Cisco Security Appliance Command Line Configuration Guide, Version 7.1.pdf

(5607 KB) Pobierz
Cisco Security Appliance Command Line
Configuration Guide
For the Cisco ASA 5500 Series and Cisco PIX 500 Series
Software Version 7.1(1)
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: N/A, Online only
Text Part Number: OL-8629-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and
iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified
Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast,
EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream,
Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar,
Packet,
PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare,
SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States
and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0601R)
Cisco Security Appliance Command Line Configuration Guide
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
CONTENTS
About This Guide
xxvii
Document Objectives
xxvii
Audience
xxvii
Related Documentation
xxviii
Document Organization
xxviii
Document Conventions
xxx
Obtaining Documentation
xxxi
Cisco.com
xxxi
Ordering Documentation
xxxi
Documentation Feedback
xxxii
Obtaining Technical Assistance
xxxii
Cisco Technical Support Website
xxxii
Submitting a Service Request
xxxiii
Definitions of Service Request Severity
xxxiii
Obtaining Additional Publications and Information
1
xxxiii
PART
Getting Started and General Information
1
CHAPTER
Introduction to the Security Appliance
1-1
Firewall Functional Overview
1-1
Security Policy Overview
1-2
Permitting or Denying Traffic with Access Lists
1-2
Applying NAT
1-2
Using AAA for Through Traffic
1-2
Applying HTTP, HTTPS, or FTP Filtering
1-3
Applying Application Inspection
1-3
Sending Traffic to the Advanced Inspection and Prevention Security Services Module
Applying QoS Policies
1-3
Applying Connection Limits and TCP Normalization
1-3
Firewall Mode Overview
1-3
Stateful Inspection Overview
1-4
VPN Functional Overview
Security Context Overview
1-5
1-5
1-3
Intrusion Prevention Services Functional Overview
1-5
Cisco Security Appliance Command Line Configuration Guide
OL-8629-01
i
Contents
CHAPTER
2
Getting Started
2-1
2-1
2-2
Accessing the Command-Line Interface
Setting Transparent or Routed Firewall Mode
Working with the Configuration
2-3
Saving Configuration Changes
2-3
Copying the Startup Configuration to the Running Configuration
Viewing the Configuration
2-4
Clearing and Removing Configuration Settings
2-4
Creating Text Configuration Files Offline
2-5
3
2-3
CHAPTER
Enabling Multiple Context Mode
3-1
Security Context Overview
3-1
Common Uses for Security Contexts
3-2
Unsupported Features
3-2
Context Configuration Files
3-2
How the Security Appliance Classifies Packets
3-3
Sharing Interfaces Between Contexts
3-6
Shared Interface Guidelines
3-7
Cascading Security Contexts
3-9
Logging into the Security Appliance in Multiple Context Mode
Enabling or Disabling Multiple Context Mode
3-10
Backing Up the Single Mode Configuration
3-10
Enabling Multiple Context Mode
3-10
Restoring Single Context Mode
3-11
4
3-10
CHAPTER
Configuring Ethernet Settings and Subinterfaces
Configuring and Enabling RJ-45 Interfaces
Configuring and Enabling Subinterfaces
4-1
4-1
Configuring and Enabling Fiber Interfaces on the 4GE SSM
4-3
4-2
CHAPTER
5
Adding and Managing Security Contexts
Configuring a Security Context
Removing a Security Context
Changing the Admin Context
5-1
5-5
5-5
5-1
Changing Between Contexts and the System Execution Space
Changing the Security Context URL
5-6
5-6
Cisco Security Appliance Command Line Configuration Guide
ii
OL-8629-01
Contents
Reloading a Security Context
5-7
Reloading by Clearing the Configuration
5-7
Reloading by Removing and Re-adding the Context
Monitoring Security Contexts
5-8
Viewing Context Information
5-8
Viewing Resource Usage
5-10
6
5-8
CHAPTER
Configuring Interface Parameters
Security Level Overview
Configuring the Interface
6-1
6-2
6-1
Allowing Communication Between Interfaces on the Same Security Level
7
6-5
CHAPTER
Configuring Basic Settings
Setting the Hostname
7-2
7-1
7-1
Changing the Enable Password
Setting the Domain Name
7-2
Setting the Date and Time
7-2
Setting the Time Zone and Daylight Saving Time Date Range
Setting the Date and Time Using an NTP Server
7-4
Setting the Date and Time Manually
7-4
Setting the Management IP Address for a Transparent Firewall
8
7-3
7-5
CHAPTER
Configuring IP Routing and DHCP Services
Configuring Static and Default Routes
8-1
Configuring a Static Route
8-2
Configuring a Default Route
8-3
8-1
Configuring OSPF
8-3
OSPF Overview
8-4
Enabling OSPF
8-5
Redistributing Routes Between OSPF Processes
8-5
Adding a Route Map
8-6
Redistributing Static, Connected, or OSPF Routes to an OSPF Process
8-7
Configuring OSPF Interface Parameters
8-8
Configuring OSPF Area Parameters
8-10
Configuring OSPF NSSA
8-11
Configuring Route Summarization Between OSPF Areas
8-12
Configuring Route Summarization When Redistributing Routes into OSPF
8-12
Generating a Default Route
8-13
Cisco Security Appliance Command Line Configuration Guide
OL-8629-01
iii

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin