Sign In
Upload
Manuals
Brands
Cisco Manuals
Security System
500 Series
Cisco 500 Series Manuals
Manuals and User Guides for Cisco 500 Series. We have
3
Cisco 500 Series manuals available for free PDF download: Configuration Manual, Manual
Cisco 500 Series Configuration Manual (1140 pages)
Security Appliance Command Line
Brand:
Cisco
| Category:
Security System
| Size: 12.22 MB
Table of Contents
3
Table of Contents
39
About This Guide
39
Document Objectives
40
Related Documentation
40
Document Organization
43
Document Conventions
47
Introduction to the Security Appliance
47
Firewall Functional Overview
48
Security Policy Overview
48
Permitting or Denying Traffic with Access Lists
49
Applying Http, Https, or Ftp Filtering
49
Applying Application Inspection
51
Vpn Functional Overview
52
Intrusion Prevention Services Functional Overview
53
Chapter 2 Getting Started
53
Getting Started with Your Platform Model
53
Factory Default Configurations
54
Restoring the Factory Default Configuration
54
ASA 5505 Default Configuration
55
ASA 5510 and Higher Default Configuration
56
PIX 515/515E Default Configuration
56
Accessing the Command-Line Interface
57
Setting Transparent or Routed Firewall Mode
58
Working with the Configuration
58
Saving Configuration Changes
59
Saving Configuration Changes in Single Context Mode
59
Saving Configuration Changes in Multiple Context Mode
60
Copying the Startup Configuration to the Running Configuration
60
Viewing the Configuration
61
Clearing and Removing Configuration Settings
61
Creating Text Configuration Files Offline
64
Security Context Overview
64
Unsupported Features
64
Context Configuration Files
64
Context Configurations
64
System Configuration
64
Admin Context Configuration
65
How the Security Appliance Classifies Packets
65
Valid Classifier Criteria
66
Invalid Classifier Criteria
67
Classification Examples
70
Cascading Security Contexts
71
Management Access to Security Contexts
71
System Administrator Access
72
Context Administrator Access
72
Enabling or Disabling Multiple Context Mode
72
Backing Up the Single Mode Configuration
72
Enabling Multiple Context Mode
73
Restoring Single Context Mode
75
Appliance
75
Interface Overview
75
Configuring Switch Ports and Vlan Interfaces for the Cisco Asa 5505 Adaptive Security
76
Understanding ASA 5505 Ports and Interfaces
76
Maximum Active VLAN Interfaces for Your License
78
Default Interface Configuration
78
VLAN MAC Addresses
78
Power Over Ethernet
78
Monitoring Traffic Using SPAN
79
Security Level Overview
79
Configuring VLAN Interfaces
83
Configuring Switch Ports As Access Ports
85
Configuring a Switch Port As a Trunk Port
87
Allowing Communication Between VLAN Interfaces On the Same Security Level
89
Configuring Ethernet Settings, Redundant Interfaces, and Subinterfaces
89
Configuring and Enabling RJ-45 Interfaces
89
RJ-45 Interface Overview
90
Default State of Physical Interfaces
90
Connector Types
90
Auto-MDI/MDIX Feature
90
Configuring the RJ-45 Interface
91
Configuring and Enabling Fiber Interfaces
91
Default State of Physical Interfaces
92
Configuring the Fiber Interface
92
Configuring a Redundant Interface
93
Redundant Interface Overview
93
Default State of Redundant Interfaces
93
Redundant Interfaces and Failover Guidelines
93
Redundant Interface MAC Address
93
Physical Interface Guidelines
94
Adding a Redundant Interface
95
Changing the Active Interface
95
Configuring VLAN Subinterfaces and 802.1Q Trunking
95
Subinterface Overview
95
Default State of Subinterfaces
96
Maximum Subinterfaces
96
Preventing Untagged Packets On the Physical Interface
96
Adding a Subinterface
100
Configuring Resource Management
100
Resource Limits
101
Default Class
102
Class Members
102
Configuring a Class
105
Configuring a Security Context
109
Automatically Assigning MAC Addresses to Context Interfaces
110
Changing Between Contexts and the System Execution Space
110
Managing Security Contexts
110
Removing a Security Context
111
Changing the Admin Context
111
Changing the Security Context URL
112
Reloading a Security Context
112
Reloading By Clearing the Configuration
112
Reloading By Removing and Re-Adding the Context
113
Monitoring Security Contexts
113
