- About this Guide
-
- Information About Cisco Unified Communications Features
- Using the Cisco Unified Communication Wizard
- Configuring the Cisco Phone Proxy
- Configuring the TLS Proxy for Encrypted Voice Inspection
- Configuring Cisco Mobility Advantage
- Configuring Cisco Unified Presence
- Configuring Cisco Unified Communications Intercompany Media Engine
- Index
Index
accounting 8-17
network access 8-2
proxy limit 8-11
downloadable access lists 8-13
network access 8-12
performance 8-1
web clients 8-8
downloadable 8-14
global access rules 7-2
implicit deny 7-3
inbound 7-3
outbound 7-3
overview 7-1
phone proxy 17-7
turn off expansion 7-12
See IPS module
loading an image 30-26, 31-20, 31-22, 32-28
about 31-1
loading an image 30-26, 31-20, 31-22, 32-28
anti-replay window size 23-10
APN, GTP application inspection 14-10
APPE command, denied request 11-24
application firewall 11-32
about 10-1
applying 10-7
configuring 10-7
inspection class map 2-3
inspection policy map 2-3
special actions 2-1
about 30-1
ASA feature compatibility 30-5
about 30-5
port 30-18
troubleshooting 30-32
basic settings 30-16
cabling 30-9
configuration 30-8
failover 30-7
licensing 30-6
management access 30-4
management defaults 30-8
management IP address 30-14
monitoring 30-27
password reset 30-23
PRSM 30-5
reload 30-24
security policy 30-17
sending traffic to 30-19
shutdown 30-25
traffic flow 30-2
VPN 30-5
TCP state bypass 22-4
DNS HINFO request 28-10
DNS request for all records 28-10
DNS zone transfer 28-10
DNS zone transfer from high port 28-10
fragmented ICMP traffic 28-9
IP fragment 28-7
IP impossible packet 28-7
large ICMP traffic 28-9
ping of death 28-9
proxied RPC request 28-10
statd buffer overflow 28-11
TCP FIN only flags 28-10
TCP NULL flags 28-9
TCP SYN+FIN flags 28-9
UDP bomb 28-10
UDP chargen DoS 28-10
UDP snork 28-10
FTP 8-4
HTTP 8-3
network access 8-2
Telnet 8-3
web clients 8-8
downloadable access lists 8-13
network access 8-12
See threat detection
actions 26-2
address categories 26-2
adding entries 26-9
description 26-2
blocking traffic manually 26-12
classifying traffic 26-10
configuring 26-7
databases 26-2
default settings 26-6
information about 26-4
using with dynamic database 26-9
DNS snooping 26-9
dropping traffic 26-11
graylist 26-11
enabling use of 26-8
files 26-3
information about 26-2
searching 26-13
updates 26-8
feature history 26-16
description 26-2
dropping traffic 26-11
guidelines and limitations 26-6
information about 26-1
licensing 26-6
monitoring 26-14
adding entries 26-9
information about 26-3
syslog messages 26-14
task flow 26-7
dropping traffic 26-11
adding entries 26-9
description 26-2
working overview 26-5
bypassing firewall checks 22-3
MGCP application inspection 12-15, 12-16
CDUP command, denied request 11-24
Cisco Unified Mobility 19-4
Cisco Unified Presence 20-4
Cisco IP Communicator 17-10
Cisco IP Phones, application inspection 12-32
Cisco UMA. See Cisco Unified Mobility.
architecture 19-2
ASA role 15-2, 15-3, 16-2
certificate 19-4
functionality 19-1
NAT and PAT requirements 19-3, 19-4
trust relationship 19-4
ASA role 15-2, 15-3, 16-2
configuring the TLS Proxy 20-8
NAT and PAT requirements 20-2
trust relationship 20-4
Cisco UP. See Cisco Unified Presence.
