Index Symbols
?
command string 48-4
help 48-4
/bits subnet masks 49-3
Numerics
4GE SSM
connector types 9-15
fiber 9-15
SFP 9-15
802.1Q tagging 10-9
802.1Q trunk 9-33
A
AAA
about 32-1, 33-1, 34-1, 35-1, 37-1
authentication
CLI access 41-20
privileged EXEC mode 41-21
authorization
command 41-27
server 44-4
adding 34-15, 36-7, 37-3, 37-4
types 32-1
support summary 32-3
abbreviating commands 48-3
ABR
definition of 27-2
Access Group pane
description 30-8
access lists
about 18-1
ACE logging, configuring 23-1
deny flows, managing 23-5
implicit deny 18-3
IP address guidelines 18-3
logging 23-1
NAT guidelines 18-3
remarks 19-9
scheduling activation 19-2
types 18-1
access ports 10-7
ACEs
See access lists
activation key
entering 4-36
location 4-34
obtaining 4-35
Active/Active failover
about 7-22
actions 7-23
configuring
asymmetric routing support 7-39
failover group preemption 7-37
duplicate MAC addresses, avoiding 7-8
primary status 7-22
secondary status 7-22
Active/Standby failover
about 7-20
actions 7-20
command replication 7-19
configuration synchronization 7-18
device initialization 7-18
primary unit 7-20
secondary unit 7-20
Adaptive Security Algorithm 1-17
Add/Edit Access Group dialog box
description 30-8
Add/Edit Filtering Entry dialog box
description 27-27
Add/Edit IGMP Join Group dialog box
description 30-7
Add/Edit OSPF Area dialog box 27-19
description 27-19
Add/Edit OSPF Neighbor Entry dialog box 27-24, 27-50, 27-51
description 27-25, 27-51
Add/Edit Summary Address dialog box
description 27-13, 27-19
Add/Edit Virtual Link dialog box
description 27-28
admin context
about 6-2
changing 6-26
administrative access
using ICMP for 41-11
administrative distance 25-3, 25-5
Advanced OSPF Interface Properties dialog box 27-18
Advanced OSPF Virtual Link Properties dialog box
description 27-28
AIP SSM
port-forwarding
enabling 11-7, 12-9
alternate address, ICMP message 49-15
analyzing syslog messages 44-2
application inspection
security level requirements 11-2, 12-2
Area/Networks tab
description 27-6
area border router 27-2
ARP inspection
about 5-6
enabling 5-11
static entry 5-10
ARP spoofing 5-6
ARP test, failover 7-17
ASA (Adaptive Security Algorithm) 1-17
ASA 5505
Base license 10-2
MAC addresses 10-4
maximum VLANs 10-2
native VLAN support 10-10
non-forwarding interface 10-7
power over Ethernet 10-4
protected switch ports 10-8, 10-10
Security Plus license 10-2
SPAN 10-4
Spanning Tree Protocol, unsupported 10-8
ASA 5550 throughput 11-7, 12-10
ASBR
definition of 27-2
ASDM software
allowing access 41-6
installing 42-17
ASR 7-39
ASR groups 7-39
asymmetric routing support 7-39
attributes
RADIUS 34-3
attribute-value pairs
TACACS+ 35-1
authentication
about 32-1
CLI access 41-20
privileged EXEC mode 41-21
Authentication tab
description 27-16
authorization
about 32-2
command 41-27
Auto-MDI/MDIX 9-2, 10-4
autostate messaging 2-11
Auto-Update, configuring 42-36
B
Baltimore Technologies, CA server support 40-4
bits subnet masks 49-3
BPDUs
forwarding on the switch 2-11
bridge
entry timeout 5-12
table, See MAC address table
broadcast Ping test 7-17
building blocks 17-1
bypassing the firewall, in the switch 2-5
C
CA
CRs and 40-2
public key cryptography 40-2
revoked certificates 40-2
supported servers 40-4
capturing packets 43-2
CA server
Digicert 40-4
Geotrust 40-4
Godaddy 40-4
iPlanet 40-4
Netscape 40-4
RSA Keon 40-4
Thawte 40-4
Catalyst 6500
See switch
certificate
enrollment protocol 40-13
Certificate Revocation Lists
See CRLs
change query interval 30-9
change query response time 30-9
change query timeout value 30-9
changing between contexts 6-24
changing the severity level 44-19
Cisco 14-7
Cisco 7600
See switch
Cisco IOS CS CA
server support 40-4
Cisco IP Phones
DHCP 14-7
Class A, B, and C addresses 49-1
classes, logging
filtering messages by 44-17
message class variables 44-4
types 44-4
classes, resource
See resource management
class map
regular expression 17-17
CLI
abbreviating commands 48-3
adding comments 48-6
command line editing 48-3
command output paging 48-5
displaying 48-5
help 48-4
paging 48-5
syntax formatting 48-3
clustering
ASDM connection certificate IP address mismatch 8-12
backup owner 8-10
cabling 8-33
cluster control link
configuring 8-43, 8-49
failure 8-9
MTU 8-45
overview 8-7
redundancy 8-8
size 8-7
configuration
examples 8-63
replication 8-11
connection
new, ownership 8-19
rebalancing 8-47
console replication 8-48
context mode 8-28
data path connection state replication 8-10
device-local EtherChannels, configuring on switch 8-30
executing a command cluster-wide 8-58
failover 8-28
feature history 8-78
features
centralized 8-21
individual units 8-22
NAT 8-24
SNMP 8-26
syslog and netflow 8-26
unsupported 8-20
VPN 8-26
guidelines and limitations 8-28
high availability 8-9
individual cluster interfaces, configuring 8-36
interface monitoring 8-9
IPv6 8-28
key 8-46, 8-52
licensing 8-27
management
interface, configuring 8-36
interface, overview 8-11
network 8-11
overview 8-11
master unit
changing 8-57
election 8-3
maximum members 8-27
member requirements 8-3
model support 8-28
monitoring 8-59
overview
bootstrap configuration 8-3
cluster control link 8-7
Equal-Cost Multi-Path Routing 8-16
interfaces 8-4
load balancing 8-13
management 8-11
master unit 8-3
Policy-Based Routing 8-15
spanned EtherChannel 8-13
performance scaling factor 8-2
prerequisites 8-27
rebalancing new connections 8-20
removing a member 8-55
RSA key replication 8-12
software requirements 8-3
spanned EtherChannel
benefits 8-13
configuring 8-38
load balancing 8-14
maximum throughput 8-13
overview 8-13
redundancy 8-14
VSS or vPC 8-14
spanning-tree portfast 8-28
unit failure 8-9
unit health monitoring 8-9
upgrading software 8-3
command authorization
about 41-16
configuring 41-27
multiple contexts 41-17
command prompts 48-2
comments
configuration 48-6
configuration
clearing 3-27
comments 48-6
factory default
commands 3-18
restoring 3-19
saving 3-25
switch 2-1
text file 3-28
URL for a context 6-22
viewing 3-27
configuration examples
logging 44-21
configuration examples for SNMP 45-28
configuration mode
accessing 3-2, 3-4
prompt 48-2
connection limits
per context 6-17
console port logging 44-12
context mode 28-3
context modes 25-2, 26-3, 27-3, 29-3, 30-3
contexts
See security contexts
conversion error, ICMP message 49-16
Coredump 43-6
crash dump 43-6
creating a custom event list 44-14
custom messages list
logging output destination 44-5
D
data flow
routed firewall 5-14
transparent firewall 5-20
date and time in messages 44-19
DDNS 15-2
debug messages 43-1
default
class 6-9
routes, defining equal cost routes 25-4
default configuration
commands 3-18
restoring 3-19
default routes
about 25-4
configuring 25-4
delay sending flow-create events
flow-create events
delay sending 46-9
deleting files from Flash 42-12
deny flows, logging 23-5
device ID, including in messages 44-18
device ID in messages 44-18
DHCP
Cisco IP Phones 14-7
options 14-6
relay 14-8
server 14-5
DHCP Relay panel 15-9
DHCP services 13-8
directory hierarchy search 36-3
disabling messages 44-19
disabling messages, specific message IDs 44-19
DMZ, definition 1-14
DNS
server, configuring 13-13
domain name 13-4
dotted decimal subnet masks 49-3
dual IP stack, configuring 11-2
dual-ISP support 25-6
duplex, configuring 9-15, 10-6
E
echo reply, ICMP message 49-15
ECMP 25-3
editing command lines 48-3
Edit OSPF Interface Authentication dialog box 27-16
description 27-16
Edit OSPF Interface Properties dialog box 27-17
EIGRP
DUAL algorithm 28-2
hello interval 28-15
hello packets 28-1
hold time 28-2, 28-15
neighbor discovery 28-1
stub routing 28-4
stuck-in-active 28-2
enable command 3-1
enabling logging 44-7
enabling secure logging 44-17
Entrust, CA server support 40-4
established command, security level requirements 11-2, 12-2
EtherChannel
adding interfaces 9-30
channel group 9-30
compatibility 9-5
converting existing interfaces 9-16
example 9-37
failover 9-13
guidelines 9-13
interface requirements 9-5
LACP 9-6
load balancing
configuring 9-32
overview 9-7
MAC address 9-8
management interface 9-30
maximum interfaces 9-32
minimum interfaces 9-32
mode
active 9-7
on 9-7
passive 9-7
monitoring 9-36
overview 9-5
port priority 9-30
system priority 9-32
Ethernet
Auto-MDI/MDIX 9-2, 10-4
duplex 9-15, 10-6
jumbo frames, ASA 5580 9-35
MTU 11-12, 12-15
speed 9-15, 10-6
evaluation license 4-24
exporting NetFlow records 46-5
extended ACLs
configuring
for management traffic 19-4
F
facility, syslog 44-9
factory default configuration
commands 3-18
restoring 3-19
failover
about 7-1
Active/Active, See Active/Active failover
Active/Standby, See Active/Standby failover
configuration file
terminal messages, Active/Standby 7-18
contexts 7-20
debug messages 7-48
disabling 7-43
Ethernet failover cable 7-4
failover link 7-3
forcing 7-42
guidelines 45-17
health monitoring 7-16
interface health 7-17
interface monitoring 7-17
interface tests 7-17
link communications 7-3
MAC addresses
about 7-20
automatically assigning 6-12
module placement
inter-chassis 7-9
intra-chassis 7-8
monitoring, health 7-16
network tests 7-17
primary unit 7-20
redundant interfaces 9-13
restoring a failed group 7-44
restoring a failed unit 7-44
secondary unit 7-20
SNMP syslog traps 7-48
Stateful Failover, See Stateful Failover
state link 7-4
switch configuration 2-11
system log messages 7-48
system requirements 7-2
testing 7-44
trunk 2-11
unit health 7-16
fast path 1-18
fiber interfaces 9-15
Fibre Channel interfaces
default settings 20-2, 21-2, 22-3
filtering
security level requirements 11-2, 12-2
show command output 48-5
filtering messages 44-4
Filtering pane
description 27-27
firewall mode
about 5-1
configuring 5-1
Flash memory
removing files 42-12
flash memory available for logs 44-16
flow control for 10 Gigabit Ethernet 9-26
flow-export actions 46-4
format of messages 44-3
fragment protection 1-15
G
generating RSA keys 39-16, 39-18, 39-20, 39-22, 40-11
groups
SNMP 45-16
H
H.323
transparent firewall guidelines 5-6
help, command line 48-4
high availability
about 7-1
host
SNMP 45-16
hostname
configuring 13-3
in banners 13-3
multiple context mode 13-3
hosts, subnet masks for 49-3
HSRP 5-5
HTTP(S)
authentication 41-21
HTTPS/Telnet/SSH
allowing network or host access to ASDM 41-1
I
ICMP
rules for access to ADSM 41-11
type numbers 49-15
implementing SNMP 45-16
information reply, ICMP message 49-15
information request, ICMP message 49-15
inside, definition 1-14
installation
module verification 2-6
interface
MTU 11-12, 12-15
Interface pane 27-16
interfaces
ASA 5505
enabled status 10-7
MAC addresses 10-4
maximum VLANs 10-2
non-forwarding 10-7
protected switch ports 10-8, 10-10
switch port configuration 10-7
trunk ports 10-9
ASA 5550 throughput 11-7, 12-10
default settings 20-2, 21-2, 22-3
duplex 9-15, 10-6
enabling 9-27
failover monitoring 7-17
fiber 9-15
IDs 9-26
IP address 11-8, 12-13
MAC addresses
automatically assigning 6-24
manually assigning to interfaces 11-11, 12-15
mapped name 6-21
naming, physical and subinterface 11-8, 12-11, 12-12
redundant 9-28
SFP 9-15
speed 9-15, 10-6
subinterfaces 9-33
turning off 11-17, 12-19
turning on 11-17, 12-19
IOS
upgrading 2-3
IP addresses
classes 49-1
interface 11-8, 12-13
management, transparent firewall 12-8
private 49-2
subnet mask 49-4
IPv6
configuring alongside IPv4 11-2
default route 25-5
dual IP stack 11-2
duplicate address detection 31-2
neighbor discovery 31-1
router advertisement messages 31-3
static neighbors 31-4
static routes 25-5
IPv6 addresses
anycast 49-9
format 49-5
multicast 49-8
prefixes 49-10
required 49-10
types of 49-6
unicast 49-6
IPv6 prefixes 31-12
IPX 2-5
J
Join Group pane
description 30-7
jumbo frames, ASA 5580 9-35
K
Kerberos
configuring 34-15, 36-7, 37-3
L
LACP 9-6
Layer 2 firewall
See transparent firewall
Layer 2 forwarding table
See MAC address table
LDAP
attribute mapping 36-5
configuring 34-15, 36-7, 37-3
directory search 36-3
hierarchy example 36-2
SASL 36-2
user authorization 36-10
licenses
activation key
entering 4-36
location 4-34
obtaining 4-35
ASA 5505 4-3
ASA 5510 4-4, 4-9
ASA 5520 4-5
ASA 5540 4-6
ASA 5550 4-7
ASA 5580 4-8, 4-17
ASA 5585-X 4-16
default 4-24
evaluation 4-24
failover 4-34
guidelines 4-33
managing 4-1
preinstalled 4-24
Product Authorization Key 4-35
shared
backup server, configuring 4-39
backup server, information 4-28
client, configuring 4-39
communication issues 4-28
failover 4-29
maximum clients 4-29
monitoring 4-49
overview 4-27
server, configuring 4-37
SSL messages 4-28
temporary 4-24
viewing current 4-40
VPN Flex 4-24
licensing requirements
logging 44-5
licensing requirements for SNMP 45-17
link up/down test 7-17
local user database
adding a user 33-4
configuring 33-4
logging in 41-22
lockout recovery 41-36
logging
access lists 23-1
classes
filtering messages by 44-4
types 44-4, 44-17
device-id, including in system log messages 44-18
e-mail
source address 44-11
EMBLEM format 44-15
facility option 44-9
filtering
by message class 44-17
by message list 44-5
by severity level 44-1
logging queue, configuring 44-16
output destinations 44-8
console port 44-8, 44-11, 44-12
internal buffer 44-1, 44-7
Telnet or SSH session 44-7
queue
changing the size of 44-16
configuring 44-16
viewing queue statistics 44-20
severity level, changing 44-20
timestamp, including 44-19
logging feature history 44-21
logging queue
configuring 44-16
login
banner, configuring 41-7
console 3-1
enable 3-1
global configuration mode 3-2
local user 41-22
password 13-2
session 3-4
SSH 3-4, 41-5
Telnet 3-4, 13-2
loops, avoiding 2-11
M
MAC address
redundant interfaces 9-5
MAC addresses
ASA 5505 10-4
automatically assigning 6-24
failover 7-20
manually assigning to interfaces 11-11, 12-15
security context classification 6-3
MAC address table
about 5-20
built-in-switch 5-7
entry timeout 5-12
MAC learning, disabling 5-13
resource management 6-18
static entry 5-12
MAC learning, disabling 5-13
management interfaces
default settings 20-2, 21-2, 22-3
management IP address, transparent firewall 12-8
man-in-the-middle attack 5-6
mapped interface name 6-21
mask
reply, ICMP message 49-15
request, ICMP message 49-15
Master Passphrase 13-8
message filtering 44-4
message list
filtering by 44-5
message-of-the-day banner 41-8
messages, logging
classes
about 44-4
list of 44-4
component descriptions 44-3
filtering by message list 44-5
format of 44-3
message list, creating 44-14
severity levels 44-3
messages classes 44-4
messages in EMBLEM format 44-15
metacharacters, regular expression 17-15
mgmt0 interfaces
default settings 20-2, 21-2, 22-3
MIBs 45-3
MIBs for SNMP 45-29
Microsoft Windows CA, supported 40-4
mobile redirection, ICMP message 49-16
mode
context 6-16
firewall 5-1
modular policy framework
configuring flow-export actions for NetFlow 46-6
monitoring
failover 7-16
OSPF 27-65
resource management 6-30
SNMP 45-1
monitoring logging 44-20
monitoring NSEL 46-10
monitoring switch traffic, ASA 5505 10-4
More prompt 48-5
MRoute pane
description 30-5
MSFC
overview 2-2
SVIs 2-5
MTU 11-12, 12-15
multicast traffic 5-5
multiple context mode
logging 44-2
See security contexts
multiple SVIs 2-5
N
naming an interface
other models 11-8, 12-11, 12-12
NAT
disabling proxy ARP for global addresses 24-11
native VLAN support 10-10
neighbor reachable time 31-2
neighbor solicitation messages 31-2
neighrbor advertisement messages 31-2
NetFlow
overview 46-1
NetFlow collector
configuring 46-5
NetFlow event
matching to configured collectors 46-6
NetFlow event logging
disabling 46-9
Network Activity test 7-17
No Payload Encryption 4-32
NSEL and syslog messages
redundant messages 46-2
NSEL configuration examples 46-12
NSEL feature history 46-14
NSEL licensing requirements 46-4
NSEL runtime counters
clearing 46-10
NT server
configuring 34-15, 36-7, 37-3
O
open ports 49-14
OSPF
area authentication 27-19
area MD5 authentication 27-19
area parameters 27-19
authentication key 27-15
authentication support 27-2
configuring authentication 27-16
cost 27-15
dead interval 27-15
defining a static neighbor 27-24, 27-50, 27-51
defining interface properties 27-17
interaction with NAT 27-2
interface parameters 27-14
interface properties 27-16, 27-17
link-state advertisement 27-2
logging neighbor states 27-26
LSAs 27-2
MD5 authentication 27-15
monitoring 27-65
NSSA 27-20
packet pacing 27-66, 27-67
processes 27-2
redistributing routes 27-7
route calculation timers 27-25
route summarization 27-13
OSPF parameters
dead interval 27-18
hello interval 27-18
retransmit interval 27-18
transmit delay 27-18
output destination 44-5
output destinations 44-1, 44-7
e-mail address 44-1, 44-7
SNMP management station 44-1, 44-7
Telnet or SSH session 44-1, 44-7
outside, definition 1-14
oversubscribing resources 6-10
P
packet
capture 43-2
classifier 6-3
packet capture, enabling 43-3
packet flow
routed firewall 5-14
transparent firewall 5-20
paging screen displays 48-5
parameter problem, ICMP message 49-15
passwords
changing 13-3
recovery 13-14
security appliance 13-2
pause frames for flow control 9-26
PKI protocol 40-13
PoE 10-4
pools, address
DHCP 14-5
port-forwarding
enabling 11-7, 12-9
ports
open on device 49-14
TCP and UDP 49-11
power over Ethernet 10-4
primary unit, failover 7-20
private networks 49-2
privileged EXEC mode
accessing 3-4
privileged EXEC mode, accessing 3-1
privileged mode
accessing 3-1
prompt 48-2
Process Instances tab
description 27-6
Product Authorization Key 4-35
prompts
command 48-2
more 48-5
Properties tab 27-17
description 27-17
fields 27-17
protocol numbers and literal values 49-11
Protocol pane (PIM)
description 30-10
proxy ARP, disabling 24-11
public key cryptography 40-2
Q
question mark
command string 48-4
help 48-4
queue, logging
changing the size of 44-16
viewing statistics 44-20
R
RADIUS
attributes 34-3
configuring a server 34-15, 36-7, 37-3
support 34-1
rapid link failure detection 2-11
rate limit 44-20
redirect, ICMP message 49-15
redundant interface
EtherChannel
converting existing interfaces 9-16
redundant interfaces
configuring 9-28
failover 9-13
MAC address 9-5
setting the active interface 9-30
Registration Authority description 40-2
regular expression 17-14
reloading
context 6-27
security appliance 3-29
Request Filter pane
description 30-12
resetting the services module 2-12
resource management
about 6-10
assigning a context 6-22
class 6-17
configuring 6-8
default class 6-9
monitoring 6-30
oversubscribing 6-10
resource types 6-17
unlimited 6-11
resource usage 6-33
revoked certificates 40-2
RFCs for SNMP 45-29
RIP
authentication 29-2
definition of 29-1
enabling 29-4
support for 29-2
RIP panel
limitations 29-3
RIP Version 2 Notes 29-3
routed mode
about 5-1
setting 5-1
route map
definition 26-1
route maps
defining 26-4
uses 26-1
router
advertisement, ICMP message 49-15
solicitation, ICMP message 49-15
router advertisement messages 31-3
router advertisement transmission interval 31-8
router lifetime value 31-9
routes
about default 25-4
configuring default routes 25-4
configuring IPv6 default 25-5
configuring IPv6 static 25-5
configuring static routes 25-3
Route Summarization tab
description 27-6
RSA
keys, generating 39-16, 39-18, 39-20, 39-22, 40-11, 41-4
rules
ICMP 41-10
running configuration
copying 42-25
saving 3-25
S
same security level communication
enabling 11-15, 12-18
SDI
configuring 34-15, 36-7, 37-3
secondary unit, failover 7-20
Secure Copy
configure server 42-14
security appliance
CLI 48-1
connecting to 3-1
managing licenses 4-1
managing the configuration 3-24
reloading 3-29
upgrading software 42-17
viewing files in Flash memory 42-12
security contexts
about 6-1
adding 6-19
admin context
about 6-2
changing 6-26
assigning to a resource class 6-22
cascading 6-6
changing between 6-24
classifier 6-3
command authorization 41-17
configuration
URL, changing 6-26
URL, setting 6-22
logging in 6-7
MAC addresses
automatically assigning 6-24
classifying using 6-3
managing 6-1, 6-25
mapped interface name 6-21
monitoring 6-28
MSFC compatibility 2-3
multiple mode, enabling 6-16
nesting or cascading 6-7
prompt 48-2
reloading 6-27
removing 6-25
resource management 6-10
resource usage 6-33
saving all configurations 3-26
unsupported features 6-14
VLAN allocation 6-21
security level
about 11-1
interface 11-9, 12-11, 12-13
security models for SNMP 45-16
segment size
maximum and minimum 11-10
maximum and minimum, overview 9-8
sending messages to an e-mail address 44-11
sending messages to an SNMP server 44-12
sending messages to ASDM 44-12
sending messages to a specified output destination 44-17
sending messages to a syslog server 44-8
sending messages to a Telnet or SSH session 44-13
sending messages to the console port 44-12
sending messages to the internal log buffer 44-9
session management path 1-17
severity levels, of system log messages
changing 44-1
filtering by 44-1
list of 44-3
severity levels, of system messages
definition 44-3
shared license
backup server, configuring 4-39
backup server, information 4-28
client, configuring 4-39
communication issues 4-28
failover 4-29
maximum clients 4-29
monitoring 4-49
server, configuring 4-37
SSL messages 4-28
show command, filtering output 48-5
single mode
backing up configuration 6-16
configuration 6-16
enabling 6-16
restoring 6-16
Smart Call Home monitoring 47-22
SNMP
about 45-1
failover 45-17
management station 44-1, 44-7
prerequisites 45-17
SNMP configuration 45-18
SNMP groups 45-16
SNMP hosts 45-16
SNMP monitoring 45-26, 45-27
SNMP terminology 45-2
SNMP traps 45-3
SNMP users 45-16
SNMP Version 3 45-15, 45-23
SNMP Versions 1 and 2c 45-22
source quench, ICMP message 49-15
SPAN 10-4
Spanning Tree Protocol, unsupported 10-8
SPAN session 2-6
speed, configuring 9-15, 10-6
SSH
authentication 41-21
concurrent connections 41-2
login 41-5
password 13-2
RSA key 41-4
username 41-5
startup configuration
copying 42-25
saving 3-25
Stateful Failover
about 7-13
state information 7-13
state link 7-4
stateful inspection 1-17
state information 7-13
state link 7-4
static ARP entry 5-10
static bridge entry 5-12
Static Group pane
description 30-7
static routes
configuring 25-3
stealth firewall
See transparent firewall
stuck-in-active 28-2
subcommand mode prompt 48-2
subinterfaces, adding 9-33
subnet masks
/bits 49-3
about 49-2
address range 49-4
determining 49-3
dotted decimal 49-3
number of hosts 49-3
Summary Address pane
description 27-11
SVIs
configuring 2-10
multiple 2-5
overview 2-5
switch
assigning VLANs to module 2-7
autostate messaging 2-11
BPDU forwarding 2-11
configuration 2-1
failover compatibility with transparent firewall 2-11
failover configuration 2-11
trunk for failover 2-11
verifying module installation 2-6
switched virtual interfaces
See SVIs
switch MAC address table 5-7
switch ports
access ports 10-7
protected 10-8, 10-10
SPAN 10-4
trunk ports 10-9
SYN attacks, monitoring 6-34
SYN cookies 6-34
syntax formatting 48-3
syslogd server program 44-5
syslog messages
analyzing 44-2
syslog messaging for SNMP 45-27
syslog server
designating more than one as output destination 44-5
EMBLEM format
configuring 44-15
enabling 44-8, 44-15
system configuration 6-2
system log messages
classes 44-4
classes of 44-4
configuring in groups
by message list 44-5
by severity level 44-1
device ID, including 44-18
disabling logging of 44-1
filtering by message class 44-4
managing in groups
by message class 44-17
output destinations 44-1, 44-7
syslog message server 44-7
Telnet or SSH session 44-7
severity levels
about 44-3
changing the severity level of a message 44-1
timestamp, including 44-19
T
TACACS+
command authorization, configuring 41-33
configuring a server 34-15, 36-7, 37-3
TCP
connection limits per context 6-17
maximum segment size 11-10
maximum segment size, overview 9-8
ports and literal values 49-11
TCP Intercept
monitoring 6-34
TCP MSS
overview 9-8
Telnet
allowing management access 41-1
authentication 41-21
concurrent connections 41-2
login 41-3
password 13-2
template timeout intervals
configuring for flow-export actions 46-7
temporary license 4-24
time exceeded, ICMP message 49-15
time ranges, access lists 19-2
timestamp, including in system log messages 44-19
timestamp reply, ICMP message 49-15
timestamp request, ICMP message 49-15
traffic flow
routed firewall 5-14
transparent firewall 5-20
transparent firewall
about 5-2
ARP inspection
about 5-6
enabling 5-11
static entry 5-10
data flow 5-20
guidelines 5-8
H.323 guidelines 5-6
HSRP 5-5
MAC address timeout 5-12
MAC learning, disabling 5-13
management IP address 12-8
multicast traffic 5-5
static bridge entry 5-12
unsupported features 5-9
VRRP 5-5
troubleshooting SNMP 45-24
trunk, 802.1Q 9-33
trunk ports 10-9
Trusted Flow Acceleration
modes 5-8
trustpoint 40-3
U
UDP
connection limits per context 6-17
connection state information 1-17
ports and literal values 49-11
unprivileged mode
accessing 3-4
unreachable, ICMP message 49-15
unreachable messages
required for MTU discovery 41-10
upgrading
IOS 2-3
URLs
context configuration, changing 6-26
context configuration, setting 6-22
user EXEC mode
accessing 3-1
prompt 48-2
username
adding 33-4
encrypted 33-4
password 33-4
users
SNMP 45-16
using clustering 44-5, 46-3
V
VeriSign, configuring CAs example 40-4
viewing RMS 42-42
virtual firewalls
See security contexts
Virtual Link
description 27-28
virtual reassembly 1-15
VLANs 9-33
802.1Q trunk 9-33
allocating to a context 6-21
ASA 5505
MAC addresses 10-4
maximum 10-2
assigning to FWSM 2-7
interfaces 2-7
mapped interface name 6-21
subinterfaces 9-33
VPN
address range, subnets 49-4
VPN flex license 4-24
VRRP 5-5
W
WCCP 16-1
web caching 16-1
X
XOFF frames 9-26
Index
Symbols
?
command string 48-4
help 48-4
/bits subnet masks 49-3
Numerics
4GE SSM
connector types 9-15
fiber 9-15
SFP 9-15
802.1Q tagging 10-9
802.1Q trunk 9-33
A
AAA
about 32-1, 33-1, 34-1, 35-1, 37-1
authentication
CLI access 41-20
privileged EXEC mode 41-21
authorization
command 41-27
server 44-4
adding 34-15, 36-7, 37-3, 37-4
types 32-1
support summary 32-3
abbreviating commands 48-3
ABR
definition of 27-2
Access Group pane
description 30-8
access lists
about 18-1
ACE logging, configuring 23-1
deny flows, managing 23-5
implicit deny 18-3
IP address guidelines 18-3
logging 23-1
NAT guidelines 18-3
remarks 19-9
scheduling activation 19-2
types 18-1
access ports 10-7
ACEs
See access lists
activation key
entering 4-36
location 4-34
obtaining 4-35
Active/Active failover
about 7-22
actions 7-23
configuring
asymmetric routing support 7-39
failover group preemption 7-37
duplicate MAC addresses, avoiding 7-8
primary status 7-22
secondary status 7-22
Active/Standby failover
about 7-20
actions 7-20
command replication 7-19
configuration synchronization 7-18
device initialization 7-18
primary unit 7-20
secondary unit 7-20
Adaptive Security Algorithm 1-17
Add/Edit Access Group dialog box
description 30-8
Add/Edit Filtering Entry dialog box
description 27-27
Add/Edit IGMP Join Group dialog box
description 30-7
Add/Edit OSPF Area dialog box 27-19
description 27-19
Add/Edit OSPF Neighbor Entry dialog box 27-24, 27-50, 27-51
description 27-25, 27-51
Add/Edit Summary Address dialog box
description 27-13, 27-19
Add/Edit Virtual Link dialog box
description 27-28
admin context
about 6-2
changing 6-26
administrative access
using ICMP for 41-11
administrative distance 25-3, 25-5
Advanced OSPF Interface Properties dialog box 27-18
Advanced OSPF Virtual Link Properties dialog box
description 27-28
AIP SSM
port-forwarding
enabling 11-7, 12-9
alternate address, ICMP message 49-15
analyzing syslog messages 44-2
application inspection
security level requirements 11-2, 12-2
Area/Networks tab
description 27-6
area border router 27-2
ARP inspection
about 5-6
enabling 5-11
static entry 5-10
ARP spoofing 5-6
ARP test, failover 7-17
ASA (Adaptive Security Algorithm) 1-17
ASA 5505
Base license 10-2
MAC addresses 10-4
maximum VLANs 10-2
native VLAN support 10-10
non-forwarding interface 10-7
power over Ethernet 10-4
protected switch ports 10-8, 10-10
Security Plus license 10-2
SPAN 10-4
Spanning Tree Protocol, unsupported 10-8
ASA 5550 throughput 11-7, 12-10
ASBR
definition of 27-2
ASDM software
allowing access 41-6
installing 42-17
ASR 7-39
ASR groups 7-39
asymmetric routing support 7-39
attributes
RADIUS 34-3
attribute-value pairs
TACACS+ 35-1
authentication
about 32-1
CLI access 41-20
privileged EXEC mode 41-21
Authentication tab
description 27-16
authorization
about 32-2
command 41-27
Auto-MDI/MDIX 9-2, 10-4
autostate messaging 2-11
Auto-Update, configuring 42-36
B
Baltimore Technologies, CA server support 40-4
bits subnet masks 49-3
BPDUs
forwarding on the switch 2-11
bridge
entry timeout 5-12
table, See MAC address table
broadcast Ping test 7-17
building blocks 17-1
bypassing the firewall, in the switch 2-5
C
CA
CRs and 40-2
public key cryptography 40-2
revoked certificates 40-2
supported servers 40-4
capturing packets 43-2
CA server
Digicert 40-4
Geotrust 40-4
Godaddy 40-4
iPlanet 40-4
Netscape 40-4
RSA Keon 40-4
Thawte 40-4
Catalyst 6500
See switch
certificate
enrollment protocol 40-13
Certificate Revocation Lists
See CRLs
change query interval 30-9
change query response time 30-9
change query timeout value 30-9
changing between contexts 6-24
changing the severity level 44-19
Cisco 14-7
Cisco 7600
See switch
Cisco IOS CS CA
server support 40-4
Cisco IP Phones
DHCP 14-7
Class A, B, and C addresses 49-1
classes, logging
filtering messages by 44-17
message class variables 44-4
types 44-4
classes, resource
See resource management
class map
regular expression 17-17
CLI
abbreviating commands 48-3
adding comments 48-6
command line editing 48-3
command output paging 48-5
displaying 48-5
help 48-4
paging 48-5
syntax formatting 48-3
clustering
ASDM connection certificate IP address mismatch 8-12
backup owner 8-10
cabling 8-33
cluster control link
configuring 8-43, 8-49
failure 8-9
MTU 8-45
overview 8-7
redundancy 8-8
size 8-7
configuration
examples 8-63
replication 8-11
connection
new, ownership 8-19
rebalancing 8-47
console replication 8-48
context mode 8-28
data path connection state replication 8-10
device-local EtherChannels, configuring on switch 8-30
executing a command cluster-wide 8-58
failover 8-28
feature history 8-78
features
centralized 8-21
individual units 8-22
NAT 8-24
SNMP 8-26
syslog and netflow 8-26
unsupported 8-20
VPN 8-26
guidelines and limitations 8-28
high availability 8-9
individual cluster interfaces, configuring 8-36
interface monitoring 8-9
IPv6 8-28
key 8-46, 8-52
licensing 8-27
management
interface, configuring 8-36
interface, overview 8-11
network 8-11
overview 8-11
master unit
changing 8-57
election 8-3
maximum members 8-27
member requirements 8-3
model support 8-28
monitoring 8-59
overview
bootstrap configuration 8-3
cluster control link 8-7
Equal-Cost Multi-Path Routing 8-16
interfaces 8-4
load balancing 8-13
management 8-11
master unit 8-3
Policy-Based Routing 8-15
spanned EtherChannel 8-13
performance scaling factor 8-2
prerequisites 8-27
rebalancing new connections 8-20
removing a member 8-55
RSA key replication 8-12
software requirements 8-3
spanned EtherChannel
benefits 8-13
configuring 8-38
load balancing 8-14
maximum throughput 8-13
overview 8-13
redundancy 8-14
VSS or vPC 8-14
spanning-tree portfast 8-28
unit failure 8-9
unit health monitoring 8-9
upgrading software 8-3
command authorization
about 41-16
configuring 41-27
multiple contexts 41-17
command prompts 48-2
comments
configuration 48-6
configuration
clearing 3-27
comments 48-6
factory default
commands 3-18
restoring 3-19
saving 3-25
switch 2-1
text file 3-28
URL for a context 6-22
viewing 3-27
configuration examples
logging 44-21
configuration examples for SNMP 45-28
configuration mode
accessing 3-2, 3-4
prompt 48-2
connection limits
per context 6-17
console port logging 44-12
context mode 28-3
context modes 25-2, 26-3, 27-3, 29-3, 30-3
contexts
See security contexts
conversion error, ICMP message 49-16
Coredump 43-6
crash dump 43-6
creating a custom event list 44-14
custom messages list
logging output destination 44-5
D
data flow
routed firewall 5-14
transparent firewall 5-20
date and time in messages 44-19
DDNS 15-2
debug messages 43-1
default
class 6-9
routes, defining equal cost routes 25-4
default configuration
commands 3-18
restoring 3-19
default routes
about 25-4
configuring 25-4
delay sending flow-create events
flow-create events
delay sending 46-9
deleting files from Flash 42-12
deny flows, logging 23-5
device ID, including in messages 44-18
device ID in messages 44-18
DHCP
Cisco IP Phones 14-7
options 14-6
relay 14-8
server 14-5
DHCP Relay panel 15-9
DHCP services 13-8
directory hierarchy search 36-3
disabling messages 44-19
disabling messages, specific message IDs 44-19
DMZ, definition 1-14
DNS
server, configuring 13-13
domain name 13-4
dotted decimal subnet masks 49-3
dual IP stack, configuring 11-2
dual-ISP support 25-6
duplex, configuring 9-15, 10-6
E
echo reply, ICMP message 49-15
ECMP 25-3
editing command lines 48-3
Edit OSPF Interface Authentication dialog box 27-16
description 27-16
Edit OSPF Interface Properties dialog box 27-17
EIGRP
DUAL algorithm 28-2
hello interval 28-15
hello packets 28-1
hold time 28-2, 28-15
neighbor discovery 28-1
stub routing 28-4
stuck-in-active 28-2
enable command 3-1
enabling logging 44-7
enabling secure logging 44-17
Entrust, CA server support 40-4
established command, security level requirements 11-2, 12-2
EtherChannel
adding interfaces 9-30
channel group 9-30
compatibility 9-5
converting existing interfaces 9-16
example 9-37
failover 9-13
guidelines 9-13
interface requirements 9-5
LACP 9-6
load balancing
configuring 9-32
overview 9-7
MAC address 9-8
management interface 9-30
maximum interfaces 9-32
minimum interfaces 9-32
mode
active 9-7
on 9-7
passive 9-7
monitoring 9-36
overview 9-5
port priority 9-30
system priority 9-32
Ethernet
Auto-MDI/MDIX 9-2, 10-4
duplex 9-15, 10-6
jumbo frames, ASA 5580 9-35
MTU 11-12, 12-15
speed 9-15, 10-6
evaluation license 4-24
exporting NetFlow records 46-5
extended ACLs
configuring
for management traffic 19-4
F
facility, syslog 44-9
factory default configuration
commands 3-18
restoring 3-19
failover
about 7-1
Active/Active, See Active/Active failover
Active/Standby, See Active/Standby failover
configuration file
terminal messages, Active/Standby 7-18
contexts 7-20
debug messages 7-48
disabling 7-43
Ethernet failover cable 7-4
failover link 7-3
forcing 7-42
guidelines 45-17
health monitoring 7-16
interface health 7-17
interface monitoring 7-17
interface tests 7-17
link communications 7-3
MAC addresses
about 7-20
automatically assigning 6-12
module placement
inter-chassis 7-9
intra-chassis 7-8
monitoring, health 7-16
network tests 7-17
primary unit 7-20
redundant interfaces 9-13
restoring a failed group 7-44
restoring a failed unit 7-44
secondary unit 7-20
SNMP syslog traps 7-48
Stateful Failover, See Stateful Failover
state link 7-4
switch configuration 2-11
system log messages 7-48
system requirements 7-2
testing 7-44
trunk 2-11
unit health 7-16
fast path 1-18
fiber interfaces 9-15
Fibre Channel interfaces
default settings 20-2, 21-2, 22-3
filtering
security level requirements 11-2, 12-2
show command output 48-5
filtering messages 44-4
Filtering pane
description 27-27
firewall mode
about 5-1
configuring 5-1
Flash memory
removing files 42-12
flash memory available for logs 44-16
flow control for 10 Gigabit Ethernet 9-26
flow-export actions 46-4
format of messages 44-3
fragment protection 1-15
G
generating RSA keys 39-16, 39-18, 39-20, 39-22, 40-11
groups
SNMP 45-16
H
H.323
transparent firewall guidelines 5-6
help, command line 48-4
high availability
about 7-1
host
SNMP 45-16
hostname
configuring 13-3
in banners 13-3
multiple context mode 13-3
hosts, subnet masks for 49-3
HSRP 5-5
HTTP(S)
authentication 41-21
HTTPS/Telnet/SSH
allowing network or host access to ASDM 41-1
I
ICMP
rules for access to ADSM 41-11
type numbers 49-15
implementing SNMP 45-16
information reply, ICMP message 49-15
information request, ICMP message 49-15
inside, definition 1-14
installation
module verification 2-6
interface
MTU 11-12, 12-15
Interface pane 27-16
interfaces
ASA 5505
enabled status 10-7
MAC addresses 10-4
maximum VLANs 10-2
non-forwarding 10-7
protected switch ports 10-8, 10-10
switch port configuration 10-7
trunk ports 10-9
ASA 5550 throughput 11-7, 12-10
default settings 20-2, 21-2, 22-3
duplex 9-15, 10-6
enabling 9-27
failover monitoring 7-17
fiber 9-15
IDs 9-26
IP address 11-8, 12-13
MAC addresses
automatically assigning 6-24
manually assigning to interfaces 11-11, 12-15
mapped name 6-21
naming, physical and subinterface 11-8, 12-11, 12-12
redundant 9-28
SFP 9-15
speed 9-15, 10-6
subinterfaces 9-33
turning off 11-17, 12-19
turning on 11-17, 12-19
IOS
upgrading 2-3
IP addresses
classes 49-1
interface 11-8, 12-13
management, transparent firewall 12-8
private 49-2
subnet mask 49-4
IPv6
configuring alongside IPv4 11-2
default route 25-5
dual IP stack 11-2
duplicate address detection 31-2
neighbor discovery 31-1
router advertisement messages 31-3
static neighbors 31-4
static routes 25-5
IPv6 addresses
anycast 49-9
format 49-5
multicast 49-8
prefixes 49-10
required 49-10
types of 49-6
unicast 49-6
IPv6 prefixes 31-12
IPX 2-5
J
Join Group pane
description 30-7
jumbo frames, ASA 5580 9-35
K
Kerberos
configuring 34-15, 36-7, 37-3
L
LACP 9-6
Layer 2 firewall
See transparent firewall
Layer 2 forwarding table
See MAC address table
LDAP
attribute mapping 36-5
configuring 34-15, 36-7, 37-3
directory search 36-3
hierarchy example 36-2
SASL 36-2
user authorization 36-10
licenses
activation key
entering 4-36
location 4-34
obtaining 4-35
ASA 5505 4-3
ASA 5510 4-4, 4-9
ASA 5520 4-5
ASA 5540 4-6
ASA 5550 4-7
ASA 5580 4-8, 4-17
ASA 5585-X 4-16
default 4-24
evaluation 4-24
failover 4-34
guidelines 4-33
managing 4-1
preinstalled 4-24
Product Authorization Key 4-35
shared
backup server, configuring 4-39
backup server, information 4-28
client, configuring 4-39
communication issues 4-28
failover 4-29
maximum clients 4-29
monitoring 4-49
overview 4-27
server, configuring 4-37
SSL messages 4-28
temporary 4-24
viewing current 4-40
VPN Flex 4-24
licensing requirements
logging 44-5
licensing requirements for SNMP 45-17
link up/down test 7-17
local user database
adding a user 33-4
configuring 33-4
logging in 41-22
lockout recovery 41-36
logging
access lists 23-1
classes
filtering messages by 44-4
types 44-4, 44-17
device-id, including in system log messages 44-18
e-mail
source address 44-11
EMBLEM format 44-15
facility option 44-9
filtering
by message class 44-17
by message list 44-5
by severity level 44-1
logging queue, configuring 44-16
output destinations 44-8
console port 44-8, 44-11, 44-12
internal buffer 44-1, 44-7
Telnet or SSH session 44-7
queue
changing the size of 44-16
configuring 44-16
viewing queue statistics 44-20
severity level, changing 44-20
timestamp, including 44-19
logging feature history 44-21
logging queue
configuring 44-16
login
banner, configuring 41-7
console 3-1
enable 3-1
global configuration mode 3-2
local user 41-22
password 13-2
session 3-4
SSH 3-4, 41-5
Telnet 3-4, 13-2
loops, avoiding 2-11
M
MAC address
redundant interfaces 9-5
MAC addresses
ASA 5505 10-4
automatically assigning 6-24
failover 7-20
manually assigning to interfaces 11-11, 12-15
security context classification 6-3
MAC address table
about 5-20
built-in-switch 5-7
entry timeout 5-12
MAC learning, disabling 5-13
resource management 6-18
static entry 5-12
MAC learning, disabling 5-13
management interfaces
default settings 20-2, 21-2, 22-3
management IP address, transparent firewall 12-8
man-in-the-middle attack 5-6
mapped interface name 6-21
mask
reply, ICMP message 49-15
request, ICMP message 49-15
Master Passphrase 13-8
message filtering 44-4
message list
filtering by 44-5
message-of-the-day banner 41-8
messages, logging
classes
about 44-4
list of 44-4
component descriptions 44-3
filtering by message list 44-5
format of 44-3
message list, creating 44-14
severity levels 44-3
messages classes 44-4
messages in EMBLEM format 44-15
metacharacters, regular expression 17-15
mgmt0 interfaces
default settings 20-2, 21-2, 22-3
MIBs 45-3
MIBs for SNMP 45-29
Microsoft Windows CA, supported 40-4
mobile redirection, ICMP message 49-16
mode
context 6-16
firewall 5-1
modular policy framework
configuring flow-export actions for NetFlow 46-6
monitoring
failover 7-16
OSPF 27-65
resource management 6-30
SNMP 45-1
monitoring logging 44-20
monitoring NSEL 46-10
monitoring switch traffic, ASA 5505 10-4
More prompt 48-5
MRoute pane
description 30-5
MSFC
overview 2-2
SVIs 2-5
MTU 11-12, 12-15
multicast traffic 5-5
multiple context mode
logging 44-2
See security contexts
multiple SVIs 2-5
N
naming an interface
other models 11-8, 12-11, 12-12
NAT
disabling proxy ARP for global addresses 24-11
native VLAN support 10-10
neighbor reachable time 31-2
neighbor solicitation messages 31-2
neighrbor advertisement messages 31-2
NetFlow
overview 46-1
NetFlow collector
configuring 46-5
NetFlow event
matching to configured collectors 46-6
NetFlow event logging
disabling 46-9
Network Activity test 7-17
No Payload Encryption 4-32
NSEL and syslog messages
redundant messages 46-2
NSEL configuration examples 46-12
NSEL feature history 46-14
NSEL licensing requirements 46-4
NSEL runtime counters
clearing 46-10
NT server
configuring 34-15, 36-7, 37-3
O
open ports 49-14
OSPF
area authentication 27-19
area MD5 authentication 27-19
area parameters 27-19
authentication key 27-15
authentication support 27-2
configuring authentication 27-16
cost 27-15
dead interval 27-15
defining a static neighbor 27-24, 27-50, 27-51
defining interface properties 27-17
interaction with NAT 27-2
interface parameters 27-14
interface properties 27-16, 27-17
link-state advertisement 27-2
logging neighbor states 27-26
LSAs 27-2
MD5 authentication 27-15
monitoring 27-65
NSSA 27-20
packet pacing 27-66, 27-67
processes 27-2
redistributing routes 27-7
route calculation timers 27-25
route summarization 27-13
OSPF parameters
dead interval 27-18
hello interval 27-18
retransmit interval 27-18
transmit delay 27-18
output destination 44-5
output destinations 44-1, 44-7
e-mail address 44-1, 44-7
SNMP management station 44-1, 44-7
Telnet or SSH session 44-1, 44-7
outside, definition 1-14
oversubscribing resources 6-10
P
packet
capture 43-2
classifier 6-3
packet capture, enabling 43-3
packet flow
routed firewall 5-14
transparent firewall 5-20
paging screen displays 48-5
parameter problem, ICMP message 49-15
passwords
changing 13-3
recovery 13-14
security appliance 13-2
pause frames for flow control 9-26
PKI protocol 40-13
PoE 10-4
pools, address
DHCP 14-5
port-forwarding
enabling 11-7, 12-9
ports
open on device 49-14
TCP and UDP 49-11
power over Ethernet 10-4
primary unit, failover 7-20
private networks 49-2
privileged EXEC mode
accessing 3-4
privileged EXEC mode, accessing 3-1
privileged mode
accessing 3-1
prompt 48-2
Process Instances tab
description 27-6
Product Authorization Key 4-35
prompts
command 48-2
more 48-5
Properties tab 27-17
description 27-17
fields 27-17
protocol numbers and literal values 49-11
Protocol pane (PIM)
description 30-10
proxy ARP, disabling 24-11
public key cryptography 40-2
Q
question mark
command string 48-4
help 48-4
queue, logging
changing the size of 44-16
viewing statistics 44-20
R
RADIUS
attributes 34-3
configuring a server 34-15, 36-7, 37-3
support 34-1
rapid link failure detection 2-11
rate limit 44-20
redirect, ICMP message 49-15
redundant interface
EtherChannel
converting existing interfaces 9-16
redundant interfaces
configuring 9-28
failover 9-13
MAC address 9-5
setting the active interface 9-30
Registration Authority description 40-2
regular expression 17-14
reloading
context 6-27
security appliance 3-29
Request Filter pane
description 30-12
resetting the services module 2-12
resource management
about 6-10
assigning a context 6-22
class 6-17
configuring 6-8
default class 6-9
monitoring 6-30
oversubscribing 6-10
resource types 6-17
unlimited 6-11
resource usage 6-33
revoked certificates 40-2
RFCs for SNMP 45-29
RIP
authentication 29-2
definition of 29-1
enabling 29-4
support for 29-2
RIP panel
limitations 29-3
RIP Version 2 Notes 29-3
routed mode
about 5-1
setting 5-1
route map
definition 26-1
route maps
defining 26-4
uses 26-1
router
advertisement, ICMP message 49-15
solicitation, ICMP message 49-15
router advertisement messages 31-3
router advertisement transmission interval 31-8
router lifetime value 31-9
routes
about default 25-4
configuring default routes 25-4
configuring IPv6 default 25-5
configuring IPv6 static 25-5
configuring static routes 25-3
Route Summarization tab
description 27-6
RSA
keys, generating 39-16, 39-18, 39-20, 39-22, 40-11, 41-4
rules
ICMP 41-10
running configuration
copying 42-25
saving 3-25
S
same security level communication
enabling 11-15, 12-18
SDI
configuring 34-15, 36-7, 37-3
secondary unit, failover 7-20
Secure Copy
configure server 42-14
security appliance
CLI 48-1
connecting to 3-1
managing licenses 4-1
managing the configuration 3-24
reloading 3-29
upgrading software 42-17
viewing files in Flash memory 42-12
security contexts
about 6-1
adding 6-19
admin context
about 6-2
changing 6-26
assigning to a resource class 6-22
cascading 6-6
changing between 6-24
classifier 6-3
command authorization 41-17
configuration
URL, changing 6-26
URL, setting 6-22
logging in 6-7
MAC addresses
automatically assigning 6-24
classifying using 6-3
managing 6-1, 6-25
mapped interface name 6-21
monitoring 6-28
MSFC compatibility 2-3
multiple mode, enabling 6-16
nesting or cascading 6-7
prompt 48-2
reloading 6-27
removing 6-25
resource management 6-10
resource usage 6-33
saving all configurations 3-26
unsupported features 6-14
VLAN allocation 6-21
security level
about 11-1
interface 11-9, 12-11, 12-13
security models for SNMP 45-16
segment size
maximum and minimum 11-10
maximum and minimum, overview 9-8
sending messages to an e-mail address 44-11
sending messages to an SNMP server 44-12
sending messages to ASDM 44-12
sending messages to a specified output destination 44-17
sending messages to a syslog server 44-8
sending messages to a Telnet or SSH session 44-13
sending messages to the console port 44-12
sending messages to the internal log buffer 44-9
session management path 1-17
severity levels, of system log messages
changing 44-1
filtering by 44-1
list of 44-3
severity levels, of system messages
definition 44-3
shared license
backup server, configuring 4-39
backup server, information 4-28
client, configuring 4-39
communication issues 4-28
failover 4-29
maximum clients 4-29
monitoring 4-49
server, configuring 4-37
SSL messages 4-28
show command, filtering output 48-5
single mode
backing up configuration 6-16
configuration 6-16
enabling 6-16
restoring 6-16
Smart Call Home monitoring 47-22
SNMP
about 45-1
failover 45-17
management station 44-1, 44-7
prerequisites 45-17
SNMP configuration 45-18
SNMP groups 45-16
SNMP hosts 45-16
SNMP monitoring 45-26, 45-27
SNMP terminology 45-2
SNMP traps 45-3
SNMP users 45-16
SNMP Version 3 45-15, 45-23
SNMP Versions 1 and 2c 45-22
source quench, ICMP message 49-15
SPAN 10-4
Spanning Tree Protocol, unsupported 10-8
SPAN session 2-6
speed, configuring 9-15, 10-6
SSH
authentication 41-21
concurrent connections 41-2
login 41-5
password 13-2
RSA key 41-4
username 41-5
startup configuration
copying 42-25
saving 3-25
Stateful Failover
about 7-13
state information 7-13
state link 7-4
stateful inspection 1-17
state information 7-13
state link 7-4
static ARP entry 5-10
static bridge entry 5-12
Static Group pane
description 30-7
static routes
configuring 25-3
stealth firewall
See transparent firewall
stuck-in-active 28-2
subcommand mode prompt 48-2
subinterfaces, adding 9-33
subnet masks
/bits 49-3
about 49-2
address range 49-4
determining 49-3
dotted decimal 49-3
number of hosts 49-3
Summary Address pane
description 27-11
SVIs
configuring 2-10
multiple 2-5
overview 2-5
switch
assigning VLANs to module 2-7
autostate messaging 2-11
BPDU forwarding 2-11
configuration 2-1
failover compatibility with transparent firewall 2-11
failover configuration 2-11
trunk for failover 2-11
verifying module installation 2-6
switched virtual interfaces
See SVIs
switch MAC address table 5-7
switch ports
access ports 10-7
protected 10-8, 10-10
SPAN 10-4
trunk ports 10-9
SYN attacks, monitoring 6-34
SYN cookies 6-34
syntax formatting 48-3
syslogd server program 44-5
syslog messages
analyzing 44-2
syslog messaging for SNMP 45-27
syslog server
designating more than one as output destination 44-5
EMBLEM format
configuring 44-15
enabling 44-8, 44-15
system configuration 6-2
system log messages
classes 44-4
classes of 44-4
configuring in groups
by message list 44-5
by severity level 44-1
device ID, including 44-18
disabling logging of 44-1
filtering by message class 44-4
managing in groups
by message class 44-17
output destinations 44-1, 44-7
syslog message server 44-7
Telnet or SSH session 44-7
severity levels
about 44-3
changing the severity level of a message 44-1
timestamp, including 44-19
T
TACACS+
command authorization, configuring 41-33
configuring a server 34-15, 36-7, 37-3
TCP
connection limits per context 6-17
maximum segment size 11-10
maximum segment size, overview 9-8
ports and literal values 49-11
TCP Intercept
monitoring 6-34
TCP MSS
overview 9-8
Telnet
allowing management access 41-1
authentication 41-21
concurrent connections 41-2
login 41-3
password 13-2
template timeout intervals
configuring for flow-export actions 46-7
temporary license 4-24
time exceeded, ICMP message 49-15
time ranges, access lists 19-2
timestamp, including in system log messages 44-19
timestamp reply, ICMP message 49-15
timestamp request, ICMP message 49-15
traffic flow
routed firewall 5-14
transparent firewall 5-20
transparent firewall
about 5-2
ARP inspection
about 5-6
enabling 5-11
static entry 5-10
data flow 5-20
guidelines 5-8
H.323 guidelines 5-6
HSRP 5-5
MAC address timeout 5-12
MAC learning, disabling 5-13
management IP address 12-8
multicast traffic 5-5
static bridge entry 5-12
unsupported features 5-9
VRRP 5-5
troubleshooting SNMP 45-24
trunk, 802.1Q 9-33
trunk ports 10-9
Trusted Flow Acceleration
modes 5-8
trustpoint 40-3
U
UDP
connection limits per context 6-17
connection state information 1-17
ports and literal values 49-11
unprivileged mode
accessing 3-4
unreachable, ICMP message 49-15
unreachable messages
required for MTU discovery 41-10
upgrading
IOS 2-3
URLs
context configuration, changing 6-26
context configuration, setting 6-22
user EXEC mode
accessing 3-1
prompt 48-2
username
adding 33-4
encrypted 33-4
password 33-4
users
SNMP 45-16
using clustering 44-5, 46-3
V
VeriSign, configuring CAs example 40-4
viewing RMS 42-42
virtual firewalls
See security contexts
Virtual Link
description 27-28
virtual reassembly 1-15
VLANs 9-33
802.1Q trunk 9-33
allocating to a context 6-21
ASA 5505
MAC addresses 10-4
maximum 10-2
assigning to FWSM 2-7
interfaces 2-7
mapped interface name 6-21
subinterfaces 9-33
VPN
address range, subnets 49-4
VPN flex license 4-24
VRRP 5-5
W
WCCP 16-1
web caching 16-1
X
XOFF frames 9-26