannot be parsed by PDM. You can fix this by creating another access-list command statement identical to the first statement and applying that in the aaa authorization command.
For example:
access-list acl_out2 permit tcp 10.16.1.0 255.255.255.0 209.165.201.0 255.255.255.224access-list acl_out3 permit tcp 10.16.1.0 255.255.255.0 209.165.201.0 255.255.255.224aaa authentication match acl_out2 outside AuthInaaa authorization match acl_out3 outside AuthIn•
outbound 13 deny 0.0.0.0 0.0.0.0 0 0outbound 13 permit 0.0.0.0 0.0.0.0 389 tcpoutbound 13 permit 0.0.0.0 0.0.0.0 30303 tcpoutbound 13 permit 0.0.0.0 0.0.0.0 53 udpapply (inside) 13 outgoing_srcapply (perim) 13 outgoing_src•
•
writeshow pdmshow versionshow curpriv•
access-list acl1 deny igmp any anyaccess-group acl1 in interface outsidemulticast interface outsideigmp access-group acl1•
/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1160287If any one of the following commands are in the configuration, PDM will be forced into monitor mode:
static (inside,outside) 209.165.202.129 access-list NET1static (inside,outside) 209.165.202.130 access-list NET2nat (inside) 1 access-list NET1nat (inside) 2 access-list NET2Multiple PDM Sessions
PDM allows multiple PCs or workstations to each have one browser session open with the same firewall. A single firewall unit can support up to concurrent 5 PDM sessions. However, only one session per browser per PC or workstation is supported for a particular firewall. Refer to PDM online Help for more information on multiple PDM sessions.
Caveats
The following sections describe the caveats for PDM software Version 3.0.
For your convenience in locating caveats in the Cisco Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
•
•
•
Note
http://www.cisco.com/support/bugtools
Open Caveats - Version 3.0(3)
The caveats in Table 13 are yet to be resolved in this version.
Resolved Caveats - Version 3.0(3)
The caveats in Table 14 are resolved in this version.
Table 14 Resolved Caveats
CSCeh50967
Yes
PDM does not run with Java 1.5.0_02
Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order annual or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/index.shtml
•
Documentation Feedback
You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.
You can send your comments in e-mail to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance.
Cisco TAC Website
The Cisco TAC website (http://www.cisco.com/tac) provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year.
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
The online TAC Case Open Tool (http://www.cisco.com/tac/caseopen) is the fastest way to open P3 and P4 cases. (Your network is minimally impaired or you require product information). After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using these recommendations, your case will be assigned to a Cisco TAC engineer.
For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
•
•
http://www.cisco.com/go/packet
•
http://www.cisco.com/go/iqmagazine
•
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
•
http://www.cisco.com/en/US/learning/index.html
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)
Guest
