Cisco 500 Series Manuals

Table of Contents

• • 3

    Table of Contents
  • 39

    About This Guide
    • 39

      Document Objectives
    • 40

      Related Documentation
    • 40

      Document Organization
    • 43

      Document Conventions
  • 47

    Introduction to the Security Appliance
    • 47

      Firewall Functional Overview
      • 48

        Security Policy Overview
        • 48

          Permitting or Denying Traffic with Access Lists
        • 49

          Applying Http, Https, or Ftp Filtering
        • 49

          Applying Application Inspection
    • 51

      Vpn Functional Overview
    • 52

      Intrusion Prevention Services Functional Overview

• 53

  Chapter 2 Getting Started

  • 53

    Getting Started with Your Platform Model
  • 53

    Factory Default Configurations
    • 54

      Restoring the Factory Default Configuration
    • 54

      ASA 5505 Default Configuration
    • 55

      ASA 5510 and Higher Default Configuration
    • 56

      PIX 515/515E Default Configuration
  • 56

    Accessing the Command-Line Interface
  • 57

    Setting Transparent or Routed Firewall Mode
  • 58

    Working with the Configuration
    • 58

      Saving Configuration Changes
      • 59

        Saving Configuration Changes in Single Context Mode
      • 59

        Saving Configuration Changes in Multiple Context Mode
    • 60

      Copying the Startup Configuration to the Running Configuration
    • 60

      Viewing the Configuration
    • 61

      Clearing and Removing Configuration Settings
    • 61

      Creating Text Configuration Files Offline
  • 64

    Security Context Overview
    • 64

      Unsupported Features
    • 64

      Context Configuration Files
      • 64

        Context Configurations
      • 64

        System Configuration
      • 64

        Admin Context Configuration
    • 65

      How the Security Appliance Classifies Packets
      • 65

        Valid Classifier Criteria
      • 66

        Invalid Classifier Criteria
      • 67

        Classification Examples
    • 70

      Cascading Security Contexts
    • 71

      Management Access to Security Contexts
      • 71

        System Administrator Access
      • 72

        Context Administrator Access
  • 72

    Enabling or Disabling Multiple Context Mode
    • 72

      Backing Up the Single Mode Configuration
    • 72

      Enabling Multiple Context Mode
    • 73

      Restoring Single Context Mode
  • 75

    Appliance
    • 75

      Interface Overview
  • 75

    Configuring Switch Ports and Vlan Interfaces for the Cisco Asa 5505 Adaptive Security
    • 76

      Understanding ASA 5505 Ports and Interfaces
    • 76

      Maximum Active VLAN Interfaces for Your License
    • 78

      Default Interface Configuration
    • 78

      VLAN MAC Addresses
    • 78

      Power Over Ethernet
    • 78

      Monitoring Traffic Using SPAN
    • 79

      Security Level Overview
    • 79

      Configuring VLAN Interfaces
    • 83

      Configuring Switch Ports As Access Ports
    • 85

      Configuring a Switch Port As a Trunk Port
    • 87

      Allowing Communication Between VLAN Interfaces On the Same Security Level
  • 89

    Configuring Ethernet Settings, Redundant Interfaces, and Subinterfaces
    • 89

      Configuring and Enabling RJ-45 Interfaces
      • 89

        RJ-45 Interface Overview
        • 90

          Default State of Physical Interfaces
        • 90

          Connector Types
        • 90

          Auto-MDI/MDIX Feature
      • 90

        Configuring the RJ-45 Interface
    • 91

      Configuring and Enabling Fiber Interfaces
      • 91

        Default State of Physical Interfaces
      • 92

        Configuring the Fiber Interface
    • 92

      Configuring a Redundant Interface
      • 93

        Redundant Interface Overview
        • 93

          Default State of Redundant Interfaces
        • 93

          Redundant Interfaces and Failover Guidelines
        • 93

          Redundant Interface MAC Address
        • 93

          Physical Interface Guidelines
      • 94

        Adding a Redundant Interface
      • 95

        Changing the Active Interface
    • 95

      Configuring VLAN Subinterfaces and 802.1Q Trunking
      • 95

        Subinterface Overview
        • 95

          Default State of Subinterfaces
        • 96

          Maximum Subinterfaces
        • 96

          Preventing Untagged Packets On the Physical Interface
      • 96

        Adding a Subinterface
  • 100

    Configuring Resource Management
    • 100

      Resource Limits
    • 101

      Default Class
    • 102

      Class Members
    • 102

      Configuring a Class
  • 105

    Configuring a Security Context
  • 109

    Automatically Assigning MAC Addresses to Context Interfaces
  • 110

    Changing Between Contexts and the System Execution Space
  • 110

    Managing Security Contexts
    • 110

      Removing a Security Context
    • 111

      Changing the Admin Context
    • 111

      Changing the Security Context URL
    • 112

      Reloading a Security Context
      • 112

        Reloading By Clearing the Configuration
      • 112

        Reloading By Removing and Re-Adding the Context
    • 113

      Monitoring Security Contexts
      • 113

        Viewing Context Information
      • 114

        Viewing Resource Allocation
      • 117

        Viewing Resource Usage
      • 118

        Monitoring SYN Attacks in Contexts

• 121

  Chapter 7 Configuring Interface Parameters

  • 121

    Security Level Overview
  • 122

    Configuring Interface Parameters
    • 122

      Interface Parameters Overview
      • 123

        Default State of Interfaces
      • 123

        Default Security Level
      • 123

        Multiple Context Mode Guidelines
    • 123

      Configuring the Interface
  • 127

    Allowing Communication Between Interfaces On the Same Security Level

• 129

  Chapter 8 Configuring Basic Settings

  • 129

    Changing the Login Password
  • 129

    Changing the Enable Password
  • 130

    Setting the Hostname
  • 130

    Setting the Domain Name
    • 130

      Setting the Date and Time
      • 131

        Setting the Time Zone and Daylight Saving Time Date Range
      • 132

        Setting the Date and Time Using an NTP Server
      • 132

        Setting the Date and Time Manually
    • 133

      Setting the Management IP Address for a Transparent Firewall
  • 135

    Configuring Ip Routing
    • 135

      Configuring Static and Default Routes
      • 136

        Configuring a Static Route
      • 137

        Configuring a Default Static Route
      • 138

        Configuring Static Route Tracking
    • 140

      Defining Route Maps
    • 141

      Configuring OSPF
      • 142

        OSPF Overview
      • 142

        Enabling OSPF
      • 143

        Redistributing Routes Into OSPF
      • 144

        Configuring OSPF Interface Parameters
      • 147

        Configuring OSPF Area Parameters
      • 147

        Configuring OSPF NSSA
      • 149

        Configuring Route Summarization Between OSPF Areas
      • 149

        Configuring Route Summarization When Redistributing Routes Into OSPF
      • 150

        Defining Static OSPF Neighbors
      • 150

