Sign In
Upload
Manuals
Brands
Cisco Manuals
Network Router
Cisco ASA 5500 Series
Cisco Cisco ASA 5500 Series Manuals
Manuals and User Guides for Cisco Cisco ASA 5500 Series. We have
3
Cisco Cisco ASA 5500 Series manuals available for free PDF download: Configuration Manual, Datasheet
Cisco Cisco ASA 5500 Series Configuration Manual (1140 pages)
Security Appliance Command Line
Brand:
Cisco
| Category:
Security System
| Size: 12.22 MB
Table of Contents
Table of Contents
3
About this Guide
39
Document Objectives
39
Related Documentation
40
Document Organization
40
Document Conventions
43
CHAPTER 1 Introduction to the Security Appliance
47
Firewall Functional Overview
47
Security Policy Overview
48
Permitting or Denying Traffic with Access Lists
48
Applying Application Inspection
49
Applying Http, Https, or Ftp Filtering
49
Vpn Functional Overview
51
Intrusion Prevention Services Functional Overview
52
Chapter 2 Getting Started
53
Getting Started with Your Platform Model
53
Factory Default Configurations
53
Restoring the Factory Default Configuration
54
ASA 5505 Default Configuration
54
ASA 5510 and Higher Default Configuration
55
PIX 515/515E Default Configuration
56
Accessing the Command-Line Interface
56
Setting Transparent or Routed Firewall Mode
57
Working with the Configuration
58
Saving Configuration Changes
58
Saving Configuration Changes in Multiple Context Mode
59
Saving Configuration Changes in Single Context Mode
59
Copying the Startup Configuration to the Running Configuration
60
Viewing the Configuration
60
Clearing and Removing Configuration Settings
61
Creating Text Configuration Files Offline
61
CHAPTER 3 Enabling Multiple Context Mode
64
Security Context Overview
64
Unsupported Features
64
Context Configuration Files
64
Admin Context Configuration
64
Context Configurations
64
System Configuration
64
How the Security Appliance Classifies Packets
65
Valid Classifier Criteria
65
Invalid Classifier Criteria
66
Classification Examples
67
Cascading Security Contexts
70
Management Access to Security Contexts
71
System Administrator Access
71
Context Administrator Access
72
Enabling or Disabling Multiple Context Mode
72
Backing up the Single Mode Configuration
72
Enabling Multiple Context Mode
72
Restoring Single Context Mode
73
CHAPTER 4 Configuring Switch Ports and Vlan Interfaces for the Cisco Asa 5505 Adaptive Security
75
Understanding ASA 5505 Ports and Interfaces
76
Maximum Active VLAN Interfaces for Your License
76
Default Interface Configuration
78
VLAN MAC Addresses
78
Power over Ethernet
78
Monitoring Traffic Using SPAN
78
Security Level Overview
79
Configuring VLAN Interfaces
79
Configuring Switch Ports as Access Ports
83
Configuring a Switch Port as a Trunk Port
85
Allowing Communication between VLAN Interfaces on the same Security Level
87
Appliance
75
Interface Overview
75
CHAPTER 5 Configuring Ethernet Settings, Redundant Interfaces, and Subinterfaces
89
Configuring and Enabling RJ-45 Interfaces
89
RJ-45 Interface Overview
89
Auto-MDI/MDIX Feature
90
Connector Types
90
Default State of Physical Interfaces
90
Configuring the RJ-45 Interface
90
Configuring and Enabling Fiber Interfaces
91
Default State of Physical Interfaces
91
Configuring the Fiber Interface
92
Configuring a Redundant Interface
92
Redundant Interface Overview
93
Default State of Redundant Interfaces
93
Physical Interface Guidelines
93
Redundant Interface MAC Address
93
Redundant Interfaces and Failover Guidelines
93
Adding a Redundant Interface
94
Changing the Active Interface
95
Configuring VLAN Subinterfaces and 802.1Q Trunking
95
Subinterface Overview
95
Default State of Subinterfaces
95
Maximum Subinterfaces
96
Preventing Untagged Packets on the Physical Interface
96
Adding a Subinterface
96
CHAPTER 6 Adding and Managing Security Contexts6-1
100
Configuring Resource Management
100
Resource Limits
100
Default Class
101
Class Members
102
Configuring a Class
102
Configuring a Security Context
105
Automatically Assigning MAC Addresses to Context Interfaces
109
Changing between Contexts and the System Execution Space
110
Managing Security Contexts
110
Removing a Security Context
110
Changing the Admin Context
111
Changing the Security Context URL
111
Reloading a Security Context
112
Reloading by Clearing the Configuration
112
Reloading by Removing and Re-Adding the Context
112
Monitoring Security Contexts
113
Viewing Context Information
113
Viewing Resource Allocation
114
Viewing Resource Usage
117
Monitoring SYN Attacks in Contexts
118
Chapter 7 Configuring Interface Parameters
121
Security Level Overview
121
Configuring Interface Parameters
122
Interface Parameters Overview
122
Default Security Level
123
Default State of Interfaces
123
Multiple Context Mode Guidelines
123
Configuring the Interface
123
Allowing Communication between Interfaces on the same Security Level
127
Chapter 8 Configuring Basic Settings
129
Changing the Login Password
129
Changing the Enable Password
129
Setting the Hostname
130
Setting the Domain Name
130
Setting the Date and Time
130
Setting the Time Zone and Daylight Saving Time Date Range
131
Setting the Date and Time Manually
132
Setting the Date and Time Using an NTP Server
132
Setting the Management IP Address for a Transparent Firewall
133
CHAPTER 9 Configuring Ip Routing
135
Configuring Static and Default Routes
135
Configuring a Static Route
136
Configuring a Default Static Route
137
Configuring Static Route Tracking
138
Defining Route Maps
140
Configuring OSPF
141
OSPF Overview
142
Enabling OSPF
142
Redistributing Routes into OSPF
143
Configuring OSPF Interface Parameters
144
Configuring OSPF Area Parameters
147
Configuring OSPF NSSA
147
Configuring Route Summarization between OSPF Areas
149
Configuring Route Summarization When Redistributing Routes into OSPF
149
Defining Static OSPF Neighbors
150
Generating a Default Route
150
Configuring Route Calculation Timers
151
Logging Neighbors Going up or down
151
Displaying OSPF Update Packet Pacing
152
Monitoring OSPF
152
Restarting the OSPF Process
153
Configuring RIP
153
Enabling and Configuring RIP
153
Redistributing Routes into the RIP Routing Process
155
Configuring RIP Send/Receive Version on an Interface
155
Enabling RIP Authentication
156
Monitoring RIP
156
Configuring EIGRP
157
EIGRP Routing Overview
157
Enabling and Configuring EIGRP Routing
158
Enabling and Configuring EIGRP Stub Routing
159
Enabling EIGRP Authentication
160
Defining an EIGRP Neighbor
161
Redistributing Routes into EIGRP
161
Configuring the EIGRP Hello Interval and Hold Time
162
Disabling Automatic Route Summarization
162
Configuring Summary Aggregate Addresses
163
Disabling EIGRP Split Horizon
163
Changing the Interface Delay Value
164
Monitoring EIGRP
164
Disabling Neighbor Change and Warning Message Logging
165
The Routing Table
165
Displaying the Routing Table
165
How the Routing Table Is Populated
166
Backup Routes
167
How Forwarding Decisions Are Made
167
Dynamic Routing and Failover
168
CHAPTER 10 Configuring Dhcp, Ddns, and Wccp Services
169
Configuring a DHCP Server
169
Enabling the DHCP Server
170
Configuring DHCP Options
171
Using Cisco IP Phones with a DHCP Server
172
Configuring DHCP Relay Services
173
Configuring Dynamic DNS
174
Example 1: Client Updates both a and PTR Rrs for Static IP Addresses
175
Client and Updates both Rrs
176
Honors Client Request and Updates both a and PTR RR
176
Example 5: Client Updates a RR; Server Updates PTR RR
177
Configuring Web Cache Services Using WCCP
177
WCCP Feature Support
177
WCCP Interaction with Other Features
178
Enabling WCCP Redirection
178
CHAPTER 11 Configuring Multicast Routing
181
Multicast Routing Overview
181
Enabling Multicast Routing
182
Configuring IGMP Features
182
Disabling IGMP on an Interface
183
Configuring Group Membership
183
Configuring a Statically Joined Group
183
Controlling Access to Multicast Groups
183
Limiting the Number of IGMP States on an Interface
184
Modifying the Query Interval and Query Timeout
184
Changing the Query Response Time
185
Changing the IGMP Version
185
Configuring Stub Multicast Routing
185
Configuring a Static Multicast Route
185
Configuring PIM Features
186
Disabling PIM on an Interface
186
Configuring a Static Rendezvous Point Address
187
Configuring the Designated Router Priority
187
Filtering PIM Register Messages
187
Configuring PIM Message Intervals
188
Configuring a Multicast Boundary
188
Filtering PIM Neighbors
188
