Feedback
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
100BaseTX Ethernet, interface speed6-10
10BaseT Ethernet, interface speed6-10
A
AAA
configuring authorization services3-15
deleting authorization caches8-53
setting system options8-78
setting up accounting3-1
setting up a server for3-15
specifying a server3-18
AAA challenge text See authorization prompt
access control list (ACL) See access list
access group3-23
access list
binding a group to an interface3-23
configuring CiscoSecure acl attribute3-32
configuring ports7-34
creating3-25
creating for IPSec3-29
generating denied packet syslog message3-33
superceding apply and outbound commands7-34
using RADIUS authorization3-32
using TurboACL3-33
using vendor-specific identifiers3-32
using with IPSec3-35
accounting
providing user-based3-1
setting up3-1
using RADIUS3-1
using TACACS+3-1
ACL See access list
activation key
displaying3-38
updating3-38
ActiveX
aliasing interference3-42
blocking5-37
addressing
assigning global pools7-14
Address Resolution Protocol, setting parameters3-43
aliasing
ARP3-43
configuring3-40
DNS system options8-81
interfering with ActiveX blocking3-42
setting overlapping addresses for NAT3-40
specifying for a network3-41
alternate address, ICMP message3-35, 6-9
application inspection See fixup protocol
ARP
aliasing3-43
changing3-43
dislaying the cache3-43
physical addressing3-44
setting the timeout value3-43
authentication
configuring for mail agents and newsreaders3-9
disabling
authentication verification3-13
enabling
authentication verification3-13
using certification authorities (CAs)4-3
using HTTPS3-8
using LOCAL3-3
using SSL3-8
using token-based4-61
using with crypto maps4-61
using with IPSec4-61
authentication, authorization, and accounting See AAA
authorization
enabling or disabling3-13
setting AAA challenge text3-45
using LOCAL3-13
using TACACS+3-13
auto, interface speed6-10
B
buffering
circular4-12
interface allocation6-12
packet capture4-11
C
cabling
status5-31
caching, URL9-10
capture
buffering4-12
copying information4-36
enabling4-11
output formats4-13
selecting options4-12
certificate revocation list (CRL), using4-2
certification authority (CA)
authenticating4-3
configuring the server4-6
declaring4-6
deleting RSA keys4-7
fingerprinting4-2
generating RSA key pairs4-6
including serial number in certificate4-5
obtaining an updated certificate revocation list (CRL)4-4
obtaining certificates4-5
querying a certificate or certificate revocation list (CRL)4-6
revoking certificates4-5
saving data to Flash memory4-6
saving RSA Key pairs and certificates4-6
sending enrollment request4-5
using LDAP (Lightweight Directory Access Protocol)4-6
using PKI protocol4-6
using registration authority (RA) mode4-3
using RSA public key record4-3
changing
firewall prompt label6-6
host name6-6
CiscoSecure 2.1, showing timeout values8-53
Cisco VPN 3000 Client, configuring support for9-31
Cisco VPN Client, setting up support for9-30
clear
auth-prompt3-45
clearing
aaa accounting configuration3-1
AAA server configuration3-18
access group configuration3-23
accounting3-1
alias configuration3-40
ARP configuration3-43
clock settings4-20
commands4-14
configurations4-14
counters4-14
crypto ipsec security associations4-52
ISAKMP configuration6-34
ISAKMP security associations6-34
local host network states8-19
logging6-40
object groups7-27
system buffer8-7
timeout values9-6
user authorization4-15
clients
Oracle SQL*Net5-7
setting up Easy VPN Remote9-28
SQL*Net5-7
VPN4-61
clock4-20
adjusting summer time settings4-20
allowed year range4-21
setting4-20
setting Daylight Savings time4-20
setting time zone4-20
command
clear
auth-prompt3-45
show
auth-prompt3-45
command-line interface (CLI) prompt, changing6-6
command modes
changing2-3
configuration2-3
enabling5-24
exiting7-52
privileged2-3
unprivileged2-3
commands
abbrievating2-2
changing modes2-3
completing2-2
firewall CLI help2-2
conduit
adding or deleting4-22
UDP port mapping4-28
using with RPC4-28
configuration
designating a TFTP server4-32
entering configure mode4-31
restoring factory-default4-30
using configure factory-default command4-33
using IKE mode4-61
using the configure command4-29
configuring
access control7-34
Diffie-Hellman groups6-37
firewall interfaces6-10
interfaces7-13
interface security level7-13
Intrusion Detection System (IDS) signatures6-20
IP addresses6-16
management access7-3
