-
User Guide for Cisco Security Manager 3.0
-
Preface
-
Getting Started
-
Performing Administrative Tasks
-
Working With the Security Manager User Interface
-
Using Map View
-
Managing Devices
-
Managing Policies
-
Managing Activities
-
Managing Objects
-
Managing Site-to-Site VPNs
-
Managing Remote Access VPNs
-
Managing Firewall Services
-
Managing Routers
-
Managing Firewall Devices
-
Using the Catalyst 6500/7600 Device Manager
-
Managing Deployment
-
Managing FlexConfigs
-
Using Tools
-
Devices User Interface Reference
-
Site-to-Site VPN User Interface Reference
-
Policy User Interface Reference
-
Map View User Interface Reference
-
Tools User Interface Reference
-
Administrative Settings User Interface Reference
-
Activities User Interface Reference
-
Deployment User Interface Reference
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
3DES encryption algorithm
in IKE proposals 54
802.1x
802.1x Policy page 528
configuring on Cisco IOS routers 54
defining policies 58
interface authorization states 56
supported topologies 57
understanding device roles 55
A
AAA
accounting 1
authorization 1
configuring on firewall devices 29
local fallback 32
support 31
user authentication 1
AAA authentication groups
predefined 7
AAA Firewall page 751
AAA Mode Setup page 2
AAA rules
AAA Rules page 679
Add AAA Rules dialog box 682
adding 81
AuthProxy dialog box 699
configuring settings
for AAA (IOS) 96
for AAA firewall (PIX/ASA) 92
copying 88
cutting 88
deleting 90
disabling 87
Edit AAA Option dialog box 697
Edit AAA Rules dialog box 682
Edit AAA Server Group dialog box 699
Edit Category dialog box 701
Edit Description dialog box 700
Edit Destinations dialog box 689
editing 84
Edit Interface dialog box 695
Edit Service dialog box 661, 692
Edit Sources dialog box 688
enabling 87
finding usage 88
generating usage reports 88
MAC exempt address lists
adding 93
deleting 95
editing 94
using 93
moving down 90
moving up 90
pasting 88
Show Destination dialog box 691
Show Interface dialog box 696
Show Service dialog box 663, 694
Show Source dialog box 691
understanding 79
AAA Rules page 679
AAA server group objects
AAA Server Group dialog box 36
AAA Server Groups page 35
creating 9
deleting 18
duplicating 12
editing 13
generating usage reports for 17
managing overrides 16
override page in Device Properties 52
override page in Policy Object Manager 201
predefined authentication groups 7
understanding 6
viewing details 15
AAA Server Groups Override page 52
AAA server objects
AAA Server dialog box 42
AAA Servers page 40
creating 23
deleting 30
duplicating 26
editing 27
generating usage reports for 29
supported types 21
understanding 19
viewing details 28
AAA servers
external servers 1
supported types on ASA devices 22
table of services on ASA devices 23
Abort Deployment Job dialog box 27
ABR
definition of 91
access control list objects
creating 34
deleting 42
duplicating 41
editing 40
Extended IP ACL tab 48
Add Extended Access Control Entry dialog box 53
Add Extended Access List page 50
Edit Extended Access Control Entry dialog box 53
Edit Extended Access List page 50
extended objects 35
generating usage reports for 43
Standard IP ACL tab 56
Add Standard Access Control Entry dialog box 60
Add Standard Access List page 58
Edit Standard Access Control Entry dialog box 60
Edit Standard Access List page 58
standard objects 38
understanding 31
viewing details 45
Access Control page 743
access controls
access list compilation
enabling 53
object group search
enabling 48
per user downloadable ACLs (PIX/ASA/FWSM)
enabling 51
understanding settings 47
Access Group tab
access list compilation
enabling 53
understanding 52
access permissions
maps 3
access ports in DM 6500/7600
configuring 49
editing 49
restarting 49
access rules
Access Rules page 614
Adaptive Security Algorithm (ASA) and 8
Add Firewall Rule dialog box 617
adding 11
Advanced dialog box 622
ASA, and 9
copying 20
cutting 20
deleting 23
disabling 19
Edit Category dialog box 636
Edit Description dialog box 635
Edit Destinations dialog box 626
Edit Firewall Option dialog box 631
Edit Firewall Rule dialog box 617
editing 15
Edit Interface dialog box 633, 664
Edit Service dialog box 629
Edit Sources dialog box 624
enabling 19
FWSM, and 9
IOS router, and 9
logging events for an ACE 11
moving down 22
moving up 22
pasting 20
PIX Firewalls, and 9
recognizing on devices 8
Show Destination dialog box 628
Show Interface dialog box 634
Show Service dialog box 631
Show Source dialog box 626
Access Rules page 614
accounting
configuring on firewall devices 29
ACL names
generating 4
Active/Active failover
about 56
command replication 57
configuration synchronization 57
Active/Standby failover 56
activities
accessing functions 9
Activity Details tab 5
Activity Manager window 1
Activity Required (Create Activity) dialog box 15
Activity Required (Create or Open Activity) dialog box 16
and locking 4
Approve Activity dialog box 9
Approved state 6
benefits of 2
closing 12
Create Activity dialog box 7
creating 11
Devices tab 14
Discard Activity dialog box 11
discarding 17
Edit state 5
Errors tab 12
History tab 6
managing 1
multiple users 5
Openable Activities dialog box 17
opening 11
Reject Activity dialog box 10
Rejected state 6
rejecting 15
Submit Activity dialog box 8
Submitted state 5
understanding 2
validating 12
Validation dialog box 12
viewing details 17
viewing historical data 18
working with 9
Activities menu 12
Activity Details tab 5
Activity Manager window 1
Activity Required (Create Activity) dialog box 15
Activity Required (Create or Open Activity) dialog box 16
Adaptive Security Appliances
Add/Edit IGMP Join Group dialog box
description 87
Add/Edit IGMP Static Group dialog box
description 86
Add/Edit Multicast Route dialog box
description 386
Add AAA Rules dialog box 682
Add Client Access Rules dialog box 71
Add Country Network Codes dialog box 100
Add Device from Config File wizard 22
Device Grouping page 21
Device Information page - Config File 23
Add Device from DCR wizard 37
Device Grouping page 21
Device Information page - DCR 37
Add Device from Network wizard 7
Device Credentials page 14
Device Grouping page 21
Device Information page - Network 7
Add Devices to Groups page 67
Add Extended Access Control Entry dialog box 53
Add Firewall Rule dialog box 617
Add FTP Map dialog box 94
Add Groups dialog box 68
Add GTP Map dialog box 97
Add Link dialog box 23
Add Map Object and Node Properties dialog boxes 24
Add New Device wizard 27
Device Credentials page 14
Device Grouping page 21
Device Information page - New Device 27
Add Other Devices dialog box 22
address pools 20
Add Standard Access Control Entry dialog box 60
