Cisco Asdm 7 User Guide
Have a look at the manual Cisco Asdm 7 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Contents 9 Cisco ASA Series Firewall ASDM Configuration Guide SIP Class Map12-23 Add/Edit SIP Traffic Class Map12-24 Add/Edit SIP Match Criterion12-24 SIP Inspect Map12-26 Add/Edit SIP Policy Map (Security Level)12-27 Add/Edit SIP Policy Map (Details)12-28 Add/Edit SIP Inspect12-30 Skinny (SCCP) Inspection12-32 SCCP Inspection Overview12-32 Supporting Cisco IP Phones12-33 Restrictions and Limitations12-33 Select SCCP (Skinny) Map12-34 SCCP (Skinny) Inspect Map12-34 Message ID Filtering12-35 Add/Edit SCCP (Skinny) Policy Map (Security Level)12-36 Add/Edit SCCP (Skinny) Policy Map (Details)12-37 Add/Edit Message ID Filter12-38 CHAPTER 13Configuring Inspection of Database and Directory Protocols13-1 ILS Inspection13-1 SQL*Net Inspection13-2 Sun RPC Inspection13-3 Sun RPC Inspection Overview13-3 SUNRPC Server13-3 Add/Edit SUNRPC Service13-4 CHAPTER 14Configuring Inspection for Management Application Protocols14-1 DCERPC Inspection14-1 DCERPC Overview14-1 Select DCERPC Map14-2 DCERPC Inspect Map14-2 Add/Edit DCERPC Policy Map14-3 GTP Inspection14-4 GTP Inspection Overview14-5 Select GTP Map14-5 GTP Inspect Map14-6 IMSI Prefix Filtering14-7 Add/Edit GTP Policy Map (Security Level)14-7 Add/Edit GTP Policy Map (Details)14-8
Contents 10 Cisco ASA Series Firewall ASDM Configuration Guide Add/Edit GTP Map14-9 RADIUS Accounting Inspection14-10 RADIUS Accounting Inspection Overview14-11 Select RADIUS Accounting Map14-11 Add RADIUS Accounting Policy Map14-11 RADIUS Inspect Map14-12 RADIUS Inspect Map Host14-12 RADIUS Inspect Map Other14-13 RSH Inspection14-13 SNMP Inspection14-13 SNMP Inspection Overview14-14 Select SNMP Map14-14 SNMP Inspect Map14-14 XDMCP Inspection14-15 PART 5Configuring Unified Communications CHAPTER 15Information About Cisco Unified Communications Proxy Features15-1 Information About the Adaptive Security Appliance in Cisco Unified Communications 15-1 TLS Proxy Applications in Cisco Unified Communications15-3 Licensing for Cisco Unified Communications Proxy Features 15-4 CHAPTER 16Using the Cisco Unified Communication Wizard16-1 Information about the Cisco Unified Communication Wizard16-1 Licensing Requirements for the Unified Communication Wizard16-3 Guidelines and Limitations16-4 Configuring the Phone Proxy by using the Unified Communication Wizard16-4 Configuring the Private Network for the Phone Proxy16-5 Configuring Servers for the Phone Proxy16-6 Enabling Certificate Authority Proxy Function (CAPF) for IP Phones16-8 Configuring the Public IP Phone Network16-9 Configuring the Media Termination Address for Unified Communication Proxies16-10 Configuring the Mobility Advantage by using the Unified Communication Wizard16-11 Configuring the Topology for the Cisco Mobility Advantage Proxy16-12 Configuring the Server-Side Certificates for the Cisco Mobility Advantage Proxy16-12 Configuring the Client-Side Certificates for the Cisco Mobility Advantage Proxy16-13 Configuring the Presence Federation Proxy by using the Unified Communication Wizard16-14 Configuring the Topology for the Cisco Presence Federation Proxy16-14
Contents 11 Cisco ASA Series Firewall ASDM Configuration Guide Configuring the Local-Side Certificates for the Cisco Presence Federation Proxy16-15 Configuring the Remote-Side Certificates for the Cisco Presence Federation Proxy16-15 Configuring the UC-IME by using the Unified Communication Wizard16-16 Configuring the Topology for the Cisco Intercompany Media Engine Proxy16-17 Configuring the Private Network Settings for the Cisco Intercompany Media Engine Proxy16-18 Adding a Cisco Unified Communications Manager Server for the UC-IME Proxy16-20 Configuring the Public Network Settings for the Cisco Intercompany Media Engine Proxy16-20 Configuring the Local-Side Certificates for the Cisco Intercompany Media Engine Proxy16-21 Configuring the Remote-Side Certificates for the Cisco Intercompany Media Engine Proxy16-22 Working with Certificates in the Unified Communication Wizard16-23 Exporting an Identity Certificate16-23 Installing a Certificate16-23 Generating a Certificate Signing Request (CSR) for a Unified Communications Proxy16-24 Saving the Identity Certificate Request16-25 Installing the ASA Identity Certificate on the Mobility Advantage Server16-26 Installing the ASA Identity Certificate on the Presence Federation and Cisco Intercompany Media Engine Servers 16-26 CHAPTER 17Configuring the Cisco Phone Proxy17-1 Information About the Cisco Phone Proxy17-1 Phone Proxy Functionality17-1 Supported Cisco UCM and IP Phones for the Phone Proxy17-3 Licensing Requirements for the Phone Proxy17-4 Prerequisites for the Phone Proxy17-6 Media Termination Instance Prerequisites17-6 Certificates from the Cisco UCM17-7 DNS Lookup Prerequisites17-7 Cisco Unified Communications Manager Prerequisites17-7 ACL Rules17-7 NAT and PAT Prerequisites17-8 Prerequisites for IP Phones on Multiple Interfaces17-9 7960 and 7940 IP Phones Support17-9 Cisco IP Communicator Prerequisites17-10 Prerequisites for Rate Limiting TFTP Requests17-10 End-User Phone Provisioning17-11 Phone Proxy Guidelines and Limitations17-12 Configuring the Phone Proxy17-14 Task Flow for Configuring the Phone Proxy17-14 Creating the CTL File17-15
Contents 12 Cisco ASA Series Firewall ASDM Configuration Guide Adding or Editing a Record Entry in a CTL File17-16 Creating the Media Termination Instance17-17 Creating the Phone Proxy Instance17-18 Adding or Editing the TFTP Server for a Phone Proxy17-20 Configuring Linksys Routers with UDP Port Forwarding for the Phone Proxy17-21 Feature History for the Phone Proxy17-22 CHAPTER 18Configuring the TLS Proxy for Encrypted Voice Inspection18-1 Information about the TLS Proxy for Encrypted Voice Inspection18-1 Decryption and Inspection of Unified Communications Encrypted Signaling18-2 Supported Cisco UCM and IP Phones for the TLS Proxy18-3 Licensing for the TLS Proxy 18-4 Prerequisites for the TLS Proxy for Encrypted Voice Inspection18-6 Configuring the TLS Proxy for Encrypted Voice Inspection18-6 CTL Provider18-6 Add/Edit CTL Provider18-7 Configure TLS Proxy Pane18-8 Adding a TLS Proxy Instance18-9 Add TLS Proxy Instance Wizard – Server Configuration18-9 Add TLS Proxy Instance Wizard – Client Configuration18-10 Add TLS Proxy Instance Wizard – Other Steps18-12 Edit TLS Proxy Instance – Server Configuration18-13 Edit TLS Proxy Instance – Client Configuration18-14 TLS Proxy18-16 Feature History for the TLS Proxy for Encrypted Voice Inspection18-17 CHAPTER 19Configuring Cisco Mobility Advantage19-1 Information about the Cisco Mobility Advantage Proxy Feature19-1 Cisco Mobility Advantage Proxy Functionality19-1 Mobility Advantage Proxy Deployment Scenarios19-2 Trust Relationships for Cisco UMA Deployments 19-4 Licensing for the Cisco Mobility Advantage Proxy Feature 19-6 Configuring Cisco Mobility Advantage19-6 Task Flow for Configuring Cisco Mobility Advantage19-7 Feature History for Cisco Mobility Advantage19-7 CHAPTER 20Configuring Cisco Unified Presence20-1 Information About Cisco Unified Presence20-1
Contents 13 Cisco ASA Series Firewall ASDM Configuration Guide Architecture for Cisco Unified Presence for SIP Federation Deployments20-1 Trust Relationship in the Presence Federation 20-4 Security Certificate Exchange Between Cisco UP and the Security Appliance20-5 XMPP Federation Deployments20-5 Configuration Requirements for XMPP Federation20-6 Licensing for Cisco Unified Presence20-7 Configuring Cisco Unified Presence Proxy for SIP Federation20-8 Task Flow for Configuring Cisco Unified Presence Federation Proxy for SIP Federation20-9 Feature History for Cisco Unified Presence20-9 CHAPTER 21Configuring Cisco Intercompany Media Engine Proxy21-1 Information About Cisco Intercompany Media Engine Proxy21-1 Features of Cisco Intercompany Media Engine Proxy21-1 How the UC-IME Works with the PSTN and the Internet21-2 Tickets and Passwords21-3 Call Fallback to the PSTN21-5 Architecture and Deployment Scenarios for Cisco Intercompany Media Engine21-5 Licensing for Cisco Intercompany Media Engine21-8 Guidelines and Limitations21-9 Configuring Cisco Intercompany Media Engine Proxy21-11 Task Flow for Configuring Cisco Intercompany Media Engine21-11 Configuring NAT for Cisco Intercompany Media Engine Proxy21-12 Configuring PAT for the Cisco UCM Server21-14 Creating ACLs for Cisco Intercompany Media Engine Proxy21-16 Creating the Media Termination Instance21-17 Creating the Cisco Intercompany Media Engine Proxy21-18 Creating Trustpoints and Generating Certificates21-21 Creating the TLS Proxy21-24 Enabling SIP Inspection for the Cisco Intercompany Media Engine Proxy21-25 (Optional) Configuring TLS within the Local Enterprise21-27 (Optional) Configuring Off Path Signaling21-30 Configuring the Cisco UC-IMC Proxy by using the UC-IME Proxy Pane21-31 Configuring the Cisco UC-IMC Proxy by using the Unified Communications Wizard21-33 Feature History for Cisco Intercompany Media Engine Proxy21-37 PART 6Configuring Connection Settings and QoS
Contents 14 Cisco ASA Series Firewall ASDM Configuration Guide CHAPTER 22Configuring Connection Settings22-1 Information About Connection Settings22-1 TCP Intercept and Limiting Embryonic Connections22-2 Disabling TCP Intercept for Management Packets for Clientless SSL Compatibility22-2 Dead Connection Detection (DCD)22-2 TCP Sequence Randomization22-3 TCP Normalization22-3 TCP State Bypass22-3 Licensing Requirements for Connection Settings22-4 Guidelines and Limitations22-5 Default Settings22-5 Configuring Connection Settings22-6 Task Flow For Configuring Connection Settings22-6 Customizing the TCP Normalizer with a TCP Map22-6 Configuring Connection Settings22-8 Configuring Global Timeouts22-9 Feature History for Connection Settings22-11 CHAPTER 23Configuring QoS23-1 Information About QoS23-1 Supported QoS Features23-2 What is a Token Bucket?23-2 Information About Policing23-3 Information About Priority Queuing23-3 Information About Traffic Shaping23-4 How QoS Features Interact23-4 DSCP and DiffServ Preservation23-5 Licensing Requirements for QoS23-5 Guidelines and Limitations23-5 Configuring QoS23-6 Determining the Queue and TX Ring Limits for a Standard Priority Queue23-7 Configuring the Standard Priority Queue for an Interface23-8 Configuring a Service Rule for Standard Priority Queuing and Policing23-9 Configuring a Service Rule for Traffic Shaping and Hierarchical Priority Queuing23-10 Monitoring QoS23-11 Viewing QoS Police Statistics23-12 Viewing QoS Standard Priority Statistics23-12 Viewing QoS Shaping Statistics23-13
Contents 15 Cisco ASA Series Firewall ASDM Configuration Guide Viewing QoS Standard Priority Queue Statistics23-13 Feature History for QoS23-14 CHAPTER 24Troubleshooting Connections and Resources24-1 Testing Your Configuration24-1 Pinging ASA Interfaces24-1 Verifying ASA Configuration and Operation, and Testing Interfaces Using Ping24-3 Determining Packet Routing with Traceroute24-6 Tracing Packets with Packet Tracer24-7 Monitoring Performance24-8 Monitoring System Resources24-9 Blocks24-9 CPU24-10 Memory24-10 Monitoring Connections24-11 Monitoring Per-Process CPU Usage24-12 PART 7Configuring Advanced Network Protection CHAPTER 25Configuring the ASA for Cisco Cloud Web Security25-1 Information About Cisco Cloud Web Security25-2 Redirection of Web Traffic to Cloud Web Security25-2 User Authentication and Cloud Web Security25-2 Authentication Keys25-3 ScanCenter Policy25-4 Cloud Web Security Actions25-5 Bypassing Scanning with Whitelists25-6 IPv4 and IPv6 Support25-6 Failover from Primary to Backup Proxy Server25-6 Licensing Requirements for Cisco Cloud Web Security25-6 Prerequisites for Cloud Web Security25-7 Guidelines and Limitations25-7 Default Settings25-8 Configuring Cisco Cloud Web Security25-8 Configuring Communication with the Cloud Web Security Proxy Server25-8 (Multiple Context Mode) Allowing Cloud Web Security Per Security Context25-10 Configuring a Service Policy to Send Traffic to Cloud Web Security25-10 (Optional) Configuring Whitelisted Traffic25-23
Contents 16 Cisco ASA Series Firewall ASDM Configuration Guide (Optional) Configuring the User Identity Monitor25-25 Configuring the Cloud Web Security Policy25-26 Monitoring Cloud Web Security25-26 Related Documents25-27 Feature History for Cisco Cloud Web Security25-27 CHAPTER 26Configuring the Botnet Traffic Filter26-1 Information About the Botnet Traffic Filter26-1 Botnet Traffic Filter Address Types26-2 Botnet Traffic Filter Actions for Known Addresses26-2 Botnet Traffic Filter Databases26-2 How the Botnet Traffic Filter Works26-5 Licensing Requirements for the Botnet Traffic Filter26-6 Prerequisites for the Botnet Traffic Filter26-6 Guidelines and Limitations26-6 Default Settings26-6 Configuring the Botnet Traffic Filter26-7 Task Flow for Configuring the Botnet Traffic Filter26-7 Configuring the Dynamic Database26-8 Adding Entries to the Static Database26-9 Enabling DNS Snooping26-9 Enabling Traffic Classification and Actions for the Botnet Traffic Filter26-10 Blocking Botnet Traffic Manually26-12 Searching the Dynamic Database26-13 Monitoring the Botnet Traffic Filter26-14 Botnet Traffic Filter Syslog Messaging26-14 Botnet Traffic Filter Monitor Panes 26-15 Where to Go Next26-16 Feature History for the Botnet Traffic Filter26-16 CHAPTER 27Configuring Threat Detection27-1 Information About Threat Detection27-1 Licensing Requirements for Threat Detection27-1 Configuring Basic Threat Detection Statistics27-2 Information About Basic Threat Detection Statistics27-2 Guidelines and Limitations27-3 Default Settings27-3 Configuring Basic Threat Detection Statistics27-4
Contents 17 Cisco ASA Series Firewall ASDM Configuration Guide Monitoring Basic Threat Detection Statistics27-4 Feature History for Basic Threat Detection Statistics27-5 Configuring Advanced Threat Detection Statistics27-5 Information About Advanced Threat Detection Statistics27-5 Guidelines and Limitations27-5 Default Settings27-6 Configuring Advanced Threat Detection Statistics27-6 Monitoring Advanced Threat Detection Statistics27-7 Feature History for Advanced Threat Detection Statistics27-8 Configuring Scanning Threat Detection27-8 Information About Scanning Threat Detection27-9 Guidelines and Limitations27-9 Default Settings27-10 Configuring Scanning Threat Detection27-10 Feature History for Scanning Threat Detection27-11 CHAPTER 28Using Protection Tools28-1 Preventing IP Spoofing28-1 Configuring the Fragment Size28-2 Show Fragment28-2 Configuring TCP Options28-3 TCP Reset Settings28-4 Configuring IP Audit for Basic IPS Support28-5 IP Audit Policy28-5 Add/Edit IP Audit Policy Configuration28-5 IP Audit Signatures28-6 IP Audit Signature List28-6 CHAPTER 29Configuring Filtering Services29-1 Information About Web Traffic Filtering29-1 Filtering URLs and FTP Requests with an External Server29-2 Information About URL Filtering29-2 Licensing Requirements for URL Filtering29-3 Guidelines and Limitations for URL Filtering29-3 Identifying the Filtering Server29-3 Configuring Additional URL Filtering Settings29-4 Configuring Filtering Rules29-6 Filtering the Rule Table29-11 Defining Queries29-12
Contents 18 Cisco ASA Series Firewall ASDM Configuration Guide Feature History for URL Filtering29-12 PART 8Configuring Modules CHAPTER 30Configuring the ASA CX Module30-1 Information About the ASA CX Module30-1 How the ASA CX Module Works with the ASA30-2 Monitor-Only Mode30-3 Information About ASA CX Management30-4 Information About Authentication Proxy30-5 Information About VPN and the ASA CX Module30-5 Compatibility with ASA Features30-5 Licensing Requirements for the ASA CX Module30-6 Prerequisites30-6 Guidelines and Limitations30-6 Default Settings30-8 Configuring the ASA CX Module30-8 Task Flow for the ASA CX Module30-8 Connecting the ASA CX Management Interface30-9 (ASA 5512-X through ASA 5555-X; May Be Required) Installing the Software Module30-12 (ASA 5585-X) Changing the ASA CX Management IP Address30-14 Configuring Basic ASA CX Settings at the ASA CX CLI30-16 Configuring the Security Policy on the ASA CX Module Using PRSM30-17 (Optional) Configuring the Authentication Proxy Port30-18 Redirecting Traffic to the ASA CX Module30-19 Managing the ASA CX Module30-23 Resetting the Password30-23 Reloading or Resetting the Module30-24 Shutting Down the Module30-25 (ASA 5512-X through ASA 5555-X) Uninstalling a Software Module Image30-26 (ASA 5512-X through ASA 5555-X) Sessioning to the Module From the ASA30-26 Monitoring the ASA CX Module30-27 Showing Module Status30-28 Showing Module Statistics30-28 Monitoring Module Connections30-28 Capturing Module Traffic30-32 Troubleshooting the ASA CX Module30-32 Problems with the Authentication Proxy30-32