Viewing Context Information
114
Viewing Resource Allocation
117
Viewing Resource Usage
118
Monitoring SYN Attacks in Contexts
121
Chapter 7 Configuring Interface Parameters
121
Security Level Overview
122
Configuring Interface Parameters
122
Interface Parameters Overview
123
Default State of Interfaces
123
Default Security Level
123
Multiple Context Mode Guidelines
123
Configuring the Interface
127
Allowing Communication Between Interfaces On the Same Security Level
129
Chapter 8 Configuring Basic Settings
129
Changing the Login Password
129
Changing the Enable Password
130
Setting the Hostname
130
Setting the Domain Name
130
Setting the Date and Time
131
Setting the Time Zone and Daylight Saving Time Date Range
132
Setting the Date and Time Using an NTP Server
132
Setting the Date and Time Manually
133
Setting the Management IP Address for a Transparent Firewall
135
Configuring Ip Routing
135
Configuring Static and Default Routes
136
Configuring a Static Route
137
Configuring a Default Static Route
138
Configuring Static Route Tracking
140
Defining Route Maps
141
Configuring OSPF
142
OSPF Overview
142
Enabling OSPF
143
Redistributing Routes Into OSPF
144
Configuring OSPF Interface Parameters
147
Configuring OSPF Area Parameters
147
Configuring OSPF NSSA
149
Configuring Route Summarization Between OSPF Areas
149
Configuring Route Summarization When Redistributing Routes Into OSPF
150
Defining Static OSPF Neighbors
150
Generating a Default Route
151
Configuring Route Calculation Timers
151
Logging Neighbors Going Up or Down
152
Displaying OSPF Update Packet Pacing
152
Monitoring OSPF
153
Restarting the OSPF Process
153
Configuring RIP
153
Enabling and Configuring RIP
155
Redistributing Routes Into the RIP Routing Process
155
Configuring RIP Send/Receive Version On an Interface
156
Enabling RIP Authentication
156
Monitoring RIP
157
Configuring EIGRP
157
EIGRP Routing Overview
158
Enabling and Configuring EIGRP Routing
159
Enabling and Configuring EIGRP Stub Routing
160
Enabling EIGRP Authentication
161
Defining an EIGRP Neighbor
161
Redistributing Routes Into EIGRP
162
Configuring the EIGRP Hello Interval and Hold Time
162
Disabling Automatic Route Summarization
163
Configuring Summary Aggregate Addresses
163
Disabling EIGRP Split Horizon
164
Changing the Interface Delay Value
164
Monitoring EIGRP
165
Disabling Neighbor Change and Warning Message Logging
165
The Routing Table
165
Displaying the Routing Table
166
How the Routing Table Is Populated
167
Backup Routes
167
How Forwarding Decisions Are Made
168
Dynamic Routing and Failover
169
Configuring Dhcp, Ddns, and Wccp Services
169
Configuring a DHCP Server
170
Enabling the DHCP Server
171
Configuring DHCP Options
172
Using Cisco IP Phones with a DHCP Server
173
Configuring DHCP Relay Services
174
Configuring Dynamic DNS
175
Example 1: Client Updates Both a and PTR Rrs for Static IP Addresses
176
Client and Updates Both Rrs
176
Honors Client Request and Updates Both a and PTR RR
177
Example 5: Client Updates a RR; Server Updates PTR RR
177
Configuring Web Cache Services Using WCCP
177
WCCP Feature Support
178
WCCP Interaction with Other Features
178
Enabling WCCP Redirection
181
Configuring Multicast Routing
181
Multicast Routing Overview
182
Enabling Multicast Routing
182
Configuring IGMP Features
183
Disabling IGMP On an Interface
183
Configuring Group Membership
183
Configuring a Statically Joined Group
183
Controlling Access to Multicast Groups
184
Limiting the Number of IGMP States On an Interface
184
Modifying the Query Interval and Query Timeout
185
Changing the Query Response Time
185
Changing the IGMP Version
185
Configuring Stub Multicast Routing
185
Configuring a Static Multicast Route
186
Configuring PIM Features
186
Disabling PIM On an Interface
187
Configuring a Static Rendezvous Point Address
187
Configuring the Designated Router Priority
187
Filtering PIM Register Messages
188
Configuring PIM Message Intervals
188
Configuring a Multicast Boundary
188
Filtering PIM Neighbors
189
Supporting Mixed Bidirctional/Sparse-Mode PIM Networks
190
For More Information about Multicast Routing
191
Chapter 12 Configuring Ipv6
191
Ipv6-Enabled Commands
193
Configuring Ipv6 On an Interface
194
Configuring a Dual IP Stack On an Interface
194
Enforcing the Use of Modified EUI-64 Interface Ids in Ipv6 Addresses
194
Configuring Ipv6 Duplicate Address Detection
195
Configuring Ipv6 Default and Static Routes
196
Configuring Ipv6 Access Lists
197
Configuring Ipv6 Neighbor Discovery
197
Configuring Neighbor Solicitation Messages
199
Configuring Router Advertisement Messages
201
Configuring a Static Ipv6 Neighbor
201
Verifying the Ipv6 Configuration
201
The Show Ipv6 Interface Command
202
The Show Ipv6 Route Command
203
Configuring Aaa Servers and the Local Database
203
AAA Overview
204
About Authentication
204
About Authorization
204
About Accounting
205
AAA Server and Local Database Support
205
Summary of Support
206
RADIUS Server Support
206
Authentication Methods
206
Attribute Support
206
RADIUS Authorization Functions
206
TACACS+ Server Support
207
SDI Server Support
207
SDI Version Support
207
Two-Step Authentication Process
207
SDI Primary and Replica Servers
207
NT Server Support
207
Kerberos Server Support
208
LDAP Server Support
208
SSO Support for Webvpn with HTTP Forms
208
Local Database Support
208
User Profiles
209
Fallback Support
209
Configuring the Local Database
211
Identifying AAA Server Groups and Servers
214
Configuring an LDAP Server
214
Authentication with LDAP
216
Authorization with LDAP for VPN
216
LDAP Attribute Mapping
218
Using Certificates and User Login Credentials
218
Using User Login Credentials
218
Using Certificates
219
Supporting a Zone Labs Integrity Server
219
Overview of Integrity Server and Security Appliance Interaction
220
Configuring Integrity Server Support
221
Understanding Failover
222
Failover System Requirements
222
Hardware Requirements
222
Software Requirements
222
License Requirements
223
The Failover and Stateful Failover Links
223
Failover Link
225
Stateful Failover Link
226
Active/Active and Active/Standby Failover
226
Active/Standby Failover
230
Active/Active Failover
235
Determining Which Type of Failover to Use
235
Regular and Stateful Failover
235
Regular Failover
235
Stateful Failover
236
Failover Health Monitoring
237
Unit Health Monitoring
237
Interface Monitoring
238
Failover Feature/Platform Matrix
238
Failover Times By Platform
239
Configuring Failover
239
Failover Configuration Limitations
239
Configuring Active/Standby Failover
240
Prerequisites
240
Configuring Cable-Based Active/Standby Failover (PIX 500 Series Security Appliance Only)
241
Configuring Lan-Based Active/Standby Failover
245
Configuring Optional Active/Standby Failover Settings
247
Configuring Active/Active Failover
247
Prerequisites
247
Configuring Cable-Based Active/Active Failover (PIX 500 Series Security Appliance)
249
Configuring Lan-Based Active/Active Failover
253
Configuring Optional Active/Active Failover Settings
259
Configuring Unit Health Monitoring
259
Configuring Failover Communication Authentication/Encryption
260
Verifying the Failover Configuration
260
Using the Show Failover Command
268
Viewing Monitored Interfaces
268
Displaying the Failover Commands in the Running Configuration
269
Testing the Failover Functionality
269
Controlling and Monitoring Failover
269
Forcing Failover
270
Disabling Failover
270
Restoring a Failed Unit or Failover Group
270
Monitoring Failover
271
Failover System Messages
271
Debug Messages
271
Snmp
271
Remote Command Execution
272
Changing Command Modes
273
Security Considerations
273
Limitations of Remote Command Execution
274
Auto Update Server Support in Failover Configurations
274
Auto Update Process Overview
275
Monitoring the Auto Update Process
277
Configuring the Firewall
279
Routed Mode Overview
279
IP Routing Support
279
How Data Moves Through the Security Appliance in Routed Firewall Mode
280
An Inside User Visits a Web Server
281
An Outside User Visits a Web Server On the DMZ
282
An Inside User Visits a Web Server On the DMZ
283
An Outside User Attempts to Access an Inside Host
284
A DMZ User Attempts to Access an Inside Host
284
Transparent Mode Overview
285
Transparent Firewall Network
285
Allowing Layer 3 Traffic
285
Allowed MAC Addresses
285
Passing Traffic Not Allowed in Routed Mode
286
MAC Address Vs. Route Lookups
287
Using the Transparent Firewall in Your Network
287
Transparent Firewall Guidelines
288
Unsupported Features in Transparent Mode
289
How Data Moves Through the Transparent Firewall
290
An Inside User Visits a Web Server
291
An Inside User Visits a Web Server Using NAT
292
An Outside User Visits a Web Server On the Inside Network
293
An Outside User Attempts to Access an Inside Host
295
Access List Overview
296
Access List Types
296
Access Control Entry Order
297
Access Control Implicit Deny
297
IP Addresses Used for Access Lists When You Use NAT
299
Adding an Extended Access List
299
Extended Access List Overview
300
Allowing Broadcast and Multicast Traffic Through the Transparent Firewall
300
Adding an Extended ACE
302
Adding an Ethertype Access List
302
Ethertype Access List Overview
302
Supported Ethertypes
302
Implicit Permit of IP and Arps Only
302
Implicit and Explicit Deny ACE at the End of an Access List
303
Ipv6 Unsupported
303
Using Extended and Ethertype Access Lists On the Same Interface
303
Allowing MPLS
304
Adding an Ethertype ACE
304
Adding a Standard Access List
305
Adding a Webtype Access List
305
Simplifying Access Lists with Object Grouping
305
How Object Grouping Works
306
Adding Object Groups
306
Adding a Protocol Object Group
306
Adding a Network Object Group
306
Adding a Service Object Group
306
Adding an ICMP Type Object Group
309
Nesting Object Groups
310
Using Object Groups with an Access List
311
Displaying Object Groups
311
Removing Object Groups
311
Adding Remarks to Access Lists
312
Scheduling Extended Access List Activation
312
Adding a Time Range
313
Applying the Time Range to an ACE
313
Logging Access List Activity
313
Access List Logging Overview
314
Configuring Logging for an Access Control Entry
315
Managing Deny Flows
317
Configuring NAT
317
NAT Overview
317
Introduction to NAT
318
NAT in Routed Mode
319
NAT in Transparent Mode
320
NAT Control
322
NAT Types
322
Dynamic NAT
324
Pat
324
Static NAT
325
Static PAT
326
Bypassing NAT When NAT Control Is Enabled
326
Policy NAT
329
NAT and Same Security Level Interfaces
330
Order of NAT Commands Used to Match Real Addresses
330
Mapped Address Guidelines
331
DNS and NAT
332
Configuring NAT Control
333
Using Dynamic NAT and PAT
333
Dynamic NAT and PAT Implementation
339
Configuring Dynamic NAT or PAT
342
Using Static NAT
343
Using Static PAT
346
Bypassing NAT
346
Configuring Identity NAT
347
Configuring Static Identity NAT
349
Configuring NAT Exemption
350
NAT Examples
350
Overlapping Networks
352
Redirecting Ports
355
Chapter 18 Permitting or Denying Network Access
355
Inbound and Outbound Access List Overview
356
Applying an Access List to an Interface
359
Chapter 19 Applying AAA for Network Access
359
AAA Performance
359
Configuring Authentication for Network Access
360
Authentication Overview
360
One-Time Authentication
360
Applications Required to Receive an Authentication Challenge
360
Security Appliance Authentication Prompts
361
Static PAT and HTTP
361
Enabling Network Access Authentication
363
Enabling Secure Authentication of Web Clients
364
Authenticating Directly with the Security Appliance
364
Enabling Direct Authentication Using HTTP and HTTPS
365
Enabling Direct Authentication Using Telnet
366
Configuring Authorization for Network Access
366
Configuring TACACS+ Authorization
368
Configuring RADIUS Authorization
368
Configuring a RADIUS Server to Send Downloadable Access Control Lists
368
Configuring a RADIUS Server to Download Per-User Access Control List Names
372
Configuring Accounting for Network Access
374
Using MAC Addresses to Exempt Traffic From Authentication and Authorization
377
Chapter 20 Applying Filtering Services
377
Filtering Overview
378
Filtering Activex Objects
378
Activex Filtering Overview
378
Enabling Activex Filtering
379
Filtering Java Applets
380
Filtering Urls and FTP Requests with an External Server
380
URL Filtering Overview
380
Identifying the Filtering Server
382
Buffering the Content Server Response
382
Caching Server Addresses
383
Filtering HTTP Urls
383
Configuring HTTP Filtering
383
Enabling Filtering of Long HTTP Urls
383
Truncating Long HTTP Urls
384
Exempting Traffic From Filtering
384
Filtering HTTPS Urls
385
Filtering FTP Requests
385
Viewing Filtering Statistics and Configuration
386
Viewing Filtering Server Statistics
387
Viewing Buffer Configuration and Statistics
387
Viewing Caching Statistics
387
Viewing Filtering Performance Statistics
388
Viewing Filtering Configuration
389
Chapter 21 Using Modular Policy Framework
389
Modular Policy Framework Overview
390
Default Global Policy
390
Identifying Traffic Using a Layer 3/4 Class Map
391
Creating a Layer 3/4 Class Map for Through Traffic
393
Creating a Layer 3/4 Class Map for Management Traffic
394
Configuring Special Actions for Application Inspections
394
Creating a Regular Expression
397
Creating a Regular Expression Class Map
398
Identifying Traffic in an Inspection Class Map
399
Defining Actions in an Inspection Policy Map
401
Defining Actions Using a Layer 3/4 Policy Map
401
Layer 3/4 Policy Map Overview
402
Policy Map Guidelines
402
Supported Feature Types
402
Feature Directionality
403
Feature Matching Guidelines Within a Policy Map
403
Feature Matching Guidelines for Multiple Policy Maps
404
Order in Which Multiple Feature Actions Are Applied
404
Default Layer 3/4 Policy Map
404
Adding a Layer 3/4 Policy Map
406
Applying a Layer 3/4 Policy to an Interface Using a Service Policy
407
Modular Policy Framework Examples
407
Applying Inspection and Qos Policing to HTTP Traffic
408
Applying Inspection to HTTP Traffic Globally
409
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers
410
Applying Inspection to HTTP Traffic with NAT
411
Chapter 22 Managing the AIP SSM and CSC SSM
411
Managing the AIP SSM
411
AIP SSM Overview
412
How the AIP SSM Works with the Adaptive Security Appliance
412
Operating Modes
413
Using Virtual Sensors
414
AIP SSM Procedure Overview
415
Sessioning to the AIP SSM
416
Configuring the Security Policy On the AIP SSM
416
Assigning Virtual Sensors to Security Contexts
418
Diverting Traffic to the AIP SSM
419
Managing the CSC SSM
420
About the CSC SSM
422
Getting Started with the CSC SSM
423
Determining What Traffic to Scan
425
Limiting Connections Through the CSC SSM
426
Diverting Traffic to the CSC SSM
428
Checking SSM Status
429
Transferring an Image Onto an SSM
431
Chapter 23 Preventing Network Attacks
431
Configuring Threat Detection
431
Configuring Basic Threat Detection
432
Basic Threat Detection Overview
432
Configuring Basic Threat Detection
434
Managing Basic Threat Statistics
435
Configuring Scanning Threat Detection
435
Enabling Scanning Threat Detection
436
Managing Shunned Hosts
437
Viewing Attackers and Targets
437
Configuring and Viewing Threat Statistics
437
Configuring Threat Statistics
438
Viewing Threat Statistics
441
Configuring TCP Normalization
444
Configuring Connection Limits and Timeouts
444
Connection Limit Overview
444
TCP Intercept Overview
444
Disabling TCP Intercept for Management Packets for Webvpn Compatibility
445
Dead Connection Detection Overview
445
TCP Sequence Randomization Overview
445
Enabling Connection Limits
446
Preventing IP Spoofing
447
Configuring the Fragment Size
447
Blocking Unwanted Connections
448
Configuring IP Audit for Basic IPS Support
449
Chapter 24 Applying Qos Policies
449
Overview
450
Qos Concepts
450
Implementing Qos
452
Identifying Traffic for Qos
453
Defining a Qos Policy Map
454
Applying Rate Limiting
455
Activating the Service Policy
456
Applying Low Latency Queueing
456
Configuring Priority Queuing
456
Sizing the Priority Queue
457
Reducing Queue Latency
457
Configuring Qos
460
Viewing Qos Configuration
460
Viewing Qos Service Policy Configuration
461
Viewing Qos Policy Map Configuration
461
Viewing the Priority-Queue Configuration for an Interface
462
Viewing Qos Statistics
462
Viewing Qos Police Statistics
462
Viewing Qos Priority Statistics
463
Viewing Qos Priority Queue Statistics
Advertisement
Cisco 500 Series Configuration Manual (989 pages)
Security Appliance Command Line
Brand:
Cisco
| Category:
Firewall
| Size: 11.23 MB
Table of Contents
4
Table of Contents
33
About This Guide
34
Related Documentation
37
Document Conventions
38
Documentation Feedback
49
Intrusion Prevention Services Functional Overview
50
Security Context Overview
51
Chapter 2 Getting Started
51