Add Standard Access List page 58
Add TCP Map dialog box 161
Add Traffic Flow dialog box 172
Add Transparent Firewall Rule dialog box 734
admin context
overview 101
administration
selecting policies to manage 44
Advanced dialog box
access rules 622
AES encryption algorithm
in IKE proposals 54
Analysis 767
analysis reports
generating 34
understanding 32
Analysis Reports page 767
anti-spoofing 95
Approve Activity dialog box 9
Approve Deployment Job dialog box 24
Approved state 6
approvers 14
area border router 91
ARP table
ASA
FlexConfig object samples 7
ASA devices
AAA support 22
table of AAA services 23
use of Kerberos 22
use of LDAP servers 22
use of NT servers 22
use of SDI servers 22
see also PIX/ASA/FWSM Platform policies
ASA user group objects
ASA User Groups page 62
Client Configuration tab 54, 72
Client Firewall Attributes tab 57, 75
creating 47
deleting 64
duplicating 63
editing 62
generating usage reports for 65
Hardware Client Attributes tab 79
Hardware Client tab 60
Add Client Access Rules dialog box 71
Edit Client Access Rules dialog box 71
understanding 45
viewing details 67
ASA User Groups page 62
ASBR
definition of 91
ASDM
version 471
assignment overview 10
Assignments tab 26
Assign Shared Policy dialog box 3
audit log entries
purging 9
audit logs
archiving 56
understanding 56
Audit Logs Settings page 13
Audit Message Details dialog box 8
Audit Report page 6
audit reports
examples for defining 7
generating 7
understanding 6
AUS
setting up 12
authentication
configuring on firewall devices 29
authentication methods
in IKE proposals 56
preshared keys 56
RSA signatures 56
authorization
configuring on firewall devices 29
AuthProxy dialog box
AAA rules 699
AuthProxy General tab (IOS) 755, 757
AuthProxy page 754
autolink
omitting reserved networks from maps 2
Auto Update Server (AUS) 25
Auto Update Server Properties dialog box 12
Auto Update Servers
using to deploy to ASA devices 12
using to deploy to PIX firewalls 12
Auto Update Servers (AUS)
adding 64
configuring AUS settings on firewall devices 61
editing 67
understanding 63
Available Auto Update Servers dialog box 13
Available CNS-Configuration Engines dialog box 36
Available Servers dialog box 34
B
background image, map
deleting 14
importing 13
overview 12
scale and position 15
setting 14
backups
understanding 17
using Common Services 17
bandwidth 472
banners
Banner page 283
configuring on firewall devices 36
benefits of product 2
BGP routing
BGP Routing Policy page 561
configuring on Cisco IOS routers 101
defining routes 103
Neighbors dialog box 564
redistributing routes 105
Redistribution Mapping dialog box 567
Redistribution tab 565
Setup tab 562
boot image and configuration settings
configuring on firewall devices 37
bridging
PIX/ASA/FWSM
Add/Edit ARP Inspection dialog box 271
Add/Edit ARP Table Entry dialog box 269
Add/Edit MAC Learning dialog box 275
Add/Edit MAC Table Entry dialog box 274
ARP Inspection page 270
ARP Table page 267
configuring on 27
MAC Address Table page 272
MAC Learning page 274
Management IP page 276
buttons
main toolbar 32
C
CA server authentication methods
SCEP (Simple Certificate Enrollment Protocol) 74
Catalyst 6500/7600 Device Manager (DM 6500/7600)
action buttons 14
basic concepts 1
desktop 10
features 3
navigating in 4
opening 4
preferences 16
quick reference 18
selector, understanding 13
starting 4
Catalyst 6500/7600 Device Manager (DM 6500/7600) wizards
Firewall-Inside setup 134
Firewall-Outside setup 143
Port 37
VLAN 89
Catalyst 6500/7600 Device Manager access window
opening from Tools menu 5
Catalyst 6500/7600 devices
configuring FWSM on 33
configuring VPNSM on 29
Catalyst 6500/7600 switches
including in deployment jobs 5
Catalyst 6500 switches
deployment 34
Catalyst VPN Services Module
configuring a VPN interface 29
VPNSM blade 29
VPNSM Settings dialog box 811
categories
editing 69
understanding 68
category objects
Categories page 82
Category Editor dialog box 83
Certification Authority (CA) servers
naming guidelines 156
checklist for getting started 12
Choose Files dialog box 26
Cisco Adaptive Security Appliances
Cisco Discovery Protocol (CDP) settings, configuring in DM6500/7600 24
Cisco Express Forwarding (CEF)
importance for QoS 73
Cisco IOS
banners, configuring in DM6500/7600 26
FlexConfig object samples 9
Cisco IOS devices
selecting transport protocols 49
Cisco IOS routers
available interface types 5
configuring 802.1x 54
configuring BGP routing 101
configuring device access 25
configuring DHCP 28
configuring dialer interfaces 36
configuring EIGRP routing 107
configuring host and domain names 41
configuring interfaces 2
configuring NAC 62
configuring NAT 9
configuring OSPF routing 115
configuring platform policies 1
configuring QoS 72
configuring RIP routing 133
configuring SDP 42
configuring SNMP 49
configuring static routing 140
deleting interfaces 8
generating interface names 7
managing 1
Cisco Networking Services (CNS) 27
Cisco Networking System (CSN)
using to deploy to IOS routers 13
Cisco PIX firewalls
see PIX/ASA/FWSM Platform policies
Cisco Secure Access Control Server (ACS)
adding users 27
associating user roles and permissions 18
customizing user roles 17
default roles 16
integrating with Security Manager 20, 60
integration checklist 22
integration requirements 21
performing integration 25
performing integration in CiscoWorks 35
registering Security Manager 24
shell command authorization set 21
understanding user permissions 2
Cisco Secure Access Control Server (ACS) integration
adding managed devices 29
adding system administrator 27
checklist of tasks 22
configuring CiscoWorks AAA mode 23
configuring CiscoWorks server 25
configuring NDGs 31
creating administration control user 29
creating local users in CiscoWorks 35
customizing user roles 17
defining system identity user 36
list of ACS procedures 25
list of CiscoWorks procedures 35
list of requirements 21
restarting Daemon Manager 37
Cisco Secure Access Control Server (ACS) user interface
Add AAA Client page 26
Add Administrator page 29
Administration Control page 29
Group Setup page 34
New Network Device page 32
Shared Components page 17
User Setup page 28
Cisco Security Management Suite server
exiting 2
logging in to 2
Cisco Trust Agent (CTA) 63
CiscoWorks Common Services
assigning roles to users 14
associating user roles and permissions 18
available user roles 13
backing up Security Manager with 17
configuring AAA mode 23
configuring server as AAA client 25
creating local user for Cisco Secure ACS 35
defining system identity user 36
exiting 2
logging in to 2
performing integration for Cisco Secure ACS 35
registering Security Manager with Cisco Secure ACS 24
understanding user permissions 2
