Index

Symbols & Numerics

# (pound sign), 29

(*,G) multicast flows, 131

? (question mark), context-based help, 31

4GE (4-port Gigabit Ethernet) SSM, 725

A

AAA, configuring

command accounting, 286287

command authorization, 283285

AAA servers, user management, 272280

administrative users, 280287

end-user cut-through proxy, 287301

abbreviating

commands, 30

contiguous 0s on IPv6 addresses, 61

ABRs (Area Border Routers), 101

absolute uauth timer, 9

access control, 323

accessing

ASA Flash memory partitions, 194195

firewall user interface

with console connection, 232233

with PDM/ASDM, 238242

with SSH session, 235, 237

with Telnet, 234

FWSM on Catalyst 6500 switch, 28

specific privilege levels, 263

accounting

local user activity, 272

of generic users on Cisco firewalls, 263264

ACEs (access control entries)

adding to ACLs, 353355

logging activity, 379380

removing from ACLs, 358359

time range, applying, 360362

time-based, 356

ACLs (access control lists)

ACEs

adding, 353

logging activity, 379380

removing, 358359

time range, applying, 360362

time-based, 356

applying

to lower-security interfaces, 351

to outbound direction, 8

compiling, 352

configuring, 348349, 353

descriptions, adding, 359360

downloadable, verifying, 299

examples of, 362363

extended, 356357

hit counters, resetting, 382

hit counts, displaying, 707708

logging activity, 617619

manipulating, 357358

monitoring, 380382

object groups, 352

applying, 373379

defining, 363373

enhanced service object groups, defining, 370373

ICMP type, defining, 367369

network object groups, defining, 364365

protocol object groups, defining, 365367

service object groups, defining, 369370

recompiling, 353

renaming, 359

verifying firewall connectivity, 705707

wildcards, specifying, 355

activating debug packet sessions, 690691

activation keys

unlocking firewall features, 39

upgrading, 4041

active firewall process, checking, 629632

active shuns, verifying connectivity, 718720

active-active failover pair, 474477

configuration example, 501508

requirements, 482484

active-standby failover pair, 474475

configuration example, 498501

manually upgrading, 520524

AD (Anomaly Detection) policies, configuring on AIP SSM, 778780

adding

ACEs to ACLs, 354355

descriptions to ACLs, 359360

address spoofing on outside interface, 56

address translation, 323

conn entries, 326

connection limits, configuring, 328330

dynamic NAT, configuring, 341346

dynamic PAT, configuring, 342346

embryonic connections, limiting, 330331

identity NAT, configuring, 338340

inbound access, defining, 324

NAT exemption, 327

configuring, 340341

outbound access, defining, 323324

outside NAT, 328

PAT, 326

policy NAT, configuring, 335338

same-security access, 324325

static NAT, 326, 331334

types of supported on Cisco firewalls, 326327

verifying, 709714

xlate entries, 325

xlate table entries

clearing, 717

table timeout values, adjusting, 717718

addressing, multicast, 127

adjacency logging (OSPF), disabling, 106

adjusting

fragment cache size, 72

interface MTU, 7071

resource limits to security contexts, 186

terminal screen width, 34

xlate table timeout values, 717718

admin context, 169, 173175

administration of ASA Flash memory, 196200

administrative context, 158

administrative distance, 8384

administrative sessions, monitoring, 244245

administrative users, 261

managing with AAA servers, 280287

administratively scoped addresses, 127, 142

advertising default routes, 96

AIP (Advanced Inspection and Prevention) SSM, 725

configuring, 769772

IPS policies, configuring, 777780

IPS sensors, configuring, 780781

IPS virtual sensors, configuring, 781785

license, updating, 773774

managing, 773

signature database file, updating, 774776

alerts (syslog), 799802

alias keyword, 319

allocating

firewall resources to contexts, 185191

resources in multiple-context mode, 185186

analyzing firewall logs, 619623

application inspection, 423, 426

configuring, 426432

DCERPC inspection, configuring, 437438

DNS inspection, configuring, 438440

ESMTP inspection, configuring, 441443

FTP inspection, configuring, 443446

GTP inspection, configuring, 446448

H.323 inspection, configuring, 449451

HTTP inspection, configuring, 452460

ICMP inspection, configuring, 460462

IM inspection, configuring, 462, 464

IPSec Passthru inspection, configuring, 465

matching text with regular expressions, 433437

MGCP inspection, configuring, 465, 467

MGCP map, configuring, 467

NetBIOS inspection, configuring, 468

RADIUS accounting inspection, configuring, 468469

SNMP accounting inspection, configuring, 470471

application partition passwords, resetting, 308

applications

for optimizing Syslog servers, 590591

logging analysis, 620

applying

ACLs to lower-security interfaces, 351

object groups to access lists, 373379

policy maps to interface, 406420

default policies, 421423

time ranges to ACEs, 360362

area 0, 107

areas (OSPF), subnet notation, 107

ARP (Address Resolution Protocol)

configuring, 6869

static entries, clearing, 319

ARP cache, clearing, 69

arp command, alias keyword, 319

ARP inspection, 314

configuring, 320

arp timeout command, 699

arrow keys, recalling commands, 32

ASA (Adaptive Security Algorithm), 4

ASA (Adaptive Security Appliance)

4GE SSM, 725

AIP SSM, 725, 769780

classifiers, 166

configuring as Auto Update Server, 228232

CSC SSM, 725

automatic updates, configuring, 741743

configuring, 729738

connecting to management interface, 740741

inspection policy configuration, 744769

repairing initial configuration, 738740

failover pair capabilities, 39

Flash memory

administration, 194200

partitions, accessing, 194195

MAC address allocation, 165

Packet Tracer feature, verifying firewall connectivity, 692694

Passwords, recovering, 302305

SSM modules, initial configuration, 726729

traceroute, performing, 703705

ASA 7.2, WCCPv2, 396397

ASA 7.3, configuring redundant interfaces, 4849

ASA 8.0, configuring EIGRP, 97101

ASBRs (Autonomous System Boundary Routers), 101

ASDM (Adaptive Security Device Manager)

accessing firewall user interface, 238242

ACL hit counts, displaying, 707708

firewall throughput, checking, 638639

image file, copying into Flash memory, 238239

packet capture sessions, configuring with Packet Capture Wizard, 683685

assigning

IP address to interfaces, 5458

privilege levels

to commands, 268271

to users, 265

security level to interfaces, 54

unique MAC addresses to ASA physical addresses, 167168

VLAN number to logical interface, 5253

attributes of trunk links, 46

audit trails, generating, 245

AUS (Automatic Upgrade Server), automatically upgrading failover pair, 524

authentication

of generic users on Cisco firewalls, 262263

of local users, 265267

uauth, absolute uauth timer, 9

authorization, local user configuration, 268272

authorizing

firewall command access, 267272

user activity with TACACS+ servers, 291293

Auto Update client

configuring firewall as, 221227

verifying operation, 227

Auto Update Server, configuring firewall as, 228232

automatic CSC SSM updates, configuring, 741743

automatically upgrading image files, 211

Auto-RP, 136137

B

banners, configuring on user interface, 243244

Base license, failover support, 39

BEQ (best-effort queuing), 7374, 663

configuring, 7577

displaying information, 77

best practices

for firewall configuration, 2123

for security policy maintenance, 2123

bidirectional mode (PIM), 135

configuring, 138

neighbor filtering, 143144

Bidirectional NAT, 328

boot image setting, displaying, 201

bootstrap router method, 136

bridge mode (CSM), 550

broadcast traffic, 126

BSRs (bootstrap routers), 136

buffered logging, enabling, 626

buffered messages, viewing, 597

bump-in-the-wire, 312

bypass links, 8183

C

calculating runtime differences on processes, 630632

candidate RPs, 136

capture sessions

controlling, 680681

copying buffer contents

to TFTP server, 676

to web browser, 677680

displaying trunk contents, 675676

example, 682

monitoring, 673674

verifying packets passing through interfaces, 666673

capturing traffic

with Packet Capture Wizard, 683685

on VLANs inside switch chassis, 686689

Catalyst 6500 switch, FWSM, 20

accessing, 28

changeto command, 185

changeto system command, 584

changing message severity levels, 616

characteristics of context configuration files, 168169

checking system resources, 627

failover performance, 646655

firewall CPU load, 627632

firewall interface throughput, 655665

firewall memory usage, 633636

firewall throughput, 638645

inspection engine activity, 645646

stateful inspection resources, 636638

circular logging buffer, 597

Cisco firewalls

clock management, 581

setting clock manually, 582583

setting clock with NTP, 584586

message logging, configuring, 591613

specifications, 2021

supported translation types, 326327

user management

accounting local user activity, 272

generic users, 262264

with AAA servers, 272301

with local database, 264272

CiscoACS servers, configuring command authorization, 283285

class maps, configuring, 398406

classifiers, 160, 166

classifying traffic, 398406

clear ip verify statistics command, 86

clear traffic command, 514

clearing

ARP cache, 69

internal logging buffer, 615

static ARP entries, 319

xlate table entries, 717

CLI, initial firewall configuration, 4142

clock management, 581

setting clock manually, 582583

setting clock with NTP, 584586

clock summer-time command, recurring keyword, 583

collecting Syslog firewall logs, 2123

combining load balancing techniques, 530

command accounting, configuring, 286287

command authorization, configuring, 283285

command history, 32

commands

abbreviating, 30

active, viewing, 29

arp, alias keyword, 319

arp timeout, 699

changeto, 185

changeto system, 584

clear ip verify statistics, 86

clear traffic, 514

configure terminal, 4142

debug icmp trace, 1011

debug ntp authentication, 586

debug track, 94

editing, 30

entering, 29

executing on failover peer, 517519

failover active, 516

failover exec, 519

failover mac address, 490

failover poll, 492

failover preempt, 486

failover reload-standby, 517

filtering output, 3233

fragment chain, 72

inspect, 432

mac-address auto, 167

mode multiple, 172

operators, 356

ping

example, 696

permitting on ASA and PIX platforms, 696

preempt, 489

privilege levels, 262

assigning, 268271

regular expressions

operators, 33

searching, 3233

same-security-traffic, 323

show activation-key, 170, 518

show admin-context, 191

show arp, 6869

show arp-inspection, 320

show blocks, 516, 634

show conn, 326, 713

show dhcprelay statistics, 125

show failover, 497, 508513, 521

show firewall, 312

show flash, 200

show interface, 176, 515

show ipv6 interface, 67

show local-host, 715

show logging, 614, 622

show memory detail, 634

show mode, 171

show pim topology, 153

show processes, 629

show resource allocation, 189

show rip, 9697

show running-config all, 30

show service-policy, 427, 645

show shun statistics, 383

show tech-support, 692

show traffic, 514

show version, 3436

show xlate, 709714

static, 327

syntax errors, 31

terminal width, 34

write mem, 42

community string (SNMP), defining, 257258

compiling access lists, 352

conditional NAT

configuring, 335338

static NAT, 335

configuration commands, entering manually, 218

configuration examples

of active-active failover, 501508

with FWSM, 500– 501

with PIX firewalls, 498501

of active-standby failover, 474475

configuration files

of contexts, characteristics, 168169

running configuration

copying across failover pair, 217218

displaying, 214

saving to Flash memory, 214215

saving to TFTP server, 216217

startup configuration

displaying, 213214

erasing configuration commands, 218

managing, 211213

selecting, 212213

configuration mode, 29

configure terminal command, 4142

configuring

ACLs, 348349, 353

address translation

connection limits, 328330

dynamic NAT, 341346

dynamic PAT, 342346

identity NAT, 338340

NAT exemption, 340341

policy NAT, 335338

static NAT, 331334

AIP SSM, 769772

IPS policies, 777780

IPS sensors, 780781

IPS virtual sensors, 781785

application inspection, 426432

DCERPC inspection, 437438

DNS inspection, 438440

ESMTP inspection, 441443

FTP inspection, 443446

GTP inspection, 446449

H.323 inspection, 449451

HTTP inspection, 452460

ICMP inspection, 460462

IM inspection, 462, 464

IPSec Passthru inspection, 465

matching text with regular expressions, 433437

MGCP inspection, 465, 467

MGCP map, 467

NetBIOS inspection, 468

RADIUS accounting inspection, 468469

SNMP accounting inspection, 470471

ARP, 6869

banners on user interface, 243244

bidirectional PIM neighbor filtering, 144

class maps, 398406

command accounting, 286287

command authorization, 283285

content filters, 390395

contexts, 174180

CSC SSM, 729

automatic updates, 741743

FTP inspection policies, 753755

initial settings, 733738

inspection policies, 744753

POP3 inspection policies, 765769

SMTP inspection policies, 755764

traffic inspection, 730733

CSM FWLB, 552561

CSS FWLB, 571574

DDNS, 121123

verifying configuration, 123124

DHCP relay, 124125

DHCP server functions, 116120

EIGRP, 97101

failover, 484, 495

contexts, 495

health monitoring policy, 490492

interface failure policy, 492

primary unit, 485488

stateful, 492497

firewalls

as Auto Update client, 221227

as Auto Update Server, 228232

best practices, 2123

FragGuard, 7173

identity NAT for exclusive outbound use, 340

IGMP, 147149

interfaces, 50, 5260

examples, 5860

IP address assignment, 5458

MTU, 7071

IOS FWLB, 531540

IPv6, 6163

neighbor advertisements, 6566

neighbor discovery, 6465

prefix advertisements, 6667

IPv6 addresses, 6061

local user authorization, 268272

medium-security interfaces, inbound access, 350352

message logging, 591613

multicast boundaries, 142143

multiple-context mode, 170173

navigating multiple security contexts, 173174

OSPF, 105112

example configuration, 115116

on firewall, 101104

on both sides of firewall, 104105

prefix lists, 108

redistribution, 112115

PIM, 137141

neighbor filtering, 143144

priority queuing, 7577

RADIUS user authorization, 294295

redundant interfaces, 4849

RIP on firewall, 9597

verifying configuration, 9697

shuns, 382384

example, 384386

SLA monitor process, 8992

SMR, 145147

example, 150

SNMP, 256259

SSM modules

AIP SSM, 769772

CSC SSM, 729733

initial configuration, 726729

static routes, 8687, 89

switch ports, 485

transparent firewall, 314317

access lists, 321

ARP inspection, 319321

interface speed, 315

MAC address learning process, 318319

management address, 317319

non-IP protocol forwarding policy, 321322

conn table, 7

entries, 78

size, checking, 637638

connecting to CSC SSM management interface, 740741

connection limits

configuring for address translation, 328329

outbound, configuring on UDP/TCP, 329330

connectionless protocols, 9

ICMP, stateful inspection, 1013

UDP, 1315

connection-oriented protocols, 9

TCP, 1519

connections

embryonic, 1617

limiting, 330331

maximum limit of, defining, 18

TCP intercept, 18

half-closed, 18

inbound access, 324

xlate lookup, 7

maximum number supported on Cisco firewalls, 3739

outbound access, 323324

shunning, 382384

example, 384386

stateful inspection, 7

verifying, 711716

connectivity

active shuns, verifying, 718720

IPv6, testing, 6768

of failover pairs, 481482

verifying, 691722

with ACLs, 705707

console connection, accessing firewall user interface, 232233

console logging, 595596

content filtering, 19

configuring, 390395

examples, 396

WCCPv2, 396397

context mode, displaying, 171

context-based help, 31

contexts, 158

admin contexts, 173175

allocating firewall resources, 185191

assigning to failover groups, 495

classifiers, 166

configuration files, characteristics, 168169

configuring, 174180

CPU usage, displaying, 192

example definition, 180185

inside context interfaces, sharing, 161164

labeling, 175

multiple-context mode

configuring, 170173

navigating multiple security contexts, 173174

resource allocation, 185186

physical interfaces, mapping to logical interfaces, 178

system execution space, features, 169170

system name, viewing, 176

controlling

capture sessions, 680681

traffic

ACLs, configuring, 348349

to/from medium-security interfaces, 349352

copying

ASDM image into Flash memory, 238239

capture buffer contents

to TFTP server, 676

to web browser, 677680

files to/from Flash memory, 196197

PDM image into Flash memory, 238239

running configuration across failover pair, 217218

CPU utilization

checking, 627632

of contexts, displaying, 192

crashes

forcing, 250

information, saving, 248249

crashinfo files

deleting, 251

generating, 249

viewing, 250251

creating

directories

in Flash memory, 198

in PIX 7.x Flash memory, 198199

test crashinfo files, 249

critical messages (syslog), 802803

CSC (Content Security and Control) SSM, 725

automatic updates, configuring, 741743

configuring, 729

initial configuration, repairing, 738740

initial settings, configuring, 733738

inspection policies

configuring, 744753

FTP, configuring, 753755

POP3, configuring, 765769

SMTP, configuring, 755764

management interface, connecting to, 740741

traffic inspection, configuring, 730733

CSM (Content Switching Module) FWLB, 549552

configuring, 552561

displaying information, 569571

example configuration, 561569

CSS (Cisco Content Services Switch), 529

CSS FWLB

configuring, 571574

displaying information, 579

example configuration, 574579

Ctrl-I command, displaying typed commands, 30

D

DCERPC (Distributed Computing Environment Remote Procedure Call), 437

DCERPC inspection, configuring, 437438

DDNS (Dynamic DNS), 120

configuring, 121123

database, updating, 121

verifying configuration, 123124

debug icmp trace command, 1011

debug ntp authentication command, 586

debug packet sessions, enabling, 689691

debug track command, 94

debugging

failover activity, 513516

ICMP debugging, enabling, 697698

debugging messages (syslog), 837845

default behavior of firewalls, 4

default policies, defining, 421423

default routes, 84

advertising, 96

defining

logging policies, 594595

object groups, 363364

enhanced service object groups, 370373

ICMP type object groups, 367369

network object groups, 364365

protocol object groups, 365367

service object groups, 369370

policy maps, 406420

default policies, 421423

security policies in MPF, 397398

server reactivation policies, 274

SNMP community string, 257258

deleting

crashinfo files, 251

files from Flash memory, 197

depletion mode, 274

descriptions, adding to ACLs, 359360

detecting

firewall failures, 480

spam

in POP3 e-mail, 767768

in SMTP e-mail, 759762

DHCP (Dynamic Host Configuration Protocol), 19

DDNS, configuring, 121124

DHCP relay, configuring, 124125

DHCP server, configuring, 116120

directories

creating in Flash memory, 198199

removing from Flash memory, 199

disabling

active commands, 29

OSPF adjacency logging, 106

screen paging, 34

disconnecting from active PDM sessions, 245

displaying

ACL hit counts, 707708

active PDM/ASDM management application sessions, 245

ARP inspection status, 320

available firewall interfaces, 4647

boot image setting, 201

buffered messages, 597

configured contexts, 174

context information, 191

context mode, 171

contexts, 174, 191

system name, 176

CPU usage for contexts, 192

CSM FWLB information, 569571

CSS FWLB information, 579

failover statistics, 508513

firewall crash information, 250251

firewall features, 34

IOS FWLB information, 546549

monitoring status of interfaces, 497

PIX 6.3 flash files, 200

priority queuing information, 77

redundant interface status, 4950

running configuration, 214

startup configuration, 213214

startup configuration environment variable, 212

trunk contents, 675676

typed commands, Ctrl-I, 30

disrupting

ping process, 697

traceroute process, 705

DMZ (demilitarized zone) networks, 349352

protecting, 22

DNS Guard, 15

DNS inspection, configuring, 438440

DNS resolution, configuring on firewall interface, 197

DoS attacks, preventing IP address spoofing, 8486

downloadable ACLs

enabling on firewall, 298

verifying, 299

downloading operating system image from monitor prompt, 202206

DUAL (Diffusing Update Algorithm), 97

dynamic NAT

configuring, 341346

examples, 346348

dynamic PAT

configuring, 342346

examples, 346348

E

editing commands, 30

EIGRP (Enhanced Interior Gateway Routing Protocol)

configuring, 97101

DUAL, 97

EMBLEM format (system messages), 588

embryonic connections, 1617

limiting, 330331

maximum limit of, defining, 18

TCP intercept, 18

enabling

buffered logging, 626

debug packet sessions, 689691

ICMP debugging, 697698

ICMP inspection, 703

RPF, 85

end users, 261

end-user cut-through proxy

configuration examples, 300301

configuring on AAA servers, 287300

enhanced service object groups, defining, 370373

entering commands, 29

environment variable for startup configuration, displaying, 212

erasing

configuration commands from startup configuration, 218

Flash memory, 199200

error messages (syslog), 804815

ESMTP inspection, configuring, 441443

examining firewall crash information, 248249

example configurations

CSM FWLB, 561569

CSS FWLB, 574579

interfaces, 5860

OSPF, 115116

examples

of ACLs, 362363

of capture session, 681682

of content filters, 396

of context definition, 180185

of dynamic NAT, 346348

of dynamic PAT, 346348

of firewall failover configuration

active-active, 501508

active-standby with FWSM, 500501

active-standby with PIX firewalls, 498– 500

of IOS FWLB, 540546

of ping command, 696

of SMR configuration, 150

exec banners, configuring on user interface, 243244

executing commands

on failover peer, 517519

remotely, 519

exploits, VLAN hopping, 7980

preventing, 8081

extended access lists, 356357

extended pings

disrupting, 697

sending, 696697

F

failover, 19

active-active failover pair, 474477

configuration example, 501508

requirements, 482484

active-standby failover pair, 474475

configuration example, 498501

manually upgrading, 520524

cause of, determining, 652655

configuring, 484, 495

contexts, configuring, 495

debugging, 513516

displaying statistics, 508513

health monitoring policy, configuring, 490492

interfaces

failure policy, configuring, 492

“testing” mode, 480481

LAN-based, 479

manually forcing role change, 516

primary unit, configuring, 485488

required licenses, 475

resetting failed firewall unit, 517

stateful

configuring, 492497

monitoring, 514516

toggling roles, 655

verifying

communication, 647650

unit roles, 646647

failover active command, 516

failover cable, 479

failover exec command, 519

failover groups, 482484

failover hello messages, 492

failover mac address command, 490

failover pairs

connectivity, 481482

copying running configuration across, 217218

failover poll command, 492

failover preempt command, 486

failover reload-standby command, 517

failures, detecting, 480

feasible successors, 97

features of firewalls

displaying, 34

unlocking, 39

fields of system messages, 588

file blocking (HTTP), configuring on CSC SSM, 751

files

copying to/from Flash memory, 196197

deleting from Flash, 197

renaming in Flash, 198

filtering. See also content filtering

command output, 3233

POP3 content, 768769

SMTP content, 758759

fine-tuning logging message generation, 615616

firewall farms, 527

firewall masks, 355

firewalls

configuring

as Auto Update client, 221227

as Auto Update Server, 228232

crashes, forcing, 250

interface throughput, checking, 655665

first-hop routers, 128

fixed-group addresses, 127

fixup. See application inspection

flash files, displaying in PIX 6.3, 200

Flash memory

ASA

administration, 196200

managing, 194

copying files to/from, 196197

creating new directories, 198

deleting files from, 197

erasing, 200

formatting, 199

FWSM, managing, 194196

hierarchical structure, 195196

managing, 192193

operating system image

downloading from monitor prompt, 202– 206

identifying, 200201

upgrading, 205210

PIX 7.x, creating directories, 198199

removing directories, 199

renaming files, 198

running configuration, saving, 214215

system integrity, verifying, 199

FO (Failover) license, 39

FO-AA (Failover-Active/Active) license, 39

forcing

failover role change, 516

firewall crashes, 250

foreign addresses, 6

formatting Flash memory, 199

FragGuard, configuring, 7173

fragment cache, adjusting size of, 72

fragment chain command, 72

FTP, uploading logging buffer contents, 598

FTP inspection

configuring, 443446

policies, configuring on CSC SSM, 753755

FWLB (Firewall Load Balancing), 527528

CSM FWLB, 549552

configuring, 552561

displaying information, 569571

example configuration, 561569

CSS FWLB

configuring, 571574

displaying information, 579

example configuration, 574579

IOS FWLB, 530531

configuring, 531540

displaying information, 546549

example, 540546

methods of, 529

FWSM (Firewall Services Module), 20

accessing on Catalyst 6500 switch, 28

failover pairs, 477

capabilities, 39

Flash memory management, 194196

logical interfaces, 47

NTP support, 584

passwords, recovering, 307308

security levels, 316

VLAN groups, defining, 47

G

General Queries (IGMPv2), 130

generating

audit trails, 245

test crashinfo files, 249

generic users

accounting, 263264

authentication, 262263

managing on Cisco firewalls, 262

global addresses, 6, 61

global configuration mode, 29

globally scoped addresses, 127

GMT (Greenwich Mean Time), 581

Group-Specific Queries (IGMPv2), 130

GTP inspection, configuring, 446449

H

H.323 inspection, configuring, 449451

half-closed connections, 18

half-open connections, 17

hardware load balancing, CSM FWLB, 549552

configuring, 552561

displaying information, 569571

example configuration, 561569

help system, context-based help, 31

hierarchical structure of flash file system, 195196

history of failover state changes, displaying, 513

hit counter (ACL), resetting, 382

hitless upgrade, 479, 519

holdtime timer, setting, 491

HTTP inspection

configuring, 452460

policies, configuring on CSC SSM, 751

file blocking, 751

HTTP scanning, 751753

URL blocking, 745746

URL filtering, 746750

HTTP scanning, configuring on CSC SSM, 751753

I

ICMP (Internet Control Message Protocol)

ACLs operation, 8

debugging, enabling, 697698

message types, 788790

object groups, defining, 367369

ping, 481

restricting traffic, 23

stateful inspection, 1011

case study, 1213

time-exceeded messages, permitting, 704

ICMP inspection

configuring, 460462

enabling, 703

identifying operating system image in Flash memory, 200201

identity NAT, configuring, 338340

idle uauth timer, 9

IEEE 802.1Q trunks, attributes, 46

IGMP (Internet Group Message Protocol)

configuring, 147149

SMR, configuring, 145147

verifying operation, 151152

IGMP proxy agent, 126

IM inspection, configuring, 462464

image files, automatically upgrading, 211

inbound access, 324

configuring on medium-security interfaces, 350352

inbound connections, 4

xlate lookup, 7

informational messages (syslog), 827837

initial firewall configuration, 4142

initial settings, configuring on CSC SSM, 733738

initiating

firewall reload, 246247

after specific time interval, 247248

multiple context mode, 172173

inline interface configuration, 781

inside context interfaces, sharing, 161164

inside interfaces, 23

inspect command, 432

inspection engines, 9. See also application inspection

activity, checking, 645646

ICMP stateful inspection, 1013

TCP stateful inspection, 1519

UDP stateful inspection, 1315

inspection policies (CSC SSM), 744753

FTP, configuring, 753755

HTTP, configuring, 745753

interface polltime, 492

POP3, configuring, 765769

SMTP, configuring, 755764

interface priority queues, 7374

interfaces

ASA, assigning unique MAC addresses, 167168

configuring, 50, 5260

connectivity

checking ARP cache, 698700

checking routing table, 700

testing with ping packets, 695696

verifying, 691692, 720722

verifying with ACLs, 705707

verifying with traceroute, 700703

DNS resolution, configuring, 197

example configurations, 5860

inbound access, 324

inside context interfaces, sharing, 161164

IP addresses

assigning, 5458

IPv6 addresses, configuring, 6061

logical, assigning VLAN number, 5253

lower-security, applying ACLs, 351

medium-security

inbound access, 350, 352

traffic, controlling, 349352

monitoring status, displaying, 497

MTU, configuring, 7071

outbound access, 323324

physical, mapping to contexts, 158, 160161

policy maps, applying, 406423

redundant interface groups, 474

same-security access, 324325

security level, assigning, 54

testing mode, 480481

verifying packets passing through via capture sessions, 666676

internal clock

setting manually, 582583

setting with NTP, 584586

internal logging buffer, clearing, 615

invoking

context-based help, 31

Packet Tracer tool, 694

IOS FWLB, 530531

configuring, 531540

displaying information, 546549

example, 540546

IP address spoofing, preventing, 8486

IP addresses, assigning to interfaces, 5458

IP multicast, 127

addressing, 127

administratively scoped addresses, 142

bidirectional PIM neighbor filtering, configuring, 144

IGMP

configuring, 147149

verifying operation, 151152

multicast boundaries, configuring, 142143

multicast trees, 128

PIM, 130131

configuring, 137141 Sparse Mode, 131134

verifying operation, 152155

Version 1, 136

PIM neighbor filtering, configuring, 143144

PIM-SM, RP designation, 136137

RPF, 128129

SMR

configuring, 145147

example configuration, 150

IP port numbers, 790791

corresponding Cisco firewall keywords, 791794

ip verify reverse-path interface, 85

IPS (Intrusion Prevention Systems), configuring on AIP SSM, 778780

policies, 777779

sensors, 780781

virtual sensors, 781785

IPSec Passthru inspection, configuring, 465

IPv6

configuring, 6063

connectivity, testing, 6768

neighbor advertisements, configuring, 6566

neighbor discovery, configuring, 6465

prefix advertisements, configuring, 6667

ISNs (initial sequence numbers), 8, 331

J-K-L

knowledge base, 779

labeling contexts, 175

LAN-based failover, 479481

last-hop routers, 128

Layer 2 firewalls, 312

Layer 3 traffic

classifying, 398406

policy maps, defining, 406420

Layer 4 traffic

classifying, 398406

policy maps, defining, 406420

Leave Group messages (IGMPv2), 130

length of terminal screen, adjusting, 34

level 0 passwords, resetting, 263

license, registering, 39

licenses

activation keys, 39

upgrading, 4041

Base license, failover support, 39

FO-AA, 39

required for failover, 475

upgrading, 39

limitations on outbound UDP/TCP connections, 329330

limiting

embryonic connections, 330331

resource allocation on security contexts, 186188

resources allocated to contexts, 185189

TCP MSS size, 71

link-local addresses, 61, 127

links, bypass links, 8183

link-state protocols, OSPF configuration, 105112

listing available firewall interfaces, 4647

LLQ (low-latency queue), 74, 663

configuring, 7577

displaying information, 77

load balancing

CSM FWLB, 549552

configuring, 552561

displaying information, 569571

example configuration, 561569

FWLB, 528529

IOS FWLB, 530531

configuring, 531540

displaying information, 546549

example, 540546

local addresses, 6

local database, user management, 264265

accounting local user activity, 272

firewall command access, authorizing, 267272

local user authentication, 265267

local user authorization, configuring, 268272

logging

ACE activity, 379380

ACL activity, 617619

logging messages, 587

analyzing firewall logs, 619623

clearing internal logging buffer, 615

configuring, 591613

destinations, verifying, 614

logging to secure Syslog server with SSL, 604611

manually testing message generation, 615

pruning messages, 615616

sending messages

to ASDM management application, 613

to email address, 611613

severity levels

changing, 616

setting, 587

time stamp synchronization, 588

logging timestamp message, 604

logical interfaces, 35, 47

mapping to physical interfaces, 178

subinterface number, 5152

VLAN number, assigning, 5253

logical VLAN interfaces, 5152