inspection 2-3
CSC activation 32-11
CSC email 32-21
CSC file transfer 32-22
CSC IP address 32-11
CSC license 32-11
CSC management access 32-13
CSC notifications 32-12
CSC password 32-13
CSC Setup Wizard 32-15, 32-18
CSC Setup Wizard Activation Codes Configuration 32-15
CSC Setup Wizard Host Configuration 32-16
CSC Setup Wizard IP Configuration 32-16
CSC Setup Wizard Management Access Configuration 32-17
CSC Setup Wizard Password Configuration 32-17
CSC Setup Wizard Summary 32-19
CSC Setup Wizard Traffic Selection for CSC Scan 32-17
CSC updates 32-23
CSC Web 32-20
configuring 22-1
context modes 32-6
configuring 32-11
monitoring 32-27
configuring 32-21
configuring 32-22
configuring 32-11
configuring 32-11
configuring 32-13
monitoring 32-27
configuring 32-12
configuring 32-13
monitoring 32-25
CSC Setup Wizard 32-15
activation codes configuratrion 32-15
Host configuratrion 32-16
IP configuratrion 32-16
management access configuratrion 32-17
password configuratrion 32-17
specifying traffic for CSC Scanning 32-18
summary 32-19
traffic selection for CSC Scan 32-17
monitoring 32-26
about 32-1
loading an image 30-26, 31-20, 31-22, 32-28
what to scan 32-3
CSC SSM feature history 32-31
configuring 32-20
monitoring 32-24
configuring 32-23
configuring 32-20
AAA performance 8-1
about 30-1
ASA feature compatibility 30-5
about 30-5
port 30-18
troubleshooting 30-32
basic settings 30-16
cabling 30-9
configuration 30-8
failover 30-7
licensing 30-6
management access 30-4
management defaults 30-8
management IP address 30-14
monitoring 30-27
password reset 30-23
PRSM 30-5
reload 30-24
security policy 30-17
sending traffic to 30-19
shutdown 30-25
traffic flow 30-2
VPN 30-5
default policy 1-7
transparent firewall 7-6
DiffServ preservation 23-5
about 11-2
managing 11-1
NAT effect on 3-30
NAT effect on (8.2 and earlier) 6-14
DNS HINFO request attack 28-10
DNS request for all records attack 28-10
DNS zone transfer attack 28-10
DNS zone transfer from high port attack 28-10
configuring 8-14
converting netmask expressions 8-17
DSCP preservation 23-5
about 3-8
configuring (8.2 and earlier) 6-17
network object NAT 4-4
twice NAT 5-4
network object NAT 4-9
See also NAT
twice NAT 5-12
EIGRP 7-6
compatibilty with extended access lists 7-2
implicit deny 7-3
guidelines 32-6
default settings 7-7
rules 29-6
servers supported 29-2
URLs 29-1, 29-2
fragmented ICMP traffic attack 28-9
Fragment panel 28-2
fragment size 28-2
viewing 11-21, 11-22, 11-33, 11-46, 11-54, 11-55, 12-7, 12-8, 12-15, 12-18, 12-26, 12-34, 12-35, 14-2, 14-12
filtering option 29-10
about 11-17
configuring 11-17
MGCP application inspection 12-16
viewing 14-6
about 14-5
configuring 14-4
about 12-3
configuring 12-2
limitations 12-4
HELP command, denied request 11-24
hierarchical policy, traffic shaping and priority queueing 23-11
viewing 11-32
filtering 29-1
configuring 29-9
filtering 29-2
about 11-26
configuring 11-26
testing connectivity 24-1
about 3-12
configuring (8.2 and earlier) 6-17
network object NAT 4-15
twice NAT 5-24
ILS inspection 13-1
inbound access lists 7-3
See application inspection
Instant Messaging inspection 12-22
default settings 7-7, 32-6
enabling 28-5
signatures 28-6
IP fragment attack 28-7
IP fragment database, displaying 28-2
IP fragment database, editing 28-3
IP impossible packet attack 28-7
IP overlapping fragments attack 28-8
phone proxy provisioning 17-11
addressing requirements for phone proxy 17-9
supported for phone proxy 17-3, 18-3
IP audit 28-5
anti-replay window 23-10
anti-replay window size 23-10
about 31-1
configuration 31-7
operating modes 31-3
sending traffic to 31-18
traffic flow 31-2
virtual sensors 31-17
IP spoofing, preventing 28-1
IP teardrop attack 28-8
large ICMP traffic attack 28-9
about 23-1
configuring 23-2, 23-3
reducing 23-8
matching multiple policy maps 1-5
LCS Federation Scenario 20-2
application inspection 13-1
Cisco Unified Communications Proxy features 15-4, 18-4, 19-6, 20-7, 21-8
CSC SSM 32-5
See low-latency queue
FTP 8-4
applying 23-2, 23-3
default settings 7-7
guidelines 3-21
guidelines (8.2 and earlier) 6-14
media termination address, criteria 17-6
configuring 12-16
viewing 12-14
about 12-12
configuring 12-12
default settings 7-7
Microsoft Access Proxy 20-1
MMP inspection 19-1
CSC CPU 32-27
CSC memory 32-27
CSC security events 32-25
CSC software updates 32-26
CSC SSM 32-24
CSC threats 32-24
default policy 1-7
feature directionality 1-3
features 1-1
flows 1-5
matching multiple policy maps 1-5
See also class map
See also policy map
LDP 7-7
router-id 7-7
TDP 7-7
multi-session PAT 4-19
about 3-1, 6-1
about (8.2 and earlier) 6-1
bidirectional initiation 3-2
bypassing NAT (8.2 and earlier) 6-10
DNS 3-30
DNS (8.2 and earlier) 6-14
about 3-8
about (8.2 and earlier) 6-6
configuring (8.2 and earlier) 6-23
implementation (8.2 and earlier) 6-17
network object NAT 4-4
twice NAT 5-4
about 3-10
network object NAT 4-9
twice NAT 5-12
exemption (8.2 and earlier) 6-11
about 3-12
about (8.2 and earlier) 6-10
network object NAT 4-15
twice NAT 5-24
implementation 3-15
interfaces 3-21
mapped address guidelines 3-21
comparison with twice NAT 3-15
about 3-16
configuring 4-1
dynamic NAT 4-4
dynamic PAT 4-9
examples 4-21
guidelines 4-2
identity NAT 4-15
monitoring 4-20
prerequisites 4-2
static NAT 4-12
no proxy ARP 4-18
extended PAT 4-4
flat range for PAT 4-4
about (8.2 and earlier) 6-8
configuring (8.2 and earlier) 6-23
implementation (8.2 and earlier) 6-17
policy NAT, about (8.2 and earlier) 6-11
routed mode 3-13
route lookup 4-18, 5-29
RPC not supported with 13-3
rule order 3-20
rule order (8.2 and earlier) 6-14
same security level (8.2 and earlier) 6-13
about 3-3
few-to-many mapping 3-7
many-to-few mapping 3-6, 3-7
one-to-many 3-6
about (8.2 and earlier) 6-9
configuring (8.2 and earlier) 6-27
network object NAT 4-12
twice NAT 5-18
about (8.2 and earlier) 6-9
about 3-4
terminology 3-2
transparent mode 3-13
transparent mode (8.2 and earlier) 6-3
extended PAT 5-4
flat range for PAT 5-4
about 3-16
comparison with network object NAT 3-15
configuring 5-1
dynamic NAT 5-4
dynamic PAT 5-12
examples 5-30
guidelines 5-2
identity NAT 5-24
monitoring 5-29
prerequisites 5-2
static NAT 5-18
types 3-3
types (8.2 and earlier) 6-6
VPN 3-24
VPN client rules 3-20
about 3-16
comparison with twice NAT 3-15
configuring 4-1
dynamic NAT 4-4
dynamic PAT 4-9
examples 4-21
guidelines 4-2
identity NAT 4-15
monitoring 4-20
prerequisites 4-2
static NAT 4-12
See network object NAT
outbound access lists 7-3
packet trace, enabling 24-7
per-session and multi-session 4-19
See dynamic PAT
PAT pool 4-7, 5-9
round robin 4-7, 5-9
PDP context, GTP application inspection 14-8
per-session PAT 4-19
access lists 17-7
ASA role 15-3
Cisco IP Communicator 17-10
Cisco UCM supported versions 17-3, 18-3
IP phone addressing 17-9
IP phone provisioning 17-11
IP phones supported 17-3, 18-3
Linksys routers, configuring 17-21
NAT and PAT requirements 17-8
ports 17-7
rate limiting 17-10
TLS Proxy on ASA, described 15-3
See ICMP
using 24-3
ping of death attack 28-9
policy, QoS 23-1
inspection 2-3
about 1-1
feature directionality 1-3
flows 1-5
policy NAT, about (8.2 and earlier) 6-11
phone proxy 17-7
about 3-4
CSC SSM 32-5
presence_proxy_remotecert 16-15
hierarchical policy with traffic shaping 23-11
IPSec anti-replay window size 23-10
proxied RPC request attack 28-10
SIP and 12-21
PRSM 30-5
about 23-1, 23-3
DiffServ preservation 23-5
DSCP preservation 23-5
feature interaction 23-4
policies 23-1
hierarchical policy with traffic shaping 23-11
IPSec anti-replay window 23-10
IPSec anti-replay window size 23-10
statistics 23-11
token bucket 23-2
overview 23-4
viewing statistics 23-11, 23-12
See QoS
latency, reducing 23-8
limit 23-2, 23-3
downloadable access lists 8-14
network access authentication 8-6
network access authorization 8-13
rate limiting 23-3
rate limiting, phone proxy 17-10
RealPlayer 12-17
inbound connections 28-3
outside connections 28-3
RNFR command, denied request 11-24
RNTO command, denied request 11-24
NAT 3-13
other protocols 7-5
about 12-17
configuring 12-16
same security level communication
NAT (8.2 and earlier) 6-13
about 12-32
configuration 12-32
configuring 12-32
Secure Computing SmartFilter filtering server 29-3
maximum and minimum 28-4
duration 27-10
attack and informational 28-6
about 12-21
configuring 12-20
instant messaging 12-22
SITE command, denied request 11-24
SMTP inspection 11-52
viewing 14-14
specifying traffic for CSC scanning 32-18
management access 31-4
management defaults 31-6
management interface 31-14
password reset 31-23, 32-29
reload 31-24, 32-30
reset 31-24, 32-30
routing 31-10
sessioning to 31-13
shutdown 31-22, 32-30
loading an image 30-26, 31-20, 31-22, 32-28
management access 31-4
management defaults 31-6
password reset 31-23, 32-29
reload 31-24, 32-30
reset 31-24, 32-30
routing 31-10
sessioning to 31-13
shutdown 31-22, 32-30
licensing requirements 16-3
statd buffer overflow attack 28-11
bypassing 22-3
about 3-3
few-to-many mapping 3-7
many-to-few mapping 3-6, 3-7
network object NAT 4-12
twice NAT 5-18
static NAT with port translation
about 3-4
See PAT
statistics, QoS 23-11
STOU command, denied request 11-24
about 13-3
configuring 13-3
network access authorization 8-12
tail drop 23-3
maximum segment size 28-4
TIME_WAIT state 28-4
TCP FIN only flags attack 28-10
statistics 27-6
TCP normalization 22-3
TCP NULL flags attack 28-9
AAA 22-5
configuring 22-8
failover 22-5
firewall mode 22-5
inspection 22-5
mutliple context mode 22-5
NAT 22-5
SSMs and SSCs 22-5
TCP Intercept 22-5
TCP normalization 22-5
unsupported features 22-5
TCP SYN+FIN flags attack 28-9
testing configuration 24-1
drop types 27-2
enabling 27-4
overview 27-2
rate intervals 27-2
statistics, viewing 27-4
system performance 27-2
enabling 27-10
host database 27-9
overview 27-8
shunning attackers 27-10
system performance 27-9
enabling 27-6
system performance 27-5
viewing 27-7
duration 27-10
TIME_WAIT state 28-4
applications supported by ASA 15-3
Cisco Unified Presence architecture 20-1
configuring for Cisco Unified Presence 20-8
licenses 15-4, 18-4, 19-6, 20-7, 21-8
tocken bucket 23-2
traceroute, enabling 24-6
overview 23-4
transmit queue ring limit 23-2, 23-3
DHCP packets, allowing 7-6
packet handling 7-5
NAT 3-13
NAT (8.2 and earlier) 6-3
modes 7-7
Cisco Unified Mobility 19-4
Cisco Unified Presence 20-4
about 3-16
comparison with network object NAT 3-15
configuring 5-1
dynamic NAT 5-4
dynamic PAT 5-12
examples 5-30
guidelines 5-2
identity NAT 5-24
monitoring 5-29
prerequisites 5-2
static NAT 5-18
tx-ring-limit 23-2, 23-3
bomb attack 28-10
chargen DoS attack 28-10
snork attack 28-10
configuring 29-9
filtering 29-1
filtering, about 29-2
viewing QoS statistics 23-11, 23-12
virtual HTTP 8-3
virtual sensors 31-17
proxy servers 12-21
NAT rules 3-20
web clients, secure authentication 8-8
Websense filtering server 29-3
Index
accounting 8-17
network access 8-2
proxy limit 8-11
downloadable access lists 8-13
network access 8-12
performance 8-1
web clients 8-8
downloadable 8-14
global access rules 7-2
implicit deny 7-3
inbound 7-3
outbound 7-3
overview 7-1
phone proxy 17-7
turn off expansion 7-12
See IPS module
loading an image 30-26, 31-20, 31-22, 32-28
about 31-1
loading an image 30-26, 31-20, 31-22, 32-28
anti-replay window size 23-10
APN, GTP application inspection 14-10
APPE command, denied request 11-24
application firewall 11-32
about 10-1
applying 10-7
configuring 10-7
inspection class map 2-3
inspection policy map 2-3
special actions 2-1
about 30-1
ASA feature compatibility 30-5
about 30-5
port 30-18
troubleshooting 30-32
basic settings 30-16
cabling 30-9
configuration 30-8
failover 30-7
licensing 30-6
management access 30-4
management defaults 30-8
management IP address 30-14
monitoring 30-27
password reset 30-23
PRSM 30-5
reload 30-24
security policy 30-17
sending traffic to 30-19
shutdown 30-25
traffic flow 30-2
VPN 30-5
TCP state bypass 22-4
DNS HINFO request 28-10
DNS request for all records 28-10
DNS zone transfer 28-10
DNS zone transfer from high port 28-10
fragmented ICMP traffic 28-9
IP fragment 28-7
IP impossible packet 28-7
large ICMP traffic 28-9
ping of death 28-9
proxied RPC request 28-10
statd buffer overflow 28-11
TCP FIN only flags 28-10
TCP NULL flags 28-9
TCP SYN+FIN flags 28-9
UDP bomb 28-10
UDP chargen DoS 28-10
UDP snork 28-10
FTP 8-4
HTTP 8-3
network access 8-2
Telnet 8-3
web clients 8-8
downloadable access lists 8-13
network access 8-12
See threat detection
actions 26-2
address categories 26-2
adding entries 26-9
description 26-2
blocking traffic manually 26-12
classifying traffic 26-10
configuring 26-7
databases 26-2
default settings 26-6
information about 26-4
using with dynamic database 26-9
DNS snooping 26-9
dropping traffic 26-11
graylist 26-11
enabling use of 26-8
files 26-3
information about 26-2
searching 26-13
updates 26-8
feature history 26-16
description 26-2
dropping traffic 26-11
guidelines and limitations 26-6
information about 26-1
licensing 26-6
monitoring 26-14
adding entries 26-9
information about 26-3
syslog messages 26-14
task flow 26-7
dropping traffic 26-11
adding entries 26-9
description 26-2
working overview 26-5
bypassing firewall checks 22-3
MGCP application inspection 12-15, 12-16
CDUP command, denied request 11-24
Cisco Unified Mobility 19-4
Cisco Unified Presence 20-4
Cisco IP Communicator 17-10
Cisco IP Phones, application inspection 12-32
Cisco UMA. See Cisco Unified Mobility.
architecture 19-2
ASA role 15-2, 15-3, 16-2
certificate 19-4
functionality 19-1
NAT and PAT requirements 19-3, 19-4
trust relationship 19-4
ASA role 15-2, 15-3, 16-2
configuring the TLS Proxy 20-8
NAT and PAT requirements 20-2
trust relationship 20-4
Cisco UP. See Cisco Unified Presence.
inspection 2-3
CSC activation 32-11
CSC email 32-21
CSC file transfer 32-22
CSC IP address 32-11
CSC license 32-11
CSC management access 32-13
CSC notifications 32-12
CSC password 32-13
CSC Setup Wizard 32-15, 32-18
CSC Setup Wizard Activation Codes Configuration 32-15
CSC Setup Wizard Host Configuration 32-16
CSC Setup Wizard IP Configuration 32-16
CSC Setup Wizard Management Access Configuration 32-17
CSC Setup Wizard Password Configuration 32-17
CSC Setup Wizard Summary 32-19
CSC Setup Wizard Traffic Selection for CSC Scan 32-17
CSC updates 32-23
CSC Web 32-20
configuring 22-1
context modes 32-6
configuring 32-11
monitoring 32-27
configuring 32-21
configuring 32-22
configuring 32-11
configuring 32-11
configuring 32-13
monitoring 32-27
configuring 32-12
configuring 32-13
monitoring 32-25
CSC Setup Wizard 32-15
activation codes configuratrion 32-15
Host configuratrion 32-16
IP configuratrion 32-16
management access configuratrion 32-17
password configuratrion 32-17
specifying traffic for CSC Scanning 32-18
summary 32-19
traffic selection for CSC Scan 32-17
monitoring 32-26
about 32-1
loading an image 30-26, 31-20, 31-22, 32-28
what to scan 32-3
CSC SSM feature history 32-31
configuring 32-20
monitoring 32-24
configuring 32-23
configuring 32-20
AAA performance 8-1
about 30-1
ASA feature compatibility 30-5
about 30-5
port 30-18
troubleshooting 30-32
basic settings 30-16
cabling 30-9
configuration 30-8
failover 30-7
licensing 30-6
management access 30-4
management defaults 30-8
management IP address 30-14
monitoring 30-27
password reset 30-23
PRSM 30-5
reload 30-24
security policy 30-17
sending traffic to 30-19
shutdown 30-25
traffic flow 30-2
VPN 30-5
default policy 1-7
transparent firewall 7-6
DiffServ preservation 23-5
about 11-2
managing 11-1
NAT effect on 3-30
NAT effect on (8.2 and earlier) 6-14
DNS HINFO request attack 28-10
DNS request for all records attack 28-10
DNS zone transfer attack 28-10
DNS zone transfer from high port attack 28-10
configuring 8-14
converting netmask expressions 8-17
DSCP preservation 23-5
about 3-8
configuring (8.2 and earlier) 6-17
network object NAT 4-4
twice NAT 5-4
network object NAT 4-9
See also NAT
twice NAT 5-12
EIGRP 7-6
compatibilty with extended access lists 7-2
implicit deny 7-3
guidelines 32-6
default settings 7-7
rules 29-6
servers supported 29-2
URLs 29-1, 29-2
fragmented ICMP traffic attack 28-9
Fragment panel 28-2
fragment size 28-2
viewing 11-21, 11-22, 11-33, 11-46, 11-54, 11-55, 12-7, 12-8, 12-15, 12-18, 12-26, 12-34, 12-35, 14-2, 14-12
filtering option 29-10
about 11-17
configuring 11-17
MGCP application inspection 12-16
viewing 14-6
about 14-5
configuring 14-4
about 12-3
configuring 12-2
limitations 12-4
HELP command, denied request 11-24
hierarchical policy, traffic shaping and priority queueing 23-11
viewing 11-32
filtering 29-1
configuring 29-9
filtering 29-2
about 11-26
configuring 11-26
testing connectivity 24-1
about 3-12
configuring (8.2 and earlier) 6-17
network object NAT 4-15
twice NAT 5-24
ILS inspection 13-1
inbound access lists 7-3
See application inspection
Instant Messaging inspection 12-22
default settings 7-7, 32-6
enabling 28-5
signatures 28-6
IP fragment attack 28-7
IP fragment database, displaying 28-2
IP fragment database, editing 28-3
IP impossible packet attack 28-7
IP overlapping fragments attack 28-8
phone proxy provisioning 17-11
addressing requirements for phone proxy 17-9
supported for phone proxy 17-3, 18-3
IP audit 28-5
anti-replay window 23-10
anti-replay window size 23-10
about 31-1
configuration 31-7
operating modes 31-3
sending traffic to 31-18
traffic flow 31-2
virtual sensors 31-17
IP spoofing, preventing 28-1
IP teardrop attack 28-8
large ICMP traffic attack 28-9
about 23-1
configuring 23-2, 23-3
reducing 23-8
matching multiple policy maps 1-5
LCS Federation Scenario 20-2
application inspection 13-1
Cisco Unified Communications Proxy features 15-4, 18-4, 19-6, 20-7, 21-8
CSC SSM 32-5
See low-latency queue
FTP 8-4
applying 23-2, 23-3
default settings 7-7
guidelines 3-21
guidelines (8.2 and earlier) 6-14
media termination address, criteria 17-6
configuring 12-16
viewing 12-14
about 12-12
configuring 12-12
default settings 7-7
Microsoft Access Proxy 20-1
MMP inspection 19-1
CSC CPU 32-27
CSC memory 32-27
CSC security events 32-25
CSC software updates 32-26
CSC SSM 32-24
CSC threats 32-24
default policy 1-7
feature directionality 1-3
features 1-1
flows 1-5
matching multiple policy maps 1-5
See also class map
See also policy map
LDP 7-7
router-id 7-7
TDP 7-7
multi-session PAT 4-19
about 3-1, 6-1
about (8.2 and earlier) 6-1
bidirectional initiation 3-2
bypassing NAT (8.2 and earlier) 6-10
DNS 3-30
DNS (8.2 and earlier) 6-14
about 3-8
about (8.2 and earlier) 6-6
configuring (8.2 and earlier) 6-23
implementation (8.2 and earlier) 6-17
network object NAT 4-4
twice NAT 5-4
about 3-10
network object NAT 4-9
twice NAT 5-12
exemption (8.2 and earlier) 6-11
about 3-12
about (8.2 and earlier) 6-10
network object NAT 4-15
twice NAT 5-24
implementation 3-15
interfaces 3-21
mapped address guidelines 3-21
comparison with twice NAT 3-15
about 3-16
configuring 4-1
dynamic NAT 4-4
dynamic PAT 4-9
examples 4-21
guidelines 4-2
identity NAT 4-15
monitoring 4-20
prerequisites 4-2
static NAT 4-12
no proxy ARP 4-18
extended PAT 4-4
flat range for PAT 4-4
about (8.2 and earlier) 6-8
configuring (8.2 and earlier) 6-23
implementation (8.2 and earlier) 6-17
policy NAT, about (8.2 and earlier) 6-11
routed mode 3-13
route lookup 4-18, 5-29
RPC not supported with 13-3
rule order 3-20
rule order (8.2 and earlier) 6-14
same security level (8.2 and earlier) 6-13
about 3-3
few-to-many mapping 3-7
many-to-few mapping 3-6, 3-7
one-to-many 3-6
about (8.2 and earlier) 6-9
configuring (8.2 and earlier) 6-27
network object NAT 4-12
twice NAT 5-18
about (8.2 and earlier) 6-9
about 3-4
terminology 3-2
transparent mode 3-13
transparent mode (8.2 and earlier) 6-3
extended PAT 5-4
flat range for PAT 5-4
about 3-16
comparison with network object NAT 3-15
configuring 5-1
dynamic NAT 5-4
dynamic PAT 5-12
examples 5-30
guidelines 5-2
identity NAT 5-24
monitoring 5-29
prerequisites 5-2
static NAT 5-18
types 3-3
types (8.2 and earlier) 6-6
VPN 3-24
VPN client rules 3-20
about 3-16
comparison with twice NAT 3-15
configuring 4-1
dynamic NAT 4-4
dynamic PAT 4-9
examples 4-21
guidelines 4-2
identity NAT 4-15
monitoring 4-20
prerequisites 4-2
static NAT 4-12
See network object NAT
outbound access lists 7-3
packet trace, enabling 24-7
per-session and multi-session 4-19
See dynamic PAT
PAT pool 4-7, 5-9
round robin 4-7, 5-9
PDP context, GTP application inspection 14-8
per-session PAT 4-19
access lists 17-7
ASA role 15-3
Cisco IP Communicator 17-10
Cisco UCM supported versions 17-3, 18-3
IP phone addressing 17-9
IP phone provisioning 17-11
IP phones supported 17-3, 18-3
Linksys routers, configuring 17-21
NAT and PAT requirements 17-8
ports 17-7
rate limiting 17-10
TLS Proxy on ASA, described 15-3
See ICMP
using 24-3
ping of death attack 28-9
policy, QoS 23-1
inspection 2-3
about 1-1
feature directionality 1-3
flows 1-5
policy NAT, about (8.2 and earlier) 6-11
phone proxy 17-7
about 3-4
CSC SSM 32-5
presence_proxy_remotecert 16-15
hierarchical policy with traffic shaping 23-11
IPSec anti-replay window size 23-10
proxied RPC request attack 28-10
SIP and 12-21
PRSM 30-5
about 23-1, 23-3
DiffServ preservation 23-5
DSCP preservation 23-5
feature interaction 23-4
policies 23-1
hierarchical policy with traffic shaping 23-11
IPSec anti-replay window 23-10
IPSec anti-replay window size 23-10
statistics 23-11
token bucket 23-2
overview 23-4
viewing statistics 23-11, 23-12
See QoS
latency, reducing 23-8
limit 23-2, 23-3
downloadable access lists 8-14
network access authentication 8-6
network access authorization 8-13
rate limiting 23-3
rate limiting, phone proxy 17-10
RealPlayer 12-17
inbound connections 28-3
outside connections 28-3
RNFR command, denied request 11-24
RNTO command, denied request 11-24
NAT 3-13
other protocols 7-5
about 12-17
configuring 12-16
same security level communication
NAT (8.2 and earlier) 6-13
about 12-32
configuration 12-32
configuring 12-32
Secure Computing SmartFilter filtering server 29-3
maximum and minimum 28-4
duration 27-10
attack and informational 28-6
about 12-21
configuring 12-20
instant messaging 12-22
SITE command, denied request 11-24
SMTP inspection 11-52
viewing 14-14
specifying traffic for CSC scanning 32-18
management access 31-4
management defaults 31-6
management interface 31-14
password reset 31-23, 32-29
reload 31-24, 32-30
reset 31-24, 32-30
routing 31-10
sessioning to 31-13
shutdown 31-22, 32-30
loading an image 30-26, 31-20, 31-22, 32-28
management access 31-4
management defaults 31-6
password reset 31-23, 32-29
reload 31-24, 32-30
reset 31-24, 32-30
routing 31-10
sessioning to 31-13
shutdown 31-22, 32-30
licensing requirements 16-3
statd buffer overflow attack 28-11
bypassing 22-3
about 3-3
few-to-many mapping 3-7
many-to-few mapping 3-6, 3-7
network object NAT 4-12
twice NAT 5-18
static NAT with port translation
about 3-4
See PAT
statistics, QoS 23-11
STOU command, denied request 11-24
about 13-3
configuring 13-3
network access authorization 8-12
tail drop 23-3
maximum segment size 28-4
TIME_WAIT state 28-4
TCP FIN only flags attack 28-10
statistics 27-6
TCP normalization 22-3
TCP NULL flags attack 28-9
AAA 22-5
configuring 22-8
failover 22-5
firewall mode 22-5
inspection 22-5
mutliple context mode 22-5
NAT 22-5
SSMs and SSCs 22-5
TCP Intercept 22-5
TCP normalization 22-5
unsupported features 22-5
TCP SYN+FIN flags attack 28-9
testing configuration 24-1
drop types 27-2
enabling 27-4
overview 27-2
rate intervals 27-2
statistics, viewing 27-4
system performance 27-2
enabling 27-10
host database 27-9
overview 27-8
shunning attackers 27-10
system performance 27-9
enabling 27-6
system performance 27-5
viewing 27-7
duration 27-10
TIME_WAIT state 28-4
applications supported by ASA 15-3
Cisco Unified Presence architecture 20-1
configuring for Cisco Unified Presence 20-8
licenses 15-4, 18-4, 19-6, 20-7, 21-8
tocken bucket 23-2
traceroute, enabling 24-6
overview 23-4
transmit queue ring limit 23-2, 23-3
DHCP packets, allowing 7-6
packet handling 7-5
NAT 3-13
NAT (8.2 and earlier) 6-3
modes 7-7
Cisco Unified Mobility 19-4
Cisco Unified Presence 20-4
about 3-16
comparison with network object NAT 3-15
configuring 5-1
dynamic NAT 5-4
dynamic PAT 5-12
examples 5-30
guidelines 5-2
identity NAT 5-24
monitoring 5-29
prerequisites 5-2
static NAT 5-18
tx-ring-limit 23-2, 23-3
bomb attack 28-10
chargen DoS attack 28-10
snork attack 28-10
configuring 29-9
filtering 29-1
filtering, about 29-2
viewing QoS statistics 23-11, 23-12
virtual HTTP 8-3
virtual sensors 31-17
proxy servers 12-21
NAT rules 3-20
web clients, secure authentication 8-8
Websense filtering server 29-3
Feedback