CiscoWorks Common Services user interface
AAA Setup Mode page 23
Local User Setup page 35
System Identity Setup page 36
Class-Based Policing 80
CLI commands
in FlexConfigs 2
prepended 2
Client Configuration tab
ASA user group objects 72
client connection characteristics
Client Connection Characteristics page 83
configuring policies for EzVPN 103
Client Firewall Attributes tab
ASA user group objects 75
clock
configuring on firewall devices 38
cluster load balancing
configuring 16
PIX7.0/ASA Cluster Load Balance page 831
understanding 15
CNS
setting up 15
CNS-Configuration Engine Properties dialog box 35
commands
Activities menu 12
Edit menu 7
Edit menu, table commands 21
File menu 6
Help menu 12
Policy menu 8
Tools menu 11
View menu 8
Common Services backup
of Security Manager 17
config files
adding devices from 44
Device Grouping page 41
Device Information page 47
configuration
frequently asked questions 17
Configuration Archive
New Configuration Version dialog box 14
rolling back to archived configuration files 14
settings 44
toolbar, customizing 11
transcripts, understanding 12
version viewer 12
viewing configuration files 12
viewing transcripts 12
window 10
Configuration Archive Settings page 3
Configuration Engines
adding 64
editing 67
understanding 63
configuration files
deploying in non-Workflow mode 34
deploying in Workflow mode 36
previewing 38
redeploying to devices 40
rolling back to archived configurations 14
rolling back to devices 43
selecting 24
understanding factory-deafult configurations 2
viewing 12
configuration views 8
Configure DNS dialog box
inspection rules 668
Configure ESMTP dialog box
inspection rules 671
Configure Fragments dialog box
inspection rules 672
Configure IMAP dialog box
inspection rules 674
Configure POP3 dialog box
inspection rules 675
Configure RPC dialog box
inspection rules 676
Configure SMTP dialog box
inspection rules 669
connection
server status 3
connections per second 472
console timeout settings
configuring on firewall devices 43
contact credentials
configuring on firewall devices 41
contained modules
show 5
Contents pane 7
context mode
viewing 471
contexts
control plane (CP)
defining QoS on 90
policing on 85
Control Plane Policing 85
Copy Policies wizard
Copy Policies from this Device page 5
Copy Policies to these Devices page 6
Select Policies to Copy page 7
understanding 4
core network connections, configuring for MSFC in DM6500/7600 135
CPU usage 471
Create a Clone page 42
Create Activity dialog box 7
Create a Job dialog box 12
Create a Policy dialog box 27
Create Discovery Task dialog box 15
Create Filter dialog box 3
Policy view 24
Create Overrides for Device dialog box 210
Create Text Object dialog box 89
Create VLAN dialog box 44
Create VPN Topology wizard 8
Credentials page 48
crypto maps
dynamic 60
in IPSec proposals 60
static 60
Customize Desktop Settings page 4
Custom Protocol dialog box
inspection rules 670
D
Daemon Manager
restarting after Cisco Secure ACS integration 37
job status
Scheduled to run at 9
DCS properties file
defining SSH settings by editing 50
dead-peer detection (DPD) 64
Delete Map dialog box 16
Deploy Job dialog box 26
deployment
Abort Deployment Job dialog box 27
Add Other Devices dialog box 22
Approve Deployment Job dialog box 24
clearing XLATE on 100
configurations 34
Create a Job dialog box 12
Deploy Job dialog box 26
Deployment Rollback dialog box 28
Details tab 34
Discard Deployment Job dialog box 25
Edit Deploy Method dialog box 17
Edit Selected Deployment Method dialog box 18
frequently asked questions 17
History tab 35
managing 1
maximum number of devices 23
non-Workflow mode 3
Deploy Saved Changes dialog box 3
Preview Config dialog box 20
Preview Messages dialog box 19
Redeploy a Job dialog box 31
Reject Deployment Job dialog box 23
Rollback Confirmation dialog box 30
Submit Deployment Job dialog box 22
Summary tab 33
to devices
OS version mismatches 14
understanding 11
to files 13
understanding 1
using a Cisco Networking Services (CNS) server 27
using an Auto Update Server (AUS) 25
using a Token Management Server (TMS) 24
viewing status information 33
Warning - Partial VPN Deployment dialog box 16
Workflow mode 5
Create a Job dialog box 12
Deployment Manager window 10
dialog boxes 9
tasks 46
windows 9
working with 31
deployment device details 45
deployment errors
OS version mismatches 14
deployment job approval 9
deployment job changes 10
deployment job history 53
deployment jobs
aborting 42
approving 51
benefits of 2
creating 46
discarding 52
including devices in 10
multiple users and 10
opening 49
rejecting 51
submitting 50
deployment job states
non-Workflow mode 4
Workflow mode 8
Deployment Manager window
Details tab 34
History tab 35
Summary tab 33
Deployment Manager window in non-Workflow mode 2
Deployment Manager window in Workflow mode 10
deployment methods
changing 40
understanding 11
Deployment Rollback dialog box 28
Deployment Settings page 5
Deployment Status Details dialog box 6
refreshing 40
viewing 33
deployment summary 45
deployment taskflow
in Workflow mode 5
non-Workflow mode 3
deployment transport protocols
for ASA devices 12
for Catalyst 6500/7600 devices 12
for IOS routers 12
for PIX firewalls 12
Deploy Saved Changes dialog box 3
DES encryption algorithm
in IKE proposals 54
device access
Cisco IOS routers
configuring on 25
configuring on firewall devices 42
device access policies
defining 26
device administration policies
configuring on firewall devices 28
device credentials
naming guidelines 71
understanding 70
validation error messages 73
Device Credentials page 14
Device Credentials Repository (DCR)
adding devices from 57
Device Grouping page 41
Device Information page 60
Device Delete Validation Details dialog box 41
Device Grouping page 21
device grouping shortcut menu options 66
device groups
working with 51
Device Information page - Config File 23
Choose Files dialog box 26
Device Information page - DCR 37
Device Information page - Network 7
Device Information page- New Device 27
device policies shortcut menu options 64
Device Properties
Credentials page 48
Device Groups page 50
General page 44
Policy Object Override pages
AAA Server Groups Override page 52
general reference 51
Interface Roles Override page 53
Networks/Hosts Override page 54
PKI Enrollments Override page 55
Port Lists Override page 57
Service Groups Override page 60
Services Override page 58
Text Objects Override page 61
device properties
defining 76
editing 78
understanding 74
viewing 79
Device Properties page
creating object overrides 251
deleting overrides 254
understanding 44
devices
adding from configuration file 44
adding from DCR 57
adding from network 32
adding new 49
assigning shared policies 27
choosing add method 31
configuring local policies 16
copying policies between 19
copying shared policies 30
creating policy object overrides 251
deleting from inventory 82
deleting policy object overrides 254
deploying to dynamically addressed 12
deploying to 13
deployment to 11
discovering policies 5
discovering policies on existing devices 6
managing 1
maps
adding existing managed 17
adding new managed 17
displaying devices from Device View 19
displaying managed 16
showing containment for Catalyst switches, ASA, PIX devices 18
modifying policy assignment 33
modifying shared policies 32
policy status icons 18
preparing 2
redeploying configuration files to 40
renaming policies 31
replacing policies 27
rolling back configuration files to 43
sharing multiple policies 24
unassigning policies 20
unsharing policies 26
working with communication settings UI 49
Device selector 2
device selector
filtering 26
device shortcut menu options 62
Devices page 1
Devices tab 14
Devices User Interface Reference 1
Device view
assigning shared policies 27
configuring local policies 16
copying policies between devices 19
copying shared policies 30
editing site-to-site VPN policies in 51
managing policies 15
managing VPN devices in 48
modifying policy assignments 33
modifying shared policies 32
overview 8
policy status icons 18
renaming policies 31
sharing local policies 23
sharing multiple policies 24
Site-to-Site VPN Topologies page 85
unassigning policies 20
understanding basic policy management 16
understanding shared policies 22
unsharing policies 26
device view
understanding 23
DHCP
Cisco IOS routers
configuring on 28
defining address pools 34
defining policies 32
DHCP Database dialog box 503
DHCP Policy page 500
IP Pool dialog box 504
understanding database agents 29
understanding option 82 30
understanding relay agents 30
understanding secured ARP 31
PIX/ASA/FWSM
configuring DHCP relay 63
configuring DHCP servers 64
DHCP pools in DM 6500/7600
viewing status 28
dial backup
configuring 27
Dial Backup Settings dialog box 32
understanding 26
dialer interfaces
configuring on Cisco IOS routers 36
defining BRI properties 38
defining profiles 36
Dialer Interfaces Policy page 507
Dialer Physical Interface dialog box 511
Dialer Profile dialog box 509
Diffie-Hellman groups
in IKE proposals 55
Discard Activity dialog box 11
Discard Deployment Job dialog box 25
discovery
Map View 36
overview 11
Settings page 11
Discovery Details pane 4
Discovery Status dialog box 18
discovery task
frequently asked questions 9
starting 6
viewing status 9
Distinguished Name (DN) matching policies
configuring 25
DN Matching Policy page 834
understanding 24
Distinguished Name (DN) matching rules
configuring 27
DN Matching Rules page 835
DN Rule dialog box (lower pane) 839
DN Rule dialog box (upper pane) 838
understanding 26
Distributed Traffic Shaping (DTS) 80
DMVPN (Dynamic Multipoint VPN)
advantages of using with GRE 90
configuring policies 91
IPSec technology 7
understanding 89
using with GRE 89
DNS
configuring on firewall devices 66
dynamically assigned IP addresses
adding devices with 62
dynamic crypto maps 60
dynamic IP devices
GRE for 84
dynamic NAT
creating rules on Cisco IOS routers 20
E
Edit AAA Option dialog box 697
Edit AAA Rules dialog box 682
Edit AAA Server Group dialog box 699
Edit Category dialog box
AAA rules 701
access rules 636
inspection rules 678
transparent rules 742
web filter rules 720
Edit Client Access Rules dialog box 71
Edit Country Network Codes dialog box 100
Edit Deploy Method dialog box 17
Edit Description dialog box
AAA rules 700
access rules 635
inspection rules 677
transparent rules 741
web filter rules 721
Edit Destinations dialog box 626
AAA rules 689
inspection rules 658
web filter rules 711
Edit Device Groups page 66
Edit Endpoints dialog box 16
Protected Networks tab 24
VPN Interface tab 17
Edit Extended Access Control Entry dialog box 53
Edit Extended Access List page 50
Edit Firewall Option dialog box 631
Edit Firewall Rule dialog box 617
Edit FTP Map dialog box 94
Edit GTP Map dialog box 97
editing
HTTP maps
editing 106
Edit Inspected Protocol dialog box 665
Edit Interface dialog box
AAA rules 695
transparent rules 739
Edit menu 7
Edit menu, table commands 21
Edit Selected Deployment Method dialog box 18
Edit Service dialog box
access rules 629
web filter rules 714
Edit Sources dialog box 624
AAA rules 688
inspection rules 657
web filter rules 710
Edit Standard Access Control Entry dialog box 60
Edit Standard Access List page 58
Edit state 5
Edit TCP Map dialog box 161
Edit Traffic Flow dialog box 172
Edit Transparent EtherType dialog box 737
Edit Transparent Firewall Rule dialog box 734
Edit Transparent Mask dialog box
transparent rules 738
Edit Web Filter Options dialog box 719
Edit Web Filter Type dialog box 718
EIGRP routing
configuring on Cisco IOS routers 107
defining interface properties 110
defining routes 108
Edit Interfaces dialog box 572
EIGRP Routing Policy page 569
Interface dialog box 575
Interfaces tab 573
redistributing routes 113
Redistribution Mapping dialog box 578
Redistribution tab 576
Setup dialog box 571
Setup tab 570
Encoding tab
HTTP map objects 114
encryption algorithms
3DES (Triple DES) 54
AES (Advanced Encryption Standard) 54
DES (Data Encryption Standard) 54
in IKE proposals 54
endpoints and protected networks
defining in VPN topologies 17
Protected Networks tab 24
understanding 16
VPN Interface tab 17
Entity Length tab
HTTP map objects 106
Errors tab 12
evaluation license
upgrading to permanent license 53
Exclusive Domain Name dialog box
web filter rules 730
exclusive domains
adding (IOS) 116
deleting (IOS) 120
editing (IOS) 118
Exclusive Domains tab
web filter rules 726
exiting
Cisco Security Management Suite server 2
CiscoWorks Common Services 2
Extended IP ACL tab 48
Ext Request Method tab
HTTP map objects 110
EzVPN
Advanced tab 80
client connection characteristics 103
Client VPN Software Update tab 82
configuring policies for 96
General tab 75
IPSec Proposal page 69
IPSec proposals 97
IPSec tab 78
IPSec technology 7
tunnel group policies 101
Tunnel Group Policy page 74
understanding 94
user group policies 99
User Group Policy page 73
F
factory-default configurations 2
failover
PIX/ASA/FWSM
active/active 56
active/standby 56
configuring on 54
stateful 58
stateless 58
types of 56
understanding 55
failover link 55
feature sets 4
File menu 6
files
deploying to 13
selecting 24
Find Node dialog box 17
Firewall AAA IOS Timeout Value Setting dialog box 758
Firewall AAA MAC Exempt Setting dialog box 753
Firewall ACL Setting dialog box 746
Firewall-Inside setup wizard in DM 6500/7600
core network connection, configuring routed port details 136
final configuration, delivering 142
inside network connection, configuring 140
MSFC/Firewall VLAN
firewall context, creating 139
firewall context, selecting 139
VLAN group, selecting 138
service module, selecting 135
summary page 142
firewall mode
changing 28
viewing 471
Firewall-Outside setup wizard in DM 6500/7600
core network connection, configuring 147
final configuration, delivering 148
Firewall/MSFC VLAN, configuring 145
Internet connection, configuring 143
service module, selecting 143
summary page 148
firewall policy properties 3
firewall service module (FWSM)
including in deployment jobs 5, 14
Firewall Service Module Credentials dialog box 19
firewall services
managing 1
Map View 23
Firewall Services Module (FWSM)
configuring 33
configuring with VPNSM 33
FWSM blades 33
FWSM Settings tab (remote access VPN) 813
FWSM tab (site-to-site VPN) 26
see also PIX/ASA/FWSM Platform policies
Firewall Services Module (FWSM) setup in DM 6500/7600
configuring 149
firewall contexts, configuring 159
interfaces
adding 168
configuring 166
editing 170
security contexts
configuring 159
viewing details 163
VLANs
adding to a VLAN group 157
editing in a VLAN group 158
range, entering 155
firewall settings
AAA Firewall page 751
Access Control page 743
access controls
access list compilation 52
configuring settings 55
object group search 47
per user downloadable ACLs (PIX/ASA/FWSM) 50
AuthProxy General tab (IOS) 755
AuthProxy page 754
AuthProxy Timeout tab (IOS) 757
configuring settings
firewall ACL 56
Firewall AAA IOS Timeout Value Setting dialog box 758
Firewall AAA MAC Exempt Setting dialog box 753
Firewall ACL Setting dialog box 746
Inspection page 749
Transparent page 760
Web Filter page 762
Web Filter Server Configuration dialog box 765
firewall system variables 13, 16
Flash memory, amount 471
FlexConfig Editor dialog box 85
FlexConfig objects
ASA samples 7
Cisco IOS samples 9
creating 70
deleting 76
duplicating 71
editing 73
generating usage reports for 75
PIX samples 10
router samples 11
viewing details 74
FlexConfig object variables
deleting 44
FlexConfig policie 211
FlexConfig policies
understanding 35
FlexConfig Policy page 212
FlexConfig Policy Preview dialog box 219
FlexConfigs
adding 40
CLI commands in 2
creating (scenario) 35
deleting 42
editing 41
example 6
managing 1
previewing 43
reordering 42
scripting language
understanding 3
understanding 1
working with 39
FlexConfigs objects page 84
FlexConfig system variables
remote access 34
routers 23
understanding 12
VPNs 24
FlexConfig Undefined Variables dialog box 90
floodguard 95
fragmentation
in remote access VPNs 20
General Settings tab 828
in site-to-site VPNs
General Settings tab 50
understanding 67
maximum transmission unit (MTU) 67
fragments settings 95
frequently asked questions
policy discovery 9
FTP map objects
Add FTP Map dialog box 94
creating 78
deleting 81
duplicating 81
Edit FTP Map dialog box 94
editing 80
FTP Maps page 92
generating usage reports for 83
understanding 77
viewing details 84
FTP Maps page 92
full mesh topologies
description 5
diagram 5
FWSM
see Firewall Services Module (FWSM)
FWSM Settings tab (remote access VPN) 813
G
General page 44
General tab
ASA user group objects 65
HTTP map objects 104
getting started
checklist 12
getting started with Catalyst 6500/7600 Device Manager (DM 6500/7600)
features 3
home page 4
navigating 4
preferences, editing 16
refreshing 16
starting 4
startup configurations, saving 15
user role 17
what to do after starting DM6500/7600 18
getting to know Security Manager
global settings in DM 6500/7600
editing 21
protocol settings 22
GRE (generic routing encapsulation)
advantages of IPSec tunneling with GRE 81
configuring policies 85
for devices with dynamic IP 84
GRE Modes page 59
implementation 81
IPSec technology 7
prerequisites for successful configuration 82
understanding in site-to-site VPNs 80
using DMVPN with 89
GRE Dynamic IP
configuring policies 85
for dynamically addressed spokes 84
IPSec technology 7
group names
modifying 89
groups
add 68
add devices to 67
adding devices to 90
creating 86
deleting 88
group type names
modifying 89
group types
creating 85
deleting 88
GTP map objects
Add Country Network Codes dialog box 100
Add GTP Map dialog box 97
creating 85
deleting 89
duplicating 89
Edit Country Network Codes dialog box 100
Edit GTP Map dialog box 97
editing 88
generating usage reports for 91
GTP Maps page 95
GTP Map Timeouts dialog box 101
understanding 85
viewing details 92
GTP Maps page 95
GTP Map Timeouts dialog box 101
GUI timeout
H
Hardware Client Attributes tab
ASA user group objects 79
hash algorithms
in IKE proposals 55
MD5 55
SHA 55
help
accessing 13
help desk users 13
Help menu 12
high availability (HA groups)
configuring 46
High Availability page 34
stateful failover 45
stateless failover 45
understanding 43
History tab 6
hit count
changing displayed results 41
filtering columns 41
sorting columns 42
viewing details 43
generating reports 39
understanding 37
understanding report results 40
Hit Count page 783
home page in DM6500/7600 4
host/domain policies
defining 41
Host/Domain Policy page 514
hostnames
Cisco IOS routers
configuring on 41
hostname settings
configuring on firewall devices 59
HSRP 27
HTTP Credentials dialog box 18
HTTP map objects
creating 94
deleting 107
duplicating 107
editing 106
Extension Request Method tab 100
Ext Request Method tab 110
generating usage reports for 109
HTTP Maps page 102
IOS Specific tab 116
RFC Request Method tab 99, 108
understanding 93
viewing details 110
HTTP Maps page 102
HTTP settings
configuring on firewall devices 43
hub-and-spoke topology
description 3
diagram 3
I
ICMP settings
configuring on firewall devices 45
icons
map elements 4
toolbar reference 13
Identity tab
ASA user group objects 64
idle timeout 3
IGMP
configuring on firewall devices 85
IKE (Internet Key Exchange)
aggressive mode negotiation 53
main mode negotiation 53
proposals 53
understanding 53
IKE keepalive
understanding 64
IKE proposal objects
creating 112
deleting 118
duplicating 114
editing 115
generating usage reports for 117
IKE Proposal dialog box 119
IKE Proposals page 117
understanding 111
viewing details 116
IKE proposals (policies)
configuring 57
configuring on remote access VPN servers 14, 819
IKE Proposal page (remote access VPN) 819
IKE Proposal page (site-to-site VPN) 37
understanding in remote access VPNs 13
IKE tunnels, amount 471
Import Background Image dialog box 20
Import Details pane 5
inheritance
inheriting rules 46
Inherit Rules dialog box 14
understanding 45
Inherit Rules dialog box 14
Inspection page 749
inspection rules
adding 60