login banner, configuring on user interface, 243244

lookups (xlate table), 7

lower-security interfaces, applying ACLs, 351

LSAs (link-state advertisements), 101

M

MAC addresses

of ASA physical interfaces, displaying, 165

learning process, configuring on transparent firewalls, 318319

mac-address auto command, 167

management traffic, restricting access to, 23

managing

AIP SSM, 773

Flash memory, 192193

ASA, 194

FWSM, 194196

startup configuration, 211213

manipulating ACLs, 357358

manually forcing failover role change, 516

manually resetting failed firewall units, 517

manually setting internal clock, 582583

manually testing logging message generation, 615

manually upgrading active-standby pair, 520– 524

mapping

to contexts, 158, 160161

to logical interfaces (contexts), 178

mapping agents, 136

medium-security interfaces

inbound access, configuring, 350, 352

traffic, controlling, 349352

Membership Report messages, 129

memory

Flash

copying files to/from, 196197

creating directories in, 198

deleting files from, 197

downloading operating system image, 202206

formatting, 199

identifying operating system image, 200201

managing, 192196

removing directories from, 199

renaming files in, 198

upgrading operating system image, 205210

usage, checking, 633636

merging startup and running configuration commands, 219221

messages

ICMP, 788790

IGMP Membership Report, 129

logging, 587

analyzing firewall logs, 619623

buffered messages, displaying, 597

destinations, verifying, 614

logging ACL activity, 617619

logging to secure Syslog server with SSL, 604611

manually testing, 615

pruning messages, 615616

sending messages to ASDM management application, 613

sending messages to email address, 611613

setting severity levels, 587

time stamp synchronization, 588

logging timestamp, 604

severity levels, changing, 616

syslog

severity level 1 alerts, 799-802

severity level 2 critical messages, 802-803

severity level 3 error messages, 804-815

severity level 4 warning messages, 815-821

severity level 5 notifications, 821-822

severity level 6 informational messages, 827-832

severity level 7 debugging messages, 831-845

system messages, format, 588

MGCP inspection, configuring, 465, 467

MGCP map, configuring, 467

MIBs, 252, 255

monitoring firewall activity, 251252

objects, 253

mode multiple command, 172

modifying message severity levels, 616

monitor screen length/width, changing, 34

monitoring

ACLs, 380382

active shun activity, 383

address translations, 709714

administrative sessions, 244245

capture sessions, 673674

connections, 711716

firewall activity with SNMP, 251252

traps, 255

firewall configuration changes, 722723

stateful failover, 514516

xlate entries based on local address, 710

MOTD banners, configuring on user interface, 243244

MPF (Modular Policy Framework), defining security policies, 397398

mroutes, 142

MSS (maximum segment size), configuring, 71

MTU (maximum transmission unit), interface configuration, 7071

multicast, 126127

boundaries, configuring, 142143

IGMP

configuring, 147149

verifying operation, 151152

OUI values, 127

PIM, 130131, 136

configuring, 137141

verifying operation, 152155

PIM-SM, 131134

RP designation, 136137

routing

multicast trees, 128

RPF, 128129

SMR

configuring, 145147

example configuration, 150

multicast groups, 126

multicast trees, 128

multiple-context mode, 158, 313

classifiers, 160

configuring, 170173

initiating, 172173

navigating multiple security contexts, 173174

resource allocation, 185186

N

naming format for downloadable ACLs, 299

NAT

Bidirectional, 328

identity NAT, configuring, 338340

policy NAT, configuring, 335338

NAT exemption, 327

configuring, 340341

navigating multiple security contexts, 173174

NBNS (NetBIOS Name Service), configuring NetBIOS inspection, 468

neighbor advertisements, IPv6 configuration, 6566

neighbor discovery, IPv6 configuration, 6465

NetBIOS inspection, configuring, 468

network object groups, defining, 364365

non-IP protocol forwarding policy, configuring on transparent firewall, 321322

notifications (syslog), 821-827

NTP (Network Time Protocol), setting internal clock, 584586

O

object groups, 352

applying to ACLs, 373379

defining, 363364

enhanced service object groups, defining, 370373

ICMP type, defining, 367369

network object groups, defining, 364365

protocol object groups, defining, 365367

service object groups, defining, 369370

operating system

of active-standby failover pair, upgrading, 520524

downloading image from monitor prompt, 202206

identifying image in Flash memory, 200201

upgrading image, 205210

operators, 356

optimizing Syslog servers, 589

options (commands), entering, 29

OSPF (Open Shortest Path First)

Areas, subnet notation, 107

configuring, 105112

example configuration, 115116

prefix lists, configuring, 108

redistribution, configuring, 112115

static route redistribution, configuring, 114

virtual links, 109

OUI (Organizationally Unique Identifier) values, 127, 168

outbound access, 323324

outbound connections, 4

UDP/TCP limitations, 329330

xlate lookup, 7

output interface queues, 7374

outside interfaces, 23

address spoofing, 56

Outside NAT, 328

P

packet capture, 19

Packet Capture Wizard, enabling packet capture sessions in ASDM, 683685

packet classifiers, 160

Packet Tracer feature, verifying firewall connectivity, 692694

Packet Tracer tool, invoking, 694

packets

fragments, handling, 7173

ICMP, stateful inspection of, 1013

IPv4, Protocol field, 787788

TCP, stateful inspection of, 1519

UDP, stateful inspection of, 1315

parameters

of conn table entries, 78

for xlate table entries, 6

partitions, accessing ASA Flash memory, 194195

passwords, recovering

ASA, 302305

FWSM, 307308

PIX, 303307

PAT (Port Address Translation), 326

dynamic PAT, configuring, 342346

PDM (PIX Device Manager)

accessing firewall user interface, 238242

image file, copying into Flash memory, 238239

perfmon counters, checking firewall throughput, 643645

permitting ICMP time-exceeded messages, 704

physical interfaces, mapping

to contexts, 158161

to logical interfaces, 178

PIM (Protocol Independent Multicast), 130131

bidirectional mode, 135

configuring, 137141

neighbor filtering, configuring, 143144

bidirectional configuring, 144

shared trees, 132

Sparse Mode, 131134

verifying operation, 152155

Version 1, 136

PIM-SM, RP designation, 136137

ping command, 481

example, 696

permitting on ASA and PIX platforms, 696

PIX

failover pair capabilities, 39

passwords, recovering, 306307

PIX 6.3, displaying flash files, 200

policy maps

default policies, defining, 421423

defining, 406420

policy NAT, configuring, 335338

POP3 inspection policies, configuring on CSC SSM, 765766

content filtering, 768769

spam detection, 767768

port numbers, 790791

corresponding Cisco firewall keywords, 791794

predefined logging messages, 591592

preempt command, 489

prefix advertisements (IPv6), configuring, 6667

preventing

IP address spoofing, 8486

VLAN hopping, 8081

primary failover unit, configuring, 485488

priority queuing

configuring, 7577

displaying information, 77

privilege levels, 262

accessing, 263

assigning

to commands, 268271

to users, 265

privileged EXEC mode, 28

processes, calculating runtime differences, 630632

promiscuous monitoring, 780

protecting DMZ, 22

Protocol field, 787

corresponding Cisco firewall keywords, 788

protocol object groups, defining, 365367

pruning messages, 615616

Q-R

queuing

priority queuing

configuring, 7577

displaying information, 77

transmit ring, 7

R (Restricted) license, 39

RADIUS

accounting inspection, configuring, 468469

user authorization, configuring, 294295

rate-limiting logging messages, 593

reachability, testing, 9195

recalling commands, 32

recompiling access lists, 353

recovering passwords

ASA, 302305

FWSM, 307308

PIX, 303307

recurring keyword (clock summer-time command), 583

redistribution, configuring OSPF, 112115

redundant interface groups, 474

redundant interfaces, configuring, 4849

registering firewall licenses, 39

regular expressions

regular expressions

application inspection, text matching, 433437

operators, 33

performing searches on, 3233

reloading firewalls, 246247

after specific time interval, 247248

remark ACEs, adding to ACLs, 359360

remote command execution, 519

removing

ACEs from ACLs, 358359

directories in Flash memory, 199

static routes, 88

renaming

ACLs, 359

files in Flash memory, 198

repairing CSC SSM initial configuration, 738740

requirements for active-active failover, 482484

resetting

ACL hit counters, 382

application partition passwords, 308

failed firewall unit, 517

level 0 passwords, 263

resources, allocating to contexts, 185191

restricting

access to management traffic, 23

ICMP traffic, 23

RFC 2827, 5

RFC Sourcebook, 787

RIP (Routing Information Protocol)

configuring on firewall, 9597

verifying configuration, 9697

route lookups, 531

route maps (OSPF), configuring, 112115

routed firewall mode, 311

router mode (CSM), 550

routing information sources, 83

routing IP multicast, 128129

routing tables, checking connectivity, 700

RP (Rendezvous Point), 131

RPF (Reverse Path Forwarding), 84, 128129

enabling, 85

preventing IP address spoofing, 8586

running configuration, 478

configuration commands, entering manually, 218

copying across failover pair, 217218

displaying, 214

merging configuration commands with startup configuration, 219221

saving to Flash memory, 214215

saving to TFTP server, 216217

runtime differences, calculating on processes, 630632

S

same-security access, 324325

same-security-traffic command, 323

saving

firewall crash information, 248249

running configuration to Flash memory, 214215

running configuration to TFTP server, 216217

scheduling firewall reloads, 247

screen paging, disabling, 34

searching for regular expressions, 3233

security contexts, 158

security levels

assigning to interfaces, 54

on FWSM, 316

security policies

best practices, 2123

defining in MPF, 397398

“security wheel”, 23

selecting startup configuration, 212213

sending Syslog messages with TCP, 602

server reactivation policies, defining, 274

service contact port, 791

service object groups, defining, 369370

setting system clock

manually, 582583

with NTP, 584586

severity levels, 587

changing, 616

setting for message logging, 587

severity level 1 alerts, 799-802

severity level 2 critical messages, 802-803

severity level 3 error messages, 804-815

severity level 4 warning messages, 815-821

severity level 5 notifications, 821-827

severity level 6 informational messages, 827-837

severity level 7 debugging messages, 832-845

shared trees, 131-132

sharing inside context interfaces, 161164

show activation-key command, 170, 518

show admin-context command, 191

show arp command, 6869

show arp-inspection command, 320

show blocks command, 516, 634

show conn command, 326, 713

show dhcprelay statistics command, 125

show failover command, 497, 508513, 521

show firewall command, 312

show flash command, 200

show interface command, 176, 515

show ipv6 interface command, 67

show local-host command, 715

show logging command, 614, 622

show memory detail command, 634

show mode command, 171

show pim topology command, 153

show processes command, 629

show resource allocation command, 189

show rip command, 9697

show running-config all command, 30

show service-policy command, 427, 645

show shun statistics command, 383

show tech-support command, 692

show traffic command, 514

show version command, 3436

show xlate command, 709714

shunning traffic, 382384

example, 384386

shuns

configuring, 382384

verifying connectivity, 718720

signature database file (AIP SSM), updating, 774776

single-context mode, 158

site-local addresses, 61

SLA (service level agreement) monitor process, configuring, 8992

SMR (stub multicast router), 128

configuring, 145147

example configuration, 150

SMTP inspection policies, configuring on CSC SSM, 755758

mail handling, 763765

SMTP filtering, 758759

spam detection, 759762

SNMP (Simple Network Management Protocol)

accounting inspection, configuring, 470471

configuring, 256259

MIBs, 253, 255

monitoring firewall activity, 251252

traps, 255256

software load balancing, IOS FWLB, 530531

configuring, 531540

displaying information, 546549

example, 540546

source address, spoofing, 5

spam

detecting in POP3 e-mail, 767768

SMTP inspection, configuring, 759762

SPAN (switch port analyzer), configuring traffic capture sessions, 687

Sparse Mode (PIM), 131

sparse mode (PIM)

shared trees, 132

specifications of Cisco firewalls, 2021

spoofed IP addresses, preventing, 8486

SPT (shortest path tree), 135

SSH (Secure Shell), accessing firewall user interface, 235237

SSL (Secure Sockets Layer), secure Syslog server logging, 604611

SSM modules

4GE SSM, 725

AIP SSM, 725

configuring, 769772

IPS policies, configuring, 777780

license, updating, 773774

managing, 773

signature database file, updating, 774776

CSC SSM, 725

automatic updates, configuring, 741743

configuring, 729738

FTP inspection policies, configuring, 753755

initial configuration, repairing, 738740

inspection policies, configuring, 744753

management interface, connecting to, 740741

POP3 inspection policies, configuring, 765769

SMTP inspection policies, configuring, 755764

initial configuration, 726729

startup configuration, 478

configuration commands, merging with running configuration commands, 219221

displaying, 213214

environment variable, displaying, 212

erasing configuration commands from, 218

managing, 211213

selecting, 212213

stateful backup, 531

stateful failover, 481

configuring, 492497

monitoring, 514516

stateful inspection, 7, 9

of ICMP, 1011

case study, 1213

packet classifiers, 160

resources, checking, 636638

of TCP, 1518

TCP normalization, 1819

of UDP, 1315

stateless backup, 531

stateless failover, 481

static ARP entries, clearing, 319

static command, 327

static NAT, 326, 331334

static routes

configuring, 8689

reachability, testing, 9395

redistributing into OSPF, 114

removing, 88

SLA monitor process, configuring, 8992

stealth firewalls, 312

sticky connections, 532

stratum, 581

structure of flash file system hierarchy, 195196

stub routers, 126

subinterface number, 5152

supported translation types on Cisco firewalls, 326327

switch ports, configuring, 485

synchronizing time stamps on logging messages, 588

syntax errors, 31

Syslog, 19

firewall logs, collecting, 2123

firewall throughput, checking, 639

messages

sending with TCP, 602

severity level 1 alerts, 799-802

severity level 2 critical messages, 802-803

severity level 3 error messages, 804-815

severity level 4 warning messages, 815-821

severity level 5 notifications, 821-827

severity level 6 informational messages, 827-837

severity level 7 debugging messages, 831-845

secure logging with SSL, 604611

servers, optimizing, 589

viewing recent messages, 626627

system execution space, 158, 169

features, 169170

system messages, EMBLEM format, 588

system name (contexts), displaying, 176

system resources, checking, 627

failover performance, 646655

firewall CPU load, 627632

firewall interface throughput, 655665

firewall memory usage, 633636

firewall throughput, 638645

inspection engine activity, 645646

stateful inspection resources, 636638

T

TACACS+ servers

authorizing user activity, 291293

enable authentication support, 281

TCP

connections

monitoring, 711716

embryonic connections, 18, 330331

half-closed connections, 18

half-open connections, 17

ISNs, 331

MSS, configuring, 71

sending Syslog messages, 602

stateful inspection, 1518

TCP normalization, 1819

TCP intercept, 18

TCP normalization, 18

Telnet, accessing firewall user interface, 234

terminal screen width, adjusting, 34

terminal width command, 34

termination of TCP connections, 17

test crashinfo files, generating, 249

testing

address reachability, 91

connectivity

with ARP cache, 698700

with ping packets, 695696

IPv6 connectivity, 6768

logging message generation, 615

reachability, 9395

“testing mode”, 480481

TFTP server, saving running configuration to, 216217

three-way handshakes, 15

throughput, checking, 638645

time stamps, synchronizing on logging messages, 588

timed reactivation, 274

time-based ACEs, 356

time-exceeded messages (ICMP), permitting, 704

timers

CPU utilization, 629

Holdtime, setting, 491

idle uauth timer, 9

toggling failover roles, 655

topologies, 7779

bypass links, 8183

traceroute

disrupting, 705

performing on ASA, 703705

verifying firewall connectivity, 700703

traffic

capture sessions, enabling on VLAN inside switch chassis, 686689

classifying, 398406

controlling

to/from medium-security interfaces, 349– 352

with ACLs, 348349

shunning, 382384

example, 384386

traffic counters, checking firewall throughput, 640643

traffic inspection, configuring on CSC SSM, 730733

translation table size, checking, 636637

translations

conditional, 335

dynamic NAT, configuring, 341346

dynamic PAT, configuring, 342346

identity NAT, configuring, 338340

NAT exemption, configuring, 340341

policy NAT, configuring, 335338

static NAT, 331334

xlate table entries

clearing, 717

timeout values, adjusting, 717718

transmit ring, 76

transparent firewall mode, 312314

ARP inspection, 314

interface support, 312

transparent firewalls

access lists, configuring, 321

ARP inspection, configuring, 319321

configuring, 314317

interface speed, configuring, 315

MAC address learning process, configuring, 318319

management address, configuring, 317319

non-IP protocol forwarding policy, configuring, 321322

traps (SNMP), 255256

triggering a firewall reload, 246247

after specific time interval, 247248

troubleshooting logging buffer content uploads to FTP server, 598

trunk link attributes, 46

trunks, displaying contents, 675676

tuning OSPF, 110

Turbo ACLs

compiling, 352

recompiling, 353

U

uauth

absolute uauth timer, 9

verifying firewall connectivity, 720722

UDP

Connections, monitoring, 711716

stateful inspection, 1315

unicast traffic, 126

unique MAC addresses, assigning to physical interfaces, 167168

unlocking firewall features, 39

updating

AIP SSM license, 773774

AIP SSM signature database file, 774776

DDNS database, 121

upgrading

active-standby failover pair, 520524

failover pair with AUS, 524

image files, 211

licenses, 39

activation keys, 4041

operating system image, 205210

uploading logging buffer contents to FTP, 598

UR (Unrestricted) license, 39

URL blocking, configuring on CSC SSM, 745746

URL filtering, configuring on CSC SSM, 746750

URLs, RFC Sourcebook, 787

user activity, generating audit trails, 245

user activity accounting, configuring, 300

user authentication. See

uauth user contexts, 158

user EXEC mode, 28

user interface

accessing

with console connection, 232233

with SSH, 235, 237

with Telnet, 234

administrative sessions, monitoring, 244245

command history, 32

commands

abbreviating, 30

editing, 30

entering, 29

context-based help, 31

regular expressions

operators, 33

searching for, 3233

user interface modes, 28

configuration mode, 29

privileged EXEC mode, 28

user EXEC mode, 28

user management (Cisco firewalls)

with AAA servers, 272280

administrative users, 280287

end-user cut-through proxy, 287301

generic users, 262

accounting, 263264

authentication, 262263

with local database, 264265

accounting local user activity, 272

firewall command access, authorizing, 267272

local user authentication, 265267

V

VACL (VLAN ACLs), enabling traffic capture sessions, 688689

verifying

address translation, 709714

based on local addresses, 710

Auto Update client operation, 227

connections, 711716

DDNS configuring, 123124

downloadable ACLs, 299

failover communication, 647650

failover roles, 646647

firewall connectivity, 691692

ACLs, 705707

checking ARP cache, 698700

checking routing table, 700

checking Uauth, 720722

with Packet Tracer feature, 692694

testing with ping packets, 695696

with traceroute, 700703

Flash memory system integrity, 199

IGMP multicast operation, 151152

message logging activity, 614

packets passing through interfaces via capture sessions, 666676

PIM multicast routing, 152155

rip configuration, 9697

viewing

active commands, 29

boot image setting, 201

buffered messages, 597

configured contexts, 174

context information, 191

context mode, 171

failover statistics, 508513

firewall crash information, 250251

list of firewall features, 34

priority queuing information, 77

running configuration, 214

startup configuration, 213214

Syslog information, 626627

virtual links, 109

virtual sensors, configuring on AIP SSM, 781785

VLAN groups, defining on FWSM, 47

VLAN hopping, 7980

preventing, 8081

VLAN inline pair configuration, 781

VLAN number, assigning to logical interface, 5253

VLANs

logical interfaces, 5152

traffic, capturing inside switch chassis, 686689

VPN users, 261

W

warning messages (syslog), 815-821

WCCPv2, 396397

weighted least connections algorithm, 557

weighted round robin algorithm, 557

well-known port numbers, service contact port, 791

wildcards, specifying for ACLs, 355

write mem command, 42

X-Y-Z

xlate table, 6

entries, 325

clearing, 717

locating based on local addresses, 710

parameters, 6

verifying, 709714

lookups, 7

size, checking, 636637

timeout values, adjusting, 717718

zero downtime upgrade, 479, 519

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.150.168