Supporting Mixed Bidirctional/Sparse-Mode PIM Networks
189
For more Information about Multicast Routing
190
Chapter 12 Configuring Ipv6
191
Ipv6-Enabled Commands
191
Configuring Ipv6 on an Interface
193
Configuring a Dual IP Stack on an Interface
194
Enforcing the Use of Modified EUI-64 Interface Ids in Ipv6 Addresses
194
Configuring Ipv6 Duplicate Address Detection
194
Configuring Ipv6 Default and Static Routes
195
Configuring Ipv6 Access Lists
196
Configuring Ipv6 Neighbor Discovery
197
Configuring Neighbor Solicitation Messages
197
Configuring Router Advertisement Messages
199
Configuring a Static Ipv6 Neighbor
201
Verifying the Ipv6 Configuration
201
The Show Ipv6 Interface Command
201
The Show Ipv6 Route Command
202
CHAPTER 13 Configuring Aaa Servers and the Local Database
203
AAA Overview
203
About Authentication
204
About Authorization
204
About Accounting
204
AAA Server and Local Database Support
205
Summary of Support
205
RADIUS Server Support
206
Attribute Support
206
Authentication Methods
206
RADIUS Authorization Functions
206
TACACS+ Server Support
206
SDI Server Support
207
SDI Primary and Replica Servers
207
SDI Version Support
207
Two-Step Authentication Process
207
NT Server Support
207
Kerberos Server Support
207
LDAP Server Support
208
SSO Support for Webvpn with HTTP Forms
208
Local Database Support
208
User Profiles
208
Fallback Support
209
Configuring the Local Database
209
Identifying AAA Server Groups and Servers
211
Configuring an LDAP Server
214
Authentication with LDAP
214
Authorization with LDAP for VPN
216
LDAP Attribute Mapping
216
Using Certificates and User Login Credentials
218
Using User Login Credentials
218
Using Certificates
218
Supporting a Zone Labs Integrity Server
219
Overview of Integrity Server and Security Appliance Interaction
219
Configuring Integrity Server Support
220
CHAPTER 14 Configuring Failover14-1
221
Understanding Failover
221
Failover System Requirements
222
Hardware Requirements
222
License Requirements
222
Software Requirements
222
The Failover and Stateful Failover Links
223
Failover Link
223
Stateful Failover Link
225
Active/Active and Active/Standby Failover
226
Active/Standby Failover
226
Active/Active Failover
230
Determining Which Type of Failover to Use
235
Regular and Stateful Failover
235
Regular Failover
235
Stateful Failover
235
Failover Health Monitoring
236
Interface Monitoring
237
Unit Health Monitoring
237
Failover Feature/Platform Matrix
238
Failover Times by Platform
238
Configuring Failover
239
Failover Configuration Limitations
239
Configuring Active/Standby Failover
239
Configuring Cable-Based Active/Standby Failover (PIX 500 Series Security Appliance Only)
240
Prerequisites
240
Configuring LAN-Based Active/Standby Failover
241
Configuring Optional Active/Standby Failover Settings
245
Configuring Active/Active Failover
247
Configuring Cable-Based Active/Active Failover (PIX 500 Series Security Appliance)
247
Prerequisites
247
Configuring LAN-Based Active/Active Failover
249
Configuring Optional Active/Active Failover Settings
253
Configuring Unit Health Monitoring
259
Configuring Failover Communication Authentication/Encryption
259
Verifying the Failover Configuration
260
Using the Show Failover Command
260
Displaying the Failover Commands in the Running Configuration
268
Viewing Monitored Interfaces
268
Testing the Failover Functionality
269
Controlling and Monitoring Failover
269
Forcing Failover
269
Disabling Failover
270
Monitoring Failover
270
Restoring a Failed Unit or Failover Group
270
Debug Messages
271
Failover System Messages
271
Snmp
271
Remote Command Execution
271
Changing Command Modes
272
Limitations of Remote Command Execution
273
Security Considerations
273
Auto Update Server Support in Failover Configurations
274
Auto Update Process Overview
274
Monitoring the Auto Update Process
275
Configuring the Firewall
277
CHAPTER 15 Firewall Mode Overview15-1
279
Routed Mode Overview
279
IP Routing Support
279
How Data Moves through the Security Appliance in Routed Firewall Mode
279
An Inside User Visits a Web Server
280
An Outside User Visits a Web Server on the DMZ
281
An Inside User Visits a Web Server on the DMZ
282
An Outside User Attempts to Access an Inside Host
283
A DMZ User Attempts to Access an Inside Host
284
Transparent Mode Overview
284
Transparent Firewall Network
285
Allowing Layer 3 Traffic
285
Allowed MAC Addresses
285
Passing Traffic Not Allowed in Routed Mode
285
MAC Address Vs. Route Lookups
286
Using the Transparent Firewall in Your Network
287
Transparent Firewall Guidelines
287
Unsupported Features in Transparent Mode
288
How Data Moves through the Transparent Firewall
289
An Inside User Visits a Web Server
290
An Inside User Visits a Web Server Using NAT
291
An Outside User Visits a Web Server on the Inside Network
292
An Outside User Attempts to Access an Inside Host
293
CHAPTER 16 Identifying Traffic with Access Lists16-1
295
Access List Overview
295
Access List Types
296
Access Control Entry Order
296
Access Control Implicit Deny
297
IP Addresses Used for Access Lists When You Use NAT
297
Adding an Extended Access List
299
Extended Access List Overview
299
Allowing Broadcast and Multicast Traffic through the Transparent Firewall
300
Adding an Extended ACE
300
Adding an Ethertype Access List
302
Ethertype Access List Overview
302
Implicit and Explicit Deny ACE at the End of an Access List
302
Implicit Permit of IP and Arps Only
302
Supported Ethertypes
302
Allowing MPLS
303
Ipv6 Unsupported
303
Using Extended and Ethertype Access Lists on the same Interface
303
Adding an Ethertype ACE
304
Adding a Standard Access List
304
Adding a Webtype Access List
305
Simplifying Access Lists with Object Grouping
305
How Object Grouping Works
305
Adding Object Groups
306
Adding a Network Object Group
306
Adding a Protocol Object Group
306
Adding a Service Object Group
306
Adding an ICMP Type Object Group
306
Nesting Object Groups
309
Using Object Groups with an Access List
310
Displaying Object Groups
311
Removing Object Groups
311
Adding Remarks to Access Lists
311
Scheduling Extended Access List Activation
312
Adding a Time Range
312
Applying the Time Range to an ACE
313
Logging Access List Activity
313
Access List Logging Overview
313
Configuring Logging for an Access Control Entry
314
Managing Deny Flows
315
CHAPTER 17 Configuring NAT
317
NAT Overview
317
Introduction to NAT
317
NAT in Routed Mode
318
NAT in Transparent Mode
319
NAT Control
320
NAT Types
322
Dynamic NAT
322
Pat
324
Static NAT
324
Static PAT
325
Bypassing NAT When NAT Control Is Enabled
326
Policy NAT
326
NAT and same Security Level Interfaces
329
Order of NAT Commands Used to Match Real Addresses
330
Mapped Address Guidelines
330
DNS and NAT
331
Configuring NAT Control
332
Using Dynamic NAT and PAT
333
Dynamic NAT and PAT Implementation
333
Configuring Dynamic NAT or PAT
339
Using Static NAT
342
Using Static PAT
343
Bypassing NAT
346
Configuring Identity NAT
346
Configuring Static Identity NAT
347
Configuring NAT Exemption
349
NAT Examples
350
Overlapping Networks
350
Redirecting Ports
352
Chapter 18 Permitting or Denying Network Access
355
Inbound and Outbound Access List Overview
355
Applying an Access List to an Interface
356
Chapter 19 Applying AAA for Network Access
359
AAA Performance
359
Configuring Authentication for Network Access
359
Authentication Overview
360
Applications Required to Receive an Authentication Challenge
360
One-Time Authentication
360
Security Appliance Authentication Prompts
360
Static PAT and HTTP
361
Enabling Network Access Authentication
361
Enabling Secure Authentication of Web Clients
363
Authenticating Directly with the Security Appliance
364
Enabling Direct Authentication Using HTTP and HTTPS
364
Enabling Direct Authentication Using Telnet
365
Configuring Authorization for Network Access
366
Configuring TACACS+ Authorization
366
Configuring RADIUS Authorization
368
Configuring a RADIUS Server to Download Per-User Access Control List Names
368
Configuring a RADIUS Server to Send Downloadable Access Control Lists
368
Configuring Accounting for Network Access
372
Using MAC Addresses to Exempt Traffic from Authentication and Authorization
374
Chapter 20 Applying Filtering Services
377
Filtering Overview
377
Filtering Activex Objects
378
Activex Filtering Overview
378
Enabling Activex Filtering
378
Filtering Java Applets
379
Filtering Urls and FTP Requests with an External Server
380
URL Filtering Overview
380
Identifying the Filtering Server
380
Buffering the Content Server Response
382
Caching Server Addresses
382
Filtering HTTP Urls
383
Configuring HTTP Filtering
383
Enabling Filtering of Long HTTP Urls
383
Truncating Long HTTP Urls
383
Exempting Traffic from Filtering
384
Filtering HTTPS Urls
384
Filtering FTP Requests
385
Viewing Filtering Statistics and Configuration
385
Viewing Filtering Server Statistics
386
Viewing Buffer Configuration and Statistics
387
Viewing Caching Statistics
387
Viewing Filtering Performance Statistics
387
Viewing Filtering Configuration
388
Chapter 21 Using Modular Policy Framework
389
Modular Policy Framework Overview
389
Default Global Policy
390
Identifying Traffic Using a Layer 3/4 Class Map
390
Creating a Layer 3/4 Class Map for through Traffic
391
Creating a Layer 3/4 Class Map for Management Traffic
393
Configuring Special Actions for Application Inspections
394
Creating a Regular Expression
394
Creating a Regular Expression Class Map
397
Identifying Traffic in an Inspection Class Map
398
Defining Actions in an Inspection Policy Map
399
Defining Actions Using a Layer 3/4 Policy Map
401
Layer 3/4 Policy Map Overview
401
Feature Directionality
402
Policy Map Guidelines
402
Supported Feature Types
402
Feature Matching Guidelines for Multiple Policy Maps
403
Feature Matching Guidelines Within a Policy Map
403
Order in Which Multiple Feature Actions Are Applied
404
Default Layer 3/4 Policy Map
404
Adding a Layer 3/4 Policy Map
404
Applying a Layer 3/4 Policy to an Interface Using a Service Policy
406
Modular Policy Framework Examples
407
Applying Inspection and Qos Policing to HTTP Traffic
407
Applying Inspection to HTTP Traffic Globally
408
Applying Inspection and Connection Limits to HTTP Traffic to Specific Servers
409
Applying Inspection to HTTP Traffic with NAT
410
Chapter 22 Managing the AIP SSM and CSC SSM
411
Managing the AIP SSM
411
AIP SSM Overview
411
How the AIP SSM Works with the Adaptive Security Appliance
412
Operating Modes
412
Using Virtual Sensors
413
AIP SSM Procedure Overview
414
Sessioning to the AIP SSM
415
Configuring the Security Policy on the AIP SSM
416
Assigning Virtual Sensors to Security Contexts
416
Diverting Traffic to the AIP SSM
418
Managing the CSC SSM
419
About the CSC SSM
420
Getting Started with the CSC SSM
422
Determining What Traffic to Scan
423
Limiting Connections through the CSC SSM
425
Diverting Traffic to the CSC SSM
426
Checking SSM Status
428
Transferring an Image Onto an SSM
429
Chapter 23 Preventing Network Attacks
431
Configuring Threat Detection
431
Configuring Basic Threat Detection
431
Basic Threat Detection Overview
432
Configuring Basic Threat Detection
432
Managing Basic Threat Statistics
434
Configuring Scanning Threat Detection
435
Enabling Scanning Threat Detection
435
Managing Shunned Hosts
436
Viewing Attackers and Targets
437
Configuring and Viewing Threat Statistics
437
Configuring Threat Statistics
437
Viewing Threat Statistics
438
Configuring TCP Normalization
441
Configuring Connection Limits and Timeouts
444
Connection Limit Overview
444
Disabling TCP Intercept for Management Packets for Webvpn Compatibility
444
TCP Intercept Overview
444
Dead Connection Detection Overview
445
TCP Sequence Randomization Overview
445
Enabling Connection Limits
445
Preventing IP Spoofing
446
Configuring the Fragment Size
447
Blocking Unwanted Connections
447
Configuring IP Audit for Basic IPS Support
448
Chapter 24 Applying Qos Policies
449
Overview
449
Qos Concepts
450
Implementing Qos
450
Identifying Traffic for Qos
452
Defining a Qos Policy Map
453
Applying Rate Limiting
454
Activating the Service Policy
455
Applying Low Latency Queueing
456
Configuring Priority Queuing
456
Sizing the Priority Queue
456
Reducing Queue Latency
457
Configuring Qos
457
Viewing Qos Configuration
460
Viewing Qos Service Policy Configuration
460
Viewing Qos Policy Map Configuration
461
Viewing the Priority-Queue Configuration for an Interface
461
Viewing Qos Statistics
462
Viewing Qos Police Statistics
462
Viewing Qos Priority Statistics
462
Viewing Qos Priority Queue Statistics
463
Advertisement
Cisco Cisco ASA 5500 Series Configuration Manual (989 pages)
Security Appliance Command Line
Brand:
Cisco
| Category:
Firewall
| Size: 11.23 MB
Table of Contents
Table of Contents
4
About this Guide
33
Related Documentation
34
Document Conventions
37
Documentation Feedback
38
Intrusion Prevention Services Functional Overview
49
Security Context Overview
50
Chapter 2 Getting Started
51
Getting Started with Your Platform Model
51
Factory Default Configurations
51
Restoring the Factory Default Configuration
52
ASA 5505 Default Configuration
52
ASA 5510 and Higher Default Configuration
53
PIX 515/515E Default Configuration
54
Accessing the Command-Line Interface
54
Setting Transparent or Routed Firewall Mode
55
Working with the Configuration
56
Saving Configuration Changes
56
Saving Configuration Changes in Single Context Mode
57
Saving Configuration Changes in Multiple Context Mode
57
Copying the Startup Configuration to the Running Configuration
58
Viewing the Configuration
58
Clearing and Removing Configuration Settings
59
Creating Text Configuration Files Offline
59
Chapter 3 Enabling Multiple Context Mode
62
Security Context Overview
62
Unsupported Features
62
Context Configuration Files
62
Context Configurations
62
System Configuration
62
Admin Context Configuration
62
How the Security Appliance Classifies Packets
63
Valid Classifier Criteria
63
Invalid Classifier Criteria
64
Classification Examples
65
Cascading Security Contexts
68
Management Access to Security Contexts
69
System Administrator Access
69
Context Administrator Access
70
Enabling or Disabling Multiple Context Mode
70
Backing up the Single Mode Configuration
70
Enabling Multiple Context Mode
70
Restoring Single Context Mode
71
Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
73
Interface Overview
73
Understanding ASA 5505 Ports and Interfaces
74
Maximum Active VLAN Interfaces for Your License
74
Default Interface Configuration
75
VLAN MAC Addresses
76
Power over Ethernet
76
Monitoring Traffic Using SPAN
76
Security Level Overview
77
Configuring VLAN Interfaces
77
Configuring Switch Ports as Access Ports
81
Configuring a Switch Port as a Trunk Port
83
Allowing Communication between VLAN Interfaces on the same Security Level
85
Chapter 5 Configuring Ethernet Settings and Subinterfaces
87
Configuring and Enabling RJ-45 Interfaces
87
Configuring and Enabling Fiber Interfaces
88
Configuring and Enabling Subinterfaces
89
Chapter 6 Adding and Managing Security Contexts
92
Configuring Resource Management
92
Resource Limits
92
Default Class
93
Class Members
94
Configuring a Class
94
Configuring a Security Context
97
Automatically Assigning MAC Addresses to Context Interfaces
101
Changing between Contexts and the System Execution Space
101
Managing Security Contexts
102
Removing a Security Context
102
Changing the Admin Context
103
Changing the Security Context URL
103
Reloading a Security Context
104
Reloading by Clearing the Configuration
104
Reloading by Removing and Re-Adding the Context
105
Viewing Context Information
105
Viewing Resource Allocation
106
Viewing Resource Usage
109
Monitoring SYN Attacks in Contexts
110
Chapter 7 Configuring Interface Parameters
113
Security Level Overview
113
Configuring the Interface
114
Allowing Communication between Interfaces on the same Security Level
118
Changing the Login Password
119
Changing the Enable Password
119
Setting the Hostname
120
Setting the Domain Name
120
Setting the Date and Time
120
Chapter 8 Configuring Basic Setting
120
Setting the Time Zone and Daylight Saving Time Date Range
121
Setting the Date and Time Using an NTP Server
122
Setting the Date and Time Manually
122
Setting the Management IP Address for a Transparent Firewall
123
Chapter 9 Configuring IP Routing
125
Configuring Static and Default Routes
125
Configuring a Static Route
126
Configuring a Default Route
127
Configuring Static Route Tracking
127
Defining Route Maps
130
Configuring OSPF
131
OSPF Overview
132
Enabling OSPF
132
Redistributing Routes into OSPF
133
Configuring OSPF Interface Parameters
134
Configuring OSPF Area Parameters
136
Configuring OSPF NSSA
137
Configuring Route Summarization between OSPF Areas
138
Configuring Route Summarization When Redistributing Routes into OSPF
138
Defining Static OSPF Neighbors
139
Generating a Default Route
140
Configuring Route Calculation Timers
140
Logging Neighbors Going up or down
141
Displaying OSPF Update Packet Pacing
141
Monitoring OSPF
142
Restarting the OSPF Process
142
Configuring RIP
143
Enabling and Configuring RIP
143
Redistributing Routes into the RIP Routing Process
144
Configuring RIP Send/Receive Version on an Interface
145
Enabling RIP Authentication
145
Monitoring RIP
146
The Routing Table
146
Displaying the Routing Table
146
How the Routing Table Is Populated
147
Backup Routes
148
How Forwarding Decisions Are Made
148
CHAPTER 10 Configuring DHCP, DDNS, and WCCP Services
151
Configuring a DHCP Server
151
Enabling the DHCP Server
152
C H a P T E R 10 Configuring DHCP, DDNS, and WCCP Services
152
Configuring DHCP Options
153
Using Cisco IP Phones with a DHCP Server
154
Configuring DHCP Relay Services
155
Configuring Dynamic DNS
156
Example 1: Client Updates both a and PTR Rrs for Static IP Addresses
156
Client and Updates both Rrs
158
Honors Client Request and Updates both a and PTR RR
158
Example 5: Client Updates a RR; Server Updates PTR RR
159
Configuring Web Cache Services Using WCCP
159
WCCP Feature Support
159
WCCP Interaction with Other Features
160
Enabling WCCP Redirection
160
Configuring Multicast Routing
163
Multicast Routing Overview
163
Enabling Multicast Routing
164
C H a P T E R 11 Configuring Multicast Routing
164
Configuring a Statically Joined Group
165
Configuring Group Membership
165
Controlling Access to Multicast Groups
165
Disabling IGMP on an Interface
165
Limiting the Number of IGMP States on an Interface
166
Modifying the Query Interval and Query Timeout
166
Changing the IGMP Version
167
Changing the Query Response Time
167
Configuring Stub Multicast Routing
167
Configuring a Static Multicast Route
167
Disabling PIM on an Interface
168
Configuring PIM Features
168
Configuring a Static Rendezvous Point Address
169
Configuring the Designated Router Priority
169
Filtering PIM Register Messages
169
Configuring PIM Message Intervals
169
Configuring a Multicast Boundary
170
Filtering PIM Neighbors
170
Supporting Mixed Bidirctional/Sparse-Mode PIM Networks
171
For more Information about Multicast Routing
171
Chapter 12 Configuring Ipv6
173
Ipv6-Enabled Commands
173
Configuring Ipv6 on an Interface
175
Configuring a Dual IP Stack on an Interface
176
Enforcing the Use of Modified EUI-64 Interface Ids in Ipv6 Addresses
176
Configuring Ipv6 Duplicate Address Detection
176
Configuring Ipv6 Default and Static Routes
177
Configuring Ipv6 Access Lists
178
Configuring Ipv6 Neighbor Discovery
179
Configuring Neighbor Solicitation Messages
179
Configuring Router Advertisement Messages
181
Configuring a Static Ipv6 Neighbor
183
Verifying the Ipv6 Configuration
183
The Show Ipv6 Interface Command
183
The Show Ipv6 Route Command
184
Configuring AAA Servers and the Local Database
185
AAA Overview
185
About Authentication
185
About Authorization
186
About Accounting
186
AAA Server and Local Database Support
186
C H a P T E R 13 Configuring AAA Servers and the Local Database
186
RADIUS Server Support
187
Authentication Methods
188
Attribute Support
188
RADIUS Authorization Functions
188
Summary of Support
187
SDI Server Support
188
SDI Version Support
189
Two-Step Authentication Process
189
SDI Primary and Replica Servers
189
TACACS+ Server Support
188
Kerberos Server Support
189
NT Server Support
189
LDAP Server Support
190
Authentication with LDAP
190
Authorization with LDAP for VPN
191
LDAP Attribute Mapping
192
Local Database Support
193
User Profiles
194
Fallback Support
194
SSO Support for Webvpn with HTTP Forms
193
Configuring the Local Database
194
Identifying AAA Server Groups and Servers
196
Using Certificates and User Login Credentials
199
Using User Login Credentials
199
Using Certificates
200
Supporting a Zone Labs Integrity Server
200
Overview of Integrity Server and Security Appliance Interaction
201
Configuring Integrity Server Support
201
Understanding Failover
203
Chapter 14 Configuring Failover
204
The Failover and Stateful Failover Links
205
Stateful Failover Link
207
Active/Active and Active/Standby Failover
208
Active/Active Failover
211
Determining Which Type of Failover to Use
216
Failover Health Monitoring
217
Interface Monitoring
218
Failover Feature/Platform Matrix
219
Failover Configuration Limitations
220
Configuring LAN-Based Active/Standby Failover
222
Configuring Optional Active/Standby Failover Settings
225
Configuring Active/Active Failover
228
Configuring LAN-Based Active/Active Failover
230
Configuring Optional Active/Active Failover Settings
234
Configuring Unit Health Monitoring
238
Verifying the Failover Configuration
239
Viewing Monitored Interfaces
247
Testing the Failover Functionality
248
Disabling Failover
249
Failover System Messages
250
Routed Mode Overview
253
Chapter 15 Firewall Mode Overview
254
An Inside User Visits a Web Server
255
An Outside User Visits a Web Server on the DMZ
256
An Inside User Visits a Web Server on the DMZ
257
An Outside User Attempts to Access an Inside Host
258
A DMZ User Attempts to Access an Inside Host
259
Transparent Firewall Network
260
MAC Address Lookups
261
Unsupported Features in Transparent Mode
262
How Data Moves through the Transparent Firewall
263
An Inside User Visits a Web Server
264
An Outside User Visits a Web Server on the Inside Network
265
An Outside User Attempts to Access an Inside Host
266
CHAPTER 16 Identifying Traffic with Access Lists
269
Access List Overview
269
Access List Types
270
C H a P T E R 16 Identifying Traffic with Access Lists
271
Adding an Extended Access List
273
Allowing Special IP Traffic through the Transparent Firewall
274
Adding an Ethertype Access List
276
Adding a Standard Access List
277
Adding a Webtype Access List
278
Adding Object Groups
279
Adding a Network Object Group
280
Adding an ICMP Type Object Group
281
Nesting Object Groups
282
Using Object Groups with an Access List
283
Displaying Object Groups
284
Scheduling Extended Access List Activation
285
Applying the Time Range to an ACE
286
Configuring Logging for an Access Control Entry
287
Managing Deny Flows
288
NAT Overview
291
Introduction to NAT
292
Chapter 17 Applying NAT
293
NAT Types
295
Static NAT
297
Bypassing NAT When NAT Control Is Enabled
299
NAT and same Security Level Interfaces
302
Order of NAT Commands Used to Match Real Addresses
303
Configuring NAT Control
305
Using Dynamic NAT and PAT
306
Configuring Dynamic NAT or PAT
312
Using Static NAT
315
Using Static PAT
316
Bypassing NAT
318
Configuring Static Identity NAT
319
Configuring NAT Exemption
321
NAT Examples
322
Overlapping Networks
323
Redirecting Ports
324
C H a P T E R 18 Permitting or Denying Network Access
328
CHAPTER 18 Permitting or Denying Network Access
331
Applying an Access List to an Interface
331
AAA Performance
333
Chapter 19 Applying AAA for Network Acces
334
Static PAT and HTTP
335
Enabling Secure Authentication of Web Clients
337
Configuring RADIUS Authorization
339
Configuring a RADIUS Server to Download Per-User Access Control List Names
343
Configuring Accounting for Network Access
344
Using MAC Addresses to Exempt Traffic from Authentication and Authorization
345
CHAPTER 20 Applying Filtering Services 20-1
347
Filtering Overview
347
C H a P T E R 20 Applying Filtering Services
348
Filtering Java Applets
349
URL Filtering Overview
350
Buffering the Content Server Response
351
Caching Server Addresses
352
Enabling Filtering of Long HTTP Urls
353
Filtering HTTPS Urls
354
Viewing Filtering Statistics and Configuration
355
Viewing Buffer Configuration and Statistics
356
Viewing Caching Statistics
357
Modular Policy Framework Overview
359
Cisco Cisco ASA 5500 Series Datasheet (20 pages)
adaptive security appliances ASA SOFTWARE VERSION 7.0
Brand:
Cisco
| Category:
Software
| Size: 0.43 MB
Table of Contents
Application Security
2
Product Licensing
14
Product Specifications
15
System Requirements
17
Ordering Information
17
To Download the Software
18
Service and Support
18
Advertisement
Advertisement
Related Products
Cisco ASA5520-BUN-K9 - ASA 5520 Appliance
Cisco ASA5550-BUN-K9 - ASA 5550 Firewall Edition Bundle
Cisco ASA 5540
Cisco ASA 5550 Series
Cisco ASA 5505
Cisco ASR 1004
Cisco ASR-920-20SZ-M
Cisco ASR 9910
Cisco ASR 1002-RP1
Cisco ASR 1009X
Cisco Categories
Switch
IP Phone
Network Router
Wireless Access Point
Conference System
More Cisco Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL