Table Of Contents
A - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
A
AAA
accounting not implemented on SSL VPN 1-8
discovered configuration not displayed 6-5
discovering servers with server-private command 6-5
method lists partially discovered 6-5
name changes when discovering policies 6-14
name changes when discovering rules 6-9
removing aaa new-model command 1-7
access control lists (ACLs)
creating during IOS IPS configuration 10-4
deployment errors on FWSMs 9-6
handling names during discovery 6-3
name changes during discovery 6-9
names preserved during discovery 6-6
naming conventions 6-6
resolving naming conflicts 6-7
using ACL manager 9-5
access rules
cannot save combined rules 8-3
address pools
deployment failure 1-7
on same subnet as interface 1-8
overriding in connection profiles 1-7
ADSL policies
unable to deploy 7-4
ASA 7.1
deployment failure with auto-signon command 1-7
AUS
ASA deployment failure 1-7
auto-signon
ASA deployment failure with AUS 1-7
Auto Update Server (AUS)
deploying to devices 9-9
discovering policies 6-2
failure during deployment 9-15
C
Catalyst 6500/7600 devices
adding 6503-E devices 11-1
discovering failover pairs 11-2
discovering policies on security contexts 6-4
IDSM support 11-2
interface deployment failure 11-2
internal VLAN deployment failure 11-3
migrating to 3.1.x 11-2
performing rollback 11-3
supported modes 11-1
supported VACLs 11-1
troubleshooting 11-1
undefined VLANs 11-2
changes, out-of-band 9-4
Cisco Marketplace 1-viii
Cisco Networking Services (CNS)
debugging IOS device 5-12
debugging PIX device 5-12
deploying to devices 9-11
deployment failures to PIX device 5-12
device id not connected error 5-11
device name does not exist error 5-11
discovery failure for IOS device 5-13
event mode router does not appear 5-13
first deployment to PIX fails 5-12
InvalidParameterException error 5-11
troubleshooting device setup 5-11
Cisco Press 1-viii
Cisco Product Quick Reference Guide, obtaining 1-viii
Cisco product security
PSIRT 1-viii
vulnerability policy portal 1-viii
Cisco Secure ACS (ACS)
adding multihomed devices 3-4
authentication fails 3-1
changes not appearing in Security Manager 3-3
DCR error when adding devices 3-2
devices not appearing in Security Manager 3-3
effect on policy discovery 6-3
read-only access for system administrators 3-2
restoring access 3-4
updating device credentials in Security Manager 3-4
using multiple versions of Security Manager 3-1
working after ACS becomes unreachable 3-3
Cisco Security Agent
already installed on server 4-1, 11-2
co-existing with IPS systems 4-2
error message in event log 4-2
frequently asked questions 4-1
reinstalling bundled version 4-1
client installation
troubleshooting 2-5
client log files
locating 2-2
CNS
lists applied to wrong SSL VPN context 1-8
combining rules
cannot save changes 8-3
configuration ownership 9-4
configuration rollback
cannot connect to a Cisco IOS router after 5-1
performing reload 9-14
configure replace command 9-14
connection profiles
sharing among multiple ASAs 1-7
console port
name changes during discovery 6-15
D
daylight saving time
and certificate error
during discovery 5-9
DCR
adding 12.1 and 12.2 routers 5-9
deleting
referenced interfaces 7-2
deployment
ADSL deployment failures 7-4
Catalyst interface settings 11-2
Catalyst internal VLANs 11-3
changing default deployment methods 9-6
determining method to use 9-3
devices with same IP 5-10
duplicate SSL VPN gateway failure 1-7
errors with ACLs 9-6
failure due to overlapping pools 1-7
failure due to pools not on interface subnet 1-8
failures with AUS-managed devices 9-15
failure when modifying WINS master server 1-8
failure when port forwarding list removed 1-7
fixing an OS version mismatch 9-4
ignoring errors 9-7
IOS errors 9-6
IOS IPS 10-4
layer 2 interfaces 7-2
maximum number of devices 9-6
mixing methods 9-14
performing immediately after discovery 6-3
PVC deployment failures 7-4
PVC IP protocol mappings 7-4
rolling back configurations 9-3
setting default directory 9-3
SSL handshake failure 9-15
understanding
effects of deploying to files 9-3
full vs. delta configurations 9-6
process 9-2
using a Cisco Networking Services (CNS) server 9-11
using an Auto Update Server (AUS) 9-9
using a Token Management Server (TMS) 9-8
device communication
loss of contact due to NAT 7-3
routers without K8/K9 crypto image 5-1
device configuration
discovering commands 6-3
unable to configure 7-5
device management 9-4
changing image version 5-3
content and mode changes 5-6
hardware model changes 5-7
image version changes affecting feature set 5-4
image version changes not affecting feature set 5-3
simultaneous operations on device 5-10
device response
to appear as an error message 5-2
devices
DCR error when adding 3-2
updating credentials from ACS 3-4
DHCP
traffic blocked 7-5
diagnostic information
generating 1-1
dialers
name changes during discovery 6-13
discovery
Catalyst failover pairs 11-2
devices with same IP 5-10
invalid certificate error 5-9
security certificate error 5-9
discovery task
frequently asked questions 6-2
DNS
configuring for SSL VPN 1-6
documentation
on Cisco.com 1-viii
ordering 1-viii
documentation feedback, sending to Cisco 1-viii
E
errors
deployment 9-6
event log
CSA error message 4-2
F
FAQ
Catalyst 6500/7600 devices 11-1
policy discovery
AAA configuration not displayed 6-5
AAA method lists partially discovered 6-5
AAA servers and server-private command 6-5
deploying after discovering VPN and router policies 6-3
determining results 6-2
device hostnames 6-5
discovering configuration commands 6-3
discovering with AUS 6-2
discovery and ACS 6-3
FWSM and Catalyst security contexts 6-4
how it works 6-2
importing from VMS 2.x 6-5
naming ACLs and object groups 6-3
PIX/ASA security contexts 6-4
redeploying after discovery 6-3
rediscovering existing policies 6-3
unable to submit changes 6-4
using existing policies and objects 6-4
viewing discovered policies 6-2
viewing undiscovered policies 6-2
when to perform 6-2
firewall services
cli for authentication proxy 8-2
configuring management IP of security contexts 8-3
dropped GTP map commands 8-2
hit count 8-1
standard ACLs 8-2
losing connection to a device 8-1
negating addresses within a range 8-3
removal of bound ACEs 8-2
unable to deploy using BGP 8-2
validation error on transparent rules 8-2
Firewall Services Module (FWSM)
deployment error 9-6
discovering policies on security contexts 6-4
G
gateways
sharing address and port 1-7
group-policy
removing SSL VPN definitions 1-8
H
hostnames
effect on policy discovery 6-5
HTTP
name changes during discovery 6-14
HTTPS mode
determining 2-2
I
IDSM
support limitations 11-2
ignore error message
configure Security Manager to 5-2
inspection rules
name changes during discovery 6-10
installation
troubleshooting 2-5
IOS 12.1 and 12.2
configuring in Security Manager 7-1
IOS 12.4(11)T
address pool deployment failure 1-8
CNS problem with SSL VPN contexts 1-8
IOS 12.4(9)T
AAA accounting failure 1-8
port forwarding list deployment failure 1-7
WINS master server deployment failure 1-8
IP mappings
unable to deploy 7-4
IPS
adding and managing sensors 10-1
co-existing with CSA 4-2
creating ACLs 10-4
deploying 10-4
importing 5.0 sensors 10-2
performing updates 10-2
provisioning trusted hosts 10-4
retrieving signature updates 10-2
signature updates 10-4
updating IOS IPS crypto configurations 10-4
L
line access
name changes during discovery 6-15
M
max-webvpn-session-limit
cannot be imported 1-6
N
NAC
deployment fails 7-7
name changes during discovery 6-16
posture validation not occurring 7-7
NAT
discovering rules with route maps 7-3
name changes during discovery 6-11
VPN traffic sent unencrypted 7-3
Networking Professionals Connection 1-viii
O
object-groups
name changes during discovery 6-8
objects
using existing objects during discovery 6-4
online help
loading 2-4
preserving search results 2-5
OS version mismatch
fixing 9-4
out-of-band changes
resolving 9-4
P
passwords
encrypted passwords on routers 7-2
peer support, Networking Professionals Connection 1-viii
PIX/ASA devices
discovering policies on security contexts 6-4
discovering policies when using AUS 6-2
PIX object groups
handling names during discovery 6-3
policies
policy discovery FAQ 6-2
rediscovery and current assignments 6-3
using existing policies during discovery 6-4
policy discovery
AAA commands not displayed in AAA policy 6-5
AAA method lists partially discovered 6-5
AAA servers and server-private command 6-5
adding routers running 12.1 or 12.2 5-9
deploying after discovering VPN and router policies 6-3
determining results 6-2
device hostnames 6-5
discovering configuration commands 6-3
discovering with AUS 6-2
discovery and ACS 6-3
frequently asked questions 6-2
FWSM and Catalyst security contexts 6-4
how it works 6-2
importing from VMS 2.x 6-5
naming ACLs and object groups 6-3
NAT rules with route maps 7-3
PIX/ASA security contexts 6-4
preserving ACL names 6-6
redeploying after discovery 6-3
rediscovering existing policies 6-3
resource names changed during discovery 6-8
unable to submit changes 6-4
undiscovered VPN features 6-5
using existing policies and objects 6-4
viewing discovered policies 6-2
viewing undiscovered policies 6-2
when to perform 6-2
while deploying to device 6-5
port forwarding list
applied to wrong SSL VPN context 1-8
deployment failure when removed 1-7
PPP
name changes during discovery 6-13
proxy-bypass interfaces
configured for SSL VPN 1-7
PSIRT 1-viii
publications, obtaining additional 1-viii
PVC policies
unable to deploy 7-4
Q
quality of service (QoS)
name changes during discovery 6-17
R
reload
after configuration rollback 9-14
resources
AAA name changes 6-9
AAA policy name changes 6-14
ACL name changes 6-9
dialer name changes 6-13
dynamic NAT name changes 6-11
HTTP name changes 6-14
inspection rule name changes 6-10
line access name changes 6-15
NAC name changes 6-16
names changed during discovery 6-8
object-group name changes 6-8
PPP name changes 6-13
QoS name changes 6-17
service policy rule name changes 6-12
transparent rule name changes 6-10
rollback 9-3
Catalyst 6500/7600 devices 11-3
performing when deploying to file 9-14
router platform
policy troubleshooting 7-1
device access policies 7-4
device interface policies 7-2
DHCP policies 7-5
DSL policies 7-3
NAC policies 7-6
NAT policies 7-2
PVC policies 7-4
SDP policies 7-5
SNMP policies 7-6
static routing policies 7-7
routers
configuring routers with 12.1 or 12.2 7-1
managing encrypted passwords 7-2
S
security
advisories 1-viii
incidents, obtaining assistance 1-viii
news from Cisco
registering to receive 1-viii
RSS feed URL 1-viii
notices 1-viii
PSIRT 1-viii
vulnerabilities, reporting 1-viii
Security Agent installation
troubleshooting 2-5
security certificate
invalid during discovery 5-9
validity period
and time setting on Security Manager 5-9
security context
configuring management IP 8-3
security contexts
deleting config file 5-10
discovering policies on FWSM and Catalyst devices 6-4
discovering policies on PIX/ASA devices 6-4
Security Manager 3.0.1
adding and managing IPS sensors 10-1
Security Manager client
cleaning server list in Login window 2-1
determining HTTPS mode 2-2
entering server names after installation 2-2
frequently asked questions 2-1
installing on same machine as server 2-1
loading online help 2-4
locating client logs 2-2
reinstalling 2-4
removing locks of another user 2-4
resetting password 2-2
resolving version mismatch 2-2
running in dual-screen mode 2-3
using HTTP 2-3
Security Manager database
corrupted 1-2
troubleshooting 1-2
Security Manager Diagnostics utility
accessing 1-1
Security Manager server
collecting troubleshooting information 1-1
database issues 1-2
installation 1-4
restoring database from files 1-3
restricting access 1-3
unable to launch 1-3
service policy rules
name changes during discovery 6-12
service requests
submitting 1-viii
services
creating groups from nameless services 8-3
signatures
managing updates 10-4
retrieving updates 10-2
SNMP
removing traps unintentionally 7-6
traps not being sent 7-6
SSL
handshake failure during deployment 9-15
SSL VPN
AAA accounting not implemented 1-8
address pools on interface subnet 1-8
ASA deployment failure with AUS failure 1-7
cannot import license information 1-6
detecting overlapping pools 1-7
limitations 1-6
limitations due to OS defects 1-7
lists applied to wrong context 1-8
modifying WINS master server 1-8
need for DNS 1-6
removing aaa new-model command 1-7
removing group policies from PIX/ASAs 1-8
removing port forwarding list 1-7
sharing connection profiles on ASAs 1-7
sharing gateway addresses 1-7
use of proxy-bypass interfaces 1-7
using interface roles 1-7
static routing
deployment fails after upgrade 7-7
floating route not inserted 7-7
summertime
and certificate error
during discovery 5-9
support
Networking Professionals Connection 1-viii
obtaining from Cisco 1-viii
T
technical support (TAC)
obtaining 1-viii
URL for service requests 1-viii
time setting
on Security Manager
certificate error 5-9
certificate validity period 5-9
lagging behind device 5-9
timezone settings
and certificate error 5-9
on device 5-9
on Security Manager 5-9
Token Management Server (TMS) 9-8
deploying to 9-8
training, obtaining 1-viii
transparent rules
name changes during discovery 6-10
troubleshooting information
generating 1-1
trusted hosts
provisioning 10-4
U
URL list
applied to wrong SSL VPN context 1-8
V
version mismatch, resolving 2-2
VLAN ACLs (VACLs)
supported types 11-1
VLANs
referencing undefined 11-2
VPN
defining multiple CA servers 1-2
defining multiple spoke definitions 1-5
discovering after configuring 1-4
enabling/disabling VRF on Catalyst 6500/7600 1-4
loss of communication with spoke 1-2
PKI with AAA 1-2
SSL VPN limitations 1-6
SSL VPN limitations due to OS defects 1-7
traffic sent unencrypted 7-3
unconfigurable commands when Easy VPN enabled 1-5
undiscovered features 6-5
unneeded Easy VPN policies 1-3
updating routing processes 1-1
VPN/Security Management Suite (VMS)
importing policies from 6-5
vpn sessiondb
cannot be imported 1-6
VTY
name changes during discovery 6-15
W
WINS
modifying master server 1-8