        Generating a Default Route
      • 151

        Configuring Route Calculation Timers
      • 151

        Logging Neighbors Going Up or Down
      • 152

        Displaying OSPF Update Packet Pacing
      • 152

        Monitoring OSPF
      • 153

        Restarting the OSPF Process
    • 153

      Configuring RIP
      • 153

        Enabling and Configuring RIP
      • 155

        Redistributing Routes Into the RIP Routing Process
      • 155

        Configuring RIP Send/Receive Version On an Interface
      • 156

        Enabling RIP Authentication
      • 156

        Monitoring RIP
    • 157

      Configuring EIGRP
      • 157

        EIGRP Routing Overview
      • 158

        Enabling and Configuring EIGRP Routing
      • 159

        Enabling and Configuring EIGRP Stub Routing
      • 160

        Enabling EIGRP Authentication
      • 161

        Defining an EIGRP Neighbor
      • 161

        Redistributing Routes Into EIGRP
      • 162

        Configuring the EIGRP Hello Interval and Hold Time
      • 162

        Disabling Automatic Route Summarization
      • 163

        Configuring Summary Aggregate Addresses
      • 163

        Disabling EIGRP Split Horizon
      • 164

        Changing the Interface Delay Value
      • 164

        Monitoring EIGRP
      • 165

        Disabling Neighbor Change and Warning Message Logging
    • 165

      The Routing Table
      • 165

        Displaying the Routing Table
      • 166

        How the Routing Table Is Populated
        • 167

          Backup Routes
      • 167

        How Forwarding Decisions Are Made
    • 168

      Dynamic Routing and Failover
  • 169

    Configuring Dhcp, Ddns, and Wccp Services
    • 169

      Configuring a DHCP Server
      • 170

        Enabling the DHCP Server
      • 171

        Configuring DHCP Options
      • 172

        Using Cisco IP Phones with a DHCP Server
    • 173

      Configuring DHCP Relay Services
    • 174

      Configuring Dynamic DNS
      • 175

        Example 1: Client Updates Both a and PTR Rrs for Static IP Addresses
      • 176

        Client and Updates Both Rrs
      • 176

        Honors Client Request and Updates Both a and PTR RR
      • 177

        Example 5: Client Updates a RR; Server Updates PTR RR
    • 177

      Configuring Web Cache Services Using WCCP
      • 177

        WCCP Feature Support
      • 178

        WCCP Interaction with Other Features
      • 178

        Enabling WCCP Redirection
  • 181

    Configuring Multicast Routing
    • 181

      Multicast Routing Overview
    • 182

      Enabling Multicast Routing
    • 182

      Configuring IGMP Features
      • 183

        Disabling IGMP On an Interface
      • 183

        Configuring Group Membership
      • 183

        Configuring a Statically Joined Group
      • 183

        Controlling Access to Multicast Groups
      • 184

        Limiting the Number of IGMP States On an Interface
      • 184

        Modifying the Query Interval and Query Timeout
      • 185

        Changing the Query Response Time
      • 185

        Changing the IGMP Version
    • 185

      Configuring Stub Multicast Routing
    • 185

      Configuring a Static Multicast Route
    • 186

      Configuring PIM Features
      • 186

        Disabling PIM On an Interface
      • 187

        Configuring a Static Rendezvous Point Address
      • 187

        Configuring the Designated Router Priority
      • 187

        Filtering PIM Register Messages
      • 188

        Configuring PIM Message Intervals
      • 188

        Configuring a Multicast Boundary
      • 188

        Filtering PIM Neighbors
      • 189

        Supporting Mixed Bidirctional/Sparse-Mode PIM Networks
    • 190

      For More Information about Multicast Routing

• 191

  Chapter 12 Configuring Ipv6

  • 191

    Ipv6-Enabled Commands
    • 193

      Configuring Ipv6 On an Interface
    • 194

      Configuring a Dual IP Stack On an Interface
    • 194

      Enforcing the Use of Modified EUI-64 Interface Ids in Ipv6 Addresses
    • 194

      Configuring Ipv6 Duplicate Address Detection
    • 195

      Configuring Ipv6 Default and Static Routes
    • 196

      Configuring Ipv6 Access Lists
    • 197

      Configuring Ipv6 Neighbor Discovery
      • 197

        Configuring Neighbor Solicitation Messages
      • 199

        Configuring Router Advertisement Messages
    • 201

      Configuring a Static Ipv6 Neighbor
  • 201

    Verifying the Ipv6 Configuration
    • 201

      The Show Ipv6 Interface Command
    • 202

      The Show Ipv6 Route Command
  • 203

    Configuring Aaa Servers and the Local Database
    • 203

      AAA Overview
      • 204

        About Authentication
      • 204

        About Authorization
      • 204

        About Accounting
    • 205

      AAA Server and Local Database Support
      • 205

        Summary of Support
      • 206

        RADIUS Server Support
        • 206

          Authentication Methods
        • 206

          Attribute Support
        • 206

          RADIUS Authorization Functions
      • 206

        TACACS+ Server Support
      • 207

        SDI Server Support
        • 207

          SDI Version Support
        • 207

          Two-Step Authentication Process
        • 207

          SDI Primary and Replica Servers
      • 207

        NT Server Support
      • 207

        Kerberos Server Support
      • 208

        LDAP Server Support
      • 208

        SSO Support for Webvpn with HTTP Forms
      • 208

        Local Database Support
        • 208

          User Profiles
        • 209

          Fallback Support
    • 209

      Configuring the Local Database
    • 211

      Identifying AAA Server Groups and Servers
    • 214

      Configuring an LDAP Server
      • 214

        Authentication with LDAP
      • 216

        Authorization with LDAP for VPN
      • 216

        LDAP Attribute Mapping
    • 218

      Using Certificates and User Login Credentials
      • 218

        Using User Login Credentials
      • 218

        Using Certificates
    • 219

      Supporting a Zone Labs Integrity Server
      • 219

        Overview of Integrity Server and Security Appliance Interaction
      • 220

        Configuring Integrity Server Support
  • 221

    Understanding Failover
    • 222

      Failover System Requirements
      • 222

        Hardware Requirements
      • 222

        Software Requirements
      • 222

        License Requirements
    • 223

      The Failover and Stateful Failover Links
      • 223

        Failover Link
      • 225

        Stateful Failover Link
    • 226

      Active/Active and Active/Standby Failover
      • 226

        Active/Standby Failover
      • 230

        Active/Active Failover
      • 235

        Determining Which Type of Failover to Use
    • 235

      Regular and Stateful Failover
      • 235

        Regular Failover
      • 235

        Stateful Failover
    • 236

      Failover Health Monitoring
      • 237

        Unit Health Monitoring
      • 237

        Interface Monitoring
    • 238

      Failover Feature/Platform Matrix
    • 238

      Failover Times By Platform
  • 239

    Configuring Failover
    • 239

      Failover Configuration Limitations
    • 239

      Configuring Active/Standby Failover
      • 240

        Prerequisites
      • 240

        Configuring Cable-Based Active/Standby Failover (PIX 500 Series Security Appliance Only)
      • 241

        Configuring Lan-Based Active/Standby Failover
      • 245

        Configuring Optional Active/Standby Failover Settings
    • 247

      Configuring Active/Active Failover
      • 247

        Prerequisites
      • 247

        Configuring Cable-Based Active/Active Failover (PIX 500 Series Security Appliance)
      • 249

        Configuring Lan-Based Active/Active Failover
      • 253

        Configuring Optional Active/Active Failover Settings
    • 259

      Configuring Unit Health Monitoring
    • 259

      Configuring Failover Communication Authentication/Encryption
    • 260

      Verifying the Failover Configuration
      • 260

        Using the Show Failover Command
      • 268

        Viewing Monitored Interfaces
      • 268

        Displaying the Failover Commands in the Running Configuration
        • 269

          Testing the Failover Functionality
    • 269

      Controlling and Monitoring Failover
      • 269

        Forcing Failover
      • 270

        Disabling Failover
      • 270

        Restoring a Failed Unit or Failover Group
      • 270

        Monitoring Failover
        • 271

          Failover System Messages
        • 271

          Debug Messages
        • 271

          Snmp
    • 271

      Remote Command Execution
      • 272

        Changing Command Modes
      • 273

        Security Considerations
      • 273

        Limitations of Remote Command Execution
    • 274

      Auto Update Server Support in Failover Configurations
      • 274

        Auto Update Process Overview
      • 275

        Monitoring the Auto Update Process
  • 277

    Configuring the Firewall
    • 279

      Routed Mode Overview
      • 279

        IP Routing Support
      • 279

        How Data Moves Through the Security Appliance in Routed Firewall Mode
        • 280

          An Inside User Visits a Web Server
        • 281

          An Outside User Visits a Web Server On the DMZ
        • 282

          An Inside User Visits a Web Server On the DMZ
        • 283

          An Outside User Attempts to Access an Inside Host
        • 284

          A DMZ User Attempts to Access an Inside Host
    • 284

      Transparent Mode Overview
      • 285

        Transparent Firewall Network
      • 285

        Allowing Layer 3 Traffic
      • 285

        Allowed MAC Addresses
      • 285

        Passing Traffic Not Allowed in Routed Mode
      • 286

        MAC Address Vs. Route Lookups
      • 287

        Using the Transparent Firewall in Your Network
      • 287

        Transparent Firewall Guidelines
      • 288

        Unsupported Features in Transparent Mode
    • 289

      How Data Moves Through the Transparent Firewall
      • 290

        An Inside User Visits a Web Server
      • 291

        An Inside User Visits a Web Server Using NAT
      • 292

        An Outside User Visits a Web Server On the Inside Network
      • 293

        An Outside User Attempts to Access an Inside Host
  • 295

    Access List Overview
    • 296

      Access List Types
    • 296

      Access Control Entry Order
    • 297

      Access Control Implicit Deny
    • 297

      IP Addresses Used for Access Lists When You Use NAT
  • 299

    Adding an Extended Access List
    • 299

      Extended Access List Overview
    • 300

      Allowing Broadcast and Multicast Traffic Through the Transparent Firewall
    • 300

      Adding an Extended ACE
  • 302

    Adding an Ethertype Access List
    • 302

      Ethertype Access List Overview
      • 302

        Supported Ethertypes
      • 302

        Implicit Permit of IP and Arps Only
      • 302

        Implicit and Explicit Deny ACE at the End of an Access List
      • 303

        Ipv6 Unsupported
      • 303

        Using Extended and Ethertype Access Lists On the Same Interface
      • 303

        Allowing MPLS
    • 304

      Adding an Ethertype ACE
  • 304

    Adding a Standard Access List
  • 305

    Adding a Webtype Access List
  • 305

    Simplifying Access Lists with Object Grouping
    • 305

      How Object Grouping Works
    • 306

      Adding Object Groups
      • 306

        Adding a Protocol Object Group
      • 306

        Adding a Network Object Group
      • 306

        Adding a Service Object Group
      • 306

        Adding an ICMP Type Object Group
    • 309

      Nesting Object Groups
    • 310

      Using Object Groups with an Access List
    • 311

      Displaying Object Groups
    • 311

      Removing Object Groups
  • 311

    Adding Remarks to Access Lists
    • 312

      Scheduling Extended Access List Activation
      • 312

        Adding a Time Range
      • 313

        Applying the Time Range to an ACE
    • 313

      Logging Access List Activity
      • 313

        Access List Logging Overview
      • 314

        Configuring Logging for an Access Control Entry
      • 315

        Managing Deny Flows
  • 317

    Configuring NAT
    • 317

      NAT Overview
      • 317

        Introduction to NAT
      • 318

        NAT in Routed Mode
      • 319

        NAT in Transparent Mode
      • 320

        NAT Control
      • 322

        NAT Types
        • 322

          Dynamic NAT
        • 324

          Pat
        • 324

          Static NAT
        • 325

          Static PAT
        • 326

          Bypassing NAT When NAT Control Is Enabled
      • 326

        Policy NAT
      • 329

        NAT and Same Security Level Interfaces
      • 330

        Order of NAT Commands Used to Match Real Addresses
      • 330

        Mapped Address Guidelines
      • 331

        DNS and NAT
    • 332

      Configuring NAT Control
    • 333

      Using Dynamic NAT and PAT
      • 333

        Dynamic NAT and PAT Implementation
      • 339

        Configuring Dynamic NAT or PAT
    • 342

      Using Static NAT
    • 343

      Using Static PAT
    • 346

      Bypassing NAT
      • 346

        Configuring Identity NAT
      • 347

        Configuring Static Identity NAT
      • 349

        Configuring NAT Exemption
    • 350

      NAT Examples
      • 350

        Overlapping Networks
      • 352

        Redirecting Ports

• 355

  Chapter 18 Permitting or Denying Network Access

  • 355

    Inbound and Outbound Access List Overview
  • 356

    Applying an Access List to an Interface

• 359

  Chapter 19 Applying AAA for Network Access

  • 359

    AAA Performance
  • 359

    Configuring Authentication for Network Access
    • 360

      Authentication Overview
      • 360

        One-Time Authentication
      • 360

        Applications Required to Receive an Authentication Challenge
      • 360

        Security Appliance Authentication Prompts
      • 361

        Static PAT and HTTP
    • 361

      Enabling Network Access Authentication
    • 363

      Enabling Secure Authentication of Web Clients
    • 364

      Authenticating Directly with the Security Appliance
      • 364

        Enabling Direct Authentication Using HTTP and HTTPS
      • 365

        Enabling Direct Authentication Using Telnet
  • 366

    Configuring Authorization for Network Access
    • 366

      Configuring TACACS+ Authorization
    • 368

      Configuring RADIUS Authorization
      • 368

        Configuring a RADIUS Server to Send Downloadable Access Control Lists
      • 368

        Configuring a RADIUS Server to Download Per-User Access Control List Names
  • 372

    Configuring Accounting for Network Access
  • 374

    Using MAC Addresses to Exempt Traffic From Authentication and Authorization

• 377

  Chapter 20 Applying Filtering Services

  • 377

    Filtering Overview
  • 378

    Filtering Activex Objects
    • 378

      Activex Filtering Overview
    • 378

      Enabling Activex Filtering
  • 379

    Filtering Java Applets
  • 380

    Filtering Urls and FTP Requests with an External Server
    • 380

      URL Filtering Overview
    • 380

      Identifying the Filtering Server
    • 382

      Buffering the Content Server Response
    • 382

      Caching Server Addresses
    • 383

      Filtering HTTP Urls
      • 383

        Configuring HTTP Filtering
      • 383

        Enabling Filtering of Long HTTP Urls
      • 383

        Truncating Long HTTP Urls
      • 384

        Exempting Traffic From Filtering
    • 384

      Filtering HTTPS Urls
    • 385

      Filtering FTP Requests
  • 385

    Viewing Filtering Statistics and Configuration
    • 386

      Viewing Filtering Server Statistics
    • 387

      Viewing Buffer Configuration and Statistics
    • 387

      Viewing Caching Statistics
    • 387

      Viewing Filtering Performance Statistics
    • 388

      Viewing Filtering Configuration

• 389

  Chapter 21 Using Modular Policy Framework

  • 389

    Modular Policy Framework Overview
    • 390

      Default Global Policy
  • 390

    Identifying Traffic Using a Layer 3/4 Class Map
    • 391

      Creating a Layer 3/4 Class Map for Through Traffic
    • 393

      Creating a Layer 3/4 Class Map for Management Traffic
  • 394

    Configuring Special Actions for Application Inspections
    • 394

      Creating a Regular Expression
    • 397

      Creating a Regular Expression Class Map
    • 398

      Identifying Traffic in an Inspection Class Map
    • 399

      Defining Actions in an Inspection Policy Map
  • 401

    Defining Actions Using a Layer 3/4 Policy Map
    • 401

      Layer 3/4 Policy Map Overview
      • 402

        Policy Map Guidelines
      • 402

        Supported Feature Types
      • 402

        Feature Directionality
      • 403

        Feature Matching Guidelines Within a Policy Map
      • 403

        Feature Matching Guidelines for Multiple Policy Maps
      • 404

        Order in Which Multiple Feature Actions Are Applied
    • 404

      Default Layer 3/4 Policy Map
    • 404

      Adding a Layer 3/4 Policy Map
  • 406

    Applying a Layer 3/4 Policy to an Interface Using a Service Policy
  • 407

    Modular Policy Framework Examples
    • 407

      Applying Inspection and Qos Policing to HTTP Traffic
    • 408

      Applying Inspection to HTTP Traffic Globally
    • 409

      Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers
    • 410

      Applying Inspection to HTTP Traffic with NAT

• 411

  Chapter 22 Managing the AIP SSM and CSC SSM

  • 411

    Managing the AIP SSM
    • 411

      AIP SSM Overview
      • 412

        How the AIP SSM Works with the Adaptive Security Appliance
      • 412

        Operating Modes
      • 413

        Using Virtual Sensors
      • 414

        AIP SSM Procedure Overview
    • 415

      Sessioning to the AIP SSM
    • 416

      Configuring the Security Policy On the AIP SSM
    • 416

      Assigning Virtual Sensors to Security Contexts
    • 418

      Diverting Traffic to the AIP SSM
  • 419

    Managing the CSC SSM
    • 420

      About the CSC SSM
    • 422

      Getting Started with the CSC SSM
    • 423

      Determining What Traffic to Scan
    • 425

      Limiting Connections Through the CSC SSM
    • 426

      Diverting Traffic to the CSC SSM
  • 428

    Checking SSM Status
  • 429

    Transferring an Image Onto an SSM

• 431

  Chapter 23 Preventing Network Attacks

  • 431

    Configuring Threat Detection
    • 431

      Configuring Basic Threat Detection
      • 432

        Basic Threat Detection Overview
      • 432

        Configuring Basic Threat Detection
      • 434

        Managing Basic Threat Statistics
    • 435

      Configuring Scanning Threat Detection
      • 435

        Enabling Scanning Threat Detection
      • 436

        Managing Shunned Hosts
      • 437

        Viewing Attackers and Targets
    • 437

      Configuring and Viewing Threat Statistics
      • 437

        Configuring Threat Statistics
      • 438

        Viewing Threat Statistics
  • 441

    Configuring TCP Normalization
  • 444

    Configuring Connection Limits and Timeouts
    • 444

      Connection Limit Overview
      • 444

        TCP Intercept Overview
      • 444

        Disabling TCP Intercept for Management Packets for Webvpn Compatibility
      • 445

        Dead Connection Detection Overview
      • 445

        TCP Sequence Randomization Overview
    • 445

      Enabling Connection Limits
  • 446

    Preventing IP Spoofing
  • 447

    Configuring the Fragment Size
  • 447

    Blocking Unwanted Connections
  • 448

    Configuring IP Audit for Basic IPS Support

• 449

  Chapter 24 Applying Qos Policies

  • 449

    Overview
  • 450

    Qos Concepts
  • 450

    Implementing Qos
  • 452

    Identifying Traffic for Qos
  • 453

    Defining a Qos Policy Map
  • 454

    Applying Rate Limiting
  • 455

    Activating the Service Policy
  • 456

    Applying Low Latency Queueing
    • 456

      Configuring Priority Queuing
    • 456

      Sizing the Priority Queue
    • 457

      Reducing Queue Latency
  • 457

    Configuring Qos
  • 460

    Viewing Qos Configuration
    • 460

      Viewing Qos Service Policy Configuration
    • 461

      Viewing Qos Policy Map Configuration
    • 461

      Viewing the Priority-Queue Configuration for an Interface
  • 462

    Viewing Qos Statistics
    • 462

      Viewing Qos Police Statistics
    • 462

      Viewing Qos Priority Statistics
    • 463

      Viewing Qos Priority Queue Statistics