FeedbackTable Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
3DES encryption algorithm
in IKE proposals 9-60
802.1x
802.1x Policy page C-546
configuring on Cisco IOS routers 12-59
defining policies 12-64
interface authorization states 12-61
supported topologies 12-62
understanding device roles 12-60
A
AAA
accounting 10-1
authorization 10-1
configuring on firewall devices 13-30
local fallback 13-33
support 13-32
user authentication 10-1
AAA authentication groups
predefined 8-7
AAA Firewall page C-784
AAA Mode Setup page 2-2
AAA rules
AAA Rules page C-710
Add AAA Rules dialog box C-713
adding 11-88
AuthProxy dialog box C-730
configuring settings
for AAA (IOS) 11-104
for AAA firewall (PIX/ASA) 11-99
copying 11-96
cutting 11-96
deleting 11-98
disabling 11-94
Edit AAA Option dialog box C-728
Edit AAA Rules dialog box C-713
Edit AAA Server Group dialog box C-731
Edit Category dialog box C-733
Edit Description dialog box C-732
Edit Destinations dialog box C-720
editing 11-91
Edit Interface dialog box C-726
Edit Service dialog box C-691, C-723
Edit Sources dialog box C-718
enabling 11-94
finding usage 11-95
generating usage reports 11-95
MAC exempt address lists
adding 11-101
deleting 11-103
editing 11-102
using 11-101
moving down 11-97
moving up 11-97
pasting 11-96
Show Destination dialog box C-722
Show Interface Contents dialog box C-727
Show Service Contents dialog box C-725
Show Source Contents dialog box C-719
understanding 11-86
AAA Rules page C-710
AAA server group objects
AAA Server Group dialog box C-36
AAA Server Groups page C-35
creating 8-9
deleting 8-18
duplicating 8-12
editing 8-13
generating usage reports for 8-17
managing overrides 8-16
override page in Device Properties A-55
override page in Policy Object Manager C-207
predefined authentication groups 8-7
understanding 8-6
viewing details 8-15
AAA Server Groups Override page A-55
AAA server objects
AAA Server dialog box C-42
AAA Servers page C-40
creating 8-24
deleting 8-30
duplicating 8-26
editing 8-27
generating usage reports for 8-29
supported types 8-21
understanding 8-19
viewing details 8-28
AAA servers
external servers 10-1
supported types on ASA devices 8-22
table of services on ASA devices 8-23
Abort Deployment Job dialog box H-27
ABR
definition of 13-93
access control list objects
creating 8-35
deleting 8-42
duplicating 8-41
editing 8-40
Extended IP ACL tab C-51
Add Extended Access Control Entry dialog box C-56
Add Extended Access List page C-52
Edit Extended Access Control Entry dialog box C-56
Edit Extended Access List page C-52
extended objects 8-35
generating usage reports for 8-44
Standard IP ACL tab C-59
Add Standard Access Control Entry dialog box C-62
Add Standard Access List page C-60
Edit Standard Access Control Entry dialog box C-62
Edit Standard Access List page C-60
standard objects 8-38
understanding 8-32
viewing details 8-45
Access Control page C-776
access controls
access list compilation
enabling 11-59
object group search
enabling 11-54
per user downloadable ACLs (PIX/ASA/FWSM)
enabling 11-57
understanding settings 11-53
Access Group tab
access list compilation
enabling 11-59
understanding 11-58
access permissions
maps 4-3
access ports in DM 6500/7600
configuring 14-49
editing 14-49
restarting 14-49
access rules
Access Rules page C-637
Adaptive Security Algorithm (ASA) and 11-12
Add Firewall Rule dialog box C-641
adding 11-16
Advanced dialog box C-646
ASA, and 11-13
copying 11-25
cutting 11-25
deleting 11-28
disabling 11-24
Edit Category dialog box C-662
Edit Description dialog box C-661
Edit Destinations dialog box C-651
Edit Firewall Option dialog box C-656
Edit Firewall Rule dialog box C-641
editing 11-20
Edit Interface dialog box C-658, C-693
Edit Service dialog box C-654
Edit Sources dialog box C-649
enabling 11-24
FWSM, and 11-13
IOS router, and 11-14
logging events for an ACE 11-15
moving down 11-27
moving up 11-27
pasting 11-25
PIX Firewalls, and 11-13
recognizing on devices 11-12
Show Destination Contents dialog box C-653
Show Interface Contents dialog box C-660
Show Service Contents dialog box C-656
Show Source Contents dialog box C-650
understanding 11-10, 11-13, 11-14
Access Rules page C-637
accounting
configuring on firewall devices 13-30
ACL names
conflicts and resolutions 11-8
generating 11-4
identifying original 11-9
naming conventions 11-4
notes 11-9
preserving user-defined 11-6
Active/Active failover
about 13-56
command replication 13-57
configuration synchronization 13-57
Active/Standby failover 13-56
activities
accessing functions 7-9
Activity Details tab G-5
Activity Manager window G-1
Activity Required (Create Activity) dialog box G-15
Activity Required (Create or Open Activity) dialog box G-18
and locking 7-4
Approve Activity dialog box G-9
Approved state 7-6
benefits of 7-3
Change Report window G-16
closing 7-12
Create Activity dialog box G-7
creating 7-11
Devices tab G-14
Discard Activity dialog box G-11
discarding 7-18
Edit state 7-5
Errors tab G-12
History tab G-6
managing 7-1
multiple users 7-5
Openable Activities dialog box G-19
opening 7-12
Reject Activity dialog box G-10
Rejected state 7-6
rejecting 7-16
Submit Activity dialog box G-8
Submitted state 7-6
understanding 7-2
validating 7-13
Validation dialog box G-12
viewing details 7-19
viewing historical data 7-19
working with 7-9
Activities menu 3-12
Activity Details tab G-5
Activity Manager window G-1
Activity Required (Create Activity) dialog box G-15
Activity Required (Create or Open Activity) dialog box G-18
Adaptive Security Appliances
Add/Edit IGMP Join Group dialog box
description 13-88
Add/Edit IGMP Static Group dialog box
description 13-88
Add/Edit Multicast Route dialog box
description C-401
Add AAA Rules dialog box C-713
Add Certificate dialog box F-12
Add Client Access Rules dialog box C-73
Add Country Network Codes dialog box C-102
Add Device from Config File wizard A-25
Device Grouping page A-24
Device Information page - Config File A-25
Add Device from DCR wizard A-40
Device Grouping page A-24
Device Information page - DCR A-40
Add Device from Network wizard A-7
Device Credentials page A-14
Device Grouping page A-24
Device Information page - Network A-8
Add Devices to Groups page A-71
Add Extended Access Control Entry dialog box C-56
Add Firewall Rule dialog box C-641
Add FTP Map dialog box C-96
Add Groups dialog box A-72
Add GTP Map dialog box C-100
Add Link dialog box D-23
Add Map Object and Node Properties dialog boxes D-24
Add New Device wizard A-29
Device Credentials page A-14
Device Grouping page A-24
Device Information page - New Device A-29
Add Other Devices dialog box H-22
Add Permit Response dialog box C-103
address pools 13-20
Add Standard Access Control Entry dialog box C-62
Add Standard Access List page C-60
Add TCP Map dialog box C-165
Add Traffic Flow dialog box C-176
Add Transparent Firewall Rule dialog box C-767
admin context
overview 13-103
administration
selecting policies to manage 6-44
Advanced dialog box
access rules C-646
AES encryption algorithm
in IKE proposals 9-61
in VPN SPA 9-33
Analysis C-802
analysis reports
generating 11-40
understanding 11-38
Analysis Reports page C-802
anti-spoofing 13-97
appended CLI commands 16-2, 16-3
Approve Activity dialog box G-9
Approve Deployment Job dialog box H-24
Approved state 7-6
approvers 2-13
area border router 13-93
ARP table
ASA
FlexConfig object samples 16-7
ASA devices
AAA support 8-22
table of AAA services 8-23
use of Kerberos 8-22
use of LDAP servers 8-22
use of NT servers 8-22
use of SDI servers 8-22
see also PIX/ASA/FWSM Platform policies
ASA user group objects
ASA User Groups page C-64
Client Configuration tab 8-54, C-74
Client Firewall Attributes tab 8-57, C-77
creating 8-47
deleting 8-64
duplicating 8-63
editing 8-62
generating usage reports for 8-65
Hardware Client Attributes tab C-81
Hardware Client tab 8-61
Add Client Access Rules dialog box C-73
Edit Client Access Rules dialog box C-73
understanding 8-45
viewing details 8-67
ASA User Groups page C-64
ASBR
definition of 13-93
ASDM
version C-483
assignment overview 1-11
Assignments tab C-26
Assign Shared Policy dialog box C-3
audit log entries
purging 17-9
audit logs
archiving 2-61
understanding 2-61
Audit Logs Settings page F-16
Audit Message Details dialog box E-8
Audit Report page E-6
audit reports
examples for defining 17-7
generating 17-7
understanding 17-6
AUS
setting up 5-12
authentication
configuring on firewall devices 13-30
authentication methods
in IKE proposals 9-62
preshared keys 9-62
RSA signatures 9-62
authorization
configuring on firewall devices 13-30
AuthProxy dialog box
AAA rules C-730
AuthProxy General tab (IOS) C-788, C-790
AuthProxy page C-787
autolink
omitting reserved networks from maps F-2
Auto Update Server (AUS) 15-26
licensing 2-59
Auto Update Server Properties dialog box A-12
Auto Update Servers
using to deploy to ASA devices 15-12
using to deploy to PIX firewalls 15-12
Auto Update Servers (AUS)
adding 5-65
configuring AUS settings on firewall devices 13-62
editing 5-69
understanding 5-64
Available Auto Update Servers dialog box A-13
Available CNS-Configuration Engines dialog box A-38
Available Servers dialog box A-36
B
background image, map
deleting 4-15
importing 4-13
overview 4-13
scale and position 4-15
setting 4-14
backups
understanding 17-17
using Common Services 17-17
bandwidth C-484
banners
Banner page C-289
configuring on firewall devices 13-36
benefits of product 1-3
BGP routing
BGP Routing Policy page C-586
configuring on Cisco IOS routers 12-115
defining routes 12-116
Neighbors dialog box C-589
redistributing routes 12-119
Redistribution Mapping dialog box C-591
Redistribution tab C-590
Setup tab C-587
boot image and configuration settings
configuring on firewall devices 13-38
bridging
PIX/ASA/FWSM
Add/Edit ARP Inspection dialog box C-277
Add/Edit ARP Table Entry dialog box C-275
Add/Edit MAC Learning dialog box C-281
Add/Edit MAC Table Entry dialog box C-280
ARP Inspection page C-276
ARP Table page C-273
configuring on 13-27
MAC Address Table page C-278
MAC Learning page C-280
Management IP page C-282
buttons
main toolbar 15-32
C
CA server authentication methods
SCEP (Simple Certificate Enrollment Protocol) 9-81
Catalyst 6500/7600 Device Manager (DM 6500/7600)
action buttons 14-14
basic concepts 14-1
desktop 14-10
features 14-3
navigating in 14-4
opening 14-4
preferences 14-16
quick reference 14-18
selector, understanding 14-13
starting 14-4
Catalyst 6500/7600 Device Manager (DM 6500/7600) wizards
Firewall-Inside setup 14-133
Firewall-Outside setup 14-142
Port 14-37
VLAN 14-89
Catalyst 6500/7600 Device Manager access window
opening from Tools menu E-5
Catalyst 6500/7600 devices
configuring FWSM on 9-38
configuring VPNSM on 9-31
configuring VPN SPA on 9-33
Catalyst 6500/7600 switches
including in deployment jobs H-5
Catalyst 6500 switches
deployment 15-34
Catalyst VPN Services Module (VPNSM)
configuring a VPN interface 9-31
configuring in remote access VPNs 10-11
defining settings (site-to-site VPN) B-21
VPNSM/VPN SPA Settings dialog box C-846
VPNSM blade 9-31
Catalyst VPN Shared Port Adapter (VPN SPA)
adding location information during Catalyst 6500/7600 discovery 5-42
configuring a VPN SPA blade 9-33
configuring in remote access VPNs 10-11
defining settings (site-to-site VPN) B-21
dialog box for entering VPN SPA locations during discovery A-19
VPNSM/VPN SPA Settings dialog box C-846
VPN SPA blade 9-33
VPN SPA Slots dialog box A-21
VPN SPA Slot Selector A-22
categories
editing 8-69
understanding 8-68
category objects
Categories page C-84
Category Editor dialog box C-85
certificate authentication
procedure 2-55
certificates, device
Add Certificate dialog box F-12
adding manually 2-55
settings for authentication F-10
Certification Authority (CA) servers
naming guidelines 8-157
Change Report window G-16
checklist for getting started 1-13
Choose Files dialog box A-28
Cisco Adaptive Security Appliances
Cisco Discovery Protocol (CDP) settings, configuring in DM6500/7600 14-24
Cisco Express Forwarding (CEF)
importance for QoS 12-86
Cisco IOS
banners, configuring in DM6500/7600 14-26
FlexConfig object samples 16-9
Cisco IOS devices
selecting transport protocols 2-53
Cisco IOS routers
available interface types 12-6
configuring 802.1x 12-59
configuring BGP routing 12-115
configuring device access 12-26
configuring DHCP 12-43
configuring dialer interfaces 12-29
configuring EIGRP routing 12-120
configuring host and domain names 12-34
configuring interfaces 12-2
configuring logging 12-79
configuring NAC 12-68
configuring NAT 12-10
configuring NTP 12-51
configuring OSPF routing 12-129
configuring platform policies 12-1
configuring QoS 12-85
configuring RIP routing 12-148
configuring SDP 12-35
configuring SNMP 12-54
configuring static routing 12-154
deleting interfaces 12-9
generating interface names 12-8
managing 12-1
Cisco Networking Services (CNS) 15-28
Cisco Networking System (CSN)
using to deploy to IOS routers 15-13
Cisco PIX firewalls
see PIX/ASA/FWSM Platform policies
Cisco Secure Access Control Server (ACS)
adding users 2-24
associating user roles and permissions 2-18
customizing user roles 2-17
default roles 2-16
integrating with Security Manager 2-20, 2-66
integration checklist 2-22
integration requirements 2-21
performing integration 2-23
performing integration in CiscoWorks 2-31
registering Security Manager 2-35
understanding user permissions 2-2
Cisco Secure Access Control Server (ACS) integration
adding managed devices 2-38
adding system administrator 2-24
checklist of tasks 2-22
configuring CiscoWorks AAA mode 2-34
configuring NDGs 2-38
creating administration control user 2-30
creating local users in CiscoWorks 2-32
customizing user roles 2-17
defining system identity user 2-33
list of ACS procedures 2-23
list of CiscoWorks procedures 2-31
list of requirements 2-21
restarting Daemon Manager 2-35
Cisco Secure Access Control Server (ACS) user interface
Add Administrator page 2-30
Administration Control page 2-30
Group Setup page 2-39
New Network Device page 2-29
Shared Components page 2-17
User Setup page 2-24
Cisco Security Management Suite server
exiting 3-2
logging in to 3-2
Cisco Trust Agent (CTA) 12-69
CiscoWorks Common Services
assigning roles to users 2-14
associating user roles and permissions 2-18
available user roles 2-13
backing up Security Manager with 17-17
configuring AAA mode 2-34
creating local user for Cisco Secure ACS 2-32
defining system identity user 2-33
exiting 3-2
logging in to 3-2
performing integration for Cisco Secure ACS 2-31
registering Security Manager with Cisco Secure ACS 2-35
understanding user permissions 2-2
CiscoWorks Common Services user interface
AAA Setup Mode page 2-34
Local User Setup page 2-32
System Identity Setup page 2-33
Class-Based Policing 12-93
CLI commands
in FlexConfigs 16-2
prepended 16-2
Client Configuration tab
ASA user group objects C-74
client connection characteristics
Client Connection Characteristics page B-88
configuring policies for Easy VPN 9-110
Client Firewall Attributes tab
ASA user group objects C-77
clock
configuring on firewall devices 13-39
cluster load balancing
configuring 10-16
PIX7.0/ASA Cluster Load Balance page C-867
understanding 10-15
CNS
setting up 5-15
CNS-Configuration Engine Properties dialog box A-37
commands
Activities menu 3-12
Edit menu 3-7
Edit menu, table commands 3-22
File menu 3-6
Help menu 3-12
Policy menu 3-9
Tools menu 3-11
View menu 3-8
Common Services
licensing 2-59
Common Services backup
of Security Manager 17-17
config files
adding devices from 5-44
Device Grouping page 5-40
Device Information page 5-47
configuration
frequently asked questions 15-17
Configuration Archive
New Configuration Version dialog box E-14
rolling back to archived configuration files 17-14
settings 2-46
toolbar, customizing 17-11
transcripts, understanding 17-12
version viewer E-12
viewing configuration files 17-12
viewing transcripts 17-12
window E-10
Configuration Archive Settings page F-3
Configuration Engines
adding 5-65
editing 5-69
understanding 5-64
configuration files
deploying in non-Workflow mode 15-34
deploying in Workflow mode 15-36
previewing 15-38
redeploying to devices 15-40
rolling back to archived configurations 17-14
rolling back to devices 15-43
selecting 3-24
understanding factory-deafult configurations 13-2
viewing 17-12
configuration views 1-8
Configure DNS dialog box
inspection rules C-699
Configure ESMTP dialog box
inspection rules C-702
Configure Fragments dialog box
inspection rules C-703
Configure IMAP dialog box
inspection rules C-705
Configure POP3 dialog box
inspection rules C-706
Configure RPC dialog box
inspection rules C-707
Configure SMTP dialog box
inspection rules C-700
connection
server status 3-3
connections per second C-484
console timeout settings
configuring on firewall devices 13-43
contact credentials
configuring on firewall devices 13-41
contained modules
show 17-5
Contents pane A-7
context mode
viewing C-483
contexts
control plane (CP)
defining QoS on 12-103
policing on 12-98
Control Plane Policing 12-98
Copy Policies wizard
Copy Policies from this Device page C-5
Copy Policies to these Devices page C-6
Select Policies to Copy page C-7
understanding C-4
core network connections, configuring for MSFC in DM6500/7600 14-134
CPU usage C-484
Create a Clone page A-46
Create Activity dialog box G-7
Create a Job dialog box H-12
Create a Policy dialog box C-27
Create Discovery Task dialog box C-15
Create Filter dialog box A-3
Policy view C-24
Create Overrides for Device dialog box C-216
Create Text Object dialog box C-91
Create VLAN dialog box 14-44
Create VPN Topology wizard B-8
Credentials page A-51
crypto maps
dynamic 9-67
in IPSec proposals 9-67
static 9-67
Customize Desktop Settings page F-4
Custom Protocol dialog box
inspection rules C-701
D
Daemon Manager
restarting after Cisco Secure ACS integration 2-35
job status
Scheduled to run at 15-9
DCS properties file
defining SSH settings by editing 2-54
dead-peer detection (DPD) 9-70
Delete Map dialog box D-16
Deploy Job dialog box H-26
deployment
Abort Deployment Job dialog box H-27
Add Other Devices dialog box H-22
Approve Deployment Job dialog box H-24
clearing XLATE on 13-102
configurations 15-34
Create a Job dialog box H-12
Deploy Job dialog box H-26
Deployment Rollback dialog box H-28
Details tab H-34
Discard Deployment Job dialog box H-25
Edit Deploy Method dialog box H-17
Edit Selected Deployment Method dialog box H-18
frequently asked questions 15-17
History tab H-35
managing 15-1
maximum number of devices 15-23
non-Workflow mode 15-3
Deploy Saved Changes dialog box H-3
Preview Config dialog box H-20
Preview Messages dialog box H-19
Redeploy a Job dialog box H-31
Reject Deployment Job dialog box H-23
Rollback Confirmation dialog box H-30
Submit Deployment Job dialog box H-22
Summary tab H-33
to devices
OS version mismatches 15-14
understanding 15-11
to files 15-13
understanding 15-1
using a Cisco Networking Services (CNS) server 15-28
using an Auto Update Server (AUS) 15-26
using a Token Management Server (TMS) 15-24
viewing status information 15-33
Warning - Partial VPN Deployment dialog box H-16
Workflow mode 15-5
Create a Job dialog box H-12
Deployment Manager window H-10
dialog boxes H-10
tasks 15-46
windows H-10
working with 15-31
deployment device details 15-45
deployment errors
OS version mismatches 15-14
deployment job approval 15-9
deployment job changes 15-10
deployment job history 15-53
deployment jobs
aborting 15-42
approving 15-51
benefits of 15-2
creating 15-46
discarding 15-52
including devices in 15-10
multiple users and 15-10
opening 15-49
rejecting 15-51
submitting 15-50
deployment job states
non-Workflow mode 15-4
Workflow mode 15-8
Deployment Manager window
Details tab H-34
History tab H-35
Summary tab H-33
Deployment Manager window in non-Workflow mode H-2
Deployment Manager window in Workflow mode H-10
deployment methods
changing 15-40
understanding 15-11
Deployment Rollback dialog box H-28
Deployment Settings page F-5
Deployment Status Details dialog box H-6
refreshing 15-40
viewing 15-33
deployment summary 15-45
deployment taskflow
in Workflow mode 15-5
non-Workflow mode 15-3
deployment transport protocols
for ASA devices 15-12
for Catalyst 6500/7600 devices 15-12
for IOS routers 15-12
for PIX firewalls 15-12
Deploy Saved Changes dialog box H-3
DES encryption algorithm
in IKE proposals 9-60
device access
Cisco IOS routers
configuring on 12-26
configuring on firewall devices 13-42
device access policies
defining 12-26
device administration policies
configuring on firewall devices 13-29
device certificates
Add Certificate dialog box F-12
adding manually 2-55
settings for authentication F-10
device credentials
naming guidelines 5-73
understanding 5-71
validation error messages 5-74
Device Credentials page A-14
Device Credentials Repository (DCR)
adding devices from 5-59
Device Grouping page 5-40
Device Information page 5-62
Device Delete Validation Details dialog box A-45
Device Grouping page A-24
device grouping shortcut menu options A-69
device groups
working with 2-56
Device Information page - Config File A-25
Choose Files dialog box A-28
Device Information page - DCR A-40
Device Information page - Network A-8
Device Information page- New Device A-29
device policies shortcut menu options A-67
Device Properties
Credentials page A-51
Device Groups page A-53
General page A-48
Policy Object Override pages
AAA Server Groups Override page A-55
general reference A-54
Interface Roles Override page A-56
Networks/Hosts Override page A-57
PKI Enrollments Override page A-58
Port Lists Override page A-60
Service Groups Override page A-63
Services Override page A-61
Text Objects Override page A-64
device properties
defining 5-77
editing 5-79
understanding 5-75
viewing 5-80
Device Properties page
creating object overrides 8-252
deleting overrides 8-255
understanding A-47
devices
adding from configuration file 5-44
adding from DCR 5-59
adding from network 5-32
adding new 5-49
assigning shared policies 6-28
choosing add method 5-30
configuring local policies 6-17
copying policies between 6-19
copying shared policies 6-30
creating policy object overrides 8-252
deleting from inventory 5-83
deleting policy object overrides 8-255
deploying to dynamically addressed 15-12
deploying to 15-13
deployment to 15-11
discovering policies 6-5
discovering policies on existing devices 6-6
including in jobs 15-10, H-5, H-14
managing 5-1
maps
adding existing managed 4-18
adding new managed 4-18
displaying devices from Device View 4-20
displaying managed 4-17
showing containment for Catalyst switches, ASA, PIX devices 4-19
modifying policy assignment 6-34
modifying shared policies 6-33
policy status icons 6-18
preparing 5-2
redeploying configuration files to 15-40
renaming policies 6-32
replacing policies 6-28
rolling back configuration files to 15-43
sharing multiple policies 6-25
unassigning policies 6-21
unsharing policies 6-27
working with communication settings UI 2-52
Device selector A-2
device selector
filtering 5-27
device shortcut menu options A-65
Devices page A-2
Devices tab G-14
Devices User Interface Reference A-1
Device view
assigning shared policies 6-28
configuring local policies 6-17
copying policies between devices 6-19
copying shared policies 6-30
editing site-to-site VPN policies in 9-57
managing policies 6-16
managing VPN devices in 9-54
modifying policy assignments 6-34
modifying shared policies 6-33
overview 1-8
policy status icons 6-18
renaming policies 6-32
sharing local policies 6-23
sharing multiple policies 6-25
Site-to-Site VPN Topologies page B-89
unassigning policies 6-21
understanding basic policy management 6-16
understanding shared policies 6-22
unsharing policies 6-27
device view
understanding 5-23
DHCP
Cisco IOS routers
configuring on 12-43
defining address pools 12-49
defining policies 12-47
DHCP Database dialog box C-528
DHCP Policy page C-525
IP Pool dialog box C-529
understanding database agents 12-44
understanding option 82 12-45
understanding relay agents 12-44
understanding secured ARP 12-46
PIX/ASA/FWSM
configuring DHCP relay 13-64
configuring DHCP servers 13-65
DHCP pools in DM 6500/7600
viewing status 14-28
dial backup
configuring 9-29
Dial Backup Settings dialog box B-33
understanding 9-27
dialer interfaces
configuring on Cisco IOS routers 12-29
defining BRI properties 12-32
defining profiles 12-29
Dialer Interfaces Policy page C-513
Dialer Physical Interface dialog box C-517
Dialer Profile dialog box C-516
Diffie-Hellman groups
in IKE proposals 9-61
Discard Activity dialog box G-11
Discard Deployment Job dialog box H-25
discovery
Map View 4-37
overview 1-11
Settings page F-14
Discovery Details pane E-4
Discovery Status dialog box C-18
discovery task
frequently asked questions 6-10
starting 6-6
viewing status 6-9
Distinguished Name (DN) matching policies
configuring 10-25
DN Matching Policy page C-870
understanding 10-24
Distinguished Name (DN) matching rules
configuring 10-27
DN Matching Rules page C-871
DN Rule dialog box (lower pane) C-875
DN Rule dialog box (upper pane) C-874
understanding 10-26
Distributed Traffic Shaping (DTS) 12-93
DMVPN (Dynamic Multipoint VPN)
advantages of using with GRE 9-96
configuring policies 9-97
IPSec technology 9-8
understanding 9-95
using with GRE 9-96
DNS
configuring on firewall devices 13-67
dynamically assigned IP addresses
adding devices with 5-64
dynamic crypto maps 9-67
dynamic IP devices
GRE for 9-91
dynamic NAT
creating rules on Cisco IOS routers 12-20
E
Easy VPN
Advanced tab B-85
client connection characteristics 9-110
Client VPN Software Update tab B-87
configuring policies for 9-104
General tab B-80
IPSec Proposal page B-70
IPSec proposals 9-104
IPSec tab B-83
IPSec technology 9-8
tunnel group policies 9-108
Tunnel Group Policy page B-79
understanding 9-101
user group policies 9-107
User Group Policy page B-77
Edit AAA Option dialog box C-728
Edit AAA Rules dialog box C-713
Edit AAA Server Group dialog box C-731
Edit Category dialog box
AAA rules C-733
access rules C-662
inspection rules C-709
transparent rules C-774
web filter rules C-753
Edit Client Access Rules dialog box C-73
Edit Country Network Codes dialog box C-102
Edit Deploy Method dialog box H-17
Edit Description dialog box
AAA rules C-732
access rules C-661
inspection rules C-708
transparent rules C-773
web filter rules C-754
Edit Destinations dialog box C-651
AAA rules C-720
inspection rules C-688
web filter rules C-744
Edit Device Groups page A-70
Edit Endpoints dialog box B-16
Protected Networks tab B-24
VPN Interface tab B-17
Edit Extended Access Control Entry dialog box C-56
Edit Extended Access List page C-52
Edit Firewall Option dialog box C-656
Edit Firewall Rule dialog box C-641
Edit FTP Map dialog box C-96
Edit GTP Map dialog box C-100
editing
HTTP maps
editing 8-107
Edit Inspected Protocol dialog box C-696
Edit Interface dialog box
AAA rules C-726
transparent rules C-772, C-795
Edit menu 3-7
Edit menu, table commands 3-22
Edit Permit Response dialog box C-103
Edit Selected Deployment Method dialog box H-18
Edit Service dialog box
access rules C-654
web filter rules C-748
Edit Sources dialog box C-649
AAA rules C-718
inspection rules C-685
web filter rules C-742
Edit Standard Access Control Entry dialog box C-62
Edit Standard Access List page C-60
Edit state 7-5
Edit TCP Map dialog box C-165
Edit Traffic Flow dialog box C-176
Edit Transparent EtherType dialog box C-770
Edit Transparent Firewall Rule dialog box C-767
Edit Transparent Mask dialog box
transparent rules C-771
Edit Web Filter Options dialog box C-752
Edit Web Filter Type dialog box C-751
EIGRP routing
configuring on Cisco IOS routers 12-120
defining interface properties 12-124
defining routes 12-122
Edit Interfaces dialog box C-597
EIGRP Routing Policy page C-594
Interface dialog box C-599
Interfaces tab C-598
redistributing routes 12-127
Redistribution Mapping dialog box C-603
Redistribution tab C-601
Setup dialog box C-596
Setup tab C-595
Encoding tab
HTTP map objects C-118
encryption algorithms
3DES (Triple DES) 9-60
AES (Advanced Encryption Standard) 9-61
DES (Data Encryption Standard) 9-60
in IKE proposals 9-60
endpoints and protected networks
defining in VPN topologies 9-18
Protected Networks tab B-24
understanding 9-16
VPN Interface tab B-17
Entity Length tab
HTTP map objects C-110
Errors tab G-12
evaluation license
upgrading to permanent license 2-58
Exclusive Domain Name dialog box
web filter rules C-763
exclusive domains
adding (IOS) 11-125
deleting (IOS) 11-128
editing (IOS) 11-127
Exclusive Domains tab
web filter rules C-759
exiting
Cisco Security Management Suite server 3-2
CiscoWorks Common Services 3-2
Exporting inventory 5-92
Extended IP ACL tab C-51
Ext Request Method tab
HTTP map objects C-114
F
factory-default configurations 13-2
failover
PIX/ASA/FWSM
active/active 13-56
active/standby 13-56
configuring on 13-54
stateful 13-59
stateless 13-58
types of 13-56
understanding 13-55
failover link 13-55
feature sets 1-5
File menu 3-6
files
deploying to 15-13
selecting 3-24
Find Node dialog box D-17
Firewall AAA IOS Timeout Value Setting dialog box C-791
Firewall AAA MAC Exempt Setting dialog box C-786
Firewall ACL Setting dialog box C-779
Firewall-Inside setup wizard in DM 6500/7600
core network connection, configuring routed port details 14-135
final configuration, delivering 14-141
inside network connection, configuring 14-139
MSFC/Firewall VLAN
firewall context, creating 14-138
firewall context, selecting 14-138
VLAN group, selecting 14-137
service module, selecting 14-134
summary page 14-141
firewall mode
changing 13-28
viewing C-483
Firewall-Outside setup wizard in DM 6500/7600
core network connection, configuring 14-146
final configuration, delivering 14-147
Firewall/MSFC VLAN, configuring 14-144
Internet connection, configuring 14-142
service module, selecting 14-142
summary page 14-147
firewall policy properties 11-3
firewall service module (FWSM)
including in deployment jobs H-5, H-14
Firewall Service Module Credentials and VPN SPA Slot Location dialog box A-19
firewall services
ACL names
conflicts and resolutions 11-8
generating 11-4
identifying original 11-9
naming conventions 11-4
notes 11-9
preserving user-defined 11-6
managing 11-1
Map View 4-24
optimizing policy objects
in rules 11-29
notes 11-30
Firewall Services Module (FWSM)
configuring 9-38
configuring with VPNSM 9-39
FWSM blades 9-38
FWSM Settings tab (remote access VPN) C-849
FWSM tab (site-to-site VPN) B-26
see also PIX/ASA/FWSM Platform policies
Firewall Services Module (FWSM) setup in DM 6500/7600
configuring 14-148
firewall contexts, configuring 14-158
interfaces
adding 14-166
configuring 14-165
editing 14-168
security contexts
configuring 14-158
viewing details 14-162
VLANs
adding to a VLAN group 14-156
editing in a VLAN group 14-157
range, entering 14-154
firewall settings
AAA Firewall page C-784
Access Control page C-776
access controls
access list compilation 11-58
configuring settings 11-61
object group search 11-53
per user downloadable ACLs (PIX/ASA/FWSM) 11-56
AuthProxy General tab (IOS) C-788
AuthProxy page C-787
AuthProxy Timeout tab (IOS) C-790
configuring settings
firewall ACL 11-62
Firewall AAA IOS Timeout Value Setting dialog box C-791
Firewall AAA MAC Exempt Setting dialog box C-786
Firewall ACL Setting dialog box C-779
Inspection page C-782
Transparent page C-793
Web Filter page C-796
Web Filter Server Configuration dialog box C-800
firewall system variables 16-13, 16-16
Flash memory, amount C-483
FlexConfig Editor dialog box C-87
FlexConfig objects
ASA samples 16-7
Cisco IOS samples 16-9
creating 8-70
deleting 8-76
duplicating 8-71
editing 8-73
generating usage reports for 8-75
PIX samples 16-10
router samples 16-11
viewing details 8-74
FlexConfig object variables
deleting 16-45
FlexConfig policie C-217
FlexConfig policies
understanding 16-35
FlexConfig Policy page C-218
FlexConfig Policy Preview dialog box C-225
FlexConfigs
adding 16-40
CLI commands in 16-2
creating (scenario) 16-35
deleting 16-42
editing 16-41
example 16-6
managing 16-1
previewing 16-44
reordering 16-43
scripting language
understanding 16-3
understanding 16-1
working with 16-40
FlexConfigs objects page C-86
FlexConfig system variables
remote access 16-34
routers 16-23
understanding 16-12
VPNs 16-24
FlexConfig Undefined Variables dialog box C-92
floodguard 13-97
fragmentation
in remote access VPNs 10-21
General Settings tab C-864
in site-to-site VPNs
General Settings tab B-51
understanding 9-73
maximum transmission unit (MTU) 9-73
fragments settings 13-97
frequently asked questions
policy discovery 6-10
FTP map objects
Add FTP Map dialog box C-96
creating 8-78
deleting 8-81
duplicating 8-81
Edit FTP Map dialog box C-96
editing 8-80
FTP Maps page C-94
generating usage reports for 8-83
understanding 8-77
viewing details 8-84
FTP Maps page C-94
full mesh topologies
description 9-5
diagram 9-5
FWSM
see Firewall Services Module (FWSM)
FWSM Settings tab (remote access VPN) C-849
G
General page A-48
General tab
ASA user group objects C-68
HTTP map objects C-108
getting started
checklist 1-13
getting started with Catalyst 6500/7600 Device Manager (DM 6500/7600)
features 14-3
home page 14-4
navigating 14-4
preferences, editing 14-16
refreshing 14-16
starting 14-4
startup configurations, saving 14-15
user role 14-17
what to do after starting DM6500/7600 14-18
getting to know Security Manager
global settings in DM 6500/7600
editing 14-22
protocol settings 14-23
GRE (generic routing encapsulation)
advantages of IPSec tunneling with GRE 9-87
configuring policies 9-92
for devices with dynamic IP 9-91
GRE Modes page B-60
implementation 9-88
IPSec technology 9-8
prerequisites for successful configuration 9-88
understanding in site-to-site VPNs 9-87
using DMVPN with 9-96
GRE Dynamic IP
configuring policies 9-92
for dynamically addressed spokes 9-91
IPSec technology 9-8
group names
modifying 5-90
groups
add A-72
add devices to A-71
adding devices to 5-91
creating 5-87
deleting 5-89
group type names
modifying 5-90
group types
creating 5-86
deleting 5-89
GTP map objects
Add Country Network Codes dialog box C-102
Add GTP Map dialog box C-100
Add Permit Response dialog box C-103
creating 8-85
deleting 8-90
duplicating 8-89
Edit Country Network Codes dialog box C-102
Edit GTP Map dialog box C-100
editing 8-88
Edit Permit Response dialog box C-103
generating usage reports for 8-91
GTP Maps page C-98
GTP Map Timeouts dialog box C-104
understanding 8-85
viewing details 8-93
GTP Maps page C-98
GTP Map Timeouts dialog box C-104
GUI timeout
H
Hardware Client Attributes tab
ASA user group objects C-81
hash algorithms
in IKE proposals 9-61
MD5 9-61
SHA 9-61
help
accessing 3-13
help desk users 2-13
Help menu 3-12
high availability (HA groups)
configuring 9-52
High Availability page B-35
stateful failover 9-51
stateless failover 9-51
understanding 9-49
History tab G-6
hit count
changing displayed results 11-47
filtering columns 11-47
sorting columns 11-48
viewing details 11-49
generating reports 11-45
understanding 11-43
understanding report results 11-46
Hit Count page C-818
home page in DM6500/7600 14-4
host/domain policies
defining 12-34
Host/Domain Policy page C-520
hostnames
Cisco IOS routers
configuring on 12-34
hostname settings
configuring on firewall devices 13-60
HSRP 13-28
HTTP Credentials dialog box A-18
HTTP map objects
creating 8-95
deleting 8-108
duplicating 8-108
editing 8-107
Extension Request Method tab 8-101
Ext Request Method tab C-114
generating usage reports for 8-110
HTTP Maps page C-106
IOS Specific tab C-120
RFC Request Method tab 8-100, C-112
understanding 8-94
viewing details 8-111
HTTP Maps page C-106
HTTP settings
configuring on firewall devices 13-44
hub-and-spoke topology
description 9-3
diagram 9-3
I
ICMP settings
configuring on firewall devices 13-45
icons
map elements D-4
toolbar reference 3-13
Identity tab
ASA user group objects C-66
idle timeout 3-3
IGMP
configuring on firewall devices 13-87
IKE (Internet Key Exchange)
aggressive mode negotiation 9-59
main mode negotiation 9-59
proposals 9-59
understanding 9-59
IKE keepalive
understanding 9-70
IKE proposal objects
creating 8-113
deleting 8-119
duplicating 8-115
editing 8-116
generating usage reports for 8-118
IKE Proposal dialog box C-123
IKE Proposals page C-121
understanding 8-112
viewing details 8-117
IKE proposals (policies)
configuring 9-63
configuring on remote access VPN servers 10-14, C-855
IKE Proposal page (remote access VPN) C-855
IKE Proposal page (site-to-site VPN) B-38
understanding in remote access VPNs 10-13
IKE tunnels, amount C-483
Import Background Image dialog box D-20
Import Details pane E-5
inheritance
inheriting rules 6-47
Inherit Rules dialog box C-14
understanding 6-45
Inherit Rules dialog box C-14
Inspection page C-782
inspection rules
adding 11-66
Add Inspection Rule dialog box C-666
Configure DNS dialog box C-699
Configure ESMTP dialog box C-702
Configure Fragments dialog box C-703
Configure IMAP dialog box C-705
Configure POP3 dialog box C-706
Configure RPC dialog box C-707
Configure SMTP dialog box C-700
configuring custom destination ports 11-70
configuring default inspection traffic 11-68
configuring destination address and port (IOS) 11-71
configuring settings 11-84
configuring source and destination address and port (ASA) 11-73
copying 11-81
Custom Protocol dialog box C-701
cutting 11-81
deleting 11-83
disabling 11-79
Edit Category dialog box C-709
Edit Description dialog box C-708
Edit Destinations dialog box C-688
editing 11-75
Edit Inspected Protocol dialog box C-696
Edit Inspection Rule dialog box C-666
Edit Sources dialog box C-685
enabling 11-79
finding usage 11-80
generating usage reports 11-80
Inspection Rules page C-663
Limit Inspection Between Source and Destination IP Addresses (ASA) page C-673
Match Traffic by Custom Destination Ports page C-677
Match Traffic by Destination Address and Port (IOS) page C-678
Match Traffic by Source and Destination Address and Port (ASA) page C-681
Match Traffic to Default Protocol Ports page C-670
moving down 11-82
moving up 11-82
pasting 11-81
Show Destination Contents dialog box C-690
Show Interface Contents dialog box C-695
Show Service Contents dialog box C-693
Show Source Contents dialog box C-687
supported features 11-86
Inspection Rules page C-663
installing
Security Manager client 3-3
interface
status C-484
throughput C-484
interface management
See ports and interface management in DM 6500/7600
Interface Properties dialog box D-25
interface role objects
creating 8-121
deleting 8-129
duplicating 8-123
editing 8-124
exceptional cases 8-131
generating usage reports for 8-128
Interface Name Conflict dialog box C-129
Interface Role dialog box C-127
Interface Roles page C-126
managing overrides 8-127
override page in Policy Object Manager C-208
specifying during policy definition 8-130
understanding 8-120
viewing details 8-126
interface roles
override page in Device Properties A-56
Interface Roles Override page A-56
interfaces
Cisco IOS routers
available types 12-6
configuring on 12-2
Create Router Interface dialog box C-487
deleting from 12-9
generating interface names 12-8
Interface Auto Name Generator dialog box C-492
Router Interfaces page C-486
Interface Name Conflict dialog box C-129
PIX/ASA/FWSM
checklist for configuring interfaces in multi context mode 13-9
configuring on 13-3
enabling traffic between same security levels 13-4
troubleshooting 13-19
specifying during policy definition 8-130
interface timeout 3-3
interface types supported in DM6500/7600 14-34
inventory
adding devices to 5-29
deleting devices from 5-83
reports 5-92
IOS routers
deployment using Token Management Servers (TMS) 15-13
IOS Specific tab
HTTP map objects C-120
IOS Web Filter Rule and Applet Scanner dialog box C-759
IP address
management, transparent firewall C-282
IP addresses
specifying in policies 8-152
supported formats 8-143
IPSec proposals (policies)
configuring for Easy VPN 9-104
configuring in remote access VPNs 10-10
configuring in site-to-site VPNs 9-68
IPSec Proposal Editor (remote access VPN)
IOS and Catalyst 6500/7600 devices C-843
PIX and ASA devices C-840
IPSec Proposal page (in Easy VPN) B-70
IPSec Proposal page (remote access VPN) C-837
IPSec Proposal page (site-to-site VPN) B-40
understanding in remote access VPNs 10-9
using crypto maps in 9-67
using transform sets in 9-65
IPSec tab
ASA user group objects C-70
IPSec technologies
defining 9-12
DMVPN 9-8
Easy VPN 9-8
GRE 9-8
GRE Dynamic IP 9-8
mandatory policies 9-8
optional policies 9-8
regular IPSec 9-8
understanding 9-8
working with policies 9-8
IPSec transform set objects
creating 8-135
deleting 8-140
duplicating 8-136
editing 8-137
generating usage reports for 8-139
IPSec Transform Set dialog box C-132
IPSec Transform Sets page C-130
supported modes 8-134
supported protocols 8-133
understanding 8-132
viewing details 8-138
IPSec tunnels
understanding policies 9-64
IPSec tunnels, amount C-483
IPS Manager
managing devices with 5-83
ISAKMP/IPSec settings
IKE keepalive 9-70
in remote access VPNs 10-20
in site-to-site VPNs 9-70
ISAKMP/IPSec Settings tab (remote access VPN) C-860
ISAKMP/IPSec Settings tab (site-to-site VPN) B-45
J
job approval 15-9
job changes 15-10
job deployment methods
understanding 15-11
jobs
aborting 15-42
approving 15-51
benefits of 15-2
creating 15-46
discarding 15-52
including devices in 15-10
opening 15-49
rejecting 15-51
submitting 15-50
job states
non-Workflow mode 15-4
Workflow mode 15-8
job status
Aborted 15-8
Approved 15-8
Deployed 15-8
Deploying 15-8
Discarded 15-8
Edit 15-8
Edit-In Use 15-8
Failed 15-9
Rejected 15-8
Rolled Back 15-9
Rolling Back 15-9
Submitted 15-8
joined hub-and-spoke topology 9-7
Join Group tab
description 13-88
JumpStart 1-14
K
Kerberos
use by ASA devices 8-22
L
Layer 2 firewall
license C-483
licenses
installing 2-60
Product Authorization Key (PAK) 2-59
SecurityManager kit part numbers 2-58
Software License Claim Certificate 2-59
understanding 2-58
upgrading 2-58
uploading new 2-58
working with 2-58
licensing
Settings page F-16
Lightweight Directory Access Protocol (LDAP)
use by ASA devices 8-22
Limit Inspection Between Source and Destination IP Addresses (ASA) page C-673
locking
and activities 7-4
committed configuration 7-4
devices 6-48
objects 6-50
policies 6-48
understanding 6-48
VPN topologies 6-49
logging
Cisco IOS routers
configuring on 12-79
defining setup parameters 12-80
defining syslog servers 12-83
understanding severity levels 12-79
PIX/ASA/FWSM
configuring on 13-75
e-mail setup 13-76
event lists 13-77
logging filters 13-79
logging setup 13-80
rate limit levels 13-81
server setup 13-83
syslog servers 13-84
logging command
class option
message class variables C-369
logging in to
Cisco Security Management Suite server 3-2
logging into
logging policies
Logging Setup Policy page C-560
Syslog Server dialog box C-567
Syslog Servers Policy page C-565
logs
archiving logs 2-61
Settings page F-16
understanding 2-61
loopback interfaces in DM 6500/7600
adding 14-80
configuring 14-77
editing 14-78
restarting 14-78
low-latency queuing (LLQ) 12-92
M
MAC address table
learning, disabling C-280
overview C-278
MAC exempt address lists
adding 11-101
deleting 11-103
editing 11-102
using 11-101
macro, definition in DM6500/7600 14-81
Main toolbar buttons 15-32
management access settings
configuring on firewall devices 13-47
maps
access permissions 4-3
adding existing managed devices 4-18
adding new managed devices 4-18
background color 4-12
background images
deleting 4-15
importing 4-13
overview 4-13
scale and position 4-15
setting 4-14
centering elements 4-9
changing the zoom level 4-8
creating 4-3
default map 4-11
deleting 4-5
displaying devices from Device View 4-20
displaying managed devices 4-17
displaying your network 4-16
elements, understanding 4-16
exporting 4-6
icons D-4
Layer 3 automatic connectivity display 4-24
Layer 3 link
creating 4-22
deleting 4-23
displaying 4-22
layouts, using 4-9
navigating 4-7
navigation window 4-7
objects
adding 4-21
deleting 4-21
user created overview 4-20
opening 4-4
overview 4-1
panning 4-8
refreshing 4-10
saving 4-4
searching for elements 4-10
selecting elements 4-9
showing containment for Catalyst, ASA, PIX devices 4-19
understanding 4-1
undocking window 4-9
unlinked, using 4-11
working with 4-2
Map Settings dialog box D-18
Map View
cloning devices 4-36
context menu
Layer 3 link D-12
managed device node D-10
map background D-13
map objects D-13
selected nodes D-11
VPN connection D-12
copying policies between devices 4-35
device policies, managing 4-35
dialog box reference D-14
discovering device configurations 4-37
firewall
AAA rules 4-26
access rules 4-25
ACL settings 4-28
AuthProxy settings 4-29
inspection rules 4-25
inspection settings 4-28
policies 4-24
services 4-24
settings 4-27
transparent rules 4-27
web filter rules 4-26
web filter settings 4-29
icons for elements D-4
main page D-1
menus D-8
navigation window D-7
previewing device configurations 4-37
sharing device policies 4-36
toolbar reference D-6
user interface reference D-1
VPNs
adding or removing tunnels 4-33
creating 4-30
creating full mesh or hub and spoke 4-31
creating point-to-point 4-30
displaying existing 4-33
editing peers 4-33
editing policies 4-32
listing peers 4-34
managing 4-30
Map view
Autolink Settings page F-2
Match Traffic by Custom Destination Ports page
inspection rules C-677
Match Traffic by Destination Address and Port (IOS) page
inspection rules C-678
Match Traffic by Source and Destination Address and Port (ASA) page
inspection rules C-681
Match Traffic to Default Protocol Ports
inspection rules C-670
maximum transmission unit (MTU) 9-73
MD5 hash algorithm 9-61
memory, amount
Flash C-483
memory usage C-484
menu reference
Activities 3-12
Edit 3-7
Edit, table commands 3-22
File 3-6
Help 3-12
overview 3-6
Policy 3-9
Tools 3-11
View 3-8
message classes
list of C-369
messages
classes of
list of classes C-369
model C-483
additional types 2-11
for objects 2-9
for policies 2-8
MRoute page
description 13-89
MST mode in DM6500/7600, and STP data 14-111
multicast routing
PIX/ASA/FWSM
configuring on 13-86
enabling 13-86
IGMP 13-87
multicast routes 13-89
PIM 13-90
multicast traffic 13-28
Multilayer Switch Feature Card (MSFC)
Firewall-Inside setup wizard in DM 6500/7600
final configuration, delivering 14-141
firewall context, creating 14-138
firewall context, selecting 14-138
inside network connection, configuring 14-139
MSFC-Firewall VLANs, configuring 14-135
service module, selecting 14-134
summary page 14-141
VLAN group, selecting 14-137
Firewall-Outside setup wizard in DM 6500/7600 14-142
core network connection, configuring 14-146
final configuration, delivering 14-147
Firewall-MSFC VLAN, configuring 14-144
inside network connection, configuring 14-146
Internet connection, configuring 14-142
service module, selecting 14-142
summary page 14-147
multiple users
activities 7-5
deployment jobs and 15-10
N
NAT traversal 9-72
network/host objects
creating 8-143
deleting 8-151
duplicating 8-145
editing 8-146
generating usage reports for 8-150
managing overrides 8-149
Network/Host dialog box C-136
Networks/Hosts page C-134
override page in Device Properties A-57
override page in Policy Object Manager C-209
provisioning as PIX object groups 8-265
supported IP address formats 8-143
understanding 8-142
viewing details 8-148
network access device (NAD) 12-69
Network Access Restriction (NAR) 2-21
Network Address Translation (NAT)
Cisco IOS routers
configuring on 12-10
creating dynamic rules 12-20
creating static rules 12-13
designating interfaces 12-11
Dynamic Rule dialog box C-503
Dynamic Rules tab C-502
Edit Inside Interfaces dialog box C-495
Edit Outside Interfaces dialog box C-496
Interface Specification tab C-494
NAT Policy page C-493
specifying timeouts 12-24
Static Rule dialog box C-498
Static Rules tab C-497
Timeouts tab C-506
configuring in remote access VPNs 10-20
configuring in site-to-site VPNs 9-71
configuring NAT traversal 9-72
NAT Settings tab (remote access VPN) C-863
NAT Settings tab (site-to-site VPN) B-49
PIX/ASA/FWSM
Address Pool dialog box C-231
Address Pools page C-230
clearing XLATE on deployment 13-102
configuring on 13-19
configuring translation options 13-21
defining address pools 13-20
defining dynamic translation rules 13-23
defining policy-based dynamic translation rules 13-24
defining static translation rules 13-25
defining translation exemptions (NAT 0 ACL) 13-22
Translation Options page C-232
Translation Rules page C-233
understanding 13-20
viewing translation rules 13-26
network administrators
in Cisco Secure ACS 2-16
in CiscoWorks 2-13
Network Admission Control (NAC)
Cisco Trust Agent 12-69
components 12-69
configuring on Cisco IOS routers 12-68
defining identity parameters 12-76
defining interface parameters 12-74
defining setup parameters 12-71
Identities tab C-556
Identity Action dialog box C-559
Identity Profile dialog box C-558
Interface Configuration dialog box C-554
Interfaces tab C-553
NAC Policy page C-550
network access device (NAD) 12-69
Setup tab C-551
supported platforms 12-69
understanding system flow 12-70
network device groups (NDGs)
activating NDG feature 2-28
associating with roles and user groups 2-38
configuring in Cisco Secure ACS 2-38
creating 2-29
network operators 2-13
networks
adding devices from 5-32
Device Credentials page 5-38
Device Grouping page 5-40
Device Information page 5-34
Networks/Hosts Override page A-57
Network Time Protocol
Network Time Protocol (NTP)
Cisco IOS routers
configuring on 12-51
creating NTP servers 12-51
NTP Policy page C-532
NTP Server dialog box C-534
new devices
adding 5-49
Device Credentials page 5-38
Device Grouping page 5-40
Device Information page 5-51
Node Properties dialog box' D-24
Non-Workflow mode
main toolbar buttons 15-32
viewing
deployment device details 15-45
non-Workflow mode 15-45
comparing with Workflow mode 2-42
configuration files
deploying in 15-34
previewing 15-38
rolling back 15-43
deployment 15-3
taskflow 15-3
deployment jobs
aborting 15-42
states 15-4
Deployment Manager window H-2
Deployment Status Details dialog box H-6
Deploy Saved Changes dialog box H-3
disabling 2-43
enabling 2-43
Preview Config dialog box H-8
selecting 2-40
understanding 2-41
NTP
configuring on firewall devices 13-69
NTP broadcast settings in DM 6500/7600, configuring
date and time settings 14-29
NTP servers and peers 14-31
O
object group search
enabling 11-54
understanding 11-53
objects
AAA server groups
creating 8-9
deleting 8-18
duplicating 8-12
editing 8-13
generating usage reports for 8-17
managing overrides 8-16
viewing details 8-15
AAA servers
creating 8-24
deleting 8-30
duplicating 8-26
editing 8-27
generating usage reports for 8-29
viewing details 8-28
access control lists
creating 8-35
deleting 8-42
duplicating 8-41
editing 8-40
extended objects 8-35
generating usage reports for 8-44
standard objects 8-38
understanding 8-32
viewing details 8-45
ASA user groups
Client Configuration tab 8-54
Client Firewall Attributes tab 8-57
creating 8-47
deleting 8-64
duplicating 8-63
editing 8-62
General tab 8-50
generating usage reports for 8-65
Hardware Client tab 8-61
Identity tab 8-49
IPSec tab 8-53
understanding 8-45
viewing details 8-67
categories
editing 8-69
FlexConfigs
creating 8-70
deleting 8-76
duplicating 8-71
editing 8-73
example 16-6
FlexConfig Editor dialog box C-87
FlexConfigs Objects page C-86
FlexConfig Undefined Variables dialog box C-92
generating usage reports for 8-75
system variables 16-12
understanding 16-2
viewing details 8-74
FTP maps
creating 8-78
deleting 8-81
duplicating 8-81
editing 8-80
generating usage reports for 8-83
understanding 8-77
viewing details 8-84
GTP maps
creating 8-85
deleting 8-90
duplicating 8-89
editing 8-88
generating usage reports for 8-91
understanding 8-85
viewing details 8-93
HTTP maps
creating 8-95
deleting 8-108
duplicating 8-108
Encoding tab 8-105
Entity Length tab 8-98
Extension Request Method tab 8-101
General tab 8-96
generating usage reports for 8-110
Port Misuse tab 8-103
RFC Request Method tab 8-100
understanding 8-94
viewing details 8-111
IKE proposals
creating 8-113
deleting 8-119
duplicating 8-115
editing 8-116
generating usage reports for 8-118
viewing details 8-117
interface roles
creating 8-121
deleting 8-129
duplicating 8-123
editing 8-124
generating usage reports for 8-128
managing overrides 8-127
viewing details 8-126
IPSec transform sets
creating 8-135
deleting 8-140
duplicating 8-136
editing 8-137
generating usage reports for 8-139
viewing details 8-138
locking
effects on activities 7-4
networks/hosts
creating 8-143
deleting 8-151
duplicating 8-145
editing 8-146
generating usage reports for 8-150
managing overrides 8-149
viewing details 8-148
Object Type selector C-31
overview 1-11
PKI enrollments
creating 8-155
deleting 8-170
duplicating 8-164
editing 8-165
generating usage reports for 8-169
managing overrides 8-168
viewing details 8-167
port lists
creating 8-172
deleting 8-180
duplicating 8-174
editing 8-175
generating usage reports for 8-178
managing overrides 8-177
viewing details 8-176
provisioning as PIX object groups 8-264
service groups
creating 8-192
deleting 8-199
duplicating 8-194
editing 8-195
generating usage reports for 8-198
managing overrides 8-197
viewing details 8-196
services
creating 8-182
deleting 8-189
duplicating 8-184
editing 8-185
generating usage reports for 8-188
managing overrides 8-187
viewing details 8-186
TCP maps
creating 8-201
deleting 8-205
duplicating 8-204
editing 8-203
generating usage reports for 8-206
understanding 8-200
viewing details 8-207
text
creating 8-209
deleting 8-215
duplicating 8-210
editing 8-211
generating usage reports for 8-213
managing overrides for 8-214
Text Object Editor dialog box C-169
Text Objects page C-167
viewing details 8-212
Text objects
Create Text Object dialog box C-91
Property Selector dialog box C-93
time ranges
creating 8-217
deleting 8-224
duplicating 8-220
editing 8-221
generating usage reports for 8-223
viewing details 8-222
Traffic flows
creating 8-225
default inspection traffic with access list 8-228
deleting 8-233
duplicating 8-233
editing 8-232
generating usage reports for 8-235
IP diffserv codepoints (DSCPs) 8-232
IP precedence bits 8-230
RTP ranges 8-229
source and destination IP addresses 8-227
TCP or UDP destination ports 8-228
tunnel groups 8-230
viewing details 8-236
traffic flows
understanding 8-225
user groups
creating 8-238
deleting 8-249
duplicating 8-244
editing 8-245
generating usage reports for 8-248
viewing 8-247
object selectors C-199
Create Filter dialog box C-202
filtering 8-260
filtering options per object type 8-262
using 8-256
Object Type selector C-31
object variables
FlexConfig
deleting 16-45
understanding 16-6
Openable Activities dialog box G-19
Open Map dialog box D-15
optimizing policy objects
in rules 11-29
notes 11-30
OSPF
authentication support 13-93
configuring on firewall devices 13-93
interaction with NAT 13-93
LSAs 13-93
OSPF interfaces
blocking LSA flooding 12-144
defining on Cisco IOS routers 12-138
disabling MTU mismatch detection 12-143
Interface dialog box C-607
OSPF Interface Policy page C-605
understanding
authentication 12-147
cost 12-142
network types 12-146
priority 12-142
timer settings 12-145
OSPF parameters
dead interval C-453
hello interval C-453
retransmit interval C-453
transmit delay C-453
OSPF redistribution
defining mappings 12-134
defining maximum prefix values 12-136
understanding 12-133
OSPF routing
Cisco IOS routers
Area dialog box C-617
Area tab C-616
configuring on 12-129
defining area settings 12-131
defining interface settings 12-138
defining setup parameters 12-130
Edit Interfaces dialog box C-615
Max Prefix Mapping dialog box C-623
OSPF Process Policy page C-612
redistributing routes 12-133
Redistribution Mapping dialog box C-621
Redistribution tab C-619
Setup dialog box C-614
Setup tab C-613
OS version mismatches
handling 15-14
overview
policies 1-11
workflow 1-12
P
partial mesh topologies 9-7
Peers page B-7
Performance Monitor
licensing 2-59
permanent license
upgrading from evaluation license 2-58
per user downloadable ACLs (PIX/ASA/FWSM)
enabling 11-57
understanding 11-56
PIM
configuring on firewall devices 13-90
PIX
FlexConfig object samples 16-10
PIX/ASA/FWSM Platform policies
configuring AAA 13-30
configuring AUS settings 13-62
configuring banners 13-36
configuring boot image and configuration settings 13-38
configuring bridging 13-27
configuring clock 13-39
configuring console timeout settings 13-43
configuring contact credentials 13-41
configuring device access 13-42
configuring device administration policies 13-29
configuring DHCP relay 13-64
configuring DHCP servers 13-65
configuring DNS 13-67
configuring failover 13-54
configuring fragment settings 13-97
configuring hostname settings 13-60
configuring HTTP settings 13-44
configuring ICMP settings 13-45
configuring interfaces 13-3
configuring logging 13-75
configuring management access settings 13-47
configuring multicast routing 13-86
configuring NAT 13-19
configuring NTP 13-69
configuring resources on FWSMs 13-61
configuring routing 13-91
configuring Secure Shell (SSH) 13-48
configuring security contexts 13-103
configuring security policies 13-96
configuring server access settings 13-61
configuring service policy rules 13-101
configuring SMTP servers 13-71
configuring SNMP 13-49
configuring SSH 13-48
configuring Telnet 13-53
configuring TFTP servers 13-72
configuring timeouts 13-100
configuring user accounts 13-73
configuring user preferences 13-102
enabling anti-spoofing 13-97
enabling floodguard 13-97
enabling Unicast Reverse Path Forwarding 13-97
PIX/FWSM/ASA Rules dialog box C-736
PIX firewalls
see also PIX/ASA/FWSM Platform policies
PIX object groups
converting policy objects to 8-264
provisioning network/host objects as 8-265
provisioning port list objects as 8-267
provisioning service group objects as 8-271
provisioning service objects as 8-268
PKI (Public Key Infrastructure) policies
CA server authentication methods 9-81
configuring 9-85
configuring in remote access VPNs 10-19
enrollment prerequisites 9-82
Public Key Infrastructure page (remote access VPN) C-857
Public Key Infrastructure page (site-to-site VPN) B-58
understanding 9-79
understanding in remote access VPNs 10-18
using TFTP 9-83
PKI enrollment
prerequisites 9-82
prerequisites using TFTP 9-83
PKI Enrollment dialog box C-140
CA Information tab C-141
Certificate Subject Name tab C-148
Enrollment Parameters tab C-145
Trusted CA Hierarchy tab C-150
PKI enrollment objects
creating 8-155
defining CA server properties 8-157
defining certificate attributes 8-162
defining enrollment parameters 8-159
defining trusted CA hierarchy 8-164
deleting 8-170
duplicating 8-164
editing 8-165
generating usage reports for 8-169
managing overrides 8-168
override page in Device Properties A-58
override page in Policy Object Manager C-210
PKI Enrollment dialog box C-140
PKI Enrollments page C-138
understanding 8-153
viewing details 8-167
PKI Enrollments Override page A-58
platform model C-483
point-to-point topologies
description 9-4
diagram 9-4
policies
advanced features 6-44
assigning shared policies 6-28
basic concepts
local vs. shared 6-3
managing 6-16
overview 6-1
service vs. platform-specific 6-3
settings-based vs. rule-based 6-2
shared policies in Device view 6-22
status icons 6-18
configuring DMVPN policies 9-97
configuring Easy VPN policies 9-104
copying between devices 6-19
copying shared policies 6-30
creating shared 6-40
deleting shared 6-43
Device view
configuring local policies 6-17
managing 6-16
modifying assignments 6-34
modifying shared policies 6-33
discovering 6-5
discovering on existing devices 6-6
FlexConfigs
FlexConfig Policiy Preview dialog box C-225
FlexConfig Policy page C-218
previewing 16-44
understanding 16-35
Values Assignment dialog box C-223
inheriting rules 6-47
locking 6-48
managing 6-1
object selectors C-199
overview 1-11
PKI (Public Key Infrastructure) policies 9-79
policy discovery FAQ 6-10
policy management and objects 6-4
Policy view
managing 6-35
modifying assignments 6-41
renaming 6-32
router platform policies 12-1
rule inheritance 6-45
selecting policies to manage 6-44
sharing local 6-23
sharing multiple local policies 6-25
site-to-site VPN 9-56
mandatory policies 9-8
optional policies 9-8
specifying interfaces 8-130
specifying IP addresses 8-152
unassigning 6-21
understanding preshared keys 9-75
unsharing 6-27
viewing discovery task status 6-9
Policies Selector A-7
policy
Settings page F-19
policy assignments
Assignments tab in Policy view C-26
modifying in Device view 6-34
modifying in Policy view 6-41
overview 1-11
Shared Policy Assignments dialog box C-11
policy discovery
Create Discovery Task dialog box C-15
Discovery Status dialog box C-18
frequently asked questions 6-10
on existing devices 6-6
overview 1-11
understanding 6-5
viewing task status 6-9
policy discovery status
understanding 17-3
viewing 17-4
Policy Discovery Status page E-2
policy management
Settings page F-18
Policy menu
command reference 3-9
general reference C-1
Policy Object Manager window
AAA Server Groups page C-35
AAA Servers page C-40
Access Control Lists page C-49
ASA User Groups page C-64
Categories page C-84
creating overrides 8-253
deleting overrides 8-256
field reference C-29
FTP Maps page C-94
GTP Maps page C-98
HTTP Maps page C-106
IKE Proposals page C-121
Interface Roles page C-126
IPSec Transform Sets page C-130
Networks/Hosts page C-134
Object Type selector C-31
Object Usage window C-204
PKI Enrollments page C-138
Policy Object Overrides window C-206
Port Lists page C-151
Service Groups page C-160
Services page C-154
shortcut menu C-33
TCP Maps page C-163
Time Ranges page C-171
Traffic Flow page C-175
understanding 8-5
User Groups Objects page C-187
work area buttons C-33
policy object overrides
allowing overrides 8-251
Create Overrides for Device dialog box C-216
creating 8-252
creating for multiple devices 8-253
creating for single device 8-252
deleting 8-255
deleting from Device Properties page 8-255
deleting from Policy Object Manager window 8-256
managing
AAA server groups 8-16
interface roles 8-127
networks/hosts 8-149
PKI enrollments 8-168
port lists 8-177
service groups 8-197
services 8-187
Policy Object Overrides window C-206
understanding 8-250
Policy Object Overrides window C-206
AAA server groups C-207
interface roles C-208
networks/hosts C-209
PKI enrollments C-210
port lists C-212
service groups C-214
services C-213
text objects C-215
policy object provisioning
provisioning network/host objects as PIX object groups 8-265
provisioning port list objects as PIX object groups 8-267
provisioning service group objects as PIX object groups 8-271
provisioning service objects as PIX object groups 8-268
understanding conversion to PIX object groups 8-264
policy objects
AAA server groups
creating 8-9
deleting 8-18
duplicating 8-12
editing 8-13
generating usage reports for 8-17
managing overrides 8-16
understanding 8-6
viewing details 8-15
AAA servers
creating 8-24
deleting 8-30
duplicating 8-26
editing 8-27
generating usage reports for 8-29
understanding 8-19
viewing details 8-28
access control lists
creating 8-35
deleting 8-42
duplicating 8-41
editing 8-40
extended objects 8-35
generating usage reports for 8-44
standard objects 8-38
understanding 8-32
viewing details 8-45
allowing overrides 8-251
ASA user groups
Client Configuration tab 8-54
Client Firewall Attributes tab 8-57
creating 8-47
deleting 8-64
duplicating 8-63
editing 8-62
General tab 8-50
generating usage reports for 8-65
Hardware Client tab 8-61
Identity tab 8-49
IPSec tab 8-53
understanding 8-45
viewing details 8-67
categories
editing 8-69
understanding 8-68
connection with policy management 6-4
creating 8-2
creating overrides 8-252
filtering the table 8-6
FlexConfigs
adding 16-40
creating 8-70
duplicating 8-71
generating usage reports for 8-75
reordering 16-43
viewing details 8-74
FTP maps
creating 8-78
deleting 8-81
duplicating 8-81
editing 8-80
generating usage reports for 8-83
understanding 8-77
viewing details 8-84
general reference C-28
GTP maps
creating 8-85
deleting 8-90
duplicating 8-89
editing 8-88
generating usage reports for 8-91
understanding 8-85
viewing details 8-93
guidelines for managing 8-3
HTTP maps
deleting 8-108
duplicating 8-108
Encoding tab 8-105
Entity Length tab 8-98
Extension Request Method tab 8-101
General tab 8-96
generating usage reports for 8-110
Port Misuse tab 8-103
RFC Request Method tab 8-100
understanding 8-94
viewing details 8-111
IKE proposals
creating 8-113
deleting 8-119
duplicating 8-115
editing 8-116
generating usage reports for 8-118
understanding 8-112
viewing details 8-117
interface roles
creating 8-121
deleting 8-129
duplicating 8-123
editing 8-124
generating usage reports for 8-128
managing overrides 8-127
understanding 8-120
viewing details 8-126
IPSec transform sets
creating 8-135
deleting 8-140
duplicating 8-136
editing 8-137
generating usage reports for 8-139
understanding 8-132
viewing details 8-138
managing 8-1
networks/hosts
creating 8-143
deleting 8-151
duplicating 8-145
editing 8-146
generating usage reports for 8-150
managing overrides 8-149
understanding 8-142
viewing details 8-148
object selectors C-199
Object Type selector C-31
optimizing
in rules 11-29
notes 11-30
overview 1-11
PKI enrollments
creating 8-155
deleting 8-170
duplicating 8-164
editing 8-165
generating usage reports for 8-169
managing overrides 8-168
understanding 8-153
viewing details 8-167
Policy Object Manager window overview 8-5
port lists
creating 8-172
deleting 8-180
duplicating 8-174
editing 8-175
generating usage reports for 8-178
managing overrides 8-177
understanding 8-171
viewing details 8-176
provisioning as PIX object groups 8-264
selecting for policies 8-256
service groups
creating 8-192
deleting 8-199
duplicating 8-194
editing 8-195
generating usage reports for 8-198
managing overrides 8-197
understanding 8-191
viewing details 8-196
services
creating 8-182
deleting 8-189
duplicating 8-184
editing 8-185
generating usage reports for 8-188
managing overrides 8-187
understanding 8-181
viewing details 8-186
TCP maps
creating 8-201
deleting 8-205
duplicating 8-204
editing 8-203
generating usage reports for 8-206
understanding 8-200
viewing details 8-207
text
creating 8-209
deleting 8-215
duplicating 8-210
editing 8-211
generating usage reports for 8-213
managing overrides for 8-214
viewing details 8-212
time ranges
creating 8-217
deleting 8-224
duplicating 8-220
editing 8-221
generating usage reports for 8-223
understanding 8-217
viewing details 8-222
traffic flows
creating 8-225
default inspection traffic with access list 8-228
deleting 8-233
duplicating 8-233
editing 8-232
generating usage reports for 8-235
IP diffserv codepoints (DSCPs) 8-232
IP precedence bits 8-230
RTP ranges 8-229
source and destination IP addresses 8-227
TCP or UDP destination ports 8-228
tunnel groups 8-230
understanding 8-225
viewing details 8-236
understanding
FlexConfigs 8-69
text objects 8-208
user groups 8-237
creating 8-238
deleting 8-249
duplicating 8-244
editing 8-245
generating usage reports for 8-248
viewing 8-247
policy objects interface
AAA Server dialog box C-42
AAA Server Group dialog box C-36
AAA Server Groups page C-35
AAA Servers page C-40
Access Control Lists page C-49
ASA User Groups page C-64
Categories page C-84
Category Editor dialog box C-85
FTP Maps page C-94
GTP Maps page C-98
HTTP Maps page C-106
IKE Proposal dialog box C-123
IKE Proposals page C-121
Interface Role dialog box C-127
Interface Roles page C-126
IPSec Transform Set dialog box C-132
IPSec Transform Sets page C-130
Network/Host dialog box C-136
Networks/Hosts page C-134
Object Usage window C-204
PKI Enrollment dialog box C-140
PKI Enrollments page C-138
Policy Object Overrides window C-206
Port List dialog box C-153
Port Lists page C-151
Service dialog box C-156
Service Group dialog box C-162
Service Groups page C-160
Services page C-154
TCP Maps page C-163
Time Range dialog box C-172
Time Ranges page C-171
Traffic Flow page C-175
User Group Objects page C-187
User Groups Editor dialog box C-189
policy query
generating reports 11-32
Policy Query page C-805
Policy Query Results page C-807
report results 11-34
understanding 11-30
Policy Query page C-805
Policy view
Assignments tab C-26
Create a Policy dialog box C-27
Create Filter dialog box C-24
creating shared policies 6-40
deleting shared policies 6-43
editing remote access VPN policies in 10-28
editing site-to-site VPN policies in 9-57
filtering shared policy selector 6-38
general reference C-20
managing remote access VPN policies in 10-28
managing site-to-site VPN policies in 9-57
modifying assignments 6-41
overview 1-9
Policy Type selector C-22
Policy Type selector options C-23
selectors 6-37
Shared Policy selector options C-23
understanding 6-35
work area 6-40
Policy view selectors 6-37
Port Address Translation (PAT) 9-71
port list objects
creating 8-172
deleting 8-180
duplicating 8-174
editing 8-175
generating usage reports for 8-178
managing overrides 8-177
override page in Device Properties A-60
override page in Policy Object Manager C-212
Port List dialog box C-153
Port Lists page C-151
provisioning as PIX object groups 8-267
understanding 8-171
viewing details 8-176
Port Lists Override page A-60
port management
See ports and interface management in DM 6500/7600
Port Misuse tab
HTTP map objects C-116
ports and interface management in DM 6500/7600
access ports
configuring 14-49
editing 14-49
restarting 14-49
interface ranges, understanding
macro, adding 14-82
macro details, viewing 14-84
other interfaces, viewing 14-80
ports and interfaces
attributes of, editing 14-36
configuring 14-34
Port wizard, configuring multiple ports
ports, configuring 14-40
ports, selecting 14-38
summary page 14-48
VLAN, configuring for ports 14-42
routed ports, configuring 14-59
switched virtual interfaces (SVIs), configuring 14-63
trunk ports, configuring 14-53
tunnel interfaces, configuring 14-67
Port selector in DM6500/7600 14-39
preferences in DM6500/7600, editing 14-16
prepended CLI commands 16-2
preshared key authentication methods 9-62
preshared key negotiation methods
aggressive mode 9-77
FQDN (fully qualified domain name) 9-77
main mode address 9-76
preshared keys
aggressive mode negotiation 9-75
configuring policies 9-77
FQDN (fully qualified domain name) negotiation 9-75
main mode address negotiation 9-75
policies
understanding 9-75
Preshared Key page B-54
Preview Config dialog box H-8, H-20
Preview Messages dialog box H-19
product registration 2-58
Property Selector dialog box C-93
protected networks
defining in VPN topologies 9-18
Protected Networks tab B-24
Protocol Independent Multicast
protocol settings in DM6500/7600, editing 14-23
protocols to inspect C-670
Protocol tab (IGMP)
description 13-87
Protocol tab (PIM)
description 13-90
proxy ARP
disabling on firewall devices 13-91
Q
QoS Class dialog box C-574
Edit ACLs dialog box C-578
Marking tab C-579
Matching tab C-576
Policing tab C-582
Queuing and Congestion Avoidance tab C-580
Shaping tab C-585
QoS queuing
default class 12-92
defining for classes 12-109
tail drop vs. WRED 12-90
understanding 12-89
understanding LLQ 12-92
quality of service (QoS)
configuring on Cisco IOS routers 12-85
defining on control plane 12-103
defining on interfaces 12-99
defining policies 12-99
importance of CEF 12-86
QoS Class dialog box C-574
QoS Policy dialog box C-571
Quality of Service Poilcy page C-568
understanding
Control Plane Policing 12-98
default class queuing 12-92
low-latency queuing 12-92
marking parameters 12-87
matching parameters 12-87
policing parameters 12-93
queuing parameters 12-89
shaping parameters 12-93
tail drop and WRED 12-90
token-bucket mechanism 12-95
quality of service (QoS) classes
defining marking parameters 12-108
defining matching parameters 12-105
defining policing parameters 12-111
defining queuing parameters 12-109
defining shaping parameters 12-113
R
RADIUS 8-21
RAM, amount
memory, amount
RAM C-483
Redeploy a Job dialog box H-31
Reject Activity dialog box G-10
Reject Deployment Job dialog box H-23
Rejected activity state 7-6
Rejected job status 15-8
remote access
system variables 16-34
remote access VPN policies
DN matching policies
configuring 10-25
understanding 10-24
DN Matching Policy page C-870
DN matching rules
configuring 10-27
understanding 10-26
DN Matching Rules page C-871
DN Rule dialog box (lower pane) C-875
DN Rule dialog box (upper pane) C-874
General Settings tab C-864
IKE Proposal page C-855
IKE proposals
configuring 10-14
understanding 10-13
IPSec Proposal Editor (IOS and Catalyst 6500/7600) dialog box C-843
IPSec Proposal Editor (PIX and ASA) dialog box C-840
IPSec Proposal page C-837
IPSec proposals
configuring 10-10
understanding 10-9
ISAKMP/IPSec Settings tab C-860
managing in Policy view 10-28
NAT Settings tab C-863
PIX7.0/ASA Cluster Load Balance page C-867
PKI (Public Key Infrastructure) policies
configuring 10-19
understanding 10-18
Public Key Infrastructure page C-857
tunnel group policies
configuring 10-7
understanding 10-7
user group policies
configuring 10-5
understanding 10-4
VPN Global Settings page C-859
remote access VPNs
configuring VPN global settings 10-21
managing 10-1
understanding 10-1
VPN client in 10-1
VPN gateway in 10-1
VPN global settings 10-20
working with policies 10-2
remote access VPN servers
configuring devices as 10-3
configuring IKE proposals on 10-14
configuring IPSec proposals on 10-10
configuring policies on 10-3
Remote Access VPN Server wizard 10-3
Remote Access VPN Server wizard C-823
Rename Policy dialog box C-14
Rendezvous Points tab
description 13-90
Request Filter tab
description 13-91
Resource Manager Essentials (RME)
licensing 2-59
resources
configuring on FWSMs 13-61
RFC Request Method tab
HTTP map objects C-112
RIP
configuring on firewall devices 13-94
RIP routing
Cisco IOS routers
Authentication dialog box C-628
Authentication tab C-627
configuring on 12-148
defining interface authentication 12-151
defining setup parameters 12-149
Edit Interfaces dialog box C-626
redistributing routes 12-153
Redistribution Mapping dialog box C-631
Redistribution tab C-630
RIP Routing Policy page C-625
Setup tab C-625
Rollback Confirmation dialog box H-30
rollback to archived configuration files 17-14
routed mode
changing 13-28
routed ports in DM 6500/7600
configuring 14-59
editing 14-60
restarting 14-60
router platform interface
802.1x Policy page C-546
BGP policy
BGP Neighbors dialog box C-589
BGP Redistribution tab C-590
BGP Routing Policy page C-586
BGP Setup tab C-587
Redistribution Mapping dialog box C-591
DHCP policy
DHCP Database dialog box C-528
DHCP Policy page C-525
IP Pool dialog box C-529
dialer interface policy
Dialer Interfaces Policy page C-513
Dialer Physical Interface dialog box C-517
Dialer Profile dialog box C-516
EIGRP policy
EIGRP Routing Policy page C-594
Interface dialog box C-599
Interfaces tab C-598
Redistribution Mapping dialog box C-603
Redistribution tab C-601
Setup dialog box C-596
Setup tab C-595
Host/Domain Policy page C-520
interfaces policy
Create Router Interface dialog box C-487
Interface Auto Name Generator dialog box C-492
Router Interfaces page C-486
logging policy
Syslog Server dialog box C-567
logging setup policy
Logging Setup Policy page C-560
NAC policy
Identities tab C-556
Identity Action dialog box C-559
Identity Profile dialog box C-558
Interface Configuration dialog box C-554
Interfaces tab C-553
NAC Policy page C-550
Setup tab C-551
NAT policy
Dynamic Rule dialog box C-503
Dynamic Rules tab C-502
Interface Specification tab C-494
NAT Policy page C-493
Static Rule dialog box C-498
Static Rules tab C-497
Timeouts tab C-506
NTP policy
NTP Policy page C-532
NTP Server dialog box C-534
OSPF policy
Area dialog box C-617
Area tab C-616
Interface dialog box C-607
Max Prefix Mapping dialog box C-623
OSPF Interface Policy page C-605
OSPF Process Policy page C-612
Redistribution Mapping dialog box C-621
Redistribution tab C-619
Setup dialog box C-614
Setup tab C-613
QoS policy
QoS Class dialog box C-574
QoS Policy dialog box C-571
Quality of Service Policy page C-568
RIP policy
Authentication dialog box C-628
Authentication tab C-627
Redistribution Mapping dialog box C-631
Redistribution tab C-630
RIP Routing Policy page C-625
Setup tab C-625
Secure Device Provisioning Policy page C-521
SNMP policy
Permission dialog box C-539
SNMP Policy page C-537
SNMP Traps dialog box C-542
Trap Receiver dialog box C-540
static routing policy
Static Routing dialog box C-635
Static Routing Policy page C-633
syslog servers policy
Syslog Servers Policy page C-565
user account policy
User Accounts dialog box C-512
User Accounts Policy page C-510
router platform policies
configuring interfaces 12-2
configuring NAT 12-10
configuring NTP 12-51
configuring QoS 12-85
Device Admin policies
configuring device access 12-26
configuring DHCP 12-43
configuring dialer interfaces 12-29
configuring host and domain names 12-34
configuring SDP 12-35
configuring SNMP 12-54
general reference C-485
Identity policies
configuring 802.1x 12-59
configuring NAC 12-68
Logging policies 12-79
Routing policies
configuring BGP routing 12-115
configuring EIGRP routing 12-120
configuring OSPF routing 12-129
configuring RIP routing 12-148
configuring static routing 12-154
routers
FlexConfig object samples 16-11
router system variables 16-23
Route Tree tab
description 13-91
routing
PIX/ASA/FWSM
configuring on 13-91
configuring OSPF 13-93
configuring RIP 13-94
configuring static routes 13-96
disabling proxy ARP 13-91
routing redistribution
BGP Redistribution Mapping dialog box C-591
BGP Redistribution tab C-590
EIGRP Redistribution Mapping dialog box C-603
EIGRP Redistribution tab C-601
into BGP 12-119
into EIGRP 12-127
into OSPF 12-133
into RIP 12-153
OSPF Max Prefix Mapping dialog box C-623
OSPF Process Redistribution tab C-619
OSPF Redistribution Mapping dialog box C-621
RIP Redistribution Mapping dialog box C-631
RIP Redistribution tab C-630
RSA signature authentication method 9-62
rules
default 6-46
mandatory 6-46
service policy 13-101
rules tables
buttons 3-22
columns and headings 3-20
commands, Edit menu 3-22
data, working with 3-20
filtering 3-19
sections 3-20
using 3-17
Rx-Boot Mode Credentials dialog box A-16
S
Save Map As dialog box D-15
Save Policy As dialog box C-13
scenarios
creating FlexConfigs 16-35
SCEP (Simple Certificate Enrollment Protocol)
CA server authentication 9-81
scripting language
examples of
looping 16-4
looping with if/else statements 16-5
looping with two-dimensional arrays 16-4
in FlexConfigs 16-3
Secure Device Provisioning (SDP)
configuring AAA for administrative introducers 12-42
contents of bootstrap 12-37
defining policies 12-39
Secure Device Provisioning page C-521
understanding
introducers 12-36
petitioners 12-36
registrars 12-36
TTI 12-36
workflow 12-38
SecureID servers (SDI)
use by ASA devices 8-22
Secure Shell (SSH)
configuring on firewall devices 13-48
security administrators 2-16
security approvers 2-16
security contexts
admin context
overview 13-103
FWSM
adding 13-106
editing 13-106
PIX/ASA
adding 13-104
editing 13-104
PIX/ASA/FWSM
configuring on 13-103
deleting 13-107
enabling multi-context mode 13-108
restoring single-context mode 13-108
viewing defined contexts 13-109
security contexts for FWSM in DM 6500/7600
context details 14-162
firewall context details
VLANs, allocating 14-163
VLANs, editing allocated 14-164
firewall contexts
adding 14-159
editing 14-161
Security Manager
installing client 3-3
interface overview 3-4
logging into and exiting 3-3
security policies
PIX/ASA/FWSM
configuring on 13-96
Security Settings page F-21
Select Color dialog box D-19
Select Interfaces dialog box D-22
selector trees
filtering items 3-16
managing items 3-16
selecting items 3-16
using 3-15
Select Policy Object dialog box D-26
Select VPN to Configure dialog box D-30
server access settings
configuring on firewall devices 13-61
server connection status 3-3
Server Properties dialog box A-35
service agreement contracts 2-58
Service Device Provisioning (SDP)
configuring on Cisco IOS routers 12-35
service group objects
creating 8-192
deleting 8-199
duplicating 8-194
editing 8-195
generating usage reports for 8-198
managing overrides 8-197
override page in Device Properties A-63
override page in Policy Object Manager C-214
provisioning as PIX object groups 8-271
Service Group dialog box C-162
Service Groups page C-160
understanding 8-191
viewing details 8-196
Service Groups Override page A-63
service module setup wizards in DM 6500/7600
Firewall-Inside wizard
core network connections, configuring 14-134
inside network connection, configuring 14-139
MSFC/Firewall VLANs, configuring 14-135
service modules, selecting 14-134
summary page 14-141
switch/configurations, delivering 14-141
Firewall-Outside wizard
core network connections, configuring 14-146
final configurations, delivering 14-147
Firewall/MSFC VLAN, configuring 14-144
Internet connections, configuring 14-142
service modules, selecting 14-142
summary page 14-147
which wizard to use
Firewall-Inside scenario 14-132
Firewall-Outside scenario 14-133
service modules in DM 6500/7600
viewing 14-122
virtual firewalls
contexts, viewing 14-129
interfaces, adding 14-130
interfaces, editing 14-131
VLAN/interface connections
adding 14-126
adding between service modules 14-126
parameters 14-127
VLANs
nonrecommended configurations 14-124
VLAN connection shortcut menu 14-125
service objects
creating 8-182
deleting 8-189
duplicating 8-184
editing 8-185
generating usage reports for 8-188
managing overrides 8-187
override page in Device Properties A-61
override page in Policy Object Manager C-213
provisioning as PIX object groups 8-268
Services dialog box C-156
Services page C-154
understanding 8-181
viewing details 8-186
service policy rules 13-101
PIX/ASA/FWSM
configuring on 13-101
Services Override page A-61
Services page in DM6500/7600 14-9
Set Linked Map dialog box D-21
settings
application settings and preferences 2-1
customize desktop 2-48
deployment settings 2-49
device communication settings 2-53
device parameters 2-52
discovery settings 2-57
FTP and TMS 2-68
GUI timeout 2-48
licenses 2-58
policy management settings 2-63
policy settings 2-65
recommended settings to define first 2-2
security settings 2-66
settings to define before you begin 2-2
SSH settings 2-54
defining in DCS properties file 2-54
SSL certificate retrieval 2-55
take over session 2-67
Token Management System (TMS) 2-68
transport protocols
selecting for Cisco IOS devices 2-53
Workflow mode 2-43
Settings pages
Audit Logs F-16
Autolink F-2
Configuration Archive F-3
Customize Desktop F-4
Deployment F-5
Device Parameters F-10
Licensing F-16
Logs F-16
Policy F-19
Policy Management F-18
Security F-21
Take Over Session F-22
TMS F-23
Workflow F-25
SHA hash algorithm 9-61
shared policies
copying 6-30
Device view
assigning to selected device 6-28
Assign Shared Policy dialog box C-3
modifying 6-33
modifying assignments 6-34
Shared Policy Assignments dialog box C-11
Share Policies wizard C-8
sharing local 6-23
sharing multiple local policies 6-25
unsharing 6-27
working with 6-22
Inherit Rules dialog box C-14
Policy view
Assignments tab C-26
Create a Policy dialog box C-27
creating 6-40
deleting 6-43
managing 6-35
modifying assignments 6-41
Rename Policy dialog box C-14
renaming 6-32
Save Policy As dialog box C-13
Share Policy dialog box C-2
Shared Policy Assignments dialog box C-11
Share Policies wizard
Select Policies to Share page C-10
Share Policies from this Device page C-9
understanding C-8
Share Policy dialog box C-2
shortcut menu options
devices A-65
groups A-69
policies A-67
Show Contained Modules
understanding 17-5
Show Destination Contents dialog box
access rules C-653
inspection rules C-690
web filter rules C-747
Show Destination dialog box
AAA rules C-722
Show Devices on Map dialog box D-27
Show Interface Contents dialog box
AAA rules C-727
access rules C-660
inspection rules C-695
Show Service Contents dialog box
AAA rules C-725
access rules C-656
inspection rules C-693
web filter rules C-750
Show Source Contents dialog box
AAA rules C-719
access rules C-650
inspection rules C-687
web filter rules C-743
Show VPN Peers dialog box D-28
Show VPNs on Map dialog box D-28
Simple Network Management Protocol
Site-to-Site VPN Manager window B-2
site-to-site VPNs
configuring fragmentation settings 9-74
configuring ISAKMP/IPSec settings 9-74
configuring NAT settings 9-74
ISAKMP/IPSec settings 9-70
managing 9-1
managing policies in the Policy view 9-57
NAT settings 9-71
specifying the devices and networks 9-11
VPN global settings 9-70
working with policies
in the Device view 9-57
in the Policy view 9-57
SMTP servers
configuring on firewall devices 13-71
SNMP
Cisco IOS routers
configuring on 12-54
defining agent properties 12-55
enabling traps 12-58
Permission dialog box C-539
SNMP Policy page C-537
SNMP Traps dialog box C-542
Trap Receiver dialog box C-540
PIX/ASA/FWSM
configuring on 13-49
CPU utilization 13-50
MIBs 13-50
OIDs 13-50
terminology 13-49
software
license C-483
version C-483
spanning tree (STP) settings in DM 6500/7600
configuring
all ports 14-116
all VLANs 14-110
specific ports 14-118
specific VLANs 14-113
editing
all ports 14-120
one or more ports 14-117
one or more VLANs 14-112
specific ports 14-120
specific VLANs 14-115
global settings, displaying 14-31
spoke-to-spoke connectivity with DMVPN 9-96
spoofing, preventing 13-97, C-461
SSH
configuring on firewall devices 13-48
defining in DCS properties file 2-54
keys, allowing to be overwritten 2-53
preventing non-SSH connections 5-11
setting up 5-9
testing authentication 5-9
SSH transport protocols 15-12
SSL
setting up 5-4
SSL transport protocol 15-12
Standard IP ACL tab C-59
starting DM6500/7600 14-4
startup configurations, saving in DM6500/7600 14-15
stateful failover 13-59
stateless failover 13-58
states
static crypto maps 9-67
Static Group tab
description 13-88
static NAT
creating rules for hosts 12-13
creating rules for ports 12-17
creating rules for subnets 12-15
creating rules on Cisco IOS routers 12-13
disabling automatic aliasing 12-19
disabling payload option 12-20
static routes
configuring on firewall devices 13-96
static routing
Cisco IOS routers
configuring on 12-154
defining on 12-155
Static Routing dialog box C-635
Static Routing Policy page C-633
status
of activities G-4
stealth firewall
STP data in DM 6500/7600
required modes for population 14-111
supported modes 14-111
subgroups
deleting 5-89
Submit Activity dialog box G-8
Submit Deployment Job dialog box H-22
Submitted activity state 7-6
support
service agreement contracts 2-58
Software Application Support contracts 2-58
switched virtual interfaces (SVIs), configuring in DM6500/7600 14-63
Switch page in DM6500/7600 14-8
syslog
system administrators 2-14
system configuration
overview 13-103
system settings in DM 6500/7600
DHCP pools
viewing status 14-28
DHCP pools, displaying 14-27
system settings in DM 6500/7600
CDP settings, configuring 14-24
Cisco IOS banners, configuring 14-26
global settings
displaying STP settings 14-31
editing 14-22
protocol settings 14-23
time and NTP broadcasts, configuring
date and time settings 14-29
NTP servers and peers 14-31
system variables
FlexConfigs 16-12
remote access 16-34
routers 16-23
VPNs 16-24
T
tables, rules
buttons 3-22
columns and headings 3-20
commands, Edit menu 3-22
data, working with 3-20
filtering 3-19
sections 3-20
using 3-17
TACACS+
description 8-21
selecting as CiscoWorks AAA mode 2-34
take over session settings 2-67
take over user session
Settings page F-22
taskflow 1-9
deployment
non-Workflow mode 15-3
Workflow mode 15-5
TCP map objects
Add TCP Map dialog box C-165
creating 8-201
deleting 8-205
duplicating 8-204
editing 8-203
Edit TCP Map dialog box C-165
generating usage reports for 8-206
TCP Maps page C-163
understanding 8-200
viewing details 8-207
TCP Maps page C-163
Telnet
configuring on firewall devices 13-53
testing authentication
SSH 5-9
text boxes
finding text in 3-23
navigating 3-23
using 3-23
Text Object Editor dialog box C-169
text objects
creating 8-209
deleting 8-215
duplicating 8-210
editing 8-211
generating usage reports for 8-213
managing overrides for 8-214
override page in Device Properties A-64
override page in Policy Object Manager C-215
understanding 8-208
viewing details 8-212
Text Objects Override page A-64
Text Objects page C-167
TFTP servers
configuring on firewall devices 13-72
thumbprint
tiered hub-and-spoke topologies 9-7
timeouts
PIX/ASA/FWSM
configuring on 13-100
timeout settings
configuring on firewall devices 13-43
time range objects
creating 8-217
defining recurring ranges 8-218
deleting 8-224
duplicating 8-220
editing 8-221
generating usage reports for 8-223
Recurring Ranges dialog box C-173
Time Range dialog box C-172
Time Ranges page C-171
understanding 8-217
viewing details 8-222
time settings in DM 6500/7600
configuring 14-29
editing 14-29
time synchronization
configuring on IOS routers 12-51
TMS
setting up 5-21
Token Management Server (TMS) 15-24
deployment with IOS routers 15-13
Token Management System (TMS)
settings 2-68
Token Management System (TMS) Settings page F-23
toolbar reference 3-13
tools
diagnostics executable 17-19
exporting device inventory 5-92
generating support file 17-19
understanding menu options 17-1
used in troubleshooting 17-19
user interface reference pages E-1
using 17-1
Tools menu 3-11
backup 17-17
diagnostics executable 17-19
troubleshooting tool 17-19
understanding options 17-1
using 17-1
tools menu
Catalyst 6500/7600 Device Manager E-5
diagnostics executable 17-19
troubleshooting tool available from 17-19
traffic flow objects
Add Traffic Flows dialog box C-176
default inspection traffic match type values C-179, C-181
ip diffserve (dscp) match type C-186
ip precedence bits match type C-185
rtp range match type C-183
source and destination IP address traffic match type values C-178
tcp or udp port match type C-182
tunnel group match type C-184
creating 8-225
default inspection traffic with access list 8-228
deleting 8-233
duplicating 8-233
editing 8-232
Edit Traffic Flow dialog box C-176
Edit Traffic Flows dialog box
default inspection traffic match type values C-179, C-181
ip diffserve (dscp) match type C-186
ip precedence bits match type C-185
rtp range match type C-183
source and destination IP address traffic match type values C-178
tcp or udp port match type C-182
tunnel group match type C-184
generating usage reports for 8-235
IP diffserv codepoints (DSCPs) 8-232
IP precedence bits 8-230
RTP ranges 8-229
source and destination IP addresses 8-227
TCP or UDP destination ports 8-228
Traffic Flow page C-175
tunnel groups 8-230
understanding 8-225
viewing details 8-236
Traffic Flow page C-175
traffic match criteria 13-101
traffic match type
default inspection traffic C-179
default inspection traffic with access list C-181
IP diffserve (DSCP) codepoints C-186
IP precedence bits C-185
RTP range C-183
source and destination IP address C-178
TCP or UDP destination port C-182
tunnel group C-184
traffic usage C-484
transform sets
in IPSec tunnel policies 9-65
transport mode operation 9-65
tunnel mode operation 9-65
translation table
clearing on deployment 13-102
transparent firewall
HSRP 13-28
MAC address table
learning, disabling C-280
overview C-278
management IP address C-282
multicast traffic 13-28
VRRP 13-28
transparent mode
changing 13-28
Transparent page C-793
transparent rules
adding 11-137
Add Transparent Firewall Rule dialog box C-767
configuring settings 11-146
copying 11-143
cutting 11-143
deleting 11-145
disabling 11-141
Edit Category dialog box C-774
Edit Description dialog box C-773
editing 11-139
Edit Interface dialog box C-772, C-795
Edit Transparent EtherType dialog box C-770
Edit Transparent Firewall Rule dialog box C-767
Edit Transparent Mask dialog box C-771
enabling 11-141
finding usage 11-142
generating usage reports 11-142
moving down 11-144
moving up 11-144
pasting 11-143
Transparent Rules page C-764
understanding 11-135
Transparent Rules page C-764
transport protocol
changing 5-22
transport protocols
for Cisco IOS device, defining 2-53
SSH 15-12
SSL 15-12
TMS 2-53
transport settings
AUS 5-12
CNS 5-15
TMS 5-21
trees
filtering items 3-16
managing items 3-16
selecting items 3-16
using 3-15
troubleshooting
using diagnostics generation 17-19
using diagnostics generation from tools menu 17-19
trunk ports in DM 6500/7600
configuring 14-53
editing 14-54
restarting 14-54
Trusted Transitive Introduction (TTI)
use in SDP policies 12-36
tunnel group policies
Advanced tab B-85
Client VPN Software Update tab B-87
configuring for Easy VPN 9-108
configuring in remote access VPNs
configuring 10-7
Tunnel Group Editor Advanced tab C-834
Tunnel Group Editor Client VPN Software Update tab C-836
Tunnel Group Editor dialog box C-828
Tunnel Group Editor General tab C-829
Tunnel Group Editor IPSec tab C-832
Tunnel Group Policy page C-826
understanding 10-7
General tab B-80
IPSec tab B-83
Tunnel Group Policy page B-79
tunnel interfaces
configuring in DM6500/7600 14-67
tunnel interfaces in DM 6500/7600
adding 14-73
editing 14-69
tunnel interfacesin DM 6500/7600
restarting 14-69
U
understanding the gui
access control list objects 8-34
Unicast Reverse Path Forwarding 13-97, C-461
unmanaged devices
adding to VPN topologies 9-14
uptime C-483
usage reports
AAA server group objects 8-17
AAA server objects 8-29
IKE proposal objects 8-118
interface role objects 8-128
IPSec transform set objects 8-139
network/host objects 8-150
PKI enrollment objects 8-169
port list objects 8-178
service group objects 8-198
service objects 8-188
time range objects 8-223
user group objects 8-248
user account policies
User Accounts dialog box C-512
User Accounts Policy page C-510
user accounts
configuring on firewall devices 13-73
user group objects
creating 8-238
configuring advanced IOS options 8-242
configuring advanced PIX options 8-243
configuring DNS/WINS servers 8-240
configuring general settings 8-239
configuring split tunneling 8-241
deleting 8-249
duplicating 8-244
editing 8-245
generating usage reports for 8-248
User Groups Editor dialog box C-189
Advanced IOS Options tab C-195
Advanced PIX Options tab C-198
DNS/WINS tab C-193
General tab C-191
Split Tunneling tab C-194
User Groups Objects page C-187
viewing 8-247
working with 8-237
user group policies
configuring for Easy VPN 9-107
in remote access VPNs
configuring 10-5
understanding 10-4
User Group Policy page (Easy VPN) B-77
User Group Policy page (remote access VPN) C-824
user interface
filtering items
in a tree 3-16
in tables 3-19
managing items in a tree 3-16
maps toolbar reference D-6
map view 4-1
Map view reference D-1
menu reference 3-6
navigating 3-5
overview 3-4
rules tables 3-17
selecting files 3-24
selecting items in a tree 3-16
selector trees 3-15
table
buttons 3-22
columns and headings 3-20
commands, Edit menu 3-22
data, working with 3-20
sections 3-20
text boxes
finding text in 3-23
navigating 3-23
using 3-23
toolbar reference 3-13
wizards 3-17
working with Security Manager 3-1
user interface reference, activities G-1
user interface reference, deployment H-1
user interface reference, remote access VPN policies C-822
user permissions
approve permissions 2-12
assigning roles in CiscoWorks 2-14
assign permissions 2-11
associating with user roles 2-18
categories 2-3
customizing 2-17
modify permissions 2-8
understanding 2-2
view permissions 2-4
user preferences
PIX/ASA/FWSM
configuring on 13-102
user roles
associating with user permissions 2-18
Cisco Secure ACS 2-15
CiscoWorks 2-13
customizing permissions 2-17
default ACS roles 2-16
in DM6500/7600 14-17
user taskflow 1-9
V
Validation dialog box
Devices tab G-14
Errors tab G-12
understanding G-12
validation error messages G-12, G-14
DNS hostname/domain name 5-75
duplicate display name 5-74
when adding a device 5-74
Values Assignment dialog box C-223
variables
objects
understanding 16-6
Velocity Template Engine
scripting language 16-3
version
ASDM C-483
platform software C-483
View menu 3-8
additional types 2-7
for objects 2-6
for policies 2-5
views
Device view 1-8
Map view 1-9
overview 1-8
Policy view 1-9
virtual firewalls
Virtual Routing Forwarding (VRF)
VLAN groups in DM 6500/7600
adding to an FWSM 14-152
editing 14-153
range for, entering 14-154
selecting 14-155
VLAN management in DM 6500/7600
See spanning tree (STP) settings in DM 6500/7600
access ports, assigning to a VLAN 14-90
creating
multiple Ethernet VLANs 14-93
one Ethernet VLAN 14-91
VLANs, basic concepts 14-89
editing Ethernet VLANs 14-95
Layer 2 VLANs
creating multiple VLANs 14-98
creating one VLAN 14-97
editing 14-99
Layer 3 VLANs
creating multiple VLANs 14-103
creating one VLAN 14-102
deleting 14-106
editing 14-105
service VLANs, viewing 14-107
trunk ports, assigning to a VLAN 14-91
VLAN summary page 14-91
VLAN wizard 14-89
VLAN port configuration in DM 6500/7600
access ports 14-42
routed ports 14-48
trunk ports 14-45
VPN client 10-1
Mode configuration 10-1
VPN gateway 10-1
initiating a connection with 10-1
VPN global settings
in remote access VPNs
configuring 10-21
fragmentation settings 10-21
General Settings tab C-864
ISAKMP/IPSec settings 10-20
ISAKMP/IPSec Settings tab C-860
NAT settings 10-20
NAT Settings tab C-863
understanding 10-20
VPN Global Settings page C-859
in site-to-site VPNs
fragmentation settings 9-73
General Settings tab B-51
ISAKMP/IPSec settings 9-70
ISAKMP/IPSec Settings tab B-45
NAT settings 9-71
NAT Settings tab B-49
understanding 9-70
VPN Global Settings page B-45
VPN Peers List dialog box D-29
VPN routing and forwarding (VRF) instances, displaying in DM6500/7600 14-122
VPN routing and forwarding instances management
configuring 14-122
VPNs
Map view 4-30
remote access 10-1
VPNSM
See Catalyst VPN Services Module (VPNSM)
VPNSM/VPN SPA Settings dialog box C-846
VPN SPA
See Catalyst VPN Shared Port Adapter (VPN SPA)
VPN Summary page B-3
VPN system variables 16-24
VPN topologies
about editing 9-22
adding unmanaged devices 9-14
Create VPN Topology wizard
Device Selection page B-10
Edit Endpoints dialog box B-16
Endpoints page B-13
Name and Technology page B-9
creating 9-11
defining endpoints and protected networks 9-18
deleting 9-27
editing 9-24
full mesh 9-5
hub-and-spoke 9-3
joined hub-and-spoke 9-7
managing devices in the device view 9-54
naming 9-12
partial mesh 9-7
point-to-point 9-4
removing devices from 9-24
selecting devices 9-15
tiered hub-and-spoke 9-7
understanding 9-2
understanding device selection 9-14
VPN Topologies Device View page B-89
working with 9-10
VPN tunnels
in remote access VPNs 10-1
VRF-Aware IPSec
configuring 9-46
one-box solution 9-43
two-box solution 9-44
VRF-Aware IPSec (remote access VPN) tab C-851
VRF-Aware IPSec tab B-28
VRRP 13-28
VTP management in DM 6500/7600
configuring VTP information 14-107
editing 14-108
W
Warning - Partial VPN Deployment dialog box H-16
Web Filter page C-796
web filter rules
adding (ASA/FWSM/PIX) 11-110
adding (IOS) 11-121
copying (ASA/FWSM/PIX) 11-118
cutting (ASA/FWSM/PIX) 11-118
deleting (ASA/FWSM/PIX) 11-119
deleting (IOS) 11-124
disabling (ASA/FWSM/PIX) 11-116
Edit Category dialog box C-753
Edit Description dialog box C-754
Edit Destinations dialog box C-744
editing (ASA/FWSM/PIX) 11-113
editing (IOS) 11-123
Edit Service dialog box C-748
Edit Sources dialog box C-742
Edit Web Filter Options dialog box C-752
Edit Web Filter Type dialog box C-751
enabling (ASA/FWSM/PIX) 11-116
Exclusive Domain Name dialog box C-763
exclusive domains
adding (IOS) 11-125
deleting (IOS) 11-128
editing (IOS) 11-127
Exclusive Domains tab C-759
IOS Web Filter Rule and Applet Scanner dialog box C-759
moving down (ASA/FWSM/PIX) 11-119
moving up (ASA/FWSM/PIX) 11-119
pasting (ASA/FWSM/PIX) 11-118
PIX/FWSM/ASA Rules dialog box C-736
Show Destination Contents dialog box C-747
Show Service Contents dialog box C-750
Show Source Contents dialog box C-743
Web Filter Rules page (ASA/FWSM/PIX) C-734
Web Filter Rules page (IOS) C-755
Web Filter Rules tab C-756
Web Filter Rules page (ASA/FWSM/PIX) C-734
Web Filter Rules page (IOS) C-755
Web Filter Rules tab C-756
web filter server configuration
adding 11-131
deleting 11-134
editing 11-133
Web Filter Server Configuration dialog box C-800
web filter servers
configuring settings 11-129
adding 11-131
deleting 11-134
editing 11-133
Weighted Random Early Detection (WRED) 12-90
windows
undocking maps 4-9
Windows NT servers
use by ASA devices 8-22
wizards
Add Device from Config File A-25
Add Device from DCR A-40
Add Device from Network A-7
Add New Device A-29
Copy Policies C-4
Create VPN Topology B-8
Remote Access VPN Server C-823
Share Policies C-8
wizards, using 3-17
wizards in DM 6500/7600
Firewall-Inside setup 14-133
Firewall-Outside setup 14-142
Port 14-37
VLAN 14-89
workflow
overview 1-12
Workflow mode
comparing with non-Workflow mode 2-42
configuration files
deploying 15-36
previewing 15-38
rolling back 15-43
deployment
device details 15-45
dialog boxes H-10
job history 15-53
summary information 15-45
taskflow 15-5
tasks 15-46
understanding 15-5
windows H-10
Deployment Manager window H-10
disabling 2-43
enabling 2-43
jobs
Aborted state 15-8
aborting 15-42
Approved state 15-8
approving 15-51
Deploying state 15-8
Deplpoyed state 15-8
Discarded state 15-8
discarding 15-52
Edit-In Use state 15-8
Edit state 15-8
Failed state 15-9
opening 15-49
Rejected state 15-8
rejecting 15-51
Rolled Back state 15-9
Rolling Back state 15-9
Scheduled to run at state 15-9
states 15-8
submitting 15-50
main toolbar buttons 15-32
selecting 2-40
settings 2-43
workflow modes
comparing 2-42
selecting 2-40
Workflow mode understanding 2-40
Workflow Settings page F-25
X
Xauth
IKE Extended Authentication 10-1
XLATE table
clearing on deployment 13-102