Summary of the content on the page No. 1
Cisco ASDM User Guide
Version 6.1
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-16647-01�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Summary of the content on the page No. 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
Summary of the content on the page No. 3
CONTENTS Preface xxxix Related Documentation xxxix Document Conventions xxxix Obtaining Documentation and Submitting a Service Request i-xl xl PART 1 Getting Started CHAPTER 1 Welcome to ASDM 1-1 ASDM Client Operating System and Browser Requirements 1-2 VPN Specifications 1-2 Supported Platforms and SSMs 1-2 New ASDM Features 1-4 Multiple ASDM Session Support 1-4 Unsupported Commands 1-4 Ignored and View-Only Commands 1-4 Effects of Unsuppor
Summary of the content on the page No. 4
Contents Enabling Extended Screen Reader Support 1-16 Organizational Folder 1-16 About the Help Window 1-16 Header Buttons 1-16 Browser Window 1-17 Home Pane 1-17 Device Dashboard Tab 1-18 Firewall Dashboard Tab 1-20 Content Security Tab 1-21 Intrusion Prevention Tab 1-23 Connecting to IPS 1-23 System Home Pane 1-25 CHAPTER 2 Introduction to the Security Appliance 2-1 New Features by Platform Release 2-1 New Features in Version 8.1(2)
Summary of the content on the page No. 5
Contents CHAPTER 3 Defining Preferences and Using Configuration, Diagnostic, and File Management Tools 3-1 Preferences 3-1 Configuration Tools 3-3 Reset Device to the Factory Default Configuration 3-3 Save Running Configuration to TFTP Server 3-4 Save Internal Log Buffer to Flash 3-5 Command Line Interface 3-5 Command Errors 3-6 Interactive Commands 3-6 Avoiding Conflicts with Other Administrators 3-6 Show Commands Ignored by ASDM on Device 3-6 Diagn
Summary of the content on the page No. 6
Contents PIX 515/515E Default Configuration 4-4 Configuring the Security Appliance for ASDM Access 4-4 Setting Transparent or Routed Firewall Mode at the CLI 4-4 Starting ASDM 4-6 Downloading the ASDM Launcher 4-6 Starting ASDM from the ASDM Launcher 4-6 Using ASDM in Demo Mode 4-7 Starting ASDM from a Web Browser 4-8 Configuration Overview 4-9 PART 2 Device Setup and Management CHAPTER 5 Using the Startup Wizard 5-1 Startup Wizard Screens for ASA 5500 S
Summary of the content on the page No. 7
Contents CHAPTER 6 Configuring Basic Device Settings 6-1 Management IP Address 6-1 System Time 6-2 Clock 6-2 NTP 6-3 Add/Edit NTP Server Configuration 6-4 Configuring Advanced Device Management Features 6-4 Configuring HTTP Redirect 6-4 Edit HTTP/HTTPS Settings 6-5 Configuring Maximum SSL VPN Sessions 6-5 History Metrics 6-6 System Image/Configuration 6-6 Activation Key 6-6 Auto Update 6-7 Set Polling Schedule 6-9 Add/Edit Auto Update
Summary of the content on the page No. 8
Contents Configuring an Interface (Single Mode) 7-5 Enabling Same Security Level Communication (Single Mode) 7-8 PPPoE IP Address and Route Settings 7-9 CHAPTER 8 Configuring Interfaces in Multiple Mode 8-1 Configuring Interfaces in the System Configuration (Multiple Mode) 8-1 Configuring Physical Interfaces in the System Configuration (Multiple Mode) 8-2 Physical Interface Overview 8-2 Configuring and Enabling Physical Interfaces in the System Configuration (Multip
Summary of the content on the page No. 9
Contents Configuring Switch Ports 9-11 Interfaces > Switch Ports 9-11 Edit Switch Port 9-12 CHAPTER 10 Configuring Security Contexts 10-1 Security Context Overview 10-1 Common Uses for Security Contexts 10-2 Unsupported Features 10-2 Context Configuration Files 10-2 How the Security Appliance Classifies Packets 10-2 Valid Classifier Criteria 10-3 Invalid Classifier Criteria 10-4 Classification Examples 10-4 Cascading Security Contexts 10-7 M
Summary of the content on the page No. 10
Contents Interface 11-10 Redistribution 11-14 Static Neighbor 11-17 Summary Address 11-18 Virtual Link 11-19 RIP 11-22 Setup 11-23 Interface 11-24 Filter Rules 11-25 Redistribution 11-27 EIGRP 11-28 Configuring EIGRP 11-29 Field Information for the EIGRP Panes 11-30 Static Routes 11-40 Static Route Tracking 11-41 Configuring Static Route Tracking 11-42 Field Information for Static Routes 11-42 Static Routes 11-42 Add/Edit
Summary of the content on the page No. 11
Contents MForwarding 12-11 PIM 12-11 Protocol 12-12 Edit PIM Protocol 12-12 Neighbor Filter 12-13 Add/Edit/Insert Neighbor Filter Entry 12-14 Bidirectional Neighbor Filter 12-14 Add/Edit/Insert Bidirectional Neighbor Filter Entry 12-15 Rendezvous Points 12-16 Add/Edit Rendezvous Point 12-16 Request Filter 12-18 Request Filter Entry 12-19 Route Tree 12-20 CHAPTER 13 DHCP, DNS and WCCP Services 13-1 DHCP Relay 13-1 Edit DHCP Relay Agent
Summary of the content on the page No. 12
Contents RADIUS Server Support 14-4 Authentication Methods 14-4 Attribute Support 14-4 RADIUS Authorization Functions 14-4 TACACS+ Server Support 14-4 SDI Server Support 14-5 SDI Version Support 14-5 Two-step Authentication Process 14-5 SDI Primary and Replica Servers 14-5 NT Server Support 14-5 Kerberos Server Support 14-5 LDAP Server Support 14-6 Authentication with LDAP 14-6 Securing LDAP Authentication with SASL 14-6 LDAP Server Types
Summary of the content on the page No. 13
Contents Active/Standby Failover 15-2 Active/Active Failover 15-2 Stateless (Regular) Failover 15-3 Stateful Failover 15-3 Configuring Failover with the High Availability and Scalability Wizard 15-4 Accessing and Using the High Availability and Scalability Wizard 15-4 Configuring Active/Active Failover with the High Availability and Scalability Wizard 15-4 Configuring Active/Standby Failover with the High Availability and Scalability Wizard 15-5 Configuring VPN
Summary of the content on the page No. 14
Contents Configuring CLI Parameters 16-2 Adding a Banner 16-2 Customizing a CLI Prompt 16-3 Changing the Console Timeout Period 16-4 Configuring File Access 16-4 Configuring the FTP Client Mode 16-4 Configuring the Security Appliance as a Secure Copy Server 16-5 Configuring the Security Appliance as a TFTP Client 16-5 Adding Mount Points 16-6 Adding a CIFS Mount Point 16-6 Adding an FTP Mount Point 16-6 Configuring Configuring ICMP Access
Summary of the content on the page No. 15
Contents Configure Logging Flash Usage 17-4 Syslog Setup 17-4 Edit Syslog ID Settings 17-5 Advanced Syslog Configuration 17-6 E-Mail Setup 17-7 Add/Edit E-Mail Recipients 17-8 Event Lists 17-8 Add/Edit Event List 17-10 Add/Edit Syslog Message ID Filter 17-10 Logging Filters 17-10 Edit Logging Filters 17-11 Add/Edit Class and Severity Filter 17-13 Add/Edit Syslog Message ID Filter 17-14 Rate Limit 17-14 Edit Rate Limit for Syslog Logging L
Summary of the content on the page No. 16
Contents MAC Address vs. Route Lookups 18-8 Using the Transparent Firewall in Your Network 18-9 Transparent Firewall Guidelines 18-9 Unsupported Features in Transparent Mode 18-10 How Data Moves Through the Transparent Firewall 18-11 An Inside User Visits a Web Server 18-12 An Inside User Visits a Web Server Using NAT 18-13 An Outside User Visits a Web Server on the Inside Network 18-14 An Outside User Attempts to Access an Inside Host 18-15 CHAPTER 19 Addin
Summary of the content on the page No. 17
Contents Add TLS Proxy Instance Wizard – Server Configuration 19-21 Add TLS Proxy Instance Wizard – Client Configuration 19-22 Add TLS Proxy Instance Wizard – Other Steps 19-24 Phone Proxy 19-24 Configuring the Phone Proxy 19-25 Creating a Phone Proxy Instance 19-25 Add/Edit TFTP Server 19-27 CTL File 19-28 Creating a CTL File 19-28 Add/Edit Record Entry 19-29 TLS Proxy 19-30 Add/Edit TLS Proxy 19-31 CTL Provider 19-32 Add/Edit CTL Provider
Summary of the content on the page No. 18
Contents Log Options 20-14 Configuring Ethertype Rules (Transparent Mode Only) 20-16 Add/Edit EtherType Rule 20-17 CHAPTER 21 Configuring NAT 21-1 NAT Overview 21-1 Introduction to NAT 21-1 NAT in Routed Mode 21-2 NAT in Transparent Mode 21-3 NAT Control 21-4 NAT Types 21-6 Dynamic NAT 21-6 PAT 21-8 Static NAT 21-8 Static PAT 21-9 Bypassing NAT When NAT Control is Enabled 21-10 Policy NAT 21-10 NAT and Same Security Level Interfac
Summary of the content on the page No. 19
Contents CHAPTER 22 Configuring Service Policy Rules 22-1 Service Policy Overview 22-1 Supported Features 22-1 Service Policy Elements 22-2 Default Global Policy 22-2 Feature Directionality 22-3 Feature Matching Guidelines 22-3 Order in Which Multiple Feature Actions within a Rule are Applied 22-4 Incompatibility of Certain Feature Actions 22-5 Feature Matching Guidelines for Multiple Service Policies 22-5 Adding a Service Policy Rule for Through Traffic
Summary of the content on the page No. 20
Contents Configuring TACACS+ Authorization 23-9 Configuring RADIUS Authorization 23-10 Configuring a RADIUS Server to Send Downloadable Access Control Lists 23-11 Configuring a RADIUS Server to Download Per-User Access Control List Names 23-15 Configuring Accounting for Network Access 23-15 Using MAC Addresses to Exempt Traffic from Authentication and Authorization 23-16 CHAPTER 24 Configuring Application Layer Protocol Inspection 24-1 Inspection Engine Overview
