Cisco PIX 525 Spezifikationen Seite 586
- Seite / 604
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Glossary
GL-18
Cisco Security Appliance Command Line Configuration Guide
OL-6721-01
SIP
Session Initiation Protocol. Enables call handling sessions, particularly two-party audio conferences,
or “calls.” SIP works with SDP for call signaling. SDP specifies the ports for the media stream. Using
SIP, the security appliance can support any SIP Vo I P gateways and Vo I P proxy servers.
site-to-site VPN
A site-to-site VPN is established between two IPSec peers that connect remote networks into a single
VPN. In this type of VPN, neither IPSec peer is the destination or source of user traffic. Instead, each
IPSec peer provides encryption and authentication services for hosts on the LANs connected to each
IPSec peer. The hosts on each LAN send and receive data through the secure tunnel established by the
pair of IPSec peers.
SKEME
A key exchange protocol that defines how to derive authenticated keying material, with rapid key
refreshment.
SMR
Stub Multicast Routing. SMR allows the security appliance to function as a “stub router.” A stub
router is a device that acts as an IGMP proxy agent. IGMP is used to dynamically register specific
hosts in a multicast group on a particular LAN with a multicast router. Multicast routers route
multicast data transmissions to hosts that are registered to receive specific multimedia or other
broadcasts. A stub router forwards IGMP messages between hosts and MC routers.
SMTP
Simple Mail Transfer Protocol. SMTP is an Internet protocol that supports email services.
SNMP
Simple Network Management Protocol. A standard method for managing network devices using data
structures called Management Information Bases.
split tunneling
Allows a remote VPN client simultaneous encrypted access to a private network and clear unencrypted
access to the Internet. If you do not enable split tunneling, all traffic between the VPN client and the
security appliance is sent through an IPSec tunnel. All traffic originating from the VPN client is sent
to the outside interface through a tunnel, and client access to the Internet from its remote site is denied.
spoofing
A type of attack designed to foil network security mechanisms such as filters and access lists. A
spoofing attack sends a packet that claims to be from an address from which it was not actually sent.
SQL*Net
Structured Query Language Protocol. An Oracle protocol used to communicate between client and
server processes.
SSH
Secure Shell. An application running on top of a reliable transport layer, such as TCP/IP, that provides
strong authentication and encryption capabilities.
SSL
Secure Sockets Layer. A protocol that resides between the application layer and TCP/IP to provide
transparent encryption of data traffic.
standby unit
See secondary unit.
stateful inspection
Network protocols maintain certain data, called state information, at each end of a network connection
between two hosts. State information is necessary to implement the features of a protocol, such as
guaranteed packet delivery, data sequencing, flow control, and transaction or session IDs. Some of the
protocol state information is sent in each packet while each protocol is being used. For example, a
browser connected to a web server uses HTTP and supporting TCP/IP protocols. Each protocol layer
maintains state information in the packets it sends and receives. The security appliance and some other
firewalls inspect the state information in each packet to verify that it is current and valid for every
protocol it contains. This is called stateful inspection and is designed to create a powerful barrier to
certain types of computer security threats.
- Configuration Guide 1
- CONTENTS 3
- 2 Getting Started 2-1 4
- 9 Configuring IPv6 9-1 6
- 11 Configuring Failover 11-1 7
- 2 Configuring the Firewall 9
- 14 Applying NAT 14-1 10
- Contents 11
- OL-6721-01 11
- 20 Applying QoS Policies 20-1 13
- 3 Configuring VPN 16
- 4 System Administration 19
- B Sample Configurations B-1 21
- About This Guide 23
- Related Documentation 24
- Document Organization 24
- Part 3: Configuring VPN 25
- Document Conventions 26
- Obtaining Documentation 27
- Documentation Feedback 27
- Submitting a Service Request 28
- Firewall Functional Overview 33
- Security Policy Overview 34
- Stateful Inspection Overview 36
- VPN Functional Overview 37
- Security Context Overview 37
- Security Context Overview 38
- Getting Started 39
- Saving Configuration Changes 41
- Viewing the Configuration 41
- Interface.” 43
- Unsupported Features 46
- Context Configuration Files 46