Add Inspection Rule dialog box 640
Configure DNS dialog box 668
Configure ESMTP dialog box 671
Configure Fragments dialog box 672
Configure IMAP dialog box 674
Configure POP3 dialog box 675
Configure RPC dialog box 676
Configure SMTP dialog box 669
configuring custom destination ports 64
configuring default inspection traffic 62
configuring destination address and port (IOS) 65
configuring settings 77
configuring source and destination address and port (ASA) 66
copying 74
Custom Protocol dialog box 670
cutting 74
deleting 76
disabling 72
Edit Category dialog box 678
Edit Description dialog box 677
Edit Destinations dialog box 658
editing 69
Edit Inspected Protocol dialog box 665
Edit Inspection Rule dialog box 640
Edit Sources dialog box 657
enabling 72
finding usage 73
generating usage reports 73
Inspection Rules page 637
Limit Inspection Between Source and Destination IP Addresses (ASA) page 647
Match Traffic by Custom Destination Ports page 650
Match Traffic by Destination Address and Port (IOS) page 652
Match Traffic by Source and Destination Address and Port (ASA) page 654
Match Traffic to Default Protocol Ports page 644
moving down 75
moving up 75
pasting 74
Show Destination dialog box 660
Show Source dialog box 660
supported features 79
Inspection Rules page 637
installing
Security Manager client 3
interface
status 472
throughput 472
interface management
See ports and interface management in DM 6500/7600
Interface Properties dialog box 25
interface role objects
creating 120
deleting 128
duplicating 122
editing 123
exceptional cases 130
generating usage reports for 127
Interface Name Conflict dialog box 124
Interface Role dialog box 123
Interface Roles page 122
managing overrides 126
override page in Policy Object Manager 202
specifying during policy definition 129
understanding 119
viewing details 125
interface roles
override page in Device Properties 53
Interface Roles Override page 53
interfaces
Cisco IOS routers
available types 5
configuring on 2
Create Router Interface dialog box 475
deleting from 8
generating interface names 7
Interface Auto Name Generator dialog box 480
Router Interfaces page 474
Interface Name Conflict dialog box 124
PIX/ASA/FWSM
checklist for configuring interfaces in multi context mode 9
configuring on 3
enabling traffic between same security levels 4
troubleshooting 19
specifying during policy definition 129
interface timeout 3
interface types supported in DM6500/7600 34
inventory
adding devices to 30
deleting devices from 82
IOS routers
deployment using Token Management Servers (TMS) 13
IOS Specific tab
HTTP map objects 116
IOS Web Filter Rule and Applet Scanner dialog box 726
IP address
management, transparent firewall 276
IP addresses
specifying in policies 151
supported formats 142
IPSec proposals (policies)
configuring for EzVPN 97
configuring in remote access VPNs 10
configuring in site-to-site VPNs 62
IPSec Proposal Editor (remote access VPN)
IOS and Catalyst 6500/7600 devices 808
PIX and ASA devices 805
IPSec Proposal page (in EzVPN) 69
IPSec Proposal page (remote access VPN) 802
IPSec Proposal page (site-to-site VPN) 39
understanding in remote access VPNs 9
using crypto maps in 60
using transform sets in 59
IPSec tab
ASA user group objects 68
IPSec technologies
defining 12
DMVPN 7
EzVPN 7
GRE 7
GRE Dynamic IP 7
mandatory policies 8
optional policies 8
regular IPSec 7
understanding 7
working with policies 7
IPSec transform set objects
creating 134
deleting 139
duplicating 135
editing 136
generating usage reports for 138
IPSec Transform Set dialog box 128
IPSec Transform Sets page 126
supported modes 133
supported protocols 132
understanding 131
viewing details 137
IPSec tunnels
understanding policies 58
IPSec tunnels, amount 471
IPS Manager
managing devices with 82
ISAKMP/IPSec settings
IKE keepalive 64
in remote access VPNs 20
in site-to-site VPNs 64
ISAKMP/IPSec Settings tab (remote access VPN) 824
ISAKMP/IPSec Settings tab (site-to-site VPN) 44
J
job approval 9
job changes 10
job deployment methods
understanding 11
jobs
aborting 42
approving 51
benefits of 2
creating 46
discarding 52
including devices in 10
opening 49
rejecting 51
submitting 50
job states
non-Workflow mode 4
Workflow mode 8
job status
Aborted 8
Approved 8
Deployed 8
Deploying 8
Discarded 8
Edit 8
Edit-In Use 8
Failed 9
Rejected 8
Rolled Back 9
Rolling Back 9
Submitted 8
joined hub-and-spoke topology 7
Join Group tab
description 86
JumpStart 13
K
Kerberos
use by ASA devices 22
L
Layer 2 firewall
license 471
licenses
understanding 53
upgrading 53
uploading new 53
working with 53
licensing
Settings page 12
Lightweight Directory Access Protocol (LDAP)
use by ASA devices 22
Limit Inspection Between Source and Destination IP Addresses (ASA) page 647
locking
and activities 4
committed configuration 4
devices 48
objects 49
policies 48
understanding 47
VPN topologies 48
logging
PIX/ASA/FWSM
configuring on 73
e-mail setup 74
event lists 75
logging filters 77
logging setup 78
rate limit levels 80
server setup 81
syslog servers 83
logging command
class option
message class variables 354
logging in to
Cisco Security Management Suite server 2
logging into
logs
archiving logs 56
Settings page 13
understanding 56
loopback interfaces in DM 6500/7600
adding 80
configuring 77
editing 78
restarting 78
low-latency queuing (LLQ) 79
M
MAC address table
learning, disabling 274
overview 272
MAC exempt address lists
adding 93
deleting 95
editing 94
using 93
macro, definition in DM6500/7600 81
Main toolbar buttons 32
management access settings
configuring on firewall devices 47
maps
access permissions 3
adding existing managed devices 17
adding new managed devices 17
background color 12
background images
deleting 14
importing 13
overview 12
scale and position 15
setting 14
centering elements 9
changing the zoom level 7
creating 3
default map 11
deleting 5
displaying devices from Device View 19
displaying managed devices 16
displaying your network 15
elements, understanding 15
exporting 6
icons 4
Layer 3 automatic connectivity display 23
Layer 3 link
creating 21
deleting 22
displaying 21
layouts, using 9
navigating 6
navigation window 8
objects
adding 20
deleting 20
user created overview 19
opening 4
overview 1
panning 7
refreshing 10
saving 4
searching for elements 9
selecting elements 8
showing containment for Catalyst, ASA, PIX devices 18
understanding 1
undocking window 9
unlinked, using 10
working with 2
Map Settings dialog box 18
Map View
cloning devices 35
context menu
Layer 3 link 12
managed device node 10
map background 13
map objects 13
selected nodes 11
VPN connection 12
copying policies between devices 34
device policies, managing 34
dialog box reference 14
discovering device configurations 36
firewall
AAA rules 25
access rules 24
ACL settings 26
AuthProxy settings 27
inspection rules 24
inspection settings 27
policies 23
services 23
settings 26
transparent rules 26
web filter rules 25
web filter settings 28
icons for elements 4
main page 1
menus 8
navigation window 7
previewing device configurations 35
sharing device policies 34
toolbar reference 6
user interface reference 1
VPNs
adding or removing tunnels 32
creating 29
creating full mesh or hub and spoke 30
creating point-to-point 29
displaying existing 32
editing peers 31
editing policies 31
listing peers 33
managing 28
Map view
Autolink Settings page 2
Match Traffic by Custom Destination Ports page
inspection rules 650
Match Traffic by Destination Address and Port (IOS) page
inspection rules 652
Match Traffic by Source and Destination Address and Port (ASA) page
inspection rules 654
Match Traffic to Default Protocol Ports
inspection rules 644
maximum transmission unit (MTU) 67
MD5 hash algorithm 55
memory, amount
Flash 471
memory usage 471
menu reference
Activities 12
Edit 7
Edit, table commands 21
File 6
Help 12
overview 6
Policy 8
Tools 11
View 8
message classes
list of 354
messages
classes of
list of classes 354
model 471
additional types 11
for objects 9
for policies 8
MRoute page
description 87
MST mode in DM6500/7600, and STP data 111
multicast routing
PIX/ASA/FWSM
configuring on 84
enabling 84
IGMP 85
multicast routes 87
PIM 88
multicast traffic 27
Multilayer Switch Feature Card (MSFC)
Firewall-Inside setup wizard in DM 6500/7600
final configuration, delivering 142
firewall context, creating 139
firewall context, selecting 139
inside network connection, configuring 140
MSFC-Firewall VLANs, configuring 136
service module, selecting 135
summary page 142
VLAN group, selecting 138
Firewall-Outside setup wizard in DM 6500/7600 143
core network connection, configuring 147
final configuration, delivering 148
Firewall-MSFC VLAN, configuring 145
inside network connection, configuring 147
Internet connection, configuring 143
service module, selecting 143
summary page 148
multiple users
activities 5
deployment jobs and 10
N
NAT traversal 66
network access device (NAD) 63
Network Access Restriction (NAR) 21
Network Address Translation (NAT)
Cisco IOS routers
configuring on 9
creating dynamic rules 20
creating static rules 12
designating interfaces 10
Dynamic Rule dialog box 491
Dynamic Rules tab 490
Edit Inside Interfaces dialog box 483
Edit Outside Interfaces dialog box 484
Interface Specification tab 482
NAT Policy page 481
specifying timeouts 23
Static Rule dialog box 486
Static Rules tab 485
Timeouts tab 494
configuring in remote access VPNs 20
configuring in site-to-site VPNs 65
configuring NAT traversal 66
NAT Settings tab (remote access VPN) 827
NAT Settings tab (site-to-site VPN) 48
PIX/ASA/FWSM
Address Pool dialog box 225
Address Pools page 224
clearing XLATE on deployment 100
configuring on 19
configuring translation options 21
defining address pools 20
defining dynamic translation rules 23
defining policy-based dynamic translation rules 24
defining static translation rules 25
defining translation exemptions (NAT 0 ACL) 22
Translation Options page 226
Translation Rules page 227
understanding 19
viewing translation rules 26
network administrators
in Cisco Secure ACS 16
in CiscoWorks 14
Network Admission Control (NAC)
Cisco Trust Agent 63
components 63
configuring on Cisco IOS routers 62
defining identity parameters 70
defining interface parameters 67
defining setup parameters 65
Identities tab 538
Identity Action dialog box 541
Identity Profile dialog box 540
Interface Configuration dialog box 537
Interfaces tab 535
NAC Policy page 532
network access device (NAD) 63
Setup tab 533
understanding system flow 64
network device groups (NDGs)
activating NDG feature 31
associating with roles and user groups 33
configuring in Cisco Secure ACS 31
creating 32
selecting for managed devices 30
selecting when configuring CiscoWorks server 26
network objects
creating 142
deleting 150
duplicating 144
editing 145
generating usage reports for 149
managing overrides 148
Network/Host dialog box 132
Networks/Hosts page 130
override page in Device Properties 54
override page in Policy Object Manager 203
provisioning as PIX object groups 261
supported IP address formats 142
understanding 141
viewing details 147
network operators 14
networks
adding devices from 32
Device Credentials page 39
Device Grouping page 41
Device Information page 35
Networks/Hosts Override page 54
Network Time Protocol
new devices
adding 49
Device Credentials page 39
Device Grouping page 41
Device Information page 51
Node Properties dialog box' 24
Non-Workflow mode
main toolbar buttons 32
viewing
deployment device details 45
non-Workflow mode 45
comparing with Workflow mode 39
configuration files
deploying in 34
previewing 38
rolling back 43
deployment 3
taskflow 3
deployment jobs
aborting 42
states 4
Deployment Manager window 2
Deployment Status Details dialog box 6
Deploy Saved Changes dialog box 3
disabling 41
enabling 41
Preview Config dialog box 8
selecting 37
understanding 39
NTP
configuring on firewall devices 68
NTP broadcast settings in DM 6500/7600, configuring
date and time settings 29
NTP servers and peers 31
O
object group search
enabling 48
understanding 47
objects
AAA server groups
creating 9
deleting 18
duplicating 12
editing 13
generating usage reports for 17
managing overrides 16
viewing details 15
AAA servers
creating 23
deleting 30
duplicating 26
editing 27
generating usage reports for 29
viewing details 28
access control lists
creating 34
deleting 42
duplicating 41
editing 40
extended objects 35
generating usage reports for 43
standard objects 38
understanding 31
viewing details 45
ASA user groups
Client Configuration tab 54
Client Firewall Attributes tab 57
creating 47
deleting 64
duplicating 63
editing 62
General tab 50
generating usage reports for 65
Hardware Client tab 60
Identity tab 49
IPSec tab 52
understanding 45
viewing details 67
categories
editing 69
FlexConfigs
creating 70
deleting 76
duplicating 71
editing 73
example 6
FlexConfig Editor dialog box 85
FlexConfigs Objects page 84
FlexConfig Undefined Variables dialog box 90
generating usage reports for 75
system variables 12
understanding 2
viewing details 74
FTP maps
creating 78
deleting 81
duplicating 81
editing 80
generating usage reports for 83
understanding 77
viewing details 84
GTP maps
creating 85
deleting 89
duplicating 89
editing 88
generating usage reports for 91
understanding 85
viewing details 92
HTTP maps
creating 94
deleting 107
duplicating 107
Encoding tab 104
Entity Length tab 97
Extension Request Method tab 100
General tab 95
generating usage reports for 109
Port Misuse tab 102
RFC Request Method tab 99
understanding 93
viewing details 110
IKE proposals
creating 112
deleting 118
duplicating 114
editing 115
generating usage reports for 117
viewing details 116
interface roles
creating 120
deleting 128
duplicating 122
editing 123
generating usage reports for 127
managing overrides 126
viewing details 125
IPSec transform sets
creating 134
deleting 139
duplicating 135
editing 136
generating usage reports for 138
viewing details 137
locking
effects on activities 4
networks/hosts
creating 142
deleting 150
duplicating 144
editing 145
generating usage reports for 149
managing overrides 148
viewing details 147
Object Type selector 31
overview 11
PKI enrollments
creating 154
deleting 169
duplicating 163
editing 164
generating usage reports for 168
managing overrides 166
viewing details 165
port lists
creating 171
deleting 178
duplicating 173
editing 174
generating usage reports for 177
managing overrides 176
viewing details 175
provisioning as PIX object groups 260
service groups
creating 190
deleting 198
duplicating 192
editing 193
generating usage reports for 197
managing overrides 195
viewing details 194
services
creating 180
deleting 188
duplicating 182
editing 183
generating usage reports for 187
managing overrides 186
viewing details 185
TCP maps
creating 199
deleting 203
duplicating 202
editing 201
generating usage reports for 205
understanding 199
viewing details 206
text
creating 207
deleting 214
duplicating 208
editing 209
generating usage reports for 212
managing overrides for 213
Text Object Editor dialog box 164
Text Objects page 163
viewing details 211
Text objects
Create Text Object dialog box 89
Property Selector dialog box 91
time ranges
creating 216
deleting 222
duplicating 218
editing 219
generating usage reports for 221
viewing details 220
Traffic flows
creating 224
default inspection traffic with access list 226
deleting 232
duplicating 231
editing 231
generating usage reports for 233
IP diffserv codepoints (DSCPs) 230
IP precedence bits 229
RTP ranges 227
source and destination IP addresses 226
TCP or UDP destination ports 227
tunnel groups 228
viewing details 234
traffic flows
understanding 223
user groups
creating 236
deleting 247
duplicating 243
editing 244
generating usage reports for 246
viewing 245
object selectors 194
Create Filter dialog box 197
filtering 258
using 255
Object Type selector 31
object variables
FlexConfig
deleting 44
understanding 6
Openable Activities dialog box 17
Open Map dialog box 15
OSPF
authentication support 91
configuring on firewall devices 91
interaction with NAT 91
LSAs 91
OSPF interfaces
blocking LSA flooding 130
defining on Cisco IOS routers 124
disabling MTU mismatch detection 129
Interface dialog box 582
OSPF Interface Policy page 580
understanding
authentication 133
cost 128
network types 131
priority 128
timer settings 130
OSPF parameters
dead interval 438
hello interval 438
retransmit interval 438
transmit delay 438
OSPF redistribution
defining mappings 120
defining maximum prefix values 122
understanding 119
OSPF routing
Cisco IOS routers
Area dialog box 592
Area tab 591
configuring on 115
defining area settings 117
defining interface settings 124
defining setup parameters 116
Edit Interfaces dialog box 590
Max Prefix Mapping dialog box 599
OSPF Process Policy page 587
redistributing routes 119
Redistribution Mapping dialog box 596
Redistribution tab 594
Setup dialog box 589
Setup tab 588
OS version mismatches
handling 14
overview
policies 10
workflow 11
P
partial mesh topologies 7
Peers page 6
permanent license
upgrading from evaluation license 53
per user downloadable ACLs (PIX/ASA/FWSM)
enabling 51
understanding 50
PIM
configuring on firewall devices 88
PIX
FlexConfig object samples 10
PIX/ASA/FWSM Platform policies
configuring AAA 29
configuring AUS settings 61
configuring banners 36
configuring boot image and configuration settings 37
configuring bridging 27
configuring clock 38
configuring console timeout settings 43
configuring contact credentials 41
configuring device access 42
configuring device administration policies 28
configuring DHCP relay 63
configuring DHCP servers 64
configuring DNS 66
configuring failover 54
configuring fragment settings 95
configuring hostname settings 59
configuring HTTP settings 43
configuring ICMP settings 45
configuring interfaces 3
configuring logging 73
configuring management access settings 47
configuring multicast routing 84
configuring NAT 19
configuring NTP 68
configuring resources on FWSMs 106
configuring routing 89
configuring Secure Shell (SSH) 48
configuring security contexts 101
configuring security policies 94
configuring server access settings 60
configuring service policy rules 99
configuring SMTP servers 69
configuring SNMP 49
configuring SSH 48
configuring Telnet 53
configuring TFTP servers 70
configuring timeouts 98
configuring user accounts 71
configuring user preferences 100
enabling anti-spoofing 95
enabling floodguard 95
enabling Unicast Reverse Path Forwarding 95
PIX/FWSM/ASA Rules dialog box 704
PIX firewalls
see also PIX/ASA/FWSM Platform policies
PIX object groups
converting policy objects to 260
provisioning network objects as 261
provisioning port list objects as 262
provisioning service group objects as 266
provisioning service objects as 263
PKI (Public Key Infrastructure) policies
CA server authentication methods 74
configuring 79
configuring in remote access VPNs 19
enrollment prerequisites 76
Public Key Infrastructure page (remote access VPN) 821
Public Key Infrastructure page (site-to-site VPN) 57
understanding 73
understanding in remote access VPNs 18
using TFTP 77
PKI enrollment
prerequisites 76
prerequisites using TFTP 77
PKI Enrollment dialog box 136
CA Information tab 137
Certificate Subject Name tab 144
Enrollment Parameters tab 141
Trusted CA Hierarchy tab 146
PKI enrollment objects
creating 154
defining CA server properties 156
defining certificate attributes 161
defining enrollment parameters 158
defining trusted CA hierarchy 162
deleting 169
duplicating 163
editing 164
generating usage reports for 168
managing overrides 166
override page in Device Properties 55
override page in Policy Object Manager 204
PKI Enrollment dialog box 136
PKI Enrollments page 134
understanding 152
viewing details 165
PKI Enrollments Override page 55
platform model 471
point-to-point topologies
description 4
diagram 4
policies
advanced features 43
assigning shared policies 27
basic concepts
local vs. shared 3
managing 16
overview 1
service vs. platform-specific 3
settings-based vs. rule-based 2
shared policies in Device view