Getting Started with Your Platform Model
51
Factory Default Configurations
52
Restoring the Factory Default Configuration
52
ASA 5505 Default Configuration
53
ASA 5510 and Higher Default Configuration
54
PIX 515/515E Default Configuration
54
Accessing the Command-Line Interface
55
Setting Transparent or Routed Firewall Mode
56
Working with the Configuration
56
Saving Configuration Changes
57
Saving Configuration Changes in Single Context Mode
57
Saving Configuration Changes in Multiple Context Mode
58
Copying the Startup Configuration to the Running Configuration
58
Viewing the Configuration
59
Clearing and Removing Configuration Settings
59
Creating Text Configuration Files Offline
62
Chapter 3 Enabling Multiple Context Mode
62
Security Context Overview
62
Unsupported Features
62
Context Configuration Files
62
Context Configurations
62
System Configuration
63
How the Security Appliance Classifies Packets
63
Valid Classifier Criteria
64
Invalid Classifier Criteria
65
Classification Examples
68
Cascading Security Contexts
69
Management Access to Security Contexts
69
System Administrator Access
70
Context Administrator Access
70
Enabling or Disabling Multiple Context Mode
70
Backing Up the Single Mode Configuration
70
Enabling Multiple Context Mode
71
Restoring Single Context Mode
73
Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
73
Interface Overview
74
Understanding ASA 5505 Ports and Interfaces
74
Maximum Active VLAN Interfaces for Your License
75
Default Interface Configuration
76
VLAN MAC Addresses
76
Power Over Ethernet
76
Monitoring Traffic Using SPAN
77
Security Level Overview
77
Configuring VLAN Interfaces
81
Configuring Switch Ports As Access Ports
83
Configuring a Switch Port As a Trunk Port
85
Allowing Communication Between VLAN Interfaces On the Same Security Level
87
Chapter 5 Configuring Ethernet Settings and Subinterfaces
87
Configuring and Enabling RJ-45 Interfaces
88
Configuring and Enabling Fiber Interfaces
89
Configuring and Enabling Subinterfaces
92
Chapter 6 Adding and Managing Security Contexts
92
Configuring Resource Management
92
Resource Limits
93
Default Class
94
Class Members
94
Configuring a Class
97
Configuring a Security Context
101
Automatically Assigning MAC Addresses to Context Interfaces
101
Changing Between Contexts and the System Execution Space
102
Managing Security Contexts
102
Removing a Security Context
103
Changing the Admin Context
103
Changing the Security Context URL
104
Reloading a Security Context
104
Reloading By Clearing the Configuration
105
Reloading By Removing and Re-Adding the Context
105
Viewing Context Information
106
Viewing Resource Allocation
109
Viewing Resource Usage
110
Monitoring SYN Attacks in Contexts
113
Chapter 7 Configuring Interface Parameters
113
Security Level Overview
114
Configuring the Interface
118
Allowing Communication Between Interfaces On the Same Security Level
119
Changing the Login Password
119
Changing the Enable Password
120
Setting the Hostname
120
Setting the Domain Name
120
Setting the Date and Time
120
Chapter 8 Configuring Basic Setting
121
Setting the Time Zone and Daylight Saving Time Date Range
122
Setting the Date and Time Using an NTP Server
122
Setting the Date and Time Manually
123
Setting the Management IP Address for a Transparent Firewall
125
Chapter 9 Configuring IP Routing
125
Configuring Static and Default Routes
126
Configuring a Static Route
127
Configuring a Default Route
127
Configuring Static Route Tracking
130
Defining Route Maps
131
Configuring OSPF
132
OSPF Overview
132
Enabling OSPF
133
Redistributing Routes Into OSPF
134
Configuring OSPF Interface Parameters
136
Configuring OSPF Area Parameters
137
Configuring OSPF NSSA
138
Configuring Route Summarization Between OSPF Areas
138
Configuring Route Summarization When Redistributing Routes Into OSPF
139
Defining Static OSPF Neighbors
140
Generating a Default Route
140
Configuring Route Calculation Timers
141
Logging Neighbors Going Up or Down
141
Displaying OSPF Update Packet Pacing
142
Monitoring OSPF
142
Restarting the OSPF Process
143
Configuring RIP
143
Enabling and Configuring RIP
144
Redistributing Routes Into the RIP Routing Process
145
Configuring RIP Send/Receive Version On an Interface
145
Enabling RIP Authentication
146
Monitoring RIP
146
The Routing Table
146
Displaying the Routing Table
147
How the Routing Table Is Populated
148
Backup Routes
148
How Forwarding Decisions Are Made
151
Configuring a DHCP Server
152
Enabling the DHCP Server
152
C H a P T E R 10 Configuring DHCP, DDNS, and WCCP Services
153
Configuring DHCP Options
154
Using Cisco IP Phones with a DHCP Server
155
Configuring DHCP Relay Services
156
Configuring Dynamic DNS
156
Example 1: Client Updates Both a and PTR Rrs for Static IP Addresses
158
Client and Updates Both Rrs
158
Honors Client Request and Updates Both a and PTR RR
159
Example 5: Client Updates a RR; Server Updates PTR RR
159
Configuring Web Cache Services Using WCCP
159
WCCP Feature Support
160
WCCP Interaction with Other Features
160
Enabling WCCP Redirection
163
Configuring Multicast Routing
163
Multicast Routing Overview
164
Enabling Multicast Routing
164
C H a P T E R 11 Configuring Multicast Routing
165
Configuring a Statically Joined Group
165
Configuring Group Membership
165
Controlling Access to Multicast Groups
165
Disabling IGMP On an Interface
166
Limiting the Number of IGMP States On an Interface
166
Modifying the Query Interval and Query Timeout
167
Changing the IGMP Version
167
Changing the Query Response Time
167
Configuring Stub Multicast Routing
167
Configuring a Static Multicast Route
168
Disabling PIM On an Interface
168
Configuring PIM Features
169
Configuring a Static Rendezvous Point Address
169
Configuring the Designated Router Priority
169
Filtering PIM Register Messages
169
Configuring PIM Message Intervals
170
Configuring a Multicast Boundary
170
Filtering PIM Neighbors
171
Supporting Mixed Bidirctional/Sparse-Mode PIM Networks
171
For More Information about Multicast Routing
173
Chapter 12 Configuring Ipv6
173
Ipv6-Enabled Commands
175
Configuring Ipv6 On an Interface
176
Configuring a Dual IP Stack On an Interface
176
Enforcing the Use of Modified EUI-64 Interface Ids in Ipv6 Addresses
176
Configuring Ipv6 Duplicate Address Detection
177
Configuring Ipv6 Default and Static Routes
178
Configuring Ipv6 Access Lists
179
Configuring Ipv6 Neighbor Discovery
179
Configuring Neighbor Solicitation Messages
181
Configuring Router Advertisement Messages
183
Configuring a Static Ipv6 Neighbor
183
Verifying the Ipv6 Configuration
183
The Show Ipv6 Interface Command
184
The Show Ipv6 Route Command
185
Configuring AAA Servers and the Local Database
185
AAA Overview
185
About Authentication
186
About Authorization
186
About Accounting
186
AAA Server and Local Database Support
186
C H a P T E R 13 Configuring AAA Servers and the Local Database
187
RADIUS Server Support
188
Authentication Methods
188
Attribute Support
188
RADIUS Authorization Functions
187
Summary of Support
188
SDI Server Support
189
SDI Version Support
189
Two-Step Authentication Process
189
SDI Primary and Replica Servers
188
TACACS+ Server Support
189
Kerberos Server Support
189
NT Server Support
190
LDAP Server Support
190
Authentication with LDAP
191
Authorization with LDAP for VPN
192
LDAP Attribute Mapping
193
Local Database Support
194
User Profiles
194
Fallback Support
193
SSO Support for Webvpn with HTTP Forms
194
Configuring the Local Database
196
Identifying AAA Server Groups and Servers
199
Using Certificates and User Login Credentials
199
Using User Login Credentials
200
Using Certificates
200
Supporting a Zone Labs Integrity Server
201
Overview of Integrity Server and Security Appliance Interaction
201
Configuring Integrity Server Support
203
Understanding Failover
204
Chapter 14 Configuring Failover
205
The Failover and Stateful Failover Links
207
Stateful Failover Link
208
Active/Active and Active/Standby Failover
211
Active/Active Failover
216
Determining Which Type of Failover to Use
217
Failover Health Monitoring
218
Interface Monitoring
219
Failover Feature/Platform Matrix
220
Failover Configuration Limitations
222
Configuring Lan-Based Active/Standby Failover
225
Configuring Optional Active/Standby Failover Settings
228
Configuring Active/Active Failover
230
Configuring Lan-Based Active/Active Failover
234
Configuring Optional Active/Active Failover Settings
238
Configuring Unit Health Monitoring
239
Verifying the Failover Configuration
247
Viewing Monitored Interfaces
248
Testing the Failover Functionality
249
Disabling Failover
250
Failover System Messages
253
Routed Mode Overview
254
Chapter 15 Firewall Mode Overview
255
An Inside User Visits a Web Server
256
An Outside User Visits a Web Server On the DMZ
257
An Inside User Visits a Web Server On the DMZ
258
An Outside User Attempts to Access an Inside Host
259
A DMZ User Attempts to Access an Inside Host
260
Transparent Firewall Network
261
MAC Address Lookups
262
Unsupported Features in Transparent Mode
263
How Data Moves Through the Transparent Firewall
264
An Inside User Visits a Web Server
265
An Outside User Visits a Web Server On the Inside Network
266
An Outside User Attempts to Access an Inside Host
269
Access List Overview
270
Access List Types
271
C H a P T E R 16 Identifying Traffic with Access Lists
273
Adding an Extended Access List
274
Allowing Special IP Traffic Through the Transparent Firewall
276
Adding an Ethertype Access List
277
Adding a Standard Access List
278
Adding a Webtype Access List
279
Adding Object Groups
280
Adding a Network Object Group
281
Adding an ICMP Type Object Group
282
Nesting Object Groups
283
Using Object Groups with an Access List
284
Displaying Object Groups
285
Scheduling Extended Access List Activation
286
Applying the Time Range to an ACE
287
Configuring Logging for an Access Control Entry
288
Managing Deny Flows
291
NAT Overview
292
Introduction to NAT
293
Chapter 17 Applying NAT
295
NAT Types
297
Static NAT
299
Bypassing NAT When NAT Control Is Enabled
302
NAT and Same Security Level Interfaces
303
Order of NAT Commands Used to Match Real Addresses
305
Configuring NAT Control
306
Using Dynamic NAT and PAT
312
Configuring Dynamic NAT or PAT
315
Using Static NAT
316
Using Static PAT
318
Bypassing NAT
319
Configuring Static Identity NAT
321
Configuring NAT Exemption
322
NAT Examples
323
Overlapping Networks
324
Redirecting Ports
328
C H a P T E R 18 Permitting or Denying Network Access
331
Applying an Access List to an Interface
333
AAA Performance
334
Chapter 19 Applying AAA for Network Acces
335
Static PAT and HTTP
337
Enabling Secure Authentication of Web Clients
339
Configuring RADIUS Authorization
343
Configuring a RADIUS Server to Download Per-User Access Control List Names
344
Configuring Accounting for Network Access
345
Using MAC Addresses to Exempt Traffic From Authentication and Authorization
347
Filtering Overview
348
C H a P T E R 20 Applying Filtering Services
349
Filtering Java Applets
350
URL Filtering Overview
351
Buffering the Content Server Response
352
Caching Server Addresses
353
Enabling Filtering of Long HTTP Urls
354
Filtering HTTPS Urls
355
Viewing Filtering Statistics and Configuration
356
Viewing Buffer Configuration and Statistics
357
Viewing Caching Statistics
359
Modular Policy Framework Overview
360
Chapter 21 Using Modular Policy Framework
361
Creating a Layer 3/4 Class Map for Through Traffic
363
Creating a Layer 3/4 Class Map for Management Traffic
364
Creating a Regular Expression
366
Creating a Regular Expression Class Map
367
Identifying Traffic in an Inspection Class Map
368
Defining Actions in an Inspection Policy Map
371
Defining Actions Using a Layer 3/4 Policy Map
372
Default Layer 3/4 Policy Map
373
Adding a Layer 3/4 Policy Map
375
Applying a Layer 3/4 Policy to an Interface Using a Service Policy
376
Applying Inspection and Qos Policing to HTTP Traffic
377
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers
378
Applying Inspection to HTTP Traffic with NAT
379
Managing the AIP SSM
Cisco 500 Series Manual (4 pages)
Cisco Systems Security Appliances Upsell Guide
Brand:
Cisco
| Category:
Network Router
| Size: 0.42 MB
Advertisement
Share and save
Advertisement
Related Products
Cisco PIX-515E
Cisco PIX-515-RPS - PIX 515-R - Firewall
Cisco PIX 501 - Security Appliance
Cisco PIX 525
Cisco PIX 525
Cisco PIX 506 - Firewall
Cisco PIX 506E - Security Appliance
Cisco PIX 501
Cisco PIX 506E
Cisco PIX 506
Cisco Categories
Switch
Network Router
IP Phone
Conference System
Wireless Access Point
More Cisco Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL