- About This Guide
-
- Information about AAA
- Configuring the Local Database for AAA
- Configuring RADIUS Servers for AAA
- Configuring TACACS+ Servers for AAA
- Configuring LDAP Servers for AAA
- Configuring Windows NT Servers for AAA
- Configuring the Identity Firewall
- Configuring the ASA to Integrate with Cisco TrustSec
- Configuring Digital Certificates
- Index
Index
/bits subnet masks 48-3
connector types 11-14
fiber 11-14
SFP 11-14
802.1Q tagging 12-10
802.1Q trunk 11-36
about 32-1, 33-1, 34-1, 35-1, 37-1
CLI access 45-17
command 45-23
server 41-4
adding 34-15, 36-7, 36-8, 37-3
types 32-1
support summary 32-3
definition of 27-2
access_rules 22-3
description 30-10
access ports 12-8
dialog box 21-1
entering 5-37
location 5-35
obtaining 5-36
about 9-21
actions 9-22
asymmetric routing support 9-45
duplicate MAC addresses, avoiding 9-8
primary status 9-21
secondary status 9-21
about 9-19
actions 9-20
command replication 9-18
configuration synchronization 9-18
device initialization 9-18
primary unit 9-19
secondary unit 9-19
Adaptive Security Algorithm 1-22
add_acl 22-3
Add/Edit Access Group dialog box
description 30-10
Add/Edit Filtering Entry dialog box
description 27-27
Add/Edit IGMP Join Group dialog box
description 30-8
Add/Edit IGMP Static Group dialog box
description 30-10
Add/Edit Multicast Group dialog box 30-19
description 30-19
Add/Edit OSPF Area dialog box 27-19
description 27-19
Add/Edit OSPF Neighbor Entry dialog box 27-24, 27-50, 27-51
description 27-25, 27-51
Add/Edit Rendezvous Point dialog box
restrictions 30-15
Add/Edit Summary Address dialog box
description 27-13, 27-19
Add/Edit Time Range dialog box 20-15
Add/Edit Virtual Link dialog box
description 27-28
about 8-2
changing 8-27
using ICMP for 45-9
administrative distance 25-3, 25-4, 25-8
Advanced DHCP Options dialog box
description 17-6
Advanced OSPF Interface Properties dialog box 27-18
Advanced OSPF Virtual Link Properties dialog box
description 27-28
ae_standard_access_list_rule 22-3
ae_webtype_acl 23-3
enabling 13-7, 14-9
alternate address, ICMP message 48-15
analyzing syslog messages 41-2
security level requirements 13-2, 14-2, 15-2
Apply button 4-12
description 27-6
area border router 27-2
about 6-6
enabling 6-11
static entry 6-10
ARP spoofing 6-6
monitoring 11-40, 12-12, 13-23, 14-23
ARP test, failover 9-16
ASA (Adaptive Security Algorithm) 1-22
Base license 12-2
MAC addresses 12-4
maximum VLANs 12-2
power over Ethernet 12-4
Security Plus license 12-2
SPAN 12-4
Spanning Tree Protocol, unsupported 12-8
ASA 5550 throughput 13-7, 14-10
ASA CX Staus tab 4-30
definition of 27-2
ASR 9-45
ASR groups 9-45
asymmetric routing support 9-45
RADIUS 34-3
TACACS+ 35-1
authenticating a certificate 40-12, 40-14
about 32-1
CLI access 45-17
description 27-16
about 32-2
command 45-23
Auto-MDI/MDIX 11-2, 12-4
autostate messaging 2-13
Auto-Update, configuring 46-31
restoring 46-25
backing up configurations 46-21
Backing Up the Local CA Server 46-24
Baltimore Technologies, CA server support 40-5
bandwidth 4-20
bits subnet masks 48-3
forwarding on the switch 2-13
broadcast Ping test 9-16
building blocks 20-1
bypassing the firewall, in the switch 2-6
CRs and 40-3
public key cryptography 40-3
revoked certificates 40-3
supported servers 40-5
CA certificate 40-2
CA certificates 40-12, 40-14
Cancel button 4-12
Digicert 40-5
Geotrust 40-5
Godaddy 40-5
iPlanet 40-5
Netscape 40-5
RSA Keon 40-5
Thawte 40-5
See switch
CA 40-12, 40-14
code-signer 40-29
Identity 40-24
local CA 40-31
certificate authentication 40-12, 40-14
certificate enrollment 40-13, 40-15
See CRLs
change query interval 30-12
change query response time 30-12
change query timeout value 30-12
changing between contexts 8-25
changing the severity level 41-23
See switch
server support 40-5
Class A, B, and C addresses 48-1
message class variables 41-4
types 41-4
See resource management
regular expression 20-14
Cluster Dashboard tab 4-25
Cluster Firewall Dashboard tab 4-26
ASDM connection certificate IP address mismatch 10-12
backup owner 10-10
bootstrap configuration 10-50
cabling 10-33
system ID 10-62
system priority 10-62
failure 10-9
overview 10-7
redundancy 10-8
size 10-7
examples 10-72
replication 10-11
configuring 10-59
new, ownership 10-19
context mode 10-28
data path connection state replication 10-10
device-local EtherChannels, configuring on switch 10-30
executing a command cluster-wide 10-69
failover 10-28
feature history 10-88
centralized 10-21
individual units 10-22
NAT 10-24
SNMP 10-26
syslog and netflow 10-26
unsupported 10-20
VPN 10-26
guidelines and limitations 10-28
high availability 10-9
High Availability and Scalability Wizard 10-50
individual cluster interfaces, configuring 10-38
interface monitoring 10-9
IPv6 10-28
licensing 10-27
interface, configuring 10-38
interface, overview 10-11
network 10-11
overview 10-11
changing 10-67
election 10-3
maximum members 10-27
member requirements 10-3
model support 10-28
monitoring 10-70
bootstrap configuration 10-3
cluster control link 10-7
Equal-Cost Multi-Path Routing 10-16
interfaces 10-4
load balancing 10-13
management 10-11
master unit 10-3
Policy-Based Routing 10-15
spanned EtherChannel 10-13
performance scaling factor 10-2
prerequisites 10-27
rebalancing new connections 10-20
removing a member 10-65
RSA key replication 10-12
software requirements 10-3
benefits 10-13
configuring 10-43
load balancing 10-14
maximum throughput 10-13
overview 10-13
redundancy 10-14
VSS or vPC 10-14
spanning-tree portfast 10-28
unit failure 10-9
unit health monitoring 10-9
upgrading software 10-3
code-signer certificate 40-29
about 45-13
configuring 45-23
multiple contexts 45-14
commands 3-19
restoring 3-19
switch 2-1
accessing 3-2, 3-5
configurations, backing up 46-21
per context 8-18
context mode 28-3
context modes 25-2, 26-3, 27-3, 29-3, 30-3
See security contexts
conversion error, ICMP message 48-16
creating a custom event list 41-18
cache refresh time 40-19, 40-23
logging output destination 41-5
routed firewall 6-13
transparent firewall 6-19
date and time in messages 41-22
class 8-9
routes, defining equal cost routes 25-7
commands 3-19
restoring 3-19
about 25-7
configuring 25-7
device ID in messages 41-22
interface lease 13-24, 14-24
IP addresses 13-23, 14-23
server 13-23, 14-23
statistics 13-25, 14-25
relay 17-7
server 17-5
statistics 13-25, 14-25
DHCP Relay panel 18-7
DHCP services 16-5
digital certificates 40-1, 40-2
directory hierarchy search 36-3
disabling messages 41-22
DMZ, definition 1-18
server, configuring 16-8
dotted decimal subnet masks 48-3
dual IP stack, configuring 13-2
dual-ISP support 25-9
interface 12-9, 12-12
duplex, configuring 11-14, 12-6
echo reply, ICMP message 48-15
ECMP 25-3
Edit OSPF Interface Authentication dialog box 27-16
description 27-16
Edit OSPF Interface Properties dialog box 27-17
DUAL algorithm 28-2
hello interval 28-23
hello packets 28-1
hold time 28-2, 28-23
neighbor discovery 28-1
stub routing 28-6
stuck-in-active 28-2
enable command 3-2
enabling logging 41-7
enabling secure logging 41-21
certificate 40-13, 40-15
Entrust, CA server support 40-5
established command, security level requirements 13-2, 14-2, 15-2
adding interfaces 11-31
channel group 11-31
compatibility 11-5
converting existing interfaces 11-16
failover 11-12
guidelines 11-13
interface requirements 11-5
LACP 11-6
configuring 11-33
overview 11-7
MAC address 11-8
management interface 11-30
maximum interfaces 11-33
minimum interfaces 11-33
active 11-7
on 11-7
passive 11-7
overview 11-5
port priority 11-31
system priority 11-33
Auto-MDI/MDIX 11-2, 12-4
duplex 11-14, 12-6
jumbo frames, ASA 5580 11-39
single mode 13-14, 14-16
MTU 13-14, 14-16
speed 11-14, 12-6
evaluation license 5-24
commands 3-19
restoring 3-19
about 9-1
Active/Active, See Active/Active failover
Active/Standby, See Active/Standby failover
terminal messages, Active/Standby 9-18
contexts 9-19
criteria 9-41
debug messages 9-53
disabling 9-51
enabling Stateful Failover 9-49
Ethernet failover cable 9-4
failover link 9-3
forcing 9-50
guidelines 42-5
health monitoring 9-16
interface health 9-16
interface monitoring 9-16
interface tests 9-16
link communications 9-3
about 9-19
automatically assigning 8-12
inter-chassis 9-9
intra-chassis 9-8
monitoring, health 9-16
network tests 9-16
primary unit 9-19
redundant interfaces 11-12
reset 9-54
restoring a failed group 9-51
restoring a failed unit 9-51
secondary unit 9-19
SNMP syslog traps 9-53
Stateful Failover, See Stateful Failover
state link 9-4
switch configuration 2-13
system log messages 9-52
system requirements 9-2
trunk 2-13
unit health 9-16
monitoring 9-54
reset 9-54
fast path 1-22
fiber interfaces 11-14
default settings 22-2, 23-3
security level requirements 13-2, 14-2, 15-2
filtering messages 41-4
editing 41-27
description 27-27
about 6-1
configuring 6-1
flash memory available for logs 41-20
flow control for 10 Gigabit Ethernet 11-25
flow-export actions 43-4
format of messages 41-3
fragment protection 1-19
bookmarking 11-42, 12-15, 13-28, 14-28
interface monitoring 11-42, 12-15, 13-28, 14-28
printing 11-42, 12-15, 13-28, 14-28
SNMP 42-3
transparent firewall guidelines 6-6
Help button 4-12
Help menu 4-9
about 9-1
history metrics 4-34
SNMP 42-3
hosts, subnet masks for 48-3
HSRP 6-5
allowing network or host access to ASDM 45-1
rules for access to ADSM 45-9
type numbers 48-15
ICMP unreachable message limits 45-10
Identity Certificates 40-24
implementing SNMP 42-4
assigning or changing rate limits 41-24
information reply, ICMP message 48-15
information request, ICMP message 48-15
inside, definition 1-18
module verification 2-8
duplex 12-9, 12-12
MTU 13-14, 14-16
status 4-20
subinterface, adding 11-38
throughput 4-20
Interface pane 27-16
enabled status 12-8
MAC addresses 12-4
maximum VLANs 12-2
switch port configuration 12-8
trunk ports 12-10
ASA 5550 throughput 13-7, 14-10
default settings 22-2, 23-3
duplex 11-14, 12-6
failover monitoring 9-16
fiber 11-14
single mode 13-14, 14-16
automatically assigning 8-24
monitoring 11-40, 12-13, 13-26, 14-26
redundant 11-27
SFP 11-14
speed 11-14, 12-6
subinterfaces 11-36
turning off 13-22, 14-22
turning on 13-22, 14-22
upgrading 2-3
classes 48-1
management, transparent firewall 14-8
management, transparent firewall (8.3 and earlier) 15-4
private 48-2
subnet mask 48-4
configuring alongside IPv4 13-2
default route 25-8
dual IP stack 13-2
duplicate address detection 31-3
neighbor discovery 31-1
router advertisement messages 31-3
static neighbors 31-5
static routes 25-8
anycast 48-9
format 48-5
multicast 48-8
prefixes 48-10
required 48-10
types of 48-6
unicast 48-6
IPv6 prefixes 31-15
IPX 2-6
Java console 41-13
description 30-8
jumbo frames, ASA 5580 11-39
single mode 13-14, 14-16
configuring 34-15, 36-7, 37-3
key pairs 40-25
LACP 11-6
See transparent firewall
See MAC address table
attribute mapping 36-5
configuring 34-15, 36-7, 37-3
directory search 36-3
hierarchy example 36-2
SASL 36-2
entering 5-37
location 5-35
obtaining 5-36
ASA 5505 5-3
ASA 5510 5-4, 5-9
ASA 5520 5-5
ASA 5540 5-6
ASA 5550 5-7
ASA 5580 5-8, 5-17
ASA 5585-X 5-16
default 5-24
evaluation 5-24
failover 5-35
guidelines 5-34
managing 5-1
preinstalled 5-24
Product Authorization Key 5-36
backup server, information 5-28
client, configuring 5-39
communication issues 5-28
failover 5-29
maximum clients 5-30
monitoring 5-41
overview 5-27
server, configuring 5-38
SSL messages 5-28
temporary 5-24
viewing current 5-40
VPN Flex 5-24
logging 41-5
licensing requirements for SNMP 42-4
link up/down test 9-16
local CA 40-31
Local CA User Database 40-35
adding a user 33-3
configuring 33-3
lockout recovery 45-31
filtering messages by 41-4
types 41-4
by message list 41-5
by severity level 41-1
internal buffer 41-1, 41-8
Telnet or SSH session 41-8
changing the size of 41-21
configuring 41-21
logging feature history 41-28
configuring 41-21
banner, configuring 45-6
console 3-1
enable 3-2
global configuration mode 3-2
session 3-4
SSH 3-4, 45-5
Telnet 3-4
executing certain commands 41-27
loops, avoiding 2-13
redundant interfaces 11-5
ASA 5505 12-4
automatically assigning 8-24
failover 9-19
security context classification 8-3
about 6-19
built-in-switch 6-7
MAC learning, disabling 6-13
monitoring 11-40, 12-12, 13-26, 14-26
resource management 8-18
static entry 6-12
MAC learning, disabling 6-13
default settings 22-2, 23-3
management IP address, transparent firewall 14-8
management IP address, transparent firewall (8.3 and earlier) 15-4
man-in-the-middle attack 6-6
reply, ICMP message 48-15
request, ICMP message 48-15
Master Passphrase 16-5
menus 4-4
message filtering 41-4
filtering by 41-5
about 41-4
list of 41-4
component descriptions 41-3
filtering by message list 41-5
format of 41-3
severity levels 41-3
messages classes 41-4
messages in EMBLEM format 41-19, 41-20
metacharacters, regular expression 20-11
default settings 22-2, 23-3
MIBs for SNMP 42-13
Microsoft Windows CA, supported 40-5
mobile redirection, ICMP message 48-16
context 8-16
firewall 6-1
ARP table 11-40, 12-12, 13-23, 14-23
interface lease 13-24, 14-24
IP addresses 13-23, 14-23
server 13-23, 14-23
statistics 13-25, 14-25
failover 9-16
failover groups 9-54
history metrics 4-34
interfaces 11-40, 12-13, 13-26, 14-26
MAC address table 11-40, 12-12, 13-26, 14-26
OSPF 27-65
SNMP 42-1
monitoring logging 41-25
monitoring NSEL 43-7
monitoring switch traffic, ASA 5505 12-4
description 30-6
overview 2-2
SVIs 2-6
MTU 13-14, 14-16
multicast traffic 6-5
logging 41-2
See security contexts
multiple SVIs 2-5
disabling proxy ARP for global addresses 24-11
neighbor reachable time 31-3
neighbor solicitation messages 31-2
neighrbor advertisement messages 31-2
overview 43-1
matching to configured collectors 43-6
Network Activity test 9-16
No Payload Encryption 5-33
redundant messages 43-2
NSEL feature history 43-8
NSEL licensing requirements 43-4
configuring 34-15, 36-7, 37-3
open ports 48-14
Options menu 4-5
area authentication 27-19
area MD5 authentication 27-19
area parameters 27-19
authentication key 27-15
authentication support 27-2
configuring authentication 27-16
cost 27-15
dead interval 27-15
defining a static neighbor 27-24, 27-50, 27-51
defining interface properties 27-17
interaction with NAT 27-2
interface parameters 27-14
interface properties 27-16, 27-17
link-state advertisement 27-2
logging neighbor states 27-26
LSAs 27-2
MD5 authentication 27-15
monitoring 27-65
NSSA 27-20
packet pacing 27-66, 27-67
processes 27-2
redistributing routes 27-7
route calculation timers 27-25
route summarization 27-13
dead interval 27-18
hello interval 27-18
retransmit interval 27-18
transmit delay 27-18
output destination 41-6
output destinations 41-1, 41-8
e-mail address 41-1, 41-8
SNMP management station 41-1, 41-8
Telnet or SSH session 41-1, 41-8
outside, definition 1-18
oversubscribing resources 8-10
classifier 8-3
routed firewall 6-13
transparent firewall 6-19
parameter problem, ICMP message 48-15
pause frames for flow control 11-25
shortest path tree settings 30-18
PoE 12-4
enabling 13-7, 14-9
open on device 48-14
TCP and UDP 48-11
power over Ethernet 12-4
primary unit, failover 9-19
graphs 11-42, 12-15, 13-28, 14-28
private networks 48-2
accessing 3-5
privileged EXEC mode, accessing 3-2
accessing 3-2
description 27-6
Product Authorization Key 5-36
Properties tab 27-17
description 27-17
fields 27-17
protocol numbers and literal values 48-11
description 30-14
proxy ARP, disabling 24-11
public key cryptography 40-3
changing the size of 41-21
attributes 34-3
configuring a server 34-15, 36-7, 37-3
support 34-2
rapid link failure detection 2-13
rate limit 41-23
redirect, ICMP message 48-15
converting existing interfaces 11-16
configuring 11-27
failover 11-12
MAC address 11-5
setting the active interface 11-30
Registration Authority description 40-3
regular expression 20-10
context 8-29
description 30-17
Reset button 4-12
resetting the services module 2-14
about 8-10
class 8-17
configuring 8-8
default class 8-9
oversubscribing 8-10
resource types 8-18
unlimited 8-11
restoring backups 46-25
revoked certificates 40-3
RFCs for SNMP 42-12
authentication 29-2
definition of 29-1
enabling 29-4
support for 29-2
limitations 29-3
RIP Version 2 Notes 29-3
about 6-1
setting 6-1
definition 26-1
defining 26-4
uses 26-1
advertisement, ICMP message 48-15
solicitation, ICMP message 48-15
router advertisement messages 31-3
router advertisement transmission interval 31-10
router lifetime value 31-11
about default 25-7
configuring default routes 25-7
configuring IPv6 default 25-8
configuring IPv6 static 25-8
configuring static routes 25-3
description 27-6
Route Tree pane 30-18
description 30-18
ICMP 45-9
copying 46-21
same security level communication
enabling 13-20, 14-21, 15-17
configuring 34-15, 36-7, 37-3
secondary unit, failover 9-19
configure server 46-13
connecting to 3-1
managing licenses 5-1
about 8-1
adding 8-20
about 8-2
changing 8-27
cascading 8-6
changing between 8-25
classifier 8-3
command authorization 45-14
URL, changing 8-28
logging in 8-7
automatically assigning 8-24
classifying using 8-3
managing 8-1, 8-26
monitoring 8-31
MSFC compatibility 2-3
multiple mode, enabling 8-16
nesting or cascading 8-7
reloading 8-29
removing 8-26
resource management 8-10
unsupported features 8-14
about 13-1
security models for SNMP 42-3
maximum and minimum 13-13
maximum and minimum, overview 11-8
sending messages to an e-mail address 41-14
sending messages to a specified output destination 41-21
sending messages to a syslog server 41-9
sending messages to a Telnet or SSH session 41-18
sending messages to the console port 41-17
sending messages to the internal log buffer 41-12
session management path 1-22
severity levels, of system log messages
changing 41-1
filtering by 41-1
list of 41-3
severity levels, of system messages
definition 41-3
backup server, information 5-28
client, configuring 5-39
communication issues 5-28
failover 5-29
maximum clients 5-30
monitoring 5-41
server, configuring 5-38
SSL messages 5-28
backing up configuration 8-16
configuration 8-16
enabling 8-16
restoring 8-16
Smart Call Home monitoring 44-9
about 42-1
failover 42-5
management station 41-1, 41-8
prerequisites 42-4
SNMP configuration 42-6
SNMP groups 42-3
SNMP hosts 42-3
adding 42-7
SNMP monitoring 42-11
SNMP terminology 42-2
SNMP users 42-3
SNMP Version 3 42-3, 42-9
SNMP Versions 1 and 2c 42-8
version 4-30
source quench, ICMP message 48-15
SPAN 12-4
Spanning Tree Protocol, unsupported 12-8
SPAN session 2-8
speed, configuring 11-14, 12-6
concurrent connections 45-2
login 45-5
username 45-5
copying 46-21
acessing 7-1
licensing requirements 7-1
about 9-13
enabling 9-49
state information 9-13
state link 9-4
stateful inspection 1-22
state information 9-13
state link 9-4
static ARP entry 6-10
static bridge entry 6-12
description 30-9
configuring 25-3
deleting 25-6
status bar 4-11
See transparent firewall
stuck-in-active 28-2
adding 11-38
subinterfaces, adding 11-36
/bits 48-3
about 48-2
address range 48-4
determining 48-3
dotted decimal 48-3
number of hosts 48-3
subordinate certificate 40-2
description 27-11
configuring 2-12
multiple 2-5
overview 2-5
assigning VLANs to module 2-9
autostate messaging 2-13
BPDU forwarding 2-13
configuration 2-1
failover compatibility with transparent firewall 2-13
failover configuration 2-13
trunk for failover 2-13
verifying module installation 2-8
See SVIs
switch MAC address table 6-7
access ports 12-8
SPAN 12-4
trunk ports 12-10
syslogd server program 41-6
using log viewers 41-25
analyzing 41-2
syslog messaging for SNMP 42-11
designating more than one as output destination 41-6
system configuration 8-2
classes 41-4
classes of 41-4
by message list 41-5
by severity level 41-1
disabling logging of 41-1
filtering by message class 41-4
output destinations 41-1, 41-8
syslog message server 41-8
Telnet or SSH session 41-8
about 41-3
changing the severity level of a message 41-1
command authorization, configuring 45-27
configuring a server 34-15, 36-7, 37-3
connection limits per context 8-18
maximum segment size 13-13
maximum segment size, overview 11-8
ports and literal values 48-11
overview 11-8
allowing management access 45-1
concurrent connections 45-2
login 45-4
temporary license 5-24
system performance 4-24
time exceeded, ICMP message 48-15
timestamp reply, ICMP message 48-15
timestamp request, ICMP message 48-15
Tools menu 4-6
traceroute, enabling 4-7
routed firewall 6-13
transparent firewall 6-19
about 6-2
about 6-6
enabling 6-11
static entry 6-10
data flow 6-19
guidelines 6-8
H.323 guidelines 6-6
HSRP 6-5
MAC learning, disabling 6-13
management IP address 14-8
management IP address (8.3 and earlier) 15-4
multicast traffic 6-5
static bridge entry 6-12
unsupported features 6-9
VRRP 6-5
trunk, 802.1Q 11-36
trunk ports 12-10
modes 6-8, 7-1, 21-2
trustpoint 40-4
connection limits per context 8-18
connection state information 1-22
ports and literal values 48-11
accessing 3-4
unreachable, ICMP message 48-15
required for MTU discovery 45-9
IOS 2-3
context configuration, changing 8-28
accessing 3-2
adding 33-3
SNMP 42-3
using clustering 41-5, 43-3
VeriSign, configuring CAs example 40-6
IPS software 4-30
See security contexts
description 27-28
virtual reassembly 1-19
VLANs 11-36
802.1Q trunk 11-36
MAC addresses 12-4
maximum 12-2
assigning to FWSM 2-9
interfaces 2-9
subinterfaces 11-36
address range, subnets 48-4
VPN flex license 5-24
VRRP 6-5
WCCP 19-1
web caching 19-1
Window menu 4-9
Wizards menu 4-8
XOFF frames 11-25
Index
/bits subnet masks 48-3
connector types 11-14
fiber 11-14
SFP 11-14
802.1Q tagging 12-10
802.1Q trunk 11-36
about 32-1, 33-1, 34-1, 35-1, 37-1
CLI access 45-17
command 45-23
server 41-4
adding 34-15, 36-7, 36-8, 37-3
types 32-1
support summary 32-3
definition of 27-2
access_rules 22-3
description 30-10
access ports 12-8
dialog box 21-1
entering 5-37
location 5-35
obtaining 5-36
about 9-21
actions 9-22
asymmetric routing support 9-45
duplicate MAC addresses, avoiding 9-8
primary status 9-21
secondary status 9-21
about 9-19
actions 9-20
command replication 9-18
configuration synchronization 9-18
device initialization 9-18
primary unit 9-19
secondary unit 9-19
Adaptive Security Algorithm 1-22
add_acl 22-3
Add/Edit Access Group dialog box
description 30-10
Add/Edit Filtering Entry dialog box
description 27-27
Add/Edit IGMP Join Group dialog box
description 30-8
Add/Edit IGMP Static Group dialog box
description 30-10
Add/Edit Multicast Group dialog box 30-19
description 30-19
Add/Edit OSPF Area dialog box 27-19
description 27-19
Add/Edit OSPF Neighbor Entry dialog box 27-24, 27-50, 27-51
description 27-25, 27-51
Add/Edit Rendezvous Point dialog box
restrictions 30-15
Add/Edit Summary Address dialog box
description 27-13, 27-19
Add/Edit Time Range dialog box 20-15
Add/Edit Virtual Link dialog box
description 27-28
about 8-2
changing 8-27
using ICMP for 45-9
administrative distance 25-3, 25-4, 25-8
Advanced DHCP Options dialog box
description 17-6
Advanced OSPF Interface Properties dialog box 27-18
Advanced OSPF Virtual Link Properties dialog box
description 27-28
ae_standard_access_list_rule 22-3
ae_webtype_acl 23-3
enabling 13-7, 14-9
alternate address, ICMP message 48-15
analyzing syslog messages 41-2
security level requirements 13-2, 14-2, 15-2
Apply button 4-12
description 27-6
area border router 27-2
about 6-6
enabling 6-11
static entry 6-10
ARP spoofing 6-6
monitoring 11-40, 12-12, 13-23, 14-23
ARP test, failover 9-16
ASA (Adaptive Security Algorithm) 1-22
Base license 12-2
MAC addresses 12-4
maximum VLANs 12-2
power over Ethernet 12-4
Security Plus license 12-2
SPAN 12-4
Spanning Tree Protocol, unsupported 12-8
ASA 5550 throughput 13-7, 14-10
ASA CX Staus tab 4-30
definition of 27-2
ASR 9-45
ASR groups 9-45
asymmetric routing support 9-45
RADIUS 34-3
TACACS+ 35-1
authenticating a certificate 40-12, 40-14
about 32-1
CLI access 45-17
description 27-16
about 32-2
command 45-23
Auto-MDI/MDIX 11-2, 12-4
autostate messaging 2-13
Auto-Update, configuring 46-31
restoring 46-25
backing up configurations 46-21
Backing Up the Local CA Server 46-24
Baltimore Technologies, CA server support 40-5
bandwidth 4-20
bits subnet masks 48-3
forwarding on the switch 2-13
broadcast Ping test 9-16
building blocks 20-1
bypassing the firewall, in the switch 2-6
CRs and 40-3
public key cryptography 40-3
revoked certificates 40-3
supported servers 40-5
CA certificate 40-2
CA certificates 40-12, 40-14
Cancel button 4-12
Digicert 40-5
Geotrust 40-5
Godaddy 40-5
iPlanet 40-5
Netscape 40-5
RSA Keon 40-5
Thawte 40-5
See switch
CA 40-12, 40-14
code-signer 40-29
Identity 40-24
local CA 40-31
certificate authentication 40-12, 40-14
certificate enrollment 40-13, 40-15
See CRLs
change query interval 30-12
change query response time 30-12
change query timeout value 30-12
changing between contexts 8-25
changing the severity level 41-23
See switch
server support 40-5
Class A, B, and C addresses 48-1
message class variables 41-4
types 41-4
See resource management
regular expression 20-14
Cluster Dashboard tab 4-25
Cluster Firewall Dashboard tab 4-26
ASDM connection certificate IP address mismatch 10-12
backup owner 10-10
bootstrap configuration 10-50
cabling 10-33
system ID 10-62
system priority 10-62
failure 10-9
overview 10-7
redundancy 10-8
size 10-7
examples 10-72
replication 10-11
configuring 10-59
new, ownership 10-19
context mode 10-28
data path connection state replication 10-10
device-local EtherChannels, configuring on switch 10-30
executing a command cluster-wide 10-69
failover 10-28
feature history 10-88
centralized 10-21
individual units 10-22
NAT 10-24
SNMP 10-26
syslog and netflow 10-26
unsupported 10-20
VPN 10-26
guidelines and limitations 10-28
high availability 10-9
High Availability and Scalability Wizard 10-50
individual cluster interfaces, configuring 10-38
interface monitoring 10-9
IPv6 10-28
licensing 10-27
interface, configuring 10-38
interface, overview 10-11
network 10-11
overview 10-11
changing 10-67
election 10-3
maximum members 10-27
member requirements 10-3
model support 10-28
monitoring 10-70
bootstrap configuration 10-3
cluster control link 10-7
Equal-Cost Multi-Path Routing 10-16
interfaces 10-4
load balancing 10-13
management 10-11
master unit 10-3
Policy-Based Routing 10-15
spanned EtherChannel 10-13
performance scaling factor 10-2
prerequisites 10-27
rebalancing new connections 10-20
removing a member 10-65
RSA key replication 10-12
software requirements 10-3
benefits 10-13
configuring 10-43
load balancing 10-14
maximum throughput 10-13
overview 10-13
redundancy 10-14
VSS or vPC 10-14
spanning-tree portfast 10-28
unit failure 10-9
unit health monitoring 10-9
upgrading software 10-3
code-signer certificate 40-29
about 45-13
configuring 45-23
multiple contexts 45-14
commands 3-19
restoring 3-19
switch 2-1
accessing 3-2, 3-5
configurations, backing up 46-21
per context 8-18
context mode 28-3
context modes 25-2, 26-3, 27-3, 29-3, 30-3
See security contexts
conversion error, ICMP message 48-16
creating a custom event list 41-18
cache refresh time 40-19, 40-23
logging output destination 41-5
routed firewall 6-13
transparent firewall 6-19
date and time in messages 41-22
class 8-9
routes, defining equal cost routes 25-7
commands 3-19
restoring 3-19
about 25-7
configuring 25-7
device ID in messages 41-22
interface lease 13-24, 14-24
IP addresses 13-23, 14-23
server 13-23, 14-23
statistics 13-25, 14-25
relay 17-7
server 17-5
statistics 13-25, 14-25
DHCP Relay panel 18-7
DHCP services 16-5
digital certificates 40-1, 40-2
directory hierarchy search 36-3
disabling messages 41-22
DMZ, definition 1-18
server, configuring 16-8
dotted decimal subnet masks 48-3
dual IP stack, configuring 13-2
dual-ISP support 25-9
interface 12-9, 12-12
duplex, configuring 11-14, 12-6
echo reply, ICMP message 48-15
ECMP 25-3
Edit OSPF Interface Authentication dialog box 27-16
description 27-16
Edit OSPF Interface Properties dialog box 27-17
DUAL algorithm 28-2
hello interval 28-23
hello packets 28-1
hold time 28-2, 28-23
neighbor discovery 28-1
stub routing 28-6
stuck-in-active 28-2
enable command 3-2
enabling logging 41-7
enabling secure logging 41-21
certificate 40-13, 40-15
Entrust, CA server support 40-5
established command, security level requirements 13-2, 14-2, 15-2
adding interfaces 11-31
channel group 11-31
compatibility 11-5
converting existing interfaces 11-16
failover 11-12
guidelines 11-13
interface requirements 11-5
LACP 11-6
configuring 11-33
overview 11-7
MAC address 11-8
management interface 11-30
maximum interfaces 11-33
minimum interfaces 11-33
active 11-7
on 11-7
passive 11-7
overview 11-5
port priority 11-31
system priority 11-33
Auto-MDI/MDIX 11-2, 12-4
duplex 11-14, 12-6
jumbo frames, ASA 5580 11-39
single mode 13-14, 14-16
MTU 13-14, 14-16
speed 11-14, 12-6
evaluation license 5-24
commands 3-19
restoring 3-19
about 9-1
Active/Active, See Active/Active failover
Active/Standby, See Active/Standby failover
terminal messages, Active/Standby 9-18
contexts 9-19
criteria 9-41
debug messages 9-53
disabling 9-51
enabling Stateful Failover 9-49
Ethernet failover cable 9-4
failover link 9-3
forcing 9-50
guidelines 42-5
health monitoring 9-16
interface health 9-16
interface monitoring 9-16
interface tests 9-16
link communications 9-3
about 9-19
automatically assigning 8-12
inter-chassis 9-9
intra-chassis 9-8
monitoring, health 9-16
network tests 9-16
primary unit 9-19
redundant interfaces 11-12
reset 9-54
restoring a failed group 9-51
restoring a failed unit 9-51
secondary unit 9-19
SNMP syslog traps 9-53
Stateful Failover, See Stateful Failover
state link 9-4
switch configuration 2-13
system log messages 9-52
system requirements 9-2
trunk 2-13
unit health 9-16
monitoring 9-54
reset 9-54
fast path 1-22
fiber interfaces 11-14
default settings 22-2, 23-3
security level requirements 13-2, 14-2, 15-2
filtering messages 41-4
editing 41-27
description 27-27
about 6-1
configuring 6-1
flash memory available for logs 41-20
flow control for 10 Gigabit Ethernet 11-25
flow-export actions 43-4
format of messages 41-3
fragment protection 1-19
bookmarking 11-42, 12-15, 13-28, 14-28
interface monitoring 11-42, 12-15, 13-28, 14-28
printing 11-42, 12-15, 13-28, 14-28
SNMP 42-3
transparent firewall guidelines 6-6
Help button 4-12
Help menu 4-9
about 9-1
history metrics 4-34
SNMP 42-3
hosts, subnet masks for 48-3
HSRP 6-5
allowing network or host access to ASDM 45-1
rules for access to ADSM 45-9
type numbers 48-15
ICMP unreachable message limits 45-10
Identity Certificates 40-24
implementing SNMP 42-4
assigning or changing rate limits 41-24
information reply, ICMP message 48-15
information request, ICMP message 48-15
inside, definition 1-18
module verification 2-8
duplex 12-9, 12-12
MTU 13-14, 14-16
status 4-20
subinterface, adding 11-38
throughput 4-20
Interface pane 27-16
enabled status 12-8
MAC addresses 12-4
maximum VLANs 12-2
switch port configuration 12-8
trunk ports 12-10
ASA 5550 throughput 13-7, 14-10
default settings 22-2, 23-3
duplex 11-14, 12-6
failover monitoring 9-16
fiber 11-14
single mode 13-14, 14-16
automatically assigning 8-24
monitoring 11-40, 12-13, 13-26, 14-26
redundant 11-27
SFP 11-14
speed 11-14, 12-6
subinterfaces 11-36
turning off 13-22, 14-22
turning on 13-22, 14-22
upgrading 2-3
classes 48-1
management, transparent firewall 14-8
management, transparent firewall (8.3 and earlier) 15-4
private 48-2
subnet mask 48-4
configuring alongside IPv4 13-2
default route 25-8
dual IP stack 13-2
duplicate address detection 31-3
neighbor discovery 31-1
router advertisement messages 31-3
static neighbors 31-5
static routes 25-8
anycast 48-9
format 48-5
multicast 48-8
prefixes 48-10
required 48-10
types of 48-6
unicast 48-6
IPv6 prefixes 31-15
IPX 2-6
Java console 41-13
description 30-8
jumbo frames, ASA 5580 11-39
single mode 13-14, 14-16
configuring 34-15, 36-7, 37-3
key pairs 40-25
LACP 11-6
See transparent firewall
See MAC address table
attribute mapping 36-5
configuring 34-15, 36-7, 37-3
directory search 36-3
hierarchy example 36-2
SASL 36-2
entering 5-37
location 5-35
obtaining 5-36
ASA 5505 5-3
ASA 5510 5-4, 5-9
ASA 5520 5-5
ASA 5540 5-6
ASA 5550 5-7
ASA 5580 5-8, 5-17
ASA 5585-X 5-16
default 5-24
evaluation 5-24
failover 5-35
guidelines 5-34
managing 5-1
preinstalled 5-24
Product Authorization Key 5-36
backup server, information 5-28
client, configuring 5-39
communication issues 5-28
failover 5-29
maximum clients 5-30
monitoring 5-41
overview 5-27
server, configuring 5-38
SSL messages 5-28
temporary 5-24
viewing current 5-40
VPN Flex 5-24
logging 41-5
licensing requirements for SNMP 42-4
link up/down test 9-16
local CA 40-31
Local CA User Database 40-35
adding a user 33-3
configuring 33-3
lockout recovery 45-31
filtering messages by 41-4
types 41-4
by message list 41-5
by severity level 41-1
internal buffer 41-1, 41-8
Telnet or SSH session 41-8
changing the size of 41-21
configuring 41-21
logging feature history 41-28
configuring 41-21
banner, configuring 45-6
console 3-1
enable 3-2
global configuration mode 3-2
session 3-4
SSH 3-4, 45-5
Telnet 3-4
executing certain commands 41-27
loops, avoiding 2-13
redundant interfaces 11-5
ASA 5505 12-4
automatically assigning 8-24
failover 9-19
security context classification 8-3
about 6-19
built-in-switch 6-7
MAC learning, disabling 6-13
monitoring 11-40, 12-12, 13-26, 14-26
resource management 8-18
static entry 6-12
MAC learning, disabling 6-13
default settings 22-2, 23-3
management IP address, transparent firewall 14-8
management IP address, transparent firewall (8.3 and earlier) 15-4
man-in-the-middle attack 6-6
reply, ICMP message 48-15
request, ICMP message 48-15
Master Passphrase 16-5
menus 4-4
message filtering 41-4
filtering by 41-5
about 41-4
list of 41-4
component descriptions 41-3
filtering by message list 41-5
format of 41-3
severity levels 41-3
messages classes 41-4
messages in EMBLEM format 41-19, 41-20
metacharacters, regular expression 20-11
default settings 22-2, 23-3
MIBs for SNMP 42-13
Microsoft Windows CA, supported 40-5
mobile redirection, ICMP message 48-16
context 8-16
firewall 6-1
ARP table 11-40, 12-12, 13-23, 14-23
interface lease 13-24, 14-24
IP addresses 13-23, 14-23
server 13-23, 14-23
statistics 13-25, 14-25
failover 9-16
failover groups 9-54
history metrics 4-34
interfaces 11-40, 12-13, 13-26, 14-26
MAC address table 11-40, 12-12, 13-26, 14-26
OSPF 27-65
SNMP 42-1
monitoring logging 41-25
monitoring NSEL 43-7
monitoring switch traffic, ASA 5505 12-4
description 30-6
overview 2-2
SVIs 2-6
MTU 13-14, 14-16
multicast traffic 6-5
logging 41-2
See security contexts
multiple SVIs 2-5
disabling proxy ARP for global addresses 24-11
neighbor reachable time 31-3
neighbor solicitation messages 31-2
neighrbor advertisement messages 31-2
overview 43-1
matching to configured collectors 43-6
Network Activity test 9-16
No Payload Encryption 5-33
redundant messages 43-2
NSEL feature history 43-8
NSEL licensing requirements 43-4
configuring 34-15, 36-7, 37-3
open ports 48-14
Options menu 4-5
area authentication 27-19
area MD5 authentication 27-19
area parameters 27-19
authentication key 27-15
authentication support 27-2
configuring authentication 27-16
cost 27-15
dead interval 27-15
defining a static neighbor 27-24, 27-50, 27-51
defining interface properties 27-17
interaction with NAT 27-2
interface parameters 27-14
interface properties 27-16, 27-17
link-state advertisement 27-2
logging neighbor states 27-26
LSAs 27-2
MD5 authentication 27-15
monitoring 27-65
NSSA 27-20
packet pacing 27-66, 27-67
processes 27-2
redistributing routes 27-7
route calculation timers 27-25
route summarization 27-13
dead interval 27-18
hello interval 27-18
retransmit interval 27-18
transmit delay 27-18
output destination 41-6
output destinations 41-1, 41-8
e-mail address 41-1, 41-8
SNMP management station 41-1, 41-8
Telnet or SSH session 41-1, 41-8
outside, definition 1-18
oversubscribing resources 8-10
classifier 8-3
routed firewall 6-13
transparent firewall 6-19
parameter problem, ICMP message 48-15
pause frames for flow control 11-25
shortest path tree settings 30-18
PoE 12-4
enabling 13-7, 14-9
open on device 48-14
TCP and UDP 48-11
power over Ethernet 12-4
primary unit, failover 9-19
graphs 11-42, 12-15, 13-28, 14-28
private networks 48-2
accessing 3-5
privileged EXEC mode, accessing 3-2
accessing 3-2
description 27-6
Product Authorization Key 5-36
Properties tab 27-17
description 27-17
fields 27-17
protocol numbers and literal values 48-11
description 30-14
proxy ARP, disabling 24-11
public key cryptography 40-3
changing the size of 41-21
attributes 34-3
configuring a server 34-15, 36-7, 37-3
support 34-2
rapid link failure detection 2-13
rate limit 41-23
redirect, ICMP message 48-15
converting existing interfaces 11-16
configuring 11-27
failover 11-12
MAC address 11-5
setting the active interface 11-30
Registration Authority description 40-3
regular expression 20-10
context 8-29
description 30-17
Reset button 4-12
resetting the services module 2-14
about 8-10
class 8-17
configuring 8-8
default class 8-9
oversubscribing 8-10
resource types 8-18
unlimited 8-11
restoring backups 46-25
revoked certificates 40-3
RFCs for SNMP 42-12
authentication 29-2
definition of 29-1
enabling 29-4
support for 29-2
limitations 29-3
RIP Version 2 Notes 29-3
about 6-1
setting 6-1
definition 26-1
defining 26-4
uses 26-1
advertisement, ICMP message 48-15
solicitation, ICMP message 48-15
router advertisement messages 31-3
router advertisement transmission interval 31-10
router lifetime value 31-11
about default 25-7
configuring default routes 25-7
configuring IPv6 default 25-8
configuring IPv6 static 25-8
configuring static routes 25-3
description 27-6
Route Tree pane 30-18
description 30-18
ICMP 45-9
copying 46-21
same security level communication
enabling 13-20, 14-21, 15-17
configuring 34-15, 36-7, 37-3
secondary unit, failover 9-19
configure server 46-13
connecting to 3-1
managing licenses 5-1
about 8-1
adding 8-20
about 8-2
changing 8-27
cascading 8-6
changing between 8-25
classifier 8-3
command authorization 45-14
URL, changing 8-28
logging in 8-7
automatically assigning 8-24
classifying using 8-3
managing 8-1, 8-26
monitoring 8-31
MSFC compatibility 2-3
multiple mode, enabling 8-16
nesting or cascading 8-7
reloading 8-29
removing 8-26
resource management 8-10
unsupported features 8-14
about 13-1
security models for SNMP 42-3
maximum and minimum 13-13
maximum and minimum, overview 11-8
sending messages to an e-mail address 41-14
sending messages to a specified output destination 41-21
sending messages to a syslog server 41-9
sending messages to a Telnet or SSH session 41-18
sending messages to the console port 41-17
sending messages to the internal log buffer 41-12
session management path 1-22
severity levels, of system log messages
changing 41-1
filtering by 41-1
list of 41-3
severity levels, of system messages
definition 41-3
backup server, information 5-28
client, configuring 5-39
communication issues 5-28
failover 5-29
maximum clients 5-30
monitoring 5-41
server, configuring 5-38
SSL messages 5-28
backing up configuration 8-16
configuration 8-16
enabling 8-16
restoring 8-16
Smart Call Home monitoring 44-9
about 42-1
failover 42-5
management station 41-1, 41-8
prerequisites 42-4
SNMP configuration 42-6
SNMP groups 42-3
SNMP hosts 42-3
adding 42-7
SNMP monitoring 42-11
SNMP terminology 42-2
SNMP users 42-3
SNMP Version 3 42-3, 42-9
SNMP Versions 1 and 2c 42-8
version 4-30
source quench, ICMP message 48-15
SPAN 12-4
Spanning Tree Protocol, unsupported 12-8
SPAN session 2-8
speed, configuring 11-14, 12-6
concurrent connections 45-2
login 45-5
username 45-5
copying 46-21
acessing 7-1
licensing requirements 7-1
about 9-13
enabling 9-49
state information 9-13
state link 9-4
stateful inspection 1-22
state information 9-13
state link 9-4
static ARP entry 6-10
static bridge entry 6-12
description 30-9
configuring 25-3
deleting 25-6
status bar 4-11
See transparent firewall
stuck-in-active 28-2
adding 11-38
subinterfaces, adding 11-36
/bits 48-3
about 48-2
address range 48-4
determining 48-3
dotted decimal 48-3
number of hosts 48-3
subordinate certificate 40-2
description 27-11
configuring 2-12
multiple 2-5
overview 2-5
assigning VLANs to module 2-9
autostate messaging 2-13
BPDU forwarding 2-13
configuration 2-1
failover compatibility with transparent firewall 2-13
failover configuration 2-13
trunk for failover 2-13
verifying module installation 2-8
See SVIs
switch MAC address table 6-7
access ports 12-8
SPAN 12-4
trunk ports 12-10
syslogd server program 41-6
using log viewers 41-25
analyzing 41-2
syslog messaging for SNMP 42-11
designating more than one as output destination 41-6
system configuration 8-2
classes 41-4
classes of 41-4
by message list 41-5
by severity level 41-1
disabling logging of 41-1
filtering by message class 41-4
output destinations 41-1, 41-8
syslog message server 41-8
Telnet or SSH session 41-8
about 41-3
changing the severity level of a message 41-1
command authorization, configuring 45-27
configuring a server 34-15, 36-7, 37-3
connection limits per context 8-18
maximum segment size 13-13
maximum segment size, overview 11-8
ports and literal values 48-11
overview 11-8
allowing management access 45-1
concurrent connections 45-2
login 45-4
temporary license 5-24
system performance 4-24
time exceeded, ICMP message 48-15
timestamp reply, ICMP message 48-15
timestamp request, ICMP message 48-15
Tools menu 4-6
traceroute, enabling 4-7
routed firewall 6-13
transparent firewall 6-19
about 6-2
about 6-6
enabling 6-11
static entry 6-10
data flow 6-19
guidelines 6-8
H.323 guidelines 6-6
HSRP 6-5
MAC learning, disabling 6-13
management IP address 14-8
management IP address (8.3 and earlier) 15-4
multicast traffic 6-5
static bridge entry 6-12
unsupported features 6-9
VRRP 6-5
trunk, 802.1Q 11-36
trunk ports 12-10
modes 6-8, 7-1, 21-2
trustpoint 40-4
connection limits per context 8-18
connection state information 1-22
ports and literal values 48-11
accessing 3-4
unreachable, ICMP message 48-15
required for MTU discovery 45-9
IOS 2-3
context configuration, changing 8-28
accessing 3-2
adding 33-3
SNMP 42-3
using clustering 41-5, 43-3
VeriSign, configuring CAs example 40-6
IPS software 4-30
See security contexts
description 27-28
virtual reassembly 1-19
VLANs 11-36
802.1Q trunk 11-36
MAC addresses 12-4
maximum 12-2
assigning to FWSM 2-9
interfaces 2-9
subinterfaces 11-36
address range, subnets 48-4
VPN flex license 5-24
VRRP 6-5
WCCP 19-1
web caching 19-1
Window menu 4-9
Wizards menu 4-8
XOFF frames 11-25