network address translation (NAT)7-14
object groups7-28
privilege levels7-50
reverse path verfication6-25
saving configuration9-35
showing running configuration8-36
showing start up configuration8-39
Unicast RPF IP6-25
URL filtering server9-12
VLANs6-11
VPN support9-30
connecting, embryonic limit7-15
connection flags
H.2258-11
H.3238-11
connections, outbound7-33
console
accessing with a serial cable4-33
changing settings9-4
setting a timeout4-33
using a session5-8
conversion error, ICMP message3-35, 6-9
copying
capture information4-36
crash, saving information4-38
cryptography engine, running Known Answer Test8-13
crypto ipsec
clearing security associations4-53
creating dynamic map entries4-46
creating security associations4-50
deleting security association4-50
reinitializing security associations4-53
specifying the Security Parameter Index (SPI)4-51
crypto map
creating dynamic entry4-46
creating entries4-57
deleting dynamic entry4-46
modifying entries4-63
modifying IPSec-ISAKMP entries4-63
setting PFS4-59
D
daisy-chaining, PIX Firewall units3-9
deleting, authorization caches8-53
deprecated commands
fragguard2-7
session enable2-7
sysopt route dnat2-7
sysopt security fragguard2-7
DHCP
configuring a relay agent5-17
enabling client feature6-18
polling6-16
relaying requests between interfaces5-17
Diffie-Hellman
Group 55-9
selecting a group4-66
setting PFS4-59
Diffie-Hellman groups
configuring6-37
Group 16-35
Group 26-35
disabling, command modes5-20
diskette, using4-32
displaying See showing
Document Organizationx
domain name, changing5-20
downgrading, to a previous version5-56
downloadable3-17
downloadable, access list Seeaccess list
dynamic map
creating5-21
viewing5-21
E
Easy VPN Remote
sending traffic to specified networks9-32
setting up9-27
setting up support for9-30
using with split tunnnelling9-32
echo reply, ICMP message3-35, 6-9
eeprom5-21
EMBLEM, syslog message formatting6-43
embryonic connection limit7-15
enabling
privileged mode5-24
resetting default password5-24
encryption
enabling IPSec6-35
key3-19
established connections
using to permit connections5-26
using XDMCP Support5-28
Ethernet, interface speed6-10
exemption, using MAC-based3-16
exiting, command modes5-29
F
failover
cabling5-31
debugging5-7
flagging5-31
licensing5-31
polling5-32
saving crash information4-38
setting up8-73
using hello packets5-32
file system, Flash memory5-56
filtering
by group5-39
username5-39
fingerprinting, certification authority (CA)4-2
fix7-49
fixup protocol
CTIQBE5-39
DNS5-39
ESP-IKE5-39
FTP5-39
FTPSQL*Net5-39
HTTP5-39
ILS5-40
RSH5-39
Skinny5-40
SMTP5-39
flags, failover5-31
Flash memory5-56
saving data to4-6
writing a configuration to9-35
Flood Defender See floodgaurd
floodguard
disabling5-57
enabling5-57
fragments
managing5-59
NFS compatibility5-59
free memory, showing8-20
full duplex, interface speed6-10
G
global IP addresses, associating a network with7-14
H
H.225
application inspection5-46
connection flag8-11
troubleshooting5-43
H.245
troubleshooting5-47
tunneling5-46
H.323
hardware
ARP addressing3-43
configuring a device ID6-10
setting interface speed6-10
Help, firewall CLI6-4
history, command8-17
host name
changing6-6
IP address aliasing7-11
HTTP
using to download4-35
HTTPS
authenticating3-8
I
ICMP
debugging5-6
disabling6-9
enabling6-9
tracing5-8
ICMP messages
network address translation of5-48
ICMP types
interpreting7-30
selecting6-9
selecting conduit options4-27
specifying selective access3-35
using in access lists3-35
IGMP See multicasting
IKE mode, configuring4-61
information reply, ICMP message3-35, 6-9
information request, ICMP message3-35, 6-9
interface cards
interrupt vectors6-13
MAC addresses6-13
interfaces
logical6-11
interfaces, defining for VLANs6-11
interfaces, firewall
binding an access list to3-23
buffer allocation6-12
configuring6-10
configuring management access7-3
displaying parameters6-10
management access7-2
setting interface speed6-10
showing activity8-52
showing duplex status6-13
showing interface speed6-13
shutting down6-12
static or default route7-56
interface speed, setting automatically6-10
Internet Locator Service fixup, and LDAP5-41
Intrusion Detection System (IDS)
configuring signatures6-20
IP address
host name aliasing7-11
using in certificates4-5
ISAKMP
negotiating security associations6-28, 6-35
setting keep alive interval6-28
specifying the keep alive lifetime6-29
ISAKMP policy See ISAKMP
K
key, authentication3-19
killing, Telnet sessions6-39
Known Answer Tes (KAT), running8-13
L
LDAP (Lightweight Directory Access Protocol)
fixup protocol5-41
using with a certification authority (CA)4-6
licensing
FO, R, and UR5-31
for failover units5-31
line numbers
examples3-36
remarks3-30
setting3-26
local host
displaying detailed information8-18
network states8-18
logging
changing message levels6-45
changing the system message level6-43
configuring time stamps6-42
console6-40
disabling6-40
enabling6-40
history6-40
monitoring6-42
queue size6-42
setting facilities6-41
specifying a system log (syslog) server6-41
specifying a system log server6-40, 6-41, 6-43
timestamp6-40
logical interfaces6-11
logical interfaces, defining for VLAN6-11
M
MAC address
configuring ARP3-43
exempting a device based on3-16, 7-1
setting as ARP table entry3-43
Mail Guard, rejecting ESMTP commands5-54
mask reply, ICMP message3-35, 6-9
mask request, ICMP message3-35, 6-9
maximum transmission unit (MTU)
showing7-7
specifying7-7
mobile redirection, ICMP message3-35, 6-9
modes, command2-3
monitoring, firewall performance7-47
multicasting
acting as IGMP proxy7-10
configuring a static route7-6
configuring IGMP7-9
enabling support for7-9
enabling through the firewall7-9
routing7-10
routing traffic7-10
subcommands7-9
N
N2H2
caching server requests9-11
specifying as URL filtering server9-12
specifying server parameters9-12
specifying URL filtering server9-13
naming
host name6-6
interfaces7-13
IP addresses7-11
the firewall6-6
NAT
aliasing3-40
configuring7-14
of ICMP messages5-48
setting overlapping addresses3-40
NAT traversal
disabling6-33
enabling6-33
NetRanger See Intrusion Detection System (IDS)
Network Address Translation See NAT
network alias, specifying3-41
O
object grouping
defining7-27
ICMP message types7-31
nesting7-29
networks7-31
protocols7-31
showing7-30
to apply commands7-27
using7-29
or3-13
OSPF routing
configuring a prefix list7-49
configuring firewall interface parameters7-66
configuring global parameters7-60
redistributing routes7-57
show commands8-22
P
packet capture, enabling4-11
packets
received and sent6-13
tracing5-5
paging, screen
enabling or disabling7-38
specifying the number of lines7-38
parameter problem, ICMP message3-35, 6-9
password
setting for console access7-39
setting for Telnet7-39
PAT (Port Address Translation)
disabling6-2
enabling6-3
limitations5-50
specifying multiple translations6-3
permitting, return connections5-26
physical addressing, ARP3-44
pinging
and ICMP tracing5-6
configurable proxy6-8
IP addresses7-48
using with user authorization3-16
PIX Device Manager (PDM)
commands in firewall configuration7-40
disconnecting7-42
logging7-40
showing PDM sessions7-42
supporting commands7-40
polling, failover5-32
port, outbound7-34
Port Address Translation See PAT
port literals2-3
PPPoE
enabling client functionality6-19
implementing9-18
PPTP
fixup protocol5-41
using with conduits4-28
prefix list entry, configuring7-49
pre-shared key, configuring for VPN9-33
privileged mode, starting5-24
privilege levels
changing between7-51
showing current7-51
prompt
"(config)#"2-3
"#"2-3
">"2-3
protocols, using with port literals2-6
proxy
ARP3-43
pinging6-8
proxy server, using with VoIP5-51
Q
quitting, command modes7-52
R
RADIUS3-3
randomizing, sequence numbers7-16
RAS
H.323 troubleshooting5-48
rebooting See reloading
redirect, ICMP message3-35, 6-9
Related Documentationxi
reloading
firewall configuration from Flash memory7-53
saving configuration changes7-53
without confirmation7-53
route, static or default7-56
router, changing default address sent5-18
router advertisement, ICMP message3-35, 6-9
router solicitation, ICMP message3-35, 6-9
routing, multicast traffic7-6
Routing Information Protocol (RIP)
broadcasting a default route7-54
changing settings7-54
enabling routing table updates7-54
MD5 authentication7-55
version 2 support7-54
RSA key pairs, generating4-6
RSA public key record, using with a certification authority (CA)4-3
running configuration, showing8-36
S
saving
configuration to another location9-35
configuration to Flash memory9-34
crash information4-38
Secure Sockets Layer (SSH)
specifying a host8-66
supporting secure shell8-66
security associations
clearing6-34
creating4-50
deleting4-50
viewing4-50
security level
assigning7-13
defaults7-13
Security Parameter Index (SPI)
coordinating with peer4-68
specifying4-51
sequence numbers, randomizing7-16
server
specifying a TFTP server9-35
specifying for AAA3-18
server, syslog See logging
services
enabling8-1
handling IDENT connections8-2
session5-51
session initiation protocol (SIP)5-50, 5-51
setting
DHCP polling6-16
IP addresses6-16
auth-prompt3-45
showing
AAA3-3
AAA configuration3-1
AAA proxy limit3-18
AAA server configuration3-20
aaa-server configuration3-18
access-group configuration3-23
access list configuration3-25
active connections8-10
alias configuration3-40
ARP timeout3-43
authorization configuration3-13
buffer utilization8-7
certification authority (CA) certificates4-1
certification authority (CA) configuration4-1, 4-9
certification authority (CA) identity4-1, 4-9
checksum8-8
command history8-17
command information8-4
current configuration9-34
current privilege levels7-51
filtering displayed output8-4
firewall performance7-47
free memory8-20
interface names7-13
interface parameters6-10
interface transmission activity8-52
local host network states8-18
maximum transmission unit (MTU)6-13, 7-8
object groups7-27
privilege levels7-50
processes8-34
running configuration8-36
software version8-54
start up configuration8-39
system memory utilization8-20
technical support output8-42
Telnet sessions9-34
timeout values9-6
traffic8-52
URL server9-12
SIP
setting protocol timer values9-6
setting timeout values9-6
troubleshooting5-51
SNMP
configuring contact, location, and host information8-63
configuring on the firewall8-61
displaying object ID (OID)8-64
software version, showing8-54
source3-35
source quench, ICMP message3-35, 6-9
split tunnelling, using9-32
spoofing, Unicast RPF IP6-25
SSH, debugging5-7
SSH See also HTTPS
start up configuration, showing8-39
static translations, using8-72
SYN attacks, intercepting8-74
syslog See logging
syslog server
denied packets message3-33
system logging See logging
system options
changing8-77
disabling DNS A record fixups8-78
disabling DNS A record replies8-78
keeping connections in TIME_WAIT state8-78
permitting IPSec packets8-78
permitting IPSec traffic8-78
permitting L2TP/IPSec traffic8-78
permitting PPTP traffic8-78
setting HTTP authentication8-78
T
TACACS3-1
TCP
intercepting SYN messages8-74
limiting embryonic connnections8-74
preventing packet randomization8-71
randomizing packet sequence number7-16, 8-71
returning a reset flag (RST) to the source8-1
Telnet
console debugging5-8
icmp tracing5-8
setting the console timeout9-2
setting the password7-39
showing active sessions9-34
terminating6-39
terminating a session6-39
using a Trace Channel5-8
terminal, changing console settings9-4
terminating, Telnet session6-39
TFTP
configuring a server4-32
saving configuration to another location9-35
specifying a server9-5
time exceeded, ICMP message3-35, 6-9
timestamp reply, ICMP message3-35, 6-9
timestamp request, ICMP message3-35, 6-9
timing out
freeing an RPC slot9-6
setting a maximum idle time9-6
setting translation slot value9-7
tracing, packets5-6
translation
addresses7-16
setting timeout value9-7
setting UDP, RPC, and H.323 timeout values9-7
troubleshooting
CTIQBE fixup5-43
H.3235-47
H.323 RAS5-48
showing connection detail8-12
SIP5-51
Skinny fixups5-52
tunneling
H.2455-46
IPSec8-79
TurboACL
enabling3-33
using3-33
U
UDP
setting idle time until slot is freed9-7
Unicast RPF IP
implementing6-25
spoofing6-25
unreachable, ICMP message3-35, 6-9
URL
caching9-10
configuring filtering server9-12
user accounting3-1
user authentication, authorization, and accounting, providing3-3
user authentication See authentication
username, filtering5-39
V
viewing See showing
VLANs, configuring6-11
Voice over IP (VoIP)
SIP fixup5-51
using proxy servers5-51
VoIP
static translation limitation8-74
troubleshooting5-47
VPN
configuring a pre-shared key9-33
configuring support9-30
creating a group policy9-31
downloading a group name9-31
global lifetime timeout values9-33
setting up client server9-27, 9-29
setting up Easy VPN Remote9-27
setting up Easy VPN Remote Server9-28
setting up for support Easy VPN Remote9-30
setting up MAC-based exemption9-27
setting up support for Cisco VPN Client9-30
using remote clients4-61
using split tunnelling9-32
W
Websense5-39
caching server request9-11
specifying as URL filtering server9-12
specifying server parameters9-12
specifying URL filtering server9-13
writing, to Flash memory9-34
X
xlate See translation