Cisco Asdm 7 User Guide
Have a look at the manual Cisco Asdm 7 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
32-31 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Additional References Additional References For additional information related to implementing the CSC SSM, see the following documents: Feature History for the CSC SSM Table 32-2 lists each feature change and the platform release in which it was implemented. ASDM is backward-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed. Related Topic Document Title Instructions on use of the CSC SSM GUI. Additional licensing requirements of specific windows available in the CSC SSM GUI. Reviewing the default content security policies in the CSC SSM GUI before modifying them or entering advanced configuration settings.Cisco Content Security and Control SSM Administrator Guide Accessing ASDM for the first time and assistance with the Startup Wizard.Cisco ASA 5500 Series Quick Start Guide Assistance with SSM hardware installation and connection to the ASA.hardware guide Accessing ASDM for the first time and assistance with the Startup Wizard.Cisco ASA 5500 Series Quick Start Guide Instructions on use of the CSC SSM GUI. Additional licensing requirements of specific windows available in the CSC SSM GUI. Reviewing the default content security policies in the CSC SSM GUI before modifying them or entering advanced configuration settings.Cisco Content Security and Control SSM Administrator Guide Technical Documentation, Marketing, and Support-related information.See the following URL: http://www.cisco.com/en/US/products/ps6823/index.html. Table 32-2 Feature History for the CSC SSM Feature Name Platform Releases Feature Information CSC SSM 7.0(1) The CSC SSM runs Content Security and Control software, which provides protection against viruses, spyware, spam, and other unwanted traffic. The CSC Setup Wizard enables you to configure the CSC SSM in ASDM. We introduced the following screen: Configuration > Trend Micro Content Security > CSC Setup. CSC SSM 8.1(1) and 8.1(2) This feature is not supported on the ASA 5580.
32-32 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Feature History for the CSC SSM CSC syslog format 8.3(1) CSC syslog format is consistent with the ASA syslog format. Syslog message explanations have been added to the Cisco Content Security and Control SSM Administrator Guide. The source and destination IP information has been added to the ASDM Log Viewer GUI. All syslog messages include predefined syslog priorities and cannot be configured through the CSC SSM GUI. Clearing CSC events8.4(1) Support for clearing CSC events in the Latest CSC Security Events pane has been added. We modified the following screen: Home > Content Security. CSC SSM 8.4(2) Support for the following features has been added: HTTPS traffic redirection: URL filtering and WRS queries for incoming HTTPS connections. Configuring global approved whitelists for incoming and outgoing SMTP and POP3 e-mail. E-mail notification for product license renewals. We modified the following screens: Configuration > Trend Micro Content Security > Mail > SMTP. Configuration > Trend Micro Content Security > Mail > POP3. Configuration > Trend Micro Content Security > Host/Notification Settings. Configuration > Trend Micro Content Security > CSC Setup > Host Configuration. Table 32-2 Feature History for the CSC SSM (continued) Feature Name Platform Releases Feature Information
IN-1 Cisco ASA Series Firewall ASDM Configuration Guide INDEX A AAA accounting 8-17 authentication network access 8-2 proxy limit8-11 authorization downloadable access lists 8-13 network access8-12 performance8-1 web clients8-8 access lists downloadable 8-14 global access rules7-2 implicit deny7-3 inbound7-3 outbound7-3 overview7-1 phone proxy17-7 access rules turn off expansion 7-12 AIP See IPS module AIP SSC loading an image 30-26, 31-20, 31-22, 32-28 AIP SSM about 31-1 loading an image30-26, 31-20, 31-22, 32-28 anti-replay window size23-10 APN, GTP application inspection14-10 APPE command, denied request11-24 application firewall11-32 application inspection about 10-1 applying10-7 configuring10-7 inspection class map2-3 inspection policy map2-3 special actions2-1 ASA CX module about 30-1 ASA feature compatibility30-5 authentication proxy about 30-5 port30-18 troubleshooting30-32 basic settings30-16 cabling30-9 configuration30-8 failover30-7 licensing30-6 management access30-4 management defaults30-8 management IP address30-14 monitoring30-27 password reset30-23 PRSM30-5 reload30-24 security policy30-17 sending traffic to30-19 shutdown30-25 traffic flow30-2 VPN30-5 asymmetric routing TCP state bypass 22-4
Index IN-2 Cisco ASA Series Firewall ASDM Configuration Guide attacks DNS HINFO request 28-10 DNS request for all records28-10 DNS zone transfer28-10 DNS zone transfer from high port28-10 fragmented ICMP traffic28-9 IP fragment28-7 IP impossible packet28-7 large ICMP traffic28-9 ping of death28-9 proxied RPC request28-10 statd buffer overflow28-11 TCP FIN only flags28-10 TCP NULL flags28-9 TCP SYN+FIN flags28-9 UDP bomb28-10 UDP chargen DoS28-10 UDP snork28-10 authentication FTP 8-4 HTTP8-3 network access8-2 Telnet8-3 web clients8-8 authorization downloadable access lists 8-13 network access8-12 B basic threat detection See threat detection Botnet Traffic Filter actions 26-2 address categories26-2 blacklist adding entries 26-9 description26-2 blocking traffic manually26-12 classifying traffic26-10 configuring26-7 databases26-2 default settings26-6 DNS Reverse Lookup Cache information about 26-4 using with dynamic database26-9 DNS snooping26-9 dropping traffic26-11 graylist26-11 dynamic database enabling use of 26-8 files26-3 information about26-2 searching26-13 updates26-8 feature history26-16 graylist description 26-2 dropping traffic26-11 guidelines and limitations26-6 information about26-1 licensing26-6 monitoring26-14 static database adding entries 26-9 information about26-3 syslog messages26-14 task flow26-7 threat level dropping traffic 26-11 whitelist adding entries 26-9 description26-2 working overview26-5 bypassing firewall checks22-3
Index IN-3 Cisco ASA Series Firewall ASDM Configuration Guide C call agents MGCP application inspection 12-15, 12-16 CDUP command, denied request11-24 certificate Cisco Unified Mobility 19-4 Cisco Unified Presence20-4 Cisco IP Communicator17-10 Cisco IP Phones, application inspection12-32 Cisco UMA. See Cisco Unified Mobility. Cisco Unified Mobility architecture 19-2 ASA role15-2, 15-3, 16-2 certificate19-4 functionality19-1 NAT and PAT requirements19-3, 19-4 trust relationship19-4 Cisco Unified Presence ASA role 15-2, 15-3, 16-2 configuring the TLS Proxy20-8 NAT and PAT requirements20-2 trust relationship20-4 Cisco UP. See Cisco Unified Presence. class map inspection 2-3 configuring CSC activation 32-11 CSC email32-21 CSC file transfer32-22 CSC IP address32-11 CSC license32-11 CSC management access32-13 CSC notifications32-12 CSC password32-13 CSC Setup Wizard32-15, 32-18 CSC Setup Wizard Activation Codes Configuration 32-15 CSC Setup Wizard Host Configuration32-16 CSC Setup Wizard IP Configuration32-16 CSC Setup Wizard Management Access Configuration 32-17 CSC Setup Wizard Password Configuration32-17 CSC Setup Wizard Summary32-19 CSC Setup Wizard Traffic Selection for CSC Scan 32-17 CSC updates32-23 CSC Web32-20 connection limits configuring 22-1 context modes32-6 CSC activation configuring 32-11 CSC CPU monitoring 32-27 CSC email configuring 32-21 CSC file transfer configuring 32-22 CSC IP address configuring 32-11 CSC license configuring 32-11 CSC management access configuring 32-13 CSC memory monitoring 32-27 CSC notifications configuring 32-12 CSC password configuring 32-13 CSC security events monitoring 32-25 CSC Setup Wizard32-15 activation codes configuratrion32-15 Host configuratrion32-16 IP configuratrion32-16 management access configuratrion32-17
Index IN-4 Cisco ASA Series Firewall ASDM Configuration Guide password configuratrion32-17 specifying traffic for CSC Scanning32-18 summary32-19 traffic selection for CSC Scan32-17 CSC software updates monitoring 32-26 CSC SSM about 32-1 loading an image30-26, 31-20, 31-22, 32-28 what to scan32-3 CSC SSM feature history32-31 CSC SSM GUI configuring 32-20 CSC threats monitoring 32-24 CSC updates configuring 32-23 CSC Web configuring 32-20 cut-through proxy AAA performance 8-1 CX module about 30-1 ASA feature compatibility30-5 authentication proxy about 30-5 port30-18 troubleshooting30-32 basic settings30-16 cabling30-9 configuration30-8 failover30-7 licensing30-6 management access30-4 management defaults30-8 management IP address30-14 monitoring30-27 password reset30-23 PRSM30-5 reload30-24 security policy30-17 sending traffic to30-19 shutdown30-25 traffic flow30-2 VPN30-5 D default policy1-7 DHCP transparent firewall 7-6 DiffServ preservation23-5 DNS inspection about 11-2 managing11-1 NAT effect on3-30 NAT effect on (8.2 and earlier)6-14 DNS HINFO request attack28-10 DNS request for all records attack28-10 DNS zone transfer attack28-10 DNS zone transfer from high port attack28-10 downloadable access lists configuring 8-14 converting netmask expressions8-17 DSCP preservation23-5 dynamic NAT about 3-8 configuring (8.2 and earlier)6-17 network object NAT4-4 twice NAT5-4 dynamic PAT network object NAT 4-9 See also NAT twice NAT 5-12
Index IN-5 Cisco ASA Series Firewall ASDM Configuration Guide E EIGRP7-6 EtherType access list compatibilty with extended access lists 7-2 implicit deny7-3 F failover guidelines 32-6 Fibre Channel interfaces default settings 7-7 filtering rules 29-6 servers supported29-2 URLs29-1, 29-2 fragmented ICMP traffic attack28-9 Fragment panel28-2 fragment size28-2 FTP application inspection viewing 11-21, 11-22, 11-33, 11-46, 11-54, 11-55, 12-7, 12-8, 12-15, 12-18, 12-26, 12-34, 12-35, 14-2, 14-12 filtering option29-10 FTP inspection about 11-17 configuring11-17 G gateways MGCP application inspection 12-16 GTP application inspection viewing 14-6 GTP inspection about 14-5 configuring14-4 H H.323 inspection about 12-3 configuring12-2 limitations12-4 HELP command, denied request11-24 hierarchical policy, traffic shaping and priority queueing 23-11 HTTP application inspection viewing 11-32 filtering29-1 configuring29-9 HTTP(S) filtering 29-2 HTTP inspection about 11-26 configuring11-26 I ICMP testing connectivity 24-1 identity NAT about 3-12 configuring (8.2 and earlier)6-17 network object NAT4-15 twice NAT5-24 ILS inspection13-1 IM12-22 inbound access lists7-3 inspection engines See application inspection Instant Messaging inspection 12-22 interfaces default settings 7-7, 32-6 IP audit enabling 28-5
Index IN-6 Cisco ASA Series Firewall ASDM Configuration Guide signatures28-6 IP fragment attack28-7 IP fragment database, displaying28-2 IP fragment database, editing28-3 IP impossible packet attack28-7 IP overlapping fragments attack28-8 IP phone phone proxy provisioning 17-11 IP phones addressing requirements for phone proxy 17-9 supported for phone proxy17-3, 18-3 IPS IP audit 28-5 IPSec anti-replay window 23-10 IPSec rules anti-replay window size 23-10 IPS module about 31-1 configuration31-7 operating modes31-3 sending traffic to31-18 traffic flow31-2 virtual sensors31-17 IP spoofing, preventing28-1 IP teardrop attack28-8 L large ICMP traffic attack28-9 latency about 23-1 configuring23-2, 23-3 reducing23-8 Layer 3/4 matching multiple policy maps 1-5 LCS Federation Scenario20-2 LDAP application inspection 13-1 licenses Cisco Unified Communications Proxy features 15-4, 18-4, 19-6, 20-7, 21-8 licensing requirements CSC SSM 32-5 LLQ See low-latency queue login FTP 8-4 low-latency queue applying 23-2, 23-3 M management interfaces default settings 7-7 mapped addresses guidelines 3-21 guidelines (8.2 and earlier)6-14 media termination address, criteria17-6 MGCP application inspection configuring 12-16 viewing12-14 MGCP inspection about 12-12 configuring12-12 mgmt0 interfaces default settings 7-7 Microsoft Access Proxy20-1 MMP inspection19-1 monitoring CSC CPU 32-27 CSC memory32-27 CSC security events32-25 CSC software updates32-26 CSC SSM32-24 CSC threats32-24 MPF
Index IN-7 Cisco ASA Series Firewall ASDM Configuration Guide default policy1-7 feature directionality1-3 features1-1 flows1-5 matching multiple policy maps1-5 See also class map See also policy map MPLS LDP 7-7 router-id7-7 TDP7-7 multi-session PAT4-19 N NAT about 3-1, 6-1 about (8.2 and earlier)6-1 bidirectional initiation3-2 bypassing NAT (8.2 and earlier)6-10 DNS3-30 DNS (8.2 and earlier)6-14 dynamic about 3-8 dynamic NAT about (8.2 and earlier) 6-6 configuring (8.2 and earlier)6-23 implementation (8.2 and earlier)6-17 network object NAT4-4 twice NAT5-4 dynamic PAT about 3-10 network object NAT4-9 twice NAT5-12 exemption (8.2 and earlier)6-11 identity about 3-12 identity NAT about (8.2 and earlier) 6-10 network object NAT4-15 twice NAT5-24 implementation3-15 interfaces3-21 mapped address guidelines3-21 network object comparison with twice NAT 3-15 network object NAT about 3-16 configuring4-1 dynamic NAT4-4 dynamic PAT4-9 examples4-21 guidelines4-2 identity NAT4-15 monitoring4-20 prerequisites4-2 static NAT4-12 no proxy ARP4-18 object extended PAT 4-4 flat range for PAT4-4 PAT about (8.2 and earlier) 6-8 configuring (8.2 and earlier)6-23 implementation (8.2 and earlier)6-17 policy NAT, about (8.2 and earlier)6-11 routed mode3-13 route lookup4-18, 5-29 RPC not supported with13-3 rule order3-20 rule order (8.2 and earlier)6-14 same security level (8.2 and earlier)6-13 static about 3-3 few-to-many mapping3-7 many-to-few mapping3-6, 3-7 one-to-many3-6 static NAT
Index IN-8 Cisco ASA Series Firewall ASDM Configuration Guide about (8.2 and earlier)6-9 configuring (8.2 and earlier)6-27 network object NAT4-12 twice NAT5-18 static PAT about (8.2 and earlier) 6-9 static with port translation about 3-4 terminology3-2 transparent mode3-13 transparent mode (8.2 and earlier)6-3 twice extended PAT 5-4 flat range for PAT5-4 twice NAT about 3-16 comparison with network object NAT3-15 configuring5-1 dynamic NAT5-4 dynamic PAT5-12 examples5-30 guidelines5-2 identity NAT5-24 monitoring5-29 prerequisites5-2 static NAT5-18 types3-3 types (8.2 and earlier)6-6 VPN3-24 VPN client rules3-20 network object NAT about 3-16 comparison with twice NAT3-15 configuring4-1 dynamic NAT4-4 dynamic PAT4-9 examples4-21 guidelines4-2 identity NAT4-15 monitoring4-20 prerequisites4-2 static NAT4-12 O object NAT See network object NAT outbound access lists 7-3 P packet trace, enabling24-7 PAT per-session and multi-session 4-19 See dynamic PAT PAT pool 4-7, 5-9 round robin4-7, 5-9 PDP context, GTP application inspection14-8 per-session PAT4-19 phone proxy access lists 17-7 ASA role15-3 Cisco IP Communicator17-10 Cisco UCM supported versions17-3, 18-3 IP phone addressing17-9 IP phone provisioning17-11 IP phones supported17-3, 18-3 Linksys routers, configuring17-21 NAT and PAT requirements17-8 ports17-7 rate limiting17-10 TLS Proxy on ASA, described15-3 ping See ICMP using 24-3 ping of death attack28-9 policy, QoS23-1