index

Numerics

index

Numerics

: 100BaseTX Ethernet 5 - 90
: 10BaseT Ethernet 5 - 90
: 115K failover serial cable 3 - 13
: 3Com 10/100 Ethernet network interface card 2 - 57

A

AAA 2 - 52, 5 - 6, 5 - 12, 5 - 30, 5 - 173

aaa authentication enable console, syslog messages 5 - 111

aaa command 5 - 2

aaa-server command 5 - 12

abbreviating commands 1 - 19

access

: control list 5 - 122
: lists 1 - 5
: modes 1 - 19

access-group command 5 - 15

access-list command 5 - 16

access-list deny syslog message 5 - 20

access lists, IPSec

: creating 5 - 18

AccessPro router 5 - 138

ACLs 5 - 19

ActiveX blocking 3 - 22, 5 - 25, 5 - 72

Adaptive Security Algorithm (ASA) 1 - 3, 1 - 6

address translations 5 - 118

administer PIX Firewall from remote location 4 - 27

alias command 5 - 24, 5 - 163

alias option to arp command 5 - 27

alternate-address 5 - 21, 5 - 89

apply command 5 - 121

ARP 3 - 5

arp command 5 - 27

ARP proxies 5 - 160

authentication, authorization, and accounting 5 - 2

authentication and authorization, user 2 - 52

authorization, RADIUS 5 - 19

authorization, TACACS+ 5 - 2

auth-prompt command 5 - 29

auto keyword issue 5 - 90

B

: blocking ActiveX objects 3 - 22
: buffer allocation, interface 5 - 91
: Buffer usage, access with SNMP 3 - 23

C

cable status 3 - 5

ca command 5 - 30

certificate enrollment protocol 5 - 33

CHAP 3 - 21

Cisco Firewall MIB 3 - 22

CiscoSecure 5 - 173

CiscoSecure acl attribute 5 - 19

Cisco Secure Intrusion Detection System 3 - 19

Cisco Works for Windows 3 - 25

clear 5 - 2

: aaa 5 - 2
: aaa-server 5 - 12
: access-group 5 - 15
: access-list 5 - 16
: arp 5 - 27
: auth-prompt 5 - 29
: blocks 5 - 140
: command summary 5 - 30

clear access-list command 5 - 16

clear alias command 5 - 24

clear Commands 5 - 30

clear local-host command 5 - 106

clear timeout command 5 - 170

clear uauth command 5 - 173

clock command 5 - 33

command

aaa 5 - 2

aaa-server 5 - 12

access-group 5 - 15

access-list 5 - 16

alias 5 - 24, 5 - 163

apply 5 - 121

arp 5 - 27

auth-prompt 5 - 29

ca 5 - 30

clear

: aaa 5 - 2
: aaa-server 5 - 12
: access-group 5 - 15
: access-list 5 - 16
: acess-list 5 - 16
: alias 5 - 24
: arp 5 - 27
: auth-prompt 5 - 29
: timeout 5 - 170

clear blocks 5 - 140

clear local-host 5 - 106

clear uauth 5 - 173

clear xlate command 5 - 193

clock 5 - 33

conduit 5 - 35

configure 5 - 42

debug 5 - 47

disable 5 - 59

enable 5 - 60

enable password 5 - 61

established 5 - 63

exit 5 - 66

failover 5 - 67

fixup protocol 5 - 75

flashfs 5 - 79

floodguard 5 - 81

global 5 - 82

help 5 - 86

hostname 5 - 87

icmp 5 - 88

interface 5 - 90

ip address 2 - 17, 5 - 95

ip audit 5 - 98

ip local pool 5 - 102

ip verify reverse-path 5 - 103

kill 5 - 105

logging 5 - 107

mtu 5 - 112

name 5 - 113

nameif 2 - 15, 5 - 115

names 5 - 113

nat 5 - 117

outbound 5 - 121

pager 5 - 126

passwd 5 - 127

perfmon 5 - 128

ping 5 - 130

quit 5 - 131

reload 2 - 9, 5 - 132

rip 5 - 133

route 5 - 135

service 5 - 137

session 5 - 138

show 5 - 139

: aaa 5 - 2
: aaa-server 5 - 12
: access-group 5 - 15
: access-list 5 - 16
: alias 5 - 24
: arp 5 - 27
: arp timeout 5 - 27
: auth-prompt 5 - 29
: blocks 5 - 140
: checksum 5 - 141

show conn 5 - 141

show history 5 - 142

show interface 5 - 90

show local-host 5 - 106

show memory 5 - 143

show processes 5 - 143

show tech-support 5 - 144

show traffic 5 - 144

show uauth 5 - 173

show version 5 - 145

show who 5 - 189

show xlate 5 - 193

snmp-server 5 - 146

ssh

: secure shell support 5 - 149

static 5 - 149

syslog 5 - 159

sysopt 5 - 160

terminal 5 - 168

tftp-server 5 - 169

timeout 5 - 170

url-cache 5 - 175

url-server 5 - 177

virtual 5 - 179

who 5 - 189

write 5 - 190

command line

: editing 1 - 20
: prompt 5 - 87

command output paging 1 - 20

compiling Cisco SMI MIB and syslog MIB 3 - 24

conduit command 5 - 35

conduits 1 - 6

configurable proxy pinging 5 - 88

configuration

: mode 5 - 43
: rechecking 2 - 55
: size 1 - 20

configuration example

: multiple servers 4 - 6
: six interfaces with NAT 4 - 22
: three interfaces with NAT 4 - 12
: three interfaces without NAT 4 - 10
: two interfaces without NAT 4 - 2

configure command 5 - 42

connection

: state information 1 - 3

console

: session 5 - 51

contact, SNMP 5 - 146

control list 5 - 122

conversion-error 5 - 21, 5 - 89

cut-through proxies 1 - 6

D

daisy-chain PIX Firewall units 5 - 7

debug command 5 - 47

default password 5 - 61

default route

: broadcast 5 - 133
: router and hosts 2 - 10

DHCP

: PAT global address 3 - 2

DHCP Client

: default route 3 - 2
: enabling 3 - 2
: feature 3 - 2

DHCP client

: ip address command 5 - 96

DHCP Server

: configuring 3 - 3
: feature 3 - 3

disable command 5 - 59

diskette 5 - 43

disk-full condition, recovering from 2 - 49

DNS 5 - 160

downgrading to a previous version 5 - 79

E

echo-reply 5 - 21, 5 - 89

editing command lines 1 - 20

EIGRP B - 2

embedded commands, prevent 5 - 76

embryonic connection 5 - 118

enable command 5 - 60

enable password command 5 - 61

encryption, key 5 - 12

enforcesubnet 5 - 160

ESMTP commands rejected by Mail Guard 5 - 78

established command 5 - 63

Ethernet 5 - 90, 5 - 115, 5 - 162

examples

: multiple servers 4 - 6
: six interfaces with NAT 4 - 22
: three interfaces with NAT 4 - 12
: three interfaces without NAT 4 - 10
: two interfaces without NAT 4 - 2

exit command 5 - 66

F

failover

: cable status 3 - 5
: command 5 - 67
: flags 3 - 5
: interface tests 3 - 13
: syslog messages 3 - 17
: syslog messages, SNMP 3 - 23

failover

: UR license 3 - 5

fault detection within failover PIX Firewall units 3 - 17

FDDI network interfaces 1 - 7

filesystem, Flash memory 5 - 79

filtering 5 - 73

: ActiveX 3 - 22

Firewall MIB, Memory Pool MIB 3 - 22

fixup protocol command 5 - 75

flags, failover 3 - 5

flashfs command 5 - 79

Flash memory 5 - 79

: write configuration to 5 - 191

Flood Defender 5 - 81

floodguard command 5 - 81

Frag Guard 5 - 160

fragmentation 5 - 160

FTP 3 - 22, 5 - 75

FTP, prevent embedded commands 5 - 76

full duplex 5 - 90, A - 2

G

: global command 5 - 82
: global IP addresses, associating network with 5 - 117
: GRE 2 - 36, 5 - 40
: group filtering 5 - 73
: group name authentication, Websense 2 - 41

H

H.245 tunneling 5 - 76

H.323 5 - 75, 5 - 157, 5 - 170

hardware

: address 5 - 27
: ID 5 - 90
: speed 5 - 90

hello packets

: failover poll 5 - 68

help, command line 1 - 23

help command 5 - 86

host, SNMP 5 - 146

hostname command 5 - 87

HTML <object> tag blocking 3 - 22

HTTP 5 - 75

HyperTerminal, configuring 2 - 2

I

IANA URL 1 - 27

ICMP access lists 5 - 88

icmp command 5 - 88

ICMP message types 5 - 89

ICMP trace 5 - 51

IDENT 5 - 137

IDS 3 - 19, 5 - 98

information-reply 5 - 21, 5 - 89

information-request 5 - 21, 5 - 89

intercept, TCP 5 - 154

interface

: buffer allocation 5 - 91
: command 5 - 90
: name 5 - 115

Interrupt vector, interface cards 5 - 92

Intrusion Detection System 5 - 98

ip address command 2 - 17, 5 - 95

ip audit command 5 - 98

IP Frag Guard 5 - 164

ip local pool command 5 - 102

IPSec

access lists

: creating 5 - 18

access-lists 5 - 21

ip verify reverse-path command 5 - 103

J

: Java applets 2 - 40

K

: key, authentication 5 - 12
: kill command 5 - 105

L

: line protocol up and down 5 - 92
: link up and link down 5 - 92
: link up and link down, SNMP 3 - 23
: LINUX default route 2 - 12
: literal names 1 - 25
: LOCAL0 - LOCAL7 2 - 46, 5 - 109
: local pool 5 - 102
: location, SNMP 5 - 146
: logging command 5 - 107

M

MAC address 5 - 27, 5 - 92

MacOS default route 2 - 13

Mail Guard

: disabling 5 - 78
: feature description 1 - 9

mask-reply 5 - 21, 5 - 89

mask-request 5 - 21, 5 - 89

MD5 encryption, RIP version 2 5 - 134

meida

: timer 5 - 170

memory, OS and free 5 - 143

messages, how to read 2 - 44

message types, ICMP 5 - 89

MIB file, updating 3 - 25

MIB-II groups, SNMP 3 - 22

Microsoft

: Exchange C - 1
: MS-Exchange advisory for Mail Guard 5 - 78
: Windows NT default route 2 - 12

mobile-redirect 5 - 21, 5 - 89

monitor command instructions 2 - 4

MSCHAP 3 - 21

MSRPC C - 4

MSS 5 - 160

MTU 2 - 57, 5 - 92

mtu command 5 - 112

multimedia applications, supported 1 - 28

multiple PATs 5 - 84

N

name command 5 - 113

nameif command 2 - 15, 5 - 115

names command 5 - 113

nat command 5 - 117

net alias 5 - 25

NETBIOS over IP 1 - 10

NetRanger 5 - 99

netstat, setting a default route 2 - 12

net static 4 - 8

Network Address Translation (NAT), See nat command

newsreaders 5 - 9

NFS

: access 4 - 8
: testing with showmount 4 - 8

nodnsalias 5 - 160

noproxyarp 5 - 160

norandomseq 5 - 117, 5 - 153

O

: object <object> tag blocking 3 - 22
: Oracle SQL*Net 5 - 50
: outbound command 5 - 121

P

packets, received and sent 5 - 92

packet trace 5 - 49

pager command 5 - 126

paging screen displays 1 - 20

PAP 3 - 21

parameter-problem 5 - 21, 5 - 89

passwd command 5 - 127

password, default 5 - 61

PAT (Port Address Translation) 2 - 26, 5 - 82

PAT not supported with fixup protocol rtsp 5 - 77

PAT using the IP address of an interface 5 - 84

PCNFSD, tracking activity 4 - 8

perfmon command 5 - 128

permit-ipsec 5 - 160

physical address 5 - 27

ping and ICMP trace 5 - 50

ping command 5 - 130

pings and AAA 5 - 11

PIX 506

: DHCP Client feature support 3 - 2
: DHCP Server feature support 3 - 3

PIX 515

: feature description 1 - 10

PIX Firewall

: boot diskette, use for system recovery 2 - 9
: failures on failover units 3 - 17
: monitoring performance 5 - 128
: reboot and reload 5 - 132

PIX Firewall Manager (PFM) 2 - 3

PIX Firewall Manager, set password 5 - 127

PIX Firewall Syslog Server (PFSS) 2 - 3

PKI protocol 5 - 33

poll, failover 5 - 68

port, outbound 5 - 122

PORT command, FTP 5 - 76

port literal names 1 - 25

portmapper 5 - 40

PPTP 2 - 36, 5 - 40

PPTP and vpdn command 3 - 21

PPTP and VPN 3 - 21

privileged mode, start 5 - 60

prompt host name label 5 - 87

protocols 1 - 27, 5 - 75

proxy servers 5 - 77

Q

: quit command 5 - 131

R

RADIUS 5 - 2, 5 - 9

RADIUS authorization 5 - 19

recovering from disk-full condition 2 - 49

redirect 5 - 21, 5 - 39, 5 - 89

redirect, ICMP type 5 - 21, 5 - 89

reload command 2 - 9, 5 - 132

RFC 2637 (PPTP) 3 - 21

rip command 5 - 133

RIP version 2 5 - 133

route command 5 - 135

router, in PIX Firewall 5 - 138

router-advertisement 5 - 21, 5 - 39, 5 - 89

router-solicitation 5 - 21, 5 - 89

RPC

: conduit 5 - 40
: MSRPC C - 4
: slot 5 - 170
: Sun 4 - 8
: testing with rpcinfo 4 - 8

RS-232 cable, failover 3 - 13

RSH 5 - 75

S

saving configuration before upgrading 2 - 2

screen paging, enabling or disabling 5 - 126

security level

: assigning 5 - 115
: defaults 5 - 115

security level, values 2 - 16

serial cable, failover 3 - 7, 3 - 13

service command 5 - 137

session command 5 - 138

Session initiation protocol (SIP) 5 - 77

show 5 - 29

: aaa 5 - 2
: aaa-server 5 - 12
: access-group 5 - 15
: access-list 5 - 16
: alias 5 - 24
: arp 5 - 27
: arp timeout 5 - 27
: auth-prompt 5 - 29
: blocks 5 - 140
: checksum 5 - 141

show command 5 - 139

show conn command 5 - 141

show history command 5 - 142

show interface command 5 - 90

show ip command 5 - 95

show local-host command 5 - 106

show memory command 5 - 143

showmount 4 - 8

show processes command 5 - 143

show tech-support command 5 - 144

show traffic command 5 - 144

show uauth command 5 - 173

show version command 5 - 145

show who command 5 - 189

show xlate command 5 - 193

shutdown option to interface command 5 - 91

signatures 5 - 99

SIP

: timer 5 - 170

SIP, fixup prococol command 5 - 77

sip, timeout command 5 - 170

sip in show conn 5 - 141

SMTP 5 - 75

SNMP

: configuring 3 - 22
: contact, location, and host 5 - 146
: object ID (OID) 3 - 24, 5 - 147
: read-only (RO) values 3 - 22
: SNMPc (Cisco Works for Windows) 3 - 25
: syslog Enterprise MIB 3 - 24
: traps 3 - 22

snmp-server command 5 - 146

Solaris default route 2 - 12

Sorry, not allowed to enter IP address on same network... 2 - 17

source-quench message type 5 - 21, 5 - 39, 5 - 89

SQL*Net 5 - 50, 5 - 75

ssh command 5 - 149

stateful 1 - 3

state information 1 - 3

static command 5 - 149

static translation 1 - 4

subnet masks D - 1

SunOS default route 2 - 12

Sun RPC 4 - 8

SYN attacks 5 - 154

syslog 3 - 17, 5 - 20

: command 5 - 159
: Enterprise MIB 3 - 24
: log file, UNIX 2 - 50
: message levels 2 - 44
: messages 2 - 43
: MIB files 3 - 25
: SNMP 3 - 23
: syslog.conf file (UNIX host) 2 - 50
: UNIX system, configuring 2 - 50

sysopt command 5 - 160

system recovery, PIX Firewall boot diskette 2 - 9

T

TACACS+ 5 - 2, 5 - 9

TCP

: maximum segment size 5 - 160
: port literals 1 - 25
: randomizing packet sequence number 5 - 117

tcpclose 5 - 160

TCP Intercept 5 - 154

TCP intercept feature 5 - 154

tcpmss 5 - 160

Telnet

: configure console access 2 - 30
: console, debug 5 - 51
: icmp trace 5 - 51
: interface 1 - 13
: set password 5 - 127
: terminating 5 - 105
: timeout feature 5 - 165
: Trace Channel 5 - 51

terminal command 5 - 168

terminology 1 - 29

TFTP

: configuration 5 - 43, 5 - 169, 5 - 190

TFTP error codes 2 - 6

tftp-server command 5 - 169

TIME_WAIT state 5 - 160

time-exceeded 5 - 21, 5 - 39, 5 - 89

timeout command 5 - 170

timestamp-reply 5 - 21, 5 - 89

timestamp-request 5 - 21, 5 - 89

time stamps 5 - 110

timewait 5 - 160

Token Ring 5 - 90, 5 - 115, 5 - 162

Trace Channel 2 - 32

trace ICMP, SQL*Net, and packets 5 - 50

translation slots

: UDP, RPC, H.323 5 - 171

translations of addresses 5 - 118

traps, SNMP 3 - 22

troubleshoot PIX Firewall from remote location 4 - 27

U

uauth 5 - 173

UDP

: connection state information 1 - 3
: idle time until slot is freed 5 - 170
: port literals 1 - 25
: portmapper 5 - 40

unicast RPF 5 - 91

unicast RPF IP spoofing protection 5 - 103

UNIX

: syslog configuration 2 - 50

UNIX, getting console terminal 2 - 2

unreachable, ICMP type 5 - 21, 5 - 89

upgrading, before 2 - 2

URL

: filtering 5 - 71, 5 - 175, 5 - 177
: logging 2 - 51

url-cache command 5 - 175

UR license 3 - 5

url-server command 5 - 177

user authentication, authorization, and accounting, providing 5 - 2

user authentication and authorization, providing 2 - 52

username authentication, Websense 2 - 41

username filtering 5 - 73

V

: vendor-specific acl= identifier 5 - 19
: version 2 RIP 5 - 133
: video conferencing applications, supported 1 - 28
: virtual command 5 - 179
: Voice over IP 5 - 77
: VoIP gateways and gatekeepers 5 - 76
: VoIP proxy servers 5 - 77
: VPNs over PPTP 3 - 21

W

: Websense filtering by username and group 5 - 73
: Websense group and username authentication 2 - 41
: Websense server 5 - 175
: who command 5 - 189
: winipcfg, view default route 2 - 12
: write command 5 - 190

X

: XDMCP Support 5 - 65
: xlate (translation slot) 5 - 170, 5 - 193

Table of Contents

index