- Shared Interface Guidelines 51
- Cascading Security Contexts 53
- Restoring Single Context Mode 55
- Configuring Ethernet Settings 57
- Configuring Subinterfaces 58
- Configuring Subinterfaces 60
- Removing a Security Context 65
- Changing the Admin Context 65
- Reloading a Security Context 67
- Monitoring Security Contexts 68
- Viewing Resource Usage 69
- Security Level Overview 71
- Configuring the Interface 72
- Security Level 74
- Configuring Basic Settings 77
- Setting the Hostname 78
- Setting the Domain Name 78
- Setting the Date and Time 78
- Configuring a Static Route 84
- Configuring OSPF 85
- OSPF Overview 86
- Enabling OSPF 87
- Adding a Route Map 88
- Configuring OSPF NSSA 93
- Generating a Default Route 95
- Monitoring OSPF 97
- Restarting the OSPF Process 97
- Configuring RIP 98
- Configuring Multicast Routing 99
- Enabling Multicast Routing 100
- Configuring IGMP Features 100
- Configuring Group Membership 101
- Changing the IGMP Version 103
- Configuring PIM Features 104
- Configuring DHCP 106
- Configuring DHCP Options 108
- Configuring the DHCP Client 110
- Configuring IPv6 111
- Configuring IPv6 Access Lists 114
- The show ipv6 route Command 116
- IPv6 Configuration Example 117
- AAA Overview 119
- About Authentication 120
- About Authorization 120
- About Accounting 120
- Summary of Support 121
- RADIUS Server Support 122
- TACACS+ Server Support 123
- SDI Server Support 124
- NT Server Support 125
- Kerberos Server Support 125
- LDAP Server Support 126
- Local Database Support 126
- Fallback Support 127
- Configuring Failover 133
- Failover System Requirements 134
- The Failover and State Links 135
- State Link 136
- Active/Standby Failover 137
- Understanding Failover 138
- Command Replication 139
- Failover Triggers 140
- Failover Actions 140
- Active/Active Failover 141
- Regular and Stateful Failover 145
- Failover Health Monitoring 146
- Prerequisites 148
- Configuring the Primary Unit 150
- Configuring Failover Criteria 154
- Configure the Primary Unit 157
- Configure the Secondary Unit 159
- Figure 11-1 ASR Example 163
- Configuring Failover 164
- Show Failover—Active/Active 169
- Viewing Monitored Interfaces 173
- Forcing Failover 174
- Disabling Failover 175
- Monitoring Failover 175
- Debug Messages 176
- Configuring the Firewall 185
- Firewall Mode Overview 187
- IP Routing Support 188
- Network Address Translation 188
- Routed Mode Overview 189
- Figure 12-2 Inside to Outside 190
- Transparent Mode Overview 194
- Transparent Firewall Features 195
- Transparent Mode Overview 196
- Access List Overview 203
- Access List Types and Uses 204
- Access List Overview 206
- VPN Access (Extended) 207
- Access List Guidelines 208
- Access Control Implicit Deny 209
- Adding a Standard Access List 215
- Adding Object Groups 216
- Adding a Network Object Group 217
- Adding a Service Object Group 217
- Nesting Object Groups 219
- Displaying Object Groups 221
- Removing Object Groups 221
- Time Range Options 222
- Logging Access List Activity 222
- Access List Logging Overview 223
- access_list_name 224
- Managing Deny Flows 225
- Applying NAT 227
- Introduction to NAT 228
- NAT Control 229
- Chapter 14 Applying NAT 230
- NAT Overview 230
- NAT Types 231
- Static NAT 233
- Static PAT 233
- Figure 14-7 Static PAT 234
- Policy NAT 235
- Mapped Address Guidelines 239
- DNS and NAT 240
- Configuring NAT Control 241
- Using Dynamic NAT and PAT 242
- Global 2: 209.165.201.11 245
- NAT 2: 192.168.1.0/24 245
- Figure 14-19 Dynamic NAT 248
- Figure 14-20 Dynamic PAT 248
- Using Static NAT 251
- Using Static PAT 252
- Bypassing NAT 255
- 209.165.201.1 209.165.201.1 256
- Inside Outside 256
- 209.165.201.2 209.165.201.2 256
- Security 256
- Appliance 256
- Configuring NAT Exemption 257
- NAT Examples 258
- Overlapping Networks 259
- Redirecting Ports 260
- NAT Examples 262
- AAA Performance 269
- Authentication Overview 270
- Applying Filtering Services 281
- Filtering ActiveX Objects 282
- Filtering Java Applets 283
- Filtering Overview 284
- General Procedure 285
- Filtering HTTP URLs 287
- Filtering HTTPS URLs 288
- Filtering FTP Requests 289
- Viewing Caching Statistics 291
- Overview 293
- Class Map Example 296
- Policy Map Procedure 297
- Policy Map Examples 298
- Restrictions 299
- Action Order 301
- Advanced Options 302
- Types of Direction Policies 303
- Implicit Direction Policies 303
- Examples 303
- Service Policy and NAT 306
- Configuring TCP Normalization 310
- Preventing IP Spoofing 311
- Configuring the Fragment Size 313
- Blocking Unwanted Connections 313
- Applying QoS Policies 315
- QoS Concepts 316
- Identifying Traffic for QoS 317
- Classifying Traffic for QoS 318
- Defining a QoS Policy Map 320
- Applying Rate Limiting 320
- Verifying QoS Statistics 322
- Activating the Service Policy 323
- Applying Low Latency Queueing 323
- Configuring Priority Queuing 324
- Sizing the Priority Queue 324
- Reducing Queue Latency 324
- Viewing QoS Statistics 325
- How Inspection Engines Work 328
- Supported Protocols 329
- Managing CTIQBE Inspection 336
- Managing FTP Inspection 340
- Configuring FTP Inspection 341
- Managing GTP Inspection 345
- Managing H.323 Inspection 350
- Limitations and Restrictions 351
- Monitoring H.225 Sessions 354
- Monitoring H.245 Sessions 355
- Monitoring H.323 RAS Sessions 355
- Managing HTTP Inspection 356
- Managing MGCP Inspection 359
- MGCP Inspection Overview 360
- Managing MGCP Inspection 361
- Managing RTSP Inspection 365
- RTSP Inspection Overview 366
- Using RealPlayer 366
- Restrictions and Limitations 367
- Managing SIP Inspection 369
- SCCP Inspection Overview 373
- Supporting Cisco IP Phones 374
- Managing SNMP Inspection 379
- SNMP Inspection Overview 380
- Parameters 383
- Adding a Static ARP Entry 384
- Enabling ARP Inspection 384
- MAC Address Table Overview 385
- Adding a Static MAC Address 385
- Viewing the MAC Address Table 386
- Configuring VPN 387
- Configuring IPSec and ISAKMP 389
- IPSec Overview 390
- Configuring ISAKMP 390
- ISAKMP Overview 391
- Configuring ISAKMP Policies 392
- Enabling IPSec over NAT-T 395
- Enabling IPSec over TCP 395
- Configuring IPSec 399
- Understanding Transform Sets 400
- Defining Crypto Maps 400
- Using Interface Access Lists 401
- Configuring IPSec 402
- Changing IPSec SA Lifetimes 403
- Using Dynamic Crypto Maps 406
- Configuring Client Update 412
- Configuring Client Update 414
- • Group Policies, page 25-10 415
- Tunnel Groups 416
- IPSec Connection Parameters 417
- Configuring Tunnel Groups 418
- Group Policies 424
- Default Group Policy 425
- Configuring Group Policies 426
- ACL name 428
- Configuring Users 440
- Configuring Specific Users 441
- Configuring User Attributes 442
- Configuring Users 446
- Configuring AAA Addressing 448
- Configuring DHCP Addressing 449
- Summary of the Configuration 451
- Configuring Interfaces 452
- Outside Interface 453
- Configuring an Address Pool 454
- Adding a User 454
- Creating a Transform Set 454
- Defining a Tunnel Group 455
- Step 4 Save your changes 456
- Step 3 Save your changes 456
- Configuring LAN-to-LAN VPNs 459
- Configuring an ACL 462
- Step 2 Save your changes 465
- Configuring Certificates 467
- Certificate Scalability 468
- About Key Pairs 468
- About Trustpoints 469
- About CRLs 469
- Certificate Configuration 470
- Configuring Key Pairs 471
- Configuring Trustpoints 472
- Obtaining Certificates 474
- [ certificate data omitted ] 476
- [ PKCS12 data omitted ] 480
- System Administration 483
- Managing System Access 485
- Allowing SSH Access 486
- Using an SSH Client 487
- Changing the Login Password 487
- Recovering from a Lockout 499
- Configuring a Login Banner 500
- Configurations 501
- Entering a New Activation Key 502
- Installation Overview 502
- Viewing Files in Flash Memory 502
- Backing Up the Configuration 506
- Using System Log Messages 509
- Using SNMP 509
- Enabling SNMP 511
- Testing Your Configuration 512
- Performing Password Recovery 517
- Other Troubleshooting Tools 519
- Common Problems 520
- Supported Platforms 523
- Platform Feature Licenses 523
- Platform Feature Licenses 524
- VPN Specifications 526
- Cryptographic Standards 527
- VPN Specifications 528
- Sample Configurations 529
- Figure B-2 Example 2 534
- Figure B-3 Example 3 536
- APPENDIX 545
- Command Modes and Prompts 546
- Syntax Formatting 547
- Abbreviating Commands 547
- Command-Line Editing 547
- Command Completion 547
- Command Help 548
- Filtering show Command Output 548
- Command Output Paging 549
- Adding Comments 549
- Text Configuration Files 550
- Line Order 551
- Passwords 551
- Text Configuration Files 552
- Private Networks 554
- Subnet Masks 554
- Determining the Subnet Mask 555
- Class C-Size Network Address 556
- Class B-Size Network Address 556
- IPv6 Addresses 557
- IPv6 Address Types 558
- Global Address 559
- Site-Local Address 559
- Link-Local Address 559
- Unspecified Address 560
- Loopback Address 560
- Interface Identifiers 560
- Multicast Address 560
- Anycast Address 561
- IPv6 Address Prefixes 562
- Protocols and Applications 563
- TCP and UDP Ports 564
- TCP and UDP Ports 565
- Local Ports and Protocols 566
- ICMP Types 567
- ICMP Types 568
- Numerics 569
- Glossary 570
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.038 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern