Table of Contents

A
B
C
D
E
F
G
H
I
M
N
P
R
S
T
W

index

A

Administrative Account panel

task

creating an account   8-10

B

backup   8-13

C

checklist   7-2

define audit event rules   5-3

define Network Topology   2-3

define notification rules   5-12

define reports   5-28

generate and publish command sets   7-2

getting started   1-1

checkpoints

specifying   8-2

Cisco Controlled Host Component

restarting   4-40

Cisco Secure Policy Manager   3-41

host   2-6, 3-41

tasks

creating server   3-43

cloud

Internet   3-4

tasks

configuring interface   3-18

creating   3-16

defining cloud network   3-20

Cloud Network node   3-21

Cloud node   3-16

example   2-1

command generation   2-9

approval process   1-12

content of   1-12

default publishing of   1-12

device-specific   1-12

generated by Cisco Secure Policy Manager   1-12

Save and Update   1-12

See also Command panel

support limitation   2-9

IOS interface commands   2-9

translation of   1-12

troubleshooting

view via Command panel   1-12

Command panel

tasks

approving commands manually   7-27

configuring IPSec bootstrap   7-25

entering epilogue commands   7-22

entering prologue commands   7-22

reviewing generated command sets   7-20

specifying command approval method   7-16

verifying publishing status   7-29

customer service and support   xiv

D

device-centric settings   4-1

global service settings   4-2

network interface settings   4-2

policy enablement settings   4-2

policy-specific settings   4-3

system maintenance settings   4-3

traffic flow settings   4-2

documentation

feedback   xvii

latest version   xiv

related   xiv

E

epilogue commands   7-22

entering   7-22

Exported view   8-16

Export to File   8-16

F

File menu   8-18

G

getting started

tasks

assigning policies in the Security Policy Enforcement Branch   1-11

defining monitoring settings   1-8

defining network topology   1-3

defining policy abstracts   1-9

generating, verifying, and publishing command sets   1-12

organizing network objects in Security Policy Enforcement Branch   1-9

H

host   3-46

tasks

adding client/server product type   3-50

creating   3-47

I

IKE IPSec Tunnel Templates   6-20

imported view   8-18

Import from File   8-18

Internet   3-4

Internet node

tasks

defining cloud networks under   3-11

specifying interface settings for   3-6

IOS router   3-30

settings panels   4-10

IP range   3-44

IPSec   4-58

IPSec Tunnel Groups   6-25

adding a hub   6-28

tasks

creating   6-25, 6-32

IPSec Tunnel Template   6-18

tasks

creating   6-18

M

MAPI

configuring   5-20

mapping rules   4-47

types   4-47

address hiding   4-47

path restriction   4-47

static translation   4-47

monitoring

audit event filtering rules   1-8

checklist   5-3

define audit event rules   5-3

Cisco Secure Policy Manager hosts   1-8

related functions

notifications   1-8

reporting   1-8

syslog   1-8

N

network   3-12

network object groups   6-14

creating   6-14

network service bundles   6-11

creating   6-11

network services

definition of   1-10

dependencies

port number   1-10

protocols   1-10

tools

network service bundles   1-10

Network Service Installation Wizard   1-10

Services Library   1-10

network shortcut   3-14

network topology

checklist   2-3

cloud example   2-1

dependencies

outside-to-inside definition   1-3

downstream   1-3

examples

Network Topology tree   1-5

single outermost gateway object   1-4

gateway object   1-4

key components   2-8

certificate authority servers   2-10

Cisco Secure Policy Manager servers   2-10

IOS Router/Firewall   2-9

ISP connections   2-8

PIX Firewall   2-9

Policy Enforcement Points   2-9

syslog servers   2-11

modeling

map common objects   3-1

planning

worksheet   2-11

required objects

Cisco Secure Policy Manager hosts   1-7

list of   1-7

role in system

device-centric settings   4-1

top-down design   2-1

upstream   1-3

notifications

checklist   5-12

define notification rules   5-12

e-mail   5-20

pager   5-22

P

PIX Firewall   3-22

Settings 1 panel   4-4

policy abstracts

See security policy

Policy Builder   6-36

definition of   1-11

tasks

adding a node   6-36

changing node type   6-38

specifying destination condition   6-46, 6-49

specifying service condition   6-44

specifying source condition   6-41

Policy Database   4-34

backup   8-13

checkpointing   4-34

checkpoints   8-2

key   4-34, 4-39

log file   4-34

modifying TCP port

restarting CHC   4-40

network service   4-36

selecting   4-36

storage size   8-2

tasks

exporting key   4-40

modifying IP address   4-35

modifying IP address for sessions   4-35

monitoring network sessions   4-35

restarting   4-41

scheduling checkpoint   8-2

specifying port settings   4-38

specifying service definition   4-36

TCP port for requests   4-37

Policy Database key

exporting   4-39

Policy Distribution Point   4-21

tasks

toggle availability   4-21

policy domains

tasks

creating   6-16

moving a perimeter between   6-17

policy enforcement   6-5

tasks

adding a folder   6-6

adding a network object   6-5

Policy Enforcement Point   4-64

tasks

selecting Policy Distribution Point   4-67

selecting Policy Monitor Point   4-69

selecting target syslog servers   4-70

specifying enable password   4-71

specifying IP address settings   4-66

specifying IPSec Tunnel Template   4-68

specifying Telnet password   4-72

Policy Monitor Point   4-22

Policy Report Point   4-28

Policy Reports panel   4-28

associated IP address   4-29

associated network service   4-32

reporting agent   4-28

tasks

modifying associated IP address   4-29

modifying TCP port   4-30

policy update

automatic   7-14

changing the default   7-14

default   7-14

manual   7-14

prologue commands   7-22

entering   7-22

protocol definitions   6-7

configuring   6-7

Protocol panel   6-22

modifying   6-22

R

reporting

checklist   5-28

define reports   5-28

reports

customizing

start page   4-33

router   3-37

tasks

creating   3-37

specifying interface settings   3-39

Routes panel   4-42

tasks

creating a new rule   4-44

disabling generation of derived routes   4-46

S

Save and Update

See command generation

securing communications   4-39

security policy   6-1

abstracts   6-34

create   6-34

definition of   1-10

assignment   1-11

checklist   6-1

dependencies

custom network services   1-10

network services   1-10

tools

Policy Assignment   1-11

Policy Builder   1-10

understanding   6-1

Security Policy Enforcement branch

dependencies

network objects   1-9

policy abstracts   1-9

Security Policy folders   1-9

order of objects   1-9

service and support   xiv

Services Library

See network services

T

TAPI

configuring   5-22

TCP port   4-37

modifying use by Policy Database   4-37

network service definition   4-37

restarting CHC   4-38

used by Policy Report Point   4-30

Technical Assistance Center

warranty or maintenance contract   xvi

traffic flow settings   4-2

tunnel groups   6-25

add a hub   6-28

tasks

creating   6-25, 6-32

tunnel template   6-18

tasks

creating   6-18

W

warranty   xvi

Windows Messaging   5-20

Posted: Mon Jun 5 10:45:41 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.