Index

Symbols

/bits subnet masks 48-3

Numerics

4GE SSM

connector types 11-14

fiber 11-14

SFP 11-14

802.1Q tagging 12-10

802.1Q trunk 11-36

A

AAA

about 32-1, 33-1, 34-1, 35-1, 37-1

authentication

CLI access 45-17

authorization

command 45-23

server 41-4

adding 34-15, 36-7, 36-8, 37-3

types 32-1

support summary 32-3

ABR

definition of 27-2

access_rules 22-3

Access Group pane

description 30-10

access ports 12-8

ACL Manager

dialog box 21-1

activation key

entering 5-37

location 5-35

obtaining 5-36

Active/Active failover

about 9-21

actions 9-22

configuring

asymmetric routing support 9-45

duplicate MAC addresses, avoiding 9-8

primary status 9-21

secondary status 9-21

Active/Standby failover

about 9-19

actions 9-20

command replication 9-18

configuration synchronization 9-18

device initialization 9-18

primary unit 9-19

secondary unit 9-19

Adaptive Security Algorithm 1-22

add_acl 22-3

Add/Edit Access Group dialog box

description 30-10

Add/Edit Filtering Entry dialog box

description 27-27

Add/Edit IGMP Join Group dialog box

description 30-8

Add/Edit IGMP Static Group dialog box

description 30-10

Add/Edit Multicast Group dialog box 30-19

description 30-19

Add/Edit OSPF Area dialog box 27-19

description 27-19

Add/Edit OSPF Neighbor Entry dialog box 27-24, 27-50, 27-51

description 27-25, 27-51

Add/Edit Rendezvous Point dialog box

restrictions 30-15

Add/Edit Summary Address dialog box

description 27-13, 27-19

Add/Edit Time Range dialog box 20-15

Add/Edit Virtual Link dialog box

description 27-28

admin context

about 8-2

changing 8-27

administrative access

using ICMP for 45-9

administrative distance 25-3, 25-4, 25-8

Advanced DHCP Options dialog box

description 17-6

Advanced OSPF Interface Properties dialog box 27-18

Advanced OSPF Virtual Link Properties dialog box

description 27-28

ae_standard_access_list_rule 22-3

ae_webtype_acl 23-3

AIP SSM

port-forwarding

enabling 13-7, 14-9

alternate address, ICMP message 48-15

analyzing syslog messages 41-2

application inspection

security level requirements 13-2, 14-2, 15-2

Apply button 4-12

Area/Networks tab

description 27-6

area border router 27-2

ARP inspection

about 6-6

enabling 6-11

static entry 6-10

ARP spoofing 6-6

ARP table

monitoring 11-40, 12-12, 13-23, 14-23

ARP test, failover 9-16

ASA (Adaptive Security Algorithm) 1-22

ASA 5505

Base license 12-2

MAC addresses 12-4

maximum VLANs 12-2

power over Ethernet 12-4

Security Plus license 12-2

SPAN 12-4

Spanning Tree Protocol, unsupported 12-8

ASA 5550 throughput 13-7, 14-10

ASA CX Staus tab 4-30

ASBR

definition of 27-2

ASR 9-45

ASR groups 9-45

asymmetric routing support 9-45

attributes

RADIUS 34-3

attribute-value pairs

TACACS+ 35-1

authenticating a certificate 40-12, 40-14

authentication

about 32-1

CLI access 45-17

Authentication tab

description 27-16

authorization

about 32-2

command 45-23

Auto-MDI/MDIX 11-2, 12-4

autostate messaging 2-13

Auto-Update, configuring 46-31

B

backed up configurations

restoring 46-25

backing up configurations 46-21

Backing Up the Local CA Server 46-24

Baltimore Technologies, CA server support 40-5

bandwidth 4-20

bits subnet masks 48-3

BPDUs

forwarding on the switch 2-13

broadcast Ping test 9-16

building blocks 20-1

bypassing the firewall, in the switch 2-6

C

CA

CRs and 40-3

public key cryptography 40-3

revoked certificates 40-3

supported servers 40-5

CA certificate 40-2

CA certificates 40-12, 40-14

Cancel button 4-12

CA server

Digicert 40-5

Geotrust 40-5

Godaddy 40-5

iPlanet 40-5

Netscape 40-5

RSA Keon 40-5

Thawte 40-5

Catalyst 6500

See switch

certificate

CA 40-12, 40-14

code-signer 40-29

Identity 40-24

local CA 40-31

certificate authentication 40-12, 40-14

certificate enrollment 40-13, 40-15

Certificate Revocation Lists

See CRLs

change query interval 30-12

change query response time 30-12

change query timeout value 30-12

changing between contexts 8-25

changing the severity level 41-23

Cisco 7600

See switch

Cisco IOS CS CA

server support 40-5

Class A, B, and C addresses 48-1

classes, logging

message class variables 41-4

types 41-4

classes, resource

See resource management

class map

regular expression 20-14

Cluster Dashboard tab 4-25

Cluster Firewall Dashboard tab 4-26

clustering

ASDM connection certificate IP address mismatch 10-12

backup owner 10-10

bootstrap configuration 10-50

cabling 10-33

cLACP

system ID 10-62

system priority 10-62

cluster control link

failure 10-9

overview 10-7

redundancy 10-8

size 10-7

configuration

examples 10-72

replication 10-11

configuring 10-59

connection

new, ownership 10-19

context mode 10-28

data path connection state replication 10-10

device-local EtherChannels, configuring on switch 10-30

executing a command cluster-wide 10-69

failover 10-28

feature history 10-88

features

centralized 10-21

individual units 10-22

NAT 10-24

SNMP 10-26

syslog and netflow 10-26

unsupported 10-20

VPN 10-26

guidelines and limitations 10-28

high availability 10-9

High Availability and Scalability Wizard 10-50

individual cluster interfaces, configuring 10-38

interface monitoring 10-9

IPv6 10-28

licensing 10-27

management

interface, configuring 10-38

interface, overview 10-11

network 10-11

overview 10-11

master unit

changing 10-67

election 10-3

maximum members 10-27

member requirements 10-3

model support 10-28

monitoring 10-70

overview

bootstrap configuration 10-3

cluster control link 10-7

Equal-Cost Multi-Path Routing 10-16

interfaces 10-4

load balancing 10-13

management 10-11

master unit 10-3

Policy-Based Routing 10-15

spanned EtherChannel 10-13

performance scaling factor 10-2

prerequisites 10-27

rebalancing new connections 10-20

removing a member 10-65

RSA key replication 10-12

software requirements 10-3

spanned EtherChannel

benefits 10-13

configuring 10-43

load balancing 10-14

maximum throughput 10-13

overview 10-13

redundancy 10-14

VSS or vPC 10-14

spanning-tree portfast 10-28

unit failure 10-9

unit health monitoring 10-9

upgrading software 10-3

code-signer certificate 40-29

command authorization

about 45-13

configuring 45-23

multiple contexts 45-14

configuration

factory default

commands 3-19

restoring 3-19

switch 2-1

configuration mode

accessing 3-2, 3-5

configurations, backing up 46-21

connection limits

per context 8-18

context mode 28-3

context modes 25-2, 26-3, 27-3, 29-3, 30-3

contexts

See security contexts

conversion error, ICMP message 48-16

creating a custom event list 41-18

CRL

cache refresh time 40-19, 40-23

custom messages list

logging output destination 41-5

D

data flow

routed firewall 6-13

transparent firewall 6-19

date and time in messages 41-22

default

class 8-9

routes, defining equal cost routes 25-7

default configuration

commands 3-19

restoring 3-19

default routes

about 25-7

configuring 25-7

device ID in messages 41-22

DHCP

monitoring

interface lease 13-24, 14-24

IP addresses 13-23, 14-23

server 13-23, 14-23

statistics 13-25, 14-25

relay 17-7

server 17-5

statistics 13-25, 14-25

DHCP Relay panel 18-7

DHCP services 16-5

digital certificates 40-1, 40-2

directory hierarchy search 36-3

disabling messages 41-22

DMZ, definition 1-18

DNS

server, configuring 16-8

dotted decimal subnet masks 48-3

dual IP stack, configuring 13-2

dual-ISP support 25-9

duplex

interface 12-9, 12-12

duplex, configuring 11-14, 12-6

E

echo reply, ICMP message 48-15

ECMP 25-3

Edit OSPF Interface Authentication dialog box 27-16

description 27-16

Edit OSPF Interface Properties dialog box 27-17

EIGRP

DUAL algorithm 28-2

hello interval 28-23

hello packets 28-1

hold time 28-2, 28-23

neighbor discovery 28-1

stub routing 28-6

stuck-in-active 28-2

enable command 3-2

enabling logging 41-7

enabling secure logging 41-21

enrolling

certificate 40-13, 40-15

Entrust, CA server support 40-5

established command, security level requirements 13-2, 14-2, 15-2

EtherChannel

adding interfaces 11-31

channel group 11-31

compatibility 11-5

converting existing interfaces 11-16

failover 11-12

guidelines 11-13

interface requirements 11-5

LACP 11-6

load balancing

configuring 11-33

overview 11-7

MAC address 11-8

management interface 11-30

maximum interfaces 11-33

minimum interfaces 11-33

mode

active 11-7

on 11-7

passive 11-7

overview 11-5

port priority 11-31

system priority 11-33

Ethernet

Auto-MDI/MDIX 11-2, 12-4

duplex 11-14, 12-6

jumbo frames, ASA 5580 11-39

jumbo frame support

single mode 13-14, 14-16

MTU 13-14, 14-16

speed 11-14, 12-6

evaluation license 5-24

F

factory default configuration

commands 3-19

restoring 3-19

failover

about 9-1

Active/Active, See Active/Active failover

Active/Standby, See Active/Standby failover

configuration file

terminal messages, Active/Standby 9-18

contexts 9-19

criteria 9-41

debug messages 9-53

disabling 9-51

enabling Stateful Failover 9-49

Ethernet failover cable 9-4

failover link 9-3

forcing 9-50

guidelines 42-5

health monitoring 9-16

interface health 9-16

interface monitoring 9-16

interface tests 9-16

link communications 9-3

MAC addresses

about 9-19

automatically assigning 8-12

module placement

inter-chassis 9-9

intra-chassis 9-8

monitoring, health 9-16

network tests 9-16

primary unit 9-19

redundant interfaces 11-12

reset 9-54

restoring a failed group 9-51

restoring a failed unit 9-51

secondary unit 9-19

SNMP syslog traps 9-53

Stateful Failover, See Stateful Failover

state link 9-4

switch configuration 2-13

system log messages 9-52

system requirements 9-2

trunk 2-13

unit health 9-16

failover groups

monitoring 9-54

reset 9-54

fast path 1-22

fiber interfaces 11-14

Fibre Channel interfaces

default settings 22-2, 23-3

filtering

security level requirements 13-2, 14-2, 15-2

filtering messages 41-4

editing 41-27

Filtering pane

description 27-27

firewall mode

about 6-1

configuring 6-1

flash memory available for logs 41-20

flow control for 10 Gigabit Ethernet 11-25

flow-export actions 43-4

format of messages 41-3

fragment protection 1-19

G

graphs

bookmarking 11-42, 12-15, 13-28, 14-28

interface monitoring 11-42, 12-15, 13-28, 14-28

printing 11-42, 12-15, 13-28, 14-28

groups

SNMP 42-3

H

H.323

transparent firewall guidelines 6-6

Help button 4-12

Help menu 4-9

high availability

about 9-1

history metrics 4-34

host

SNMP 42-3

hosts, subnet masks for 48-3

HSRP 6-5

HTTPS/Telnet/SSH

allowing network or host access to ASDM 45-1

I

ICMP

rules for access to ADSM 45-9

type numbers 48-15

ICMP unreachable message limits 45-10

Identity Certificates 40-24

implementing SNMP 42-4

individual syslog messages

assigning or changing rate limits 41-24

information reply, ICMP message 48-15

information request, ICMP message 48-15

inside, definition 1-18

installation

module verification 2-8

interface

duplex 12-9, 12-12

MTU 13-14, 14-16

status 4-20

subinterface, adding 11-38

throughput 4-20

Interface pane 27-16

interfaces

ASA 5505

enabled status 12-8

MAC addresses 12-4

maximum VLANs 12-2

switch port configuration 12-8

trunk ports 12-10

ASA 5550 throughput 13-7, 14-10

default settings 22-2, 23-3

duplex 11-14, 12-6

failover monitoring 9-16

fiber 11-14

jumbo frame support

single mode 13-14, 14-16

MAC addresses

automatically assigning 8-24

monitoring 11-40, 12-13, 13-26, 14-26

redundant 11-27

SFP 11-14

speed 11-14, 12-6

subinterfaces 11-36

turning off 13-22, 14-22

turning on 13-22, 14-22

IOS

upgrading 2-3

IP addresses

classes 48-1

management, transparent firewall 14-8

management, transparent firewall (8.3 and earlier) 15-4

private 48-2

subnet mask 48-4

IPv6

configuring alongside IPv4 13-2

default route 25-8

dual IP stack 13-2

duplicate address detection 31-3

neighbor discovery 31-1

router advertisement messages 31-3

static neighbors 31-5

static routes 25-8

IPv6 addresses

anycast 48-9

format 48-5

multicast 48-8

prefixes 48-10

required 48-10

types of 48-6

unicast 48-6

IPv6 prefixes 31-15

IPX 2-6

J

Java console 41-13

Join Group pane

description 30-8

jumbo frames, ASA 5580 11-39

jumbo frame support

single mode 13-14, 14-16

K

Kerberos

configuring 34-15, 36-7, 37-3

key pairs 40-25

L

LACP 11-6

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

LDAP

attribute mapping 36-5

configuring 34-15, 36-7, 37-3

directory search 36-3

hierarchy example 36-2

SASL 36-2

licenses

activation key

entering 5-37

location 5-35

obtaining 5-36

ASA 5505 5-3

ASA 5510 5-4, 5-9

ASA 5520 5-5

ASA 5540 5-6

ASA 5550 5-7

ASA 5580 5-8, 5-17

ASA 5585-X 5-16

default 5-24

evaluation 5-24

failover 5-35

guidelines 5-34

managing 5-1

preinstalled 5-24

Product Authorization Key 5-36

shared

backup server, information 5-28

client, configuring 5-39

communication issues 5-28

failover 5-29

maximum clients 5-30

monitoring 5-41

overview 5-27

server, configuring 5-38

SSL messages 5-28

temporary 5-24

viewing current 5-40

VPN Flex 5-24

licensing requirements

logging 41-5

licensing requirements for SNMP 42-4

link up/down test 9-16

local CA 40-31

Local CA User Database 40-35

local user database

adding a user 33-3

configuring 33-3

lockout recovery 45-31

logging

classes

filtering messages by 41-4

types 41-4

filtering

by message list 41-5

by severity level 41-1

output destinations

internal buffer 41-1, 41-8

Telnet or SSH session 41-8

queue

changing the size of 41-21

configuring 41-21

logging feature history 41-28

logging queue

configuring 41-21

login

banner, configuring 45-6

console 3-1

enable 3-2

global configuration mode 3-2

session 3-4

SSH 3-4, 45-5

Telnet 3-4

log viewers

executing certain commands 41-27

loops, avoiding 2-13

M

MAC address

redundant interfaces 11-5

MAC addresses

ASA 5505 12-4

automatically assigning 8-24

failover 9-19

security context classification 8-3

MAC address table

about 6-19

built-in-switch 6-7

MAC learning, disabling 6-13

monitoring 11-40, 12-12, 13-26, 14-26

resource management 8-18

static entry 6-12

MAC learning, disabling 6-13

management interfaces

default settings 22-2, 23-3

management IP address, transparent firewall 14-8

management IP address, transparent firewall (8.3 and earlier) 15-4

man-in-the-middle attack 6-6

mask

reply, ICMP message 48-15

request, ICMP message 48-15

Master Passphrase 16-5

menus 4-4

message filtering 41-4

message list

filtering by 41-5

messages, logging

classes

about 41-4

list of 41-4

component descriptions 41-3

filtering by message list 41-5

format of 41-3

severity levels 41-3

messages classes 41-4

messages in EMBLEM format 41-19, 41-20

metacharacters, regular expression 20-11

mgmt0 interfaces

default settings 22-2, 23-3

MIBs for SNMP 42-13

Microsoft Windows CA, supported 40-5

mobile redirection, ICMP message 48-16

mode

context 8-16

firewall 6-1

monitoring

ARP table 11-40, 12-12, 13-23, 14-23

DHCP

interface lease 13-24, 14-24

IP addresses 13-23, 14-23

server 13-23, 14-23

statistics 13-25, 14-25

failover 9-16

failover groups 9-54

history metrics 4-34

interfaces 11-40, 12-13, 13-26, 14-26

MAC address table 11-40, 12-12, 13-26, 14-26

OSPF 27-65

SNMP 42-1

monitoring logging 41-25

monitoring NSEL 43-7

monitoring switch traffic, ASA 5505 12-4

MRoute pane

description 30-6

MSFC

overview 2-2

SVIs 2-6

MTU 13-14, 14-16

multicast traffic 6-5

multiple context mode

logging 41-2

See security contexts

multiple SVIs 2-5

N

NAT

disabling proxy ARP for global addresses 24-11

neighbor reachable time 31-3

neighbor solicitation messages 31-2

neighrbor advertisement messages 31-2

NetFlow

overview 43-1

NetFlow event

matching to configured collectors 43-6

Network Activity test 9-16

No Payload Encryption 5-33

NSEL and syslog messages

redundant messages 43-2

NSEL feature history 43-8

NSEL licensing requirements 43-4

NT server

configuring 34-15, 36-7, 37-3

O

open ports 48-14

Options menu 4-5

OSPF

area authentication 27-19

area MD5 authentication 27-19

area parameters 27-19

authentication key 27-15

authentication support 27-2

configuring authentication 27-16

cost 27-15

dead interval 27-15

defining a static neighbor 27-24, 27-50, 27-51

defining interface properties 27-17

interaction with NAT 27-2

interface parameters 27-14

interface properties 27-16, 27-17

link-state advertisement 27-2

logging neighbor states 27-26

LSAs 27-2

MD5 authentication 27-15

monitoring 27-65

NSSA 27-20

packet pacing 27-66, 27-67

processes 27-2

redistributing routes 27-7

route calculation timers 27-25

route summarization 27-13

OSPF parameters

dead interval 27-18

hello interval 27-18

retransmit interval 27-18

transmit delay 27-18

output destination 41-6

output destinations 41-1, 41-8

e-mail address 41-1, 41-8

SNMP management station 41-1, 41-8

Telnet or SSH session 41-1, 41-8

outside, definition 1-18

oversubscribing resources 8-10

P

packet

classifier 8-3

packet flow

routed firewall 6-13

transparent firewall 6-19

parameter problem, ICMP message 48-15

pause frames for flow control 11-25

PIM

shortest path tree settings 30-18

PoE 12-4

port-forwarding

enabling 13-7, 14-9

ports

open on device 48-14

TCP and UDP 48-11

power over Ethernet 12-4

primary unit, failover 9-19

printing

graphs 11-42, 12-15, 13-28, 14-28

private networks 48-2

privileged EXEC mode

accessing 3-5

privileged EXEC mode, accessing 3-2

privileged mode

accessing 3-2

Process Instances tab

description 27-6

Product Authorization Key 5-36

Properties tab 27-17

description 27-17

fields 27-17

protocol numbers and literal values 48-11

Protocol pane (PIM)

description 30-14

proxy ARP, disabling 24-11

public key cryptography 40-3

Q

queue, logging

changing the size of 41-21

R

RADIUS

attributes 34-3

configuring a server 34-15, 36-7, 37-3

support 34-2

rapid link failure detection 2-13

rate limit 41-23

redirect, ICMP message 48-15

redundant interface

EtherChannel

converting existing interfaces 11-16

redundant interfaces

configuring 11-27

failover 11-12

MAC address 11-5

setting the active interface 11-30

Registration Authority description 40-3

regular expression 20-10

reloading

context 8-29

Request Filter pane

description 30-17

Reset button 4-12

resetting the services module 2-14

resource management

about 8-10

class 8-17

configuring 8-8

default class 8-9

oversubscribing 8-10

resource types 8-18

unlimited 8-11

restoring backups 46-25

revoked certificates 40-3

RFCs for SNMP 42-12

RIP

authentication 29-2

definition of 29-1

enabling 29-4

support for 29-2

RIP panel

limitations 29-3

RIP Version 2 Notes 29-3

routed mode

about 6-1

setting 6-1

route map

definition 26-1

route maps

defining 26-4

uses 26-1

router

advertisement, ICMP message 48-15

solicitation, ICMP message 48-15

router advertisement messages 31-3

router advertisement transmission interval 31-10

router lifetime value 31-11

routes

about default 25-7

configuring default routes 25-7

configuring IPv6 default 25-8

configuring IPv6 static 25-8

configuring static routes 25-3

Route Summarization tab

description 27-6

Route Tree pane 30-18

description 30-18

rules

ICMP 45-9

running configuration

copying 46-21

S

same security level communication

enabling 13-20, 14-21, 15-17

SDI

configuring 34-15, 36-7, 37-3

secondary unit, failover 9-19

Secure Copy

configure server 46-13

security appliance

connecting to 3-1

managing licenses 5-1

security contexts

about 8-1

adding 8-20

admin context

about 8-2

changing 8-27

cascading 8-6

changing between 8-25

classifier 8-3

command authorization 45-14

configuration

URL, changing 8-28

logging in 8-7

MAC addresses

automatically assigning 8-24

classifying using 8-3

managing 8-1, 8-26

monitoring 8-31

MSFC compatibility 2-3

multiple mode, enabling 8-16

nesting or cascading 8-7

reloading 8-29

removing 8-26

resource management 8-10

unsupported features 8-14

security level

about 13-1

security models for SNMP 42-3

segment size

maximum and minimum 13-13

maximum and minimum, overview 11-8

sending messages to an e-mail address 41-14

sending messages to a specified output destination 41-21

sending messages to a syslog server 41-9

sending messages to a Telnet or SSH session 41-18

sending messages to the console port 41-17

sending messages to the internal log buffer 41-12

session management path 1-22

severity levels, of system log messages

changing 41-1

filtering by 41-1

list of 41-3

severity levels, of system messages

definition 41-3

shared license

backup server, information 5-28

client, configuring 5-39

communication issues 5-28

failover 5-29

maximum clients 5-30

monitoring 5-41

server, configuring 5-38

SSL messages 5-28

single mode

backing up configuration 8-16

configuration 8-16

enabling 8-16

restoring 8-16

Smart Call Home monitoring 44-9

SNMP

about 42-1

failover 42-5

management station 41-1, 41-8

prerequisites 42-4

SNMP configuration 42-6

SNMP groups 42-3

SNMP hosts 42-3

SNMP management station

adding 42-7

SNMP monitoring 42-11

SNMP terminology 42-2

SNMP users 42-3

SNMP Version 3 42-3, 42-9

SNMP Versions 1 and 2c 42-8

software

version 4-30

source quench, ICMP message 48-15

SPAN 12-4

Spanning Tree Protocol, unsupported 12-8

SPAN session 2-8

speed, configuring 11-14, 12-6

SSH

concurrent connections 45-2

login 45-5

username 45-5

startup configuration

copying 46-21

Startup Wizard

acessing 7-1

licensing requirements 7-1

Stateful Failover

about 9-13

enabling 9-49

state information 9-13

state link 9-4

stateful inspection 1-22

state information 9-13

state link 9-4

static ARP entry 6-10

static bridge entry 6-12

Static Group pane

description 30-9

static routes

configuring 25-3

deleting 25-6

status bar 4-11

stealth firewall

See transparent firewall

stuck-in-active 28-2

subinterface

adding 11-38

subinterfaces, adding 11-36

subnet masks

/bits 48-3

about 48-2

address range 48-4

determining 48-3

dotted decimal 48-3

number of hosts 48-3

subordinate certificate 40-2

Summary Address pane

description 27-11

SVIs

configuring 2-12

multiple 2-5

overview 2-5

switch

assigning VLANs to module 2-9

autostate messaging 2-13

BPDU forwarding 2-13

configuration 2-1

failover compatibility with transparent firewall 2-13

failover configuration 2-13

trunk for failover 2-13

verifying module installation 2-8

switched virtual interfaces

See SVIs

switch MAC address table 6-7

switch ports

access ports 12-8

SPAN 12-4

trunk ports 12-10

syslogd server program 41-6

syslog message filtering

using log viewers 41-25

syslog messages

analyzing 41-2

syslog messaging for SNMP 42-11

syslog server

designating more than one as output destination 41-6

system configuration 8-2

system log messages

classes 41-4

classes of 41-4

configuring in groups

by message list 41-5

by severity level 41-1

disabling logging of 41-1

filtering by message class 41-4

output destinations 41-1, 41-8

syslog message server 41-8

Telnet or SSH session 41-8

severity levels

about 41-3

changing the severity level of a message 41-1

T

TACACS+

command authorization, configuring 45-27

configuring a server 34-15, 36-7, 37-3

TCP

connection limits per context 8-18

maximum segment size 13-13

maximum segment size, overview 11-8

ports and literal values 48-11

TCP MSS

overview 11-8

Telnet

allowing management access 45-1

concurrent connections 45-2

login 45-4

temporary license 5-24

threat detection

scanning statistics

system performance 4-24

time exceeded, ICMP message 48-15

timestamp reply, ICMP message 48-15

timestamp request, ICMP message 48-15

Tools menu 4-6

traceroute, enabling 4-7

traffic flow

routed firewall 6-13

transparent firewall 6-19

transparent firewall

about 6-2

ARP inspection

about 6-6

enabling 6-11

static entry 6-10

data flow 6-19

guidelines 6-8

H.323 guidelines 6-6

HSRP 6-5

MAC learning, disabling 6-13

management IP address 14-8

management IP address (8.3 and earlier) 15-4

multicast traffic 6-5

static bridge entry 6-12

unsupported features 6-9

VRRP 6-5

trunk, 802.1Q 11-36

trunk ports 12-10

Trusted Flow Acceleration

modes 6-8, 7-1, 21-2

trustpoint 40-4

U

UDP

connection limits per context 8-18

connection state information 1-22

ports and literal values 48-11

unprivileged mode

accessing 3-4

unreachable, ICMP message 48-15

unreachable messages

required for MTU discovery 45-9

upgrading

IOS 2-3

URLs

context configuration, changing 8-28

user EXEC mode

accessing 3-2

username

adding 33-3

users

SNMP 42-3

using clustering 41-5, 43-3

V

VeriSign, configuring CAs example 40-6

version

IPS software 4-30

virtual firewalls

See security contexts

Virtual Link

description 27-28

virtual reassembly 1-19

VLANs 11-36

802.1Q trunk 11-36

ASA 5505

MAC addresses 12-4

maximum 12-2

assigning to FWSM 2-9

interfaces 2-9

subinterfaces 11-36

VPN

address range, subnets 48-4

VPN flex license 5-24

VRRP 6-5

W

WCCP 19-1

web caching 19-1

Window menu 4-9

Wizards menu 4-8

X

XOFF frames 11-25

Index

Symbols

/bits subnet masks 48-3

Numerics

4GE SSM

connector types 11-14

fiber 11-14

SFP 11-14

802.1Q tagging 12-10

802.1Q trunk 11-36

A

AAA

about 32-1, 33-1, 34-1, 35-1, 37-1

authentication

CLI access 45-17

authorization

command 45-23

server 41-4

adding 34-15, 36-7, 36-8, 37-3

types 32-1

support summary 32-3

ABR

definition of 27-2

access_rules 22-3

Access Group pane

description 30-10

access ports 12-8

ACL Manager

dialog box 21-1

activation key

entering 5-37

location 5-35

obtaining 5-36

Active/Active failover

about 9-21

actions 9-22

configuring

asymmetric routing support 9-45

duplicate MAC addresses, avoiding 9-8

primary status 9-21

secondary status 9-21

Active/Standby failover

about 9-19

actions 9-20

command replication 9-18

configuration synchronization 9-18

device initialization 9-18

primary unit 9-19

secondary unit 9-19

Adaptive Security Algorithm 1-22

add_acl 22-3

Add/Edit Access Group dialog box

description 30-10

Add/Edit Filtering Entry dialog box

description 27-27

Add/Edit IGMP Join Group dialog box

description 30-8

Add/Edit IGMP Static Group dialog box

description 30-10

Add/Edit Multicast Group dialog box 30-19

description 30-19

Add/Edit OSPF Area dialog box 27-19

description 27-19

Add/Edit OSPF Neighbor Entry dialog box 27-24, 27-50, 27-51

description 27-25, 27-51

Add/Edit Rendezvous Point dialog box

restrictions 30-15

Add/Edit Summary Address dialog box

description 27-13, 27-19

Add/Edit Time Range dialog box 20-15

Add/Edit Virtual Link dialog box

description 27-28

admin context

about 8-2

changing 8-27

administrative access

using ICMP for 45-9

administrative distance 25-3, 25-4, 25-8

Advanced DHCP Options dialog box

description 17-6

Advanced OSPF Interface Properties dialog box 27-18

Advanced OSPF Virtual Link Properties dialog box

description 27-28

ae_standard_access_list_rule 22-3

ae_webtype_acl 23-3

AIP SSM

port-forwarding

enabling 13-7, 14-9

alternate address, ICMP message 48-15

analyzing syslog messages 41-2

application inspection

security level requirements 13-2, 14-2, 15-2

Apply button 4-12

Area/Networks tab

description 27-6

area border router 27-2

ARP inspection

about 6-6

enabling 6-11

static entry 6-10

ARP spoofing 6-6

ARP table

monitoring 11-40, 12-12, 13-23, 14-23

ARP test, failover 9-16

ASA (Adaptive Security Algorithm) 1-22

ASA 5505

Base license 12-2

MAC addresses 12-4

maximum VLANs 12-2

power over Ethernet 12-4

Security Plus license 12-2

SPAN 12-4

Spanning Tree Protocol, unsupported 12-8

ASA 5550 throughput 13-7, 14-10

ASA CX Staus tab 4-30

ASBR

definition of 27-2

ASR 9-45

ASR groups 9-45

asymmetric routing support 9-45

attributes

RADIUS 34-3

attribute-value pairs

TACACS+ 35-1

authenticating a certificate 40-12, 40-14

authentication

about 32-1

CLI access 45-17

Authentication tab

description 27-16

authorization

about 32-2

command 45-23

Auto-MDI/MDIX 11-2, 12-4

autostate messaging 2-13

Auto-Update, configuring 46-31

B

backed up configurations

restoring 46-25

backing up configurations 46-21

Backing Up the Local CA Server 46-24

Baltimore Technologies, CA server support 40-5

bandwidth 4-20

bits subnet masks 48-3

BPDUs

forwarding on the switch 2-13

broadcast Ping test 9-16

building blocks 20-1

bypassing the firewall, in the switch 2-6

C

CA

CRs and 40-3

public key cryptography 40-3

revoked certificates 40-3

supported servers 40-5

CA certificate 40-2

CA certificates 40-12, 40-14

Cancel button 4-12

CA server

Digicert 40-5

Geotrust 40-5

Godaddy 40-5

iPlanet 40-5

Netscape 40-5

RSA Keon 40-5

Thawte 40-5

Catalyst 6500

See switch

certificate

CA 40-12, 40-14

code-signer 40-29

Identity 40-24

local CA 40-31

certificate authentication 40-12, 40-14

certificate enrollment 40-13, 40-15

Certificate Revocation Lists

See CRLs

change query interval 30-12

change query response time 30-12

change query timeout value 30-12

changing between contexts 8-25

changing the severity level 41-23

Cisco 7600

See switch

Cisco IOS CS CA

server support 40-5

Class A, B, and C addresses 48-1

classes, logging

message class variables 41-4

types 41-4

classes, resource

See resource management

class map

regular expression 20-14

Cluster Dashboard tab 4-25

Cluster Firewall Dashboard tab 4-26

clustering

ASDM connection certificate IP address mismatch 10-12

backup owner 10-10

bootstrap configuration 10-50

cabling 10-33

cLACP

system ID 10-62

system priority 10-62

cluster control link

failure 10-9

overview 10-7

redundancy 10-8

size 10-7

configuration

examples 10-72

replication 10-11

configuring 10-59

connection

new, ownership 10-19

context mode 10-28

data path connection state replication 10-10

device-local EtherChannels, configuring on switch 10-30

executing a command cluster-wide 10-69

failover 10-28

feature history 10-88

features

centralized 10-21

individual units 10-22

NAT 10-24

SNMP 10-26

syslog and netflow 10-26

unsupported 10-20

VPN 10-26

guidelines and limitations 10-28

high availability 10-9

High Availability and Scalability Wizard 10-50

