SSL configuration ···················································································································································· 306
SSL overview ································································································································································· 306
SSL security mechanism ······································································································································ 306
SSL protocol stack ··············································································································································· 307
SSL configuration task list ············································································································································ 307
Configuring an SSL server policy ······························································································································· 307
Configuration prerequisites ································································································································ 307
Configuration procedure ···································································································································· 308
Configuring an SSL client policy ································································································································ 310
Configuration prerequisites ································································································································ 311
Configuration procedure ···································································································································· 311
Displaying and maintaining SSL ································································································································· 311
Troubleshooting SSL ····················································································································································· 312
SSL handshake failure ········································································································································· 312
TCP attack protection overview ·································································································································· 313
Enabling the SYN Cookie feature ······························································································································ 313
IP source guard configuration ································································································································ 315
IP source guard overview ············································································································································ 315
Troubleshooting IP source guard ································································································································ 329
ARP attack protection overview ·································································································································· 330
Introduction ·························································································································································· 331
Enabling ARP black hole routing ······················································································································· 332
vii