individual cluster interfaces, configuring 10-38

interface monitoring 10-9

IPv6 10-28

licensing 10-27

management

interface, configuring 10-38

interface, overview 10-11

network 10-11

overview 10-11

master unit

changing 10-67

election 10-3

maximum members 10-27

member requirements 10-3

model support 10-28

monitoring 10-70

overview

bootstrap configuration 10-3

cluster control link 10-7

Equal-Cost Multi-Path Routing 10-16

interfaces 10-4

load balancing 10-13

management 10-11

master unit 10-3

Policy-Based Routing 10-15

spanned EtherChannel 10-13

performance scaling factor 10-2

prerequisites 10-27

rebalancing new connections 10-20

removing a member 10-65

RSA key replication 10-12

software requirements 10-3

spanned EtherChannel

benefits 10-13

configuring 10-43

load balancing 10-14

maximum throughput 10-13

overview 10-13

redundancy 10-14

VSS or vPC 10-14

spanning-tree portfast 10-28

unit failure 10-9

unit health monitoring 10-9

upgrading software 10-3

code-signer certificate 40-29

command authorization

about 45-13

configuring 45-23

multiple contexts 45-14

configuration

factory default

commands 3-19

restoring 3-19

switch 2-1

configuration mode

accessing 3-2, 3-5

configurations, backing up 46-21

connection limits

per context 8-18

context mode 28-3

context modes 25-2, 26-3, 27-3, 29-3, 30-3

contexts

See security contexts

conversion error, ICMP message 48-16

creating a custom event list 41-18

CRL

cache refresh time 40-19, 40-23

custom messages list

logging output destination 41-5

D

data flow

routed firewall 6-13

transparent firewall 6-19

date and time in messages 41-22

default

class 8-9

routes, defining equal cost routes 25-7

default configuration

commands 3-19

restoring 3-19

default routes

about 25-7

configuring 25-7

device ID in messages 41-22

DHCP

monitoring

interface lease 13-24, 14-24

IP addresses 13-23, 14-23

server 13-23, 14-23

statistics 13-25, 14-25

relay 17-7

server 17-5

statistics 13-25, 14-25

DHCP Relay panel 18-7

DHCP services 16-5

digital certificates 40-1, 40-2

directory hierarchy search 36-3

disabling messages 41-22

DMZ, definition 1-18

DNS

server, configuring 16-8

dotted decimal subnet masks 48-3

dual IP stack, configuring 13-2

dual-ISP support 25-9

duplex

interface 12-9, 12-12

duplex, configuring 11-14, 12-6

E

echo reply, ICMP message 48-15

ECMP 25-3

Edit OSPF Interface Authentication dialog box 27-16

description 27-16

Edit OSPF Interface Properties dialog box 27-17

EIGRP

DUAL algorithm 28-2

hello interval 28-23

hello packets 28-1

hold time 28-2, 28-23

neighbor discovery 28-1

stub routing 28-6

stuck-in-active 28-2

enable command 3-2

enabling logging 41-7

enabling secure logging 41-21

enrolling

certificate 40-13, 40-15

Entrust, CA server support 40-5

established command, security level requirements 13-2, 14-2, 15-2

EtherChannel

adding interfaces 11-31

channel group 11-31

compatibility 11-5

converting existing interfaces 11-16

failover 11-12

guidelines 11-13

interface requirements 11-5

LACP 11-6

load balancing

configuring 11-33

overview 11-7

MAC address 11-8

management interface 11-30

maximum interfaces 11-33

minimum interfaces 11-33

mode

active 11-7

on 11-7

passive 11-7

overview 11-5

port priority 11-31

system priority 11-33

Ethernet

Auto-MDI/MDIX 11-2, 12-4

duplex 11-14, 12-6

jumbo frames, ASA 5580 11-39

jumbo frame support

single mode 13-14, 14-16

MTU 13-14, 14-16

speed 11-14, 12-6

evaluation license 5-24

F

factory default configuration

commands 3-19

restoring 3-19

failover

about 9-1

Active/Active, See Active/Active failover

Active/Standby, See Active/Standby failover

configuration file

terminal messages, Active/Standby 9-18

contexts 9-19

criteria 9-41

debug messages 9-53

disabling 9-51

enabling Stateful Failover 9-49

Ethernet failover cable 9-4

failover link 9-3

forcing 9-50

guidelines 42-5

health monitoring 9-16

interface health 9-16

interface monitoring 9-16

interface tests 9-16

link communications 9-3

MAC addresses

about 9-19

automatically assigning 8-12

module placement

inter-chassis 9-9

intra-chassis 9-8

monitoring, health 9-16

network tests 9-16

primary unit 9-19

redundant interfaces 11-12

reset 9-54

restoring a failed group 9-51

restoring a failed unit 9-51

secondary unit 9-19

SNMP syslog traps 9-53

Stateful Failover, See Stateful Failover

state link 9-4

switch configuration 2-13

system log messages 9-52

system requirements 9-2

trunk 2-13

unit health 9-16

failover groups

monitoring 9-54

reset 9-54

fast path 1-22

fiber interfaces 11-14

Fibre Channel interfaces

default settings 22-2, 23-3

filtering

security level requirements 13-2, 14-2, 15-2

filtering messages 41-4

editing 41-27

Filtering pane

description 27-27

firewall mode

about 6-1

configuring 6-1

flash memory available for logs 41-20

flow control for 10 Gigabit Ethernet 11-25

flow-export actions 43-4

format of messages 41-3

fragment protection 1-19

G

graphs

bookmarking 11-42, 12-15, 13-28, 14-28

interface monitoring 11-42, 12-15, 13-28, 14-28

printing 11-42, 12-15, 13-28, 14-28

groups

SNMP 42-3

H

H.323

transparent firewall guidelines 6-6

Help button 4-12

Help menu 4-9

high availability

about 9-1

history metrics 4-34

host

SNMP 42-3

hosts, subnet masks for 48-3

HSRP 6-5

HTTPS/Telnet/SSH

allowing network or host access to ASDM 45-1

I

ICMP

rules for access to ADSM 45-9

type numbers 48-15

ICMP unreachable message limits 45-10

Identity Certificates 40-24

implementing SNMP 42-4

individual syslog messages

assigning or changing rate limits 41-24

information reply, ICMP message 48-15

information request, ICMP message 48-15

inside, definition 1-18

installation

module verification 2-8

interface

duplex 12-9, 12-12

MTU 13-14, 14-16

status 4-20

subinterface, adding 11-38

throughput 4-20

Interface pane 27-16

interfaces

ASA 5505

enabled status 12-8

MAC addresses 12-4

maximum VLANs 12-2

switch port configuration 12-8

trunk ports 12-10

ASA 5550 throughput 13-7, 14-10

default settings 22-2, 23-3

duplex 11-14, 12-6

failover monitoring 9-16

fiber 11-14

jumbo frame support

single mode 13-14, 14-16

MAC addresses

automatically assigning 8-24

monitoring 11-40, 12-13, 13-26, 14-26

redundant 11-27

SFP 11-14

speed 11-14, 12-6

subinterfaces 11-36

turning off 13-22, 14-22

turning on 13-22, 14-22

IOS

upgrading 2-3

IP addresses

classes 48-1

management, transparent firewall 14-8

management, transparent firewall (8.3 and earlier) 15-4

private 48-2

subnet mask 48-4

IPv6

configuring alongside IPv4 13-2

default route 25-8

dual IP stack 13-2

duplicate address detection 31-3

neighbor discovery 31-1

router advertisement messages 31-3

static neighbors 31-5

static routes 25-8

IPv6 addresses

anycast 48-9

format 48-5

multicast 48-8

prefixes 48-10

required 48-10

types of 48-6

unicast 48-6

IPv6 prefixes 31-15

IPX 2-6

J

Java console 41-13

Join Group pane

description 30-8

jumbo frames, ASA 5580 11-39

jumbo frame support

single mode 13-14, 14-16

K

Kerberos

configuring 34-15, 36-7, 37-3

key pairs 40-25

L

LACP 11-6

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

LDAP

attribute mapping 36-5

configuring 34-15, 36-7, 37-3

directory search 36-3

hierarchy example 36-2

SASL 36-2

licenses

activation key

entering 5-37

location 5-35

obtaining 5-36

ASA 5505 5-3

ASA 5510 5-4, 5-9

ASA 5520 5-5

ASA 5540 5-6

ASA 5550 5-7

ASA 5580 5-8, 5-17

ASA 5585-X 5-16

default 5-24

evaluation 5-24

failover 5-35

guidelines 5-34

managing 5-1

preinstalled 5-24

Product Authorization Key 5-36

shared

backup server, information 5-28

client, configuring 5-39

communication issues 5-28

failover 5-29

maximum clients 5-30

monitoring 5-41

overview 5-27

server, configuring 5-38

SSL messages 5-28

temporary 5-24

viewing current 5-40

VPN Flex 5-24

licensing requirements

logging 41-5

licensing requirements for SNMP 42-4

link up/down test 9-16

local CA 40-31

Local CA User Database 40-35

local user database

adding a user 33-3

configuring 33-3

lockout recovery 45-31

logging

classes

filtering messages by 41-4

types 41-4

filtering

by message list 41-5

by severity level 41-1

output destinations

internal buffer 41-1, 41-8

Telnet or SSH session 41-8

queue

changing the size of 41-21

configuring 41-21

logging feature history 41-28

logging queue

configuring 41-21

login

banner, configuring 45-6

console 3-1

enable 3-2

global configuration mode 3-2

session 3-4

SSH 3-4, 45-5

Telnet 3-4

log viewers

executing certain commands 41-27

loops, avoiding 2-13

M

MAC address

redundant interfaces 11-5

MAC addresses

ASA 5505 12-4

automatically assigning 8-24

failover 9-19

security context classification 8-3

MAC address table

about 6-19

built-in-switch 6-7

MAC learning, disabling 6-13

monitoring 11-40, 12-12, 13-26, 14-26

resource management 8-18

static entry 6-12

MAC learning, disabling 6-13

management interfaces

default settings 22-2, 23-3

management IP address, transparent firewall 14-8

management IP address, transparent firewall (8.3 and earlier) 15-4

man-in-the-middle attack 6-6

mask

reply, ICMP message 48-15

request, ICMP message 48-15

Master Passphrase 16-5

menus 4-4

message filtering 41-4

message list

filtering by 41-5

messages, logging

classes

about 41-4

list of 41-4

component descriptions 41-3

filtering by message list 41-5

format of 41-3

severity levels 41-3

messages classes 41-4

messages in EMBLEM format 41-19, 41-20

metacharacters, regular expression 20-11

mgmt0 interfaces

default settings 22-2, 23-3

MIBs for SNMP 42-13

Microsoft Windows CA, supported 40-5

mobile redirection, ICMP message 48-16

mode

context 8-16

firewall 6-1

monitoring

ARP table 11-40, 12-12, 13-23, 14-23

DHCP

interface lease 13-24, 14-24

IP addresses 13-23, 14-23

server 13-23, 14-23

statistics 13-25, 14-25

failover 9-16

failover groups 9-54

history metrics 4-34

interfaces 11-40, 12-13, 13-26, 14-26

MAC address table 11-40, 12-12, 13-26, 14-26

OSPF 27-65

SNMP 42-1

monitoring logging 41-25

monitoring NSEL 43-7

monitoring switch traffic, ASA 5505 12-4

MRoute pane

description 30-6

MSFC

overview 2-2

SVIs 2-6

MTU 13-14, 14-16

multicast traffic 6-5

multiple context mode

logging 41-2

See security contexts

multiple SVIs 2-5

N

NAT

disabling proxy ARP for global addresses 24-11

neighbor reachable time 31-3

neighbor solicitation messages 31-2

neighrbor advertisement messages 31-2

NetFlow

overview 43-1

NetFlow event

matching to configured collectors 43-6

Network Activity test 9-16

No Payload Encryption 5-33

NSEL and syslog messages

redundant messages 43-2

NSEL feature history 43-8

NSEL licensing requirements 43-4

NT server

configuring 34-15, 36-7, 37-3

O

open ports 48-14

Options menu 4-5

OSPF

area authentication 27-19

area MD5 authentication 27-19

area parameters 27-19

authentication key 27-15

authentication support 27-2

configuring authentication 27-16

cost 27-15

dead interval 27-15

defining a static neighbor 27-24, 27-50, 27-51

defining interface properties 27-17

interaction with NAT 27-2

interface parameters 27-14

interface properties 27-16, 27-17

link-state advertisement 27-2

logging neighbor states 27-26

LSAs 27-2

MD5 authentication 27-15

monitoring 27-65

NSSA 27-20

packet pacing 27-66, 27-67

processes 27-2

redistributing routes 27-7

route calculation timers 27-25

route summarization 27-13

OSPF parameters

dead interval 27-18

hello interval 27-18

retransmit interval 27-18

transmit delay 27-18

output destination 41-6

output destinations 41-1, 41-8

e-mail address 41-1, 41-8

SNMP management station 41-1, 41-8

Telnet or SSH session 41-1, 41-8

outside, definition 1-18

oversubscribing resources 8-10

P

packet

classifier 8-3

packet flow

routed firewall 6-13

transparent firewall 6-19

parameter problem, ICMP message 48-15

pause frames for flow control 11-25

PIM

shortest path tree settings 30-18

PoE 12-4

port-forwarding

enabling 13-7, 14-9

ports

open on device 48-14

TCP and UDP 48-11

power over Ethernet 12-4

primary unit, failover 9-19

printing

graphs 11-42, 12-15, 13-28, 14-28

private networks 48-2

privileged EXEC mode

accessing 3-5

privileged EXEC mode, accessing 3-2

privileged mode

accessing 3-2

Process Instances tab

description 27-6

Product Authorization Key 5-36

Properties tab 27-17

description 27-17

fields 27-17

protocol numbers and literal values 48-11

Protocol pane (PIM)

description 30-14

proxy ARP, disabling 24-11

public key cryptography 40-3

Q

queue, logging

changing the size of 41-21

R

RADIUS

attributes 34-3

configuring a server 34-15, 36-7, 37-3

support 34-2

rapid link failure detection 2-13

rate limit 41-23

redirect, ICMP message 48-15

redundant interface

EtherChannel

converting existing interfaces 11-16

redundant interfaces

configuring 11-27

failover 11-12

MAC address 11-5

setting the active interface 11-30

Registration Authority description 40-3

regular expression 20-10

reloading

context 8-29

Request Filter pane

description 30-17

Reset button 4-12

resetting the services module 2-14

resource management

about 8-10

class 8-17

configuring 8-8

default class 8-9

oversubscribing 8-10

resource types 8-18

unlimited 8-11

restoring backups 46-25

revoked certificates 40-3

RFCs for SNMP 42-12

RIP

authentication 29-2

definition of 29-1

enabling 29-4

support for 29-2

RIP panel

limitations 29-3

RIP Version 2 Notes 29-3

routed mode

about 6-1

setting 6-1

route map

definition 26-1

route maps

defining 26-4

uses 26-1

router

advertisement, ICMP message 48-15

solicitation, ICMP message 48-15

router advertisement messages 31-3

router advertisement transmission interval 31-10

router lifetime value 31-11

routes

about default 25-7

configuring default routes 25-7

configuring IPv6 default 25-8

configuring IPv6 static 25-8

configuring static routes 25-3

Route Summarization tab

description 27-6

Route Tree pane 30-18

description 30-18

rules

ICMP 45-9

running configuration

copying 46-21

S

same security level communication

enabling 13-20, 14-21, 15-17

SDI

configuring 34-15, 36-7, 37-3

secondary unit, failover 9-19

Secure Copy

configure server 46-13

security appliance

connecting to 3-1

managing licenses 5-1

security contexts

about 8-1

adding 8-20

admin context

about 8-2

changing 8-27

cascading 8-6

changing between 8-25

classifier 8-3

command authorization 45-14

configuration

URL, changing 8-28

logging in 8-7

MAC addresses

automatically assigning 8-24

classifying using 8-3

managing 8-1, 8-26

monitoring 8-31

MSFC compatibility 2-3

multiple mode, enabling 8-16

nesting or cascading 8-7

reloading 8-29

removing 8-26

resource management 8-10

unsupported features 8-14

security level

about 13-1

security models for SNMP 42-3

segment size

maximum and minimum 13-13

maximum and minimum, overview 11-8

sending messages to an e-mail address 41-14

sending messages to a specified output destination 41-21

sending messages to a syslog server 41-9

sending messages to a Telnet or SSH session 41-18

sending messages to the console port 41-17

sending messages to the internal log buffer 41-12

session management path 1-22

severity levels, of system log messages

changing 41-1

filtering by 41-1

list of 41-3

severity levels, of system messages

definition 41-3

shared license

backup server, information 5-28

client, configuring 5-39

communication issues 5-28

failover 5-29

maximum clients 5-30

monitoring 5-41

server, configuring 5-38

SSL messages 5-28

single mode

backing up configuration 8-16

configuration 8-16

enabling 8-16

restoring 8-16

Smart Call Home monitoring 44-9

SNMP

about 42-1

failover 42-5

management station 41-1, 41-8

prerequisites 42-4

SNMP configuration 42-6

SNMP groups 42-3

SNMP hosts 42-3

SNMP management station

adding 42-7

SNMP monitoring 42-11

SNMP terminology 42-2

SNMP users 42-3

SNMP Version 3 42-3, 42-9

SNMP Versions 1 and 2c 42-8

software

version 4-30

source quench, ICMP message 48-15

SPAN 12-4

Spanning Tree Protocol, unsupported 12-8

SPAN session 2-8

speed, configuring 11-14, 12-6

SSH

concurrent connections 45-2

login 45-5

username 45-5

startup configuration

copying 46-21

Startup Wizard

acessing 7-1

licensing requirements 7-1

Stateful Failover

about 9-13

enabling 9-49

state information 9-13

state link 9-4

stateful inspection 1-22

state information 9-13

state link 9-4

static ARP entry 6-10

static bridge entry 6-12

Static Group pane

description 30-9

static routes

configuring 25-3

deleting 25-6

status bar 4-11

stealth firewall

See transparent firewall

stuck-in-active 28-2

subinterface

adding 11-38

subinterfaces, adding 11-36

subnet masks

/bits 48-3

about 48-2

address range 48-4

determining 48-3

dotted decimal 48-3

number of hosts 48-3

subordinate certificate 40-2

Summary Address pane

description 27-11

SVIs

configuring 2-12

multiple 2-5

overview 2-5

switch

assigning VLANs to module 2-9

autostate messaging 2-13

BPDU forwarding 2-13

configuration 2-1

failover compatibility with transparent firewall 2-13

failover configuration 2-13

trunk for failover 2-13

verifying module installation 2-8

switched virtual interfaces

See SVIs

switch MAC address table 6-7

switch ports

access ports 12-8

SPAN 12-4

trunk ports 12-10

syslogd server program 41-6

syslog message filtering

using log viewers 41-25

syslog messages

analyzing 41-2

syslog messaging for SNMP 42-11

syslog server

designating more than one as output destination 41-6

system configuration 8-2

system log messages

classes 41-4

classes of 41-4

configuring in groups

by message list 41-5

by severity level 41-1

disabling logging of 41-1

filtering by message class 41-4

output destinations 41-1, 41-8

syslog message server 41-8

Telnet or SSH session 41-8

severity levels

about 41-3

changing the severity level of a message 41-1

T

TACACS+

command authorization, configuring 45-27

configuring a server 34-15, 36-7, 37-3

TCP

connection limits per context 8-18

maximum segment size 13-13

maximum segment size, overview 11-8

ports and literal values 48-11

TCP MSS

overview 11-8

Telnet

allowing management access 45-1

concurrent connections 45-2

login 45-4

temporary license 5-24

threat detection

scanning statistics

system performance 4-24

time exceeded, ICMP message 48-15

timestamp reply, ICMP message 48-15

timestamp request, ICMP message 48-15

Tools menu 4-6

traceroute, enabling 4-7

traffic flow

routed firewall 6-13

transparent firewall 6-19

transparent firewall

about 6-2

ARP inspection

about 6-6

enabling 6-11

static entry 6-10

data flow 6-19

guidelines 6-8

H.323 guidelines 6-6

HSRP 6-5

MAC learning, disabling 6-13

management IP address 14-8

management IP address (8.3 and earlier) 15-4

multicast traffic 6-5

static bridge entry 6-12

unsupported features 6-9

VRRP 6-5

trunk, 802.1Q 11-36

trunk ports 12-10

Trusted Flow Acceleration

modes 6-8, 7-1, 21-2

trustpoint 40-4

U

UDP

connection limits per context 8-18

connection state information 1-22

ports and literal values 48-11

unprivileged mode

accessing 3-4

unreachable, ICMP message 48-15

unreachable messages

required for MTU discovery 45-9

upgrading

IOS 2-3

URLs

context configuration, changing 8-28

user EXEC mode

accessing 3-2

username

adding 33-3

users

SNMP 42-3

using clustering 41-5, 43-3

V

VeriSign, configuring CAs example 40-6

version

IPS software 4-30

virtual firewalls

See security contexts

Virtual Link

description 27-28

virtual reassembly 1-19

VLANs 11-36

802.1Q trunk 11-36

ASA 5505

MAC addresses 12-4

maximum 12-2

assigning to FWSM 2-9

interfaces 2-9

subinterfaces 11-36

VPN

address range, subnets 48-4

VPN flex license 5-24

VRRP 6-5

W

WCCP 19-1

web caching 19-1

Window menu 4-9

Wizards menu 4-8

X

XOFF frames 11-25