2. Computers & electronics
  3. Software
  4. Cisco
  5. 5505 - ASA Firewall Edition Bundle

Cisco 5505 - ASA Firewall Edition Bundle, 5520 - ASA IPS Edition Bundle, ASA 5540, ASA 5550 Series, ASA 5580, Cisco ASA 5510 Configuration manual

  • Hello! I am an AI chatbot trained to assist you with the Cisco 5505 - ASA Firewall Edition Bundle Configuration manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco ASA 5500 Series Configuration
Guide using ASDM
Software Version 6.3, for use with Cisco ASA 5500 Version 8.3
Customer Order Number: N/A, Online only
Text Part Number: OL-20339-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1005R)
Cisco ASA 5500 Series Configuration Guide using ASDM
Copyright © 2010 Cisco Systems, Inc. All rights reserved.
iii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
CONTENTS
About This Guide lix
Document Objectives lix
Audience lix
Related Documentation lx
Document Conventions lx
Obtaining Documentation, Obtaining Support, and Security Guidelines lx
PART
1 Getting Started and General Information
CHAPTER
1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance 1-1
ASDM Client Operating System and Browser Requirements 1-1
ASA 5500 Model Support 1-2
Module Support 1-2
VPN Specifications 1-3
New Features 1-3
New Features in Version 6.3(2)/8.3(2) 1-3
New Features in Version 6.3(1)/8.3(1) 1-6
Unsupported Commands 1-13
Ignored and View-Only Commands 1-13
Effects of Unsupported Commands 1-14
Discontinuous Subnet Masks Not Supported 1-14
Interactive User Commands Not Supported by the ASDM CLI Tool 1-14
Firewall Functional Overview 1-15
Security Policy Overview 1-15
Permitting or Denying Traffic with Access Rules 1-16
Applying NAT 1-16
Protecting from IP Fragments 1-16
Using AAA for Through Traffic 1-16
Applying HTTP, HTTPS, or FTP Filtering 1-16
Applying Application Inspection 1-16
Sending Traffic to the Advanced Inspection and Prevention Security Services Module 1-16
Sending Traffic to the Content Security and Control Security Services Module 1-17
Applying QoS Policies 1-17
Applying Connection Limits and TCP Normalization 1-17
Contents
iv
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Enabling Threat Detection 1-17
Enabling the Botnet Traffic Filter 1-17
Configuring Cisco Unified Communications 1-18
Firewall Mode Overview 1-18
Stateful Inspection Overview 1-18
VPN Functional Overview 1-19
Security Context Overview 1-20
CHAPTER
2 Getting Started 2-1
Configuring the Security Appliance for ASDM Access 2-1
Starting ASDM 2-1
Downloading the ASDM Launcher 2-2
Starting ASDM from the ASDM Launcher 2-2
Using ASDM in Demo Mode 2-3
Starting ASDM from a Web Browser 2-4
Multiple ASDM Session Support 2-5
Factory Default Configurations 2-5
Restoring the Factory Default Configuration 2-5
ASA 5505 Default Configuration 2-6
ASA 5510 and Higher Default Configuration 2-7
Getting Started With the Configuration 2-8
Using the Command Line Interface 2-8
Using the Command Line Interface Tool 2-9
Handling Command Errors 2-9
Using Interactive Commands 2-9
Avoiding Conflicts with Other Administrators 2-10
Showing Commands Ignored by ASDM on the Device 2-10
CHAPTER
3 Using the ASDM User Interface 3-1
Information About the ASDM User Interface 3-1
Navigating in the ASDM User Interface 3-3
Menus 3-4
File Menu 3-4
View Menu 3-5
Tools Menu 3-6
Wizards Menu 3-8
Window Menu 3-9
Help Menu 3-9
Contents
v
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Toolbar 3-10
ASDM Assistant 3-10
Status Bar 3-11
Connection to Device 3-11
Device List 3-11
Common Buttons 3-12
Keyboard Shortcuts 3-13
Enabling Extended Screen Reader Support 3-14
Organizational Folder 3-15
About the Help Window 3-15
Header Buttons 3-15
Browser Window 3-15
Home Pane (Single Mode and Context) 3-16
Device Dashboard Tab 3-16
Device Information Pane 3-17
Interface Status Pane 3-17
VPN Sessions Pane 3-17
Failover Status Pane 3-18
System Resources Status Pane 3-18
Traffic Status Pane 3-18
Latest ASDM Syslog Messages Pane 3-18
Firewall Dashboard Tab 3-19
Traffic Overview Pane 3-20
Top 10 Access Rules Pane 3-20
Top Usage Status Pane 3-20
Top Ten Protected Servers Under SYN Attack Pane 3-21
Top 200 Hosts Pane 3-21
Top Botnet Traffic Filter Hits Pane 3-21
Content Security Tab 3-21
Intrusion Prevention Tab 3-22
Home Pane (System) 3-24
CHAPTER
4 Managing Feature Licenses 4-1
Supported Feature Licenses Per Model 4-1
Licenses Per Model 4-2
License Notes 4-9
VPN License and Feature Compatibility 4-11
Information About Feature Licenses 4-11
Contents
vi
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Preinstalled License 4-12
Permanent License 4-12
Time-Based Licenses 4-12
Time-Based License Activation Guidelines 4-12
How the Time-Based License Timer Works 4-12
How Permanent and Time-Based Licenses Combine 4-13
Stacking Time-Based Licenses 4-14
Time-Based License Expiration 4-14
Shared SSL VPN Licenses 4-14
Information About the Shared Licensing Server and Participants 4-15
Communication Issues Between Participant and Server 4-16
Information About the Shared Licensing Backup Server 4-16
Failover and Shared Licenses 4-17
Maximum Number of Participants 4-18
Failover Licenses 4-19
Failover License Requirements 4-19
How Failover Licenses Combine 4-19
Loss of Communication Between Failover Units 4-20
Upgrading Failover Pairs 4-20
Licenses FAQ 4-20
Guidelines and Limitations 4-21
Viewing Your Current License 4-23
Obtaining an Activation Key 4-23
Activating or Deactivating Keys 4-24
Configuring a Shared License 4-25
Configuring the Shared Licensing Server 4-25
Configuring the Shared Licensing Participant and the Optional Backup Server 4-26
Monitoring the Shared License 4-27
Feature History for Licensing 4-27
CHAPTER
5 Configuring the Transparent or Routed Firewall 5-1
Configuring the Firewall Mode 5-1
Information About the Firewall Mode 5-1
Information About Routed Firewall Mode 5-2
Information About Transparent Firewall Mode 5-2
Licensing Requirements for the Firewall Mode 5-4
Default Settings 5-4
Guidelines and Limitations 5-5
Setting the Firewall Mode 5-7
Contents
vii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Configuring ARP Inspection for the Transparent Firewall 5-8
Information About ARP Inspection 5-8
Licensing Requirements for ARP Inspection 5-8
Default Settings 5-9
Guidelines and Limitations 5-9
Configuring ARP Inspection 5-9
Task Flow for Configuring ARP Inspection 5-9
Adding a Static ARP Entry 5-9
Enabling ARP Inspection 5-10
Feature History for ARP Inspection 5-11
Customizing the MAC Address Table for the Transparent Firewall 5-11
Information About the MAC Address Table 5-11
Licensing Requirements for the MAC Address Table 5-12
Default Settings 5-12
Guidelines and Limitations 5-12
Configuring the MAC Address Table 5-13
Adding a Static MAC Address 5-13
Disabling MAC Address Learning 5-13
Feature History for the MAC Address Table 5-14
Firewall Mode Examples 5-14
How Data Moves Through the Security Appliance in Routed Firewall Mode 5-14
An Inside User Visits a Web Server 5-15
An Outside User Visits a Web Server on the DMZ 5-16
An Inside User Visits a Web Server on the DMZ 5-17
An Outside User Attempts to Access an Inside Host 5-18
A DMZ User Attempts to Access an Inside Host 5-19
How Data Moves Through the Transparent Firewall 5-20
An Inside User Visits a Web Server 5-21
An Inside User Visits a Web Server Using NAT 5-22
An Outside User Visits a Web Server on the Inside Network 5-23
An Outside User Attempts to Access an Inside Host 5-24
PART
2 Setting up the Adaptive Security Appliance
CHAPTER
6 Configuring Multiple Context Mode 6-1
Information About Security Contexts 6-1
Common Uses for Security Contexts 6-2
Context Configuration Files 6-2
Context Configurations 6-2
Contents
viii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
System Configuration 6-2
Admin Context Configuration 6-2
How the Security Appliance Classifies Packets 6-3
Valid Classifier Criteria 6-3
Classification Examples 6-4
Cascading Security Contexts 6-6
Management Access to Security Contexts 6-7
System Administrator Access 6-7
Context Administrator Access 6-8
Information About Resource Management 6-8
Resource Limits 6-8
Default Class 6-9
Class Members 6-10
Information About MAC Addresses 6-11
Default MAC Address 6-11
Interaction with Manual MAC Addresses 6-11
Failover MAC Addresses 6-11
MAC Address Format 6-11
Licensing Requirements for Multiple Context Mode 6-12
Guidelines and Limitations 6-12
Default Settings 6-13
Configuring Multiple Contexts 6-13
Task Flow for Configuring Multiple Context Mode 6-13
Enabling or Disabling Multiple Context Mode 6-14
Enabling Multiple Context Mode 6-14
Restoring Single Context Mode 6-14
Configuring a Class for Resource Management 6-15
Configuring a Security Context 6-17
Automatically Assigning MAC Addresses to Context Interfaces 6-19
Monitoring Security Contexts 6-20
Monitoring Context Resource Usage 6-20
Viewing Assigned MAC Addresses 6-21
Viewing MAC Addresses in the System Configuration 6-21
Viewing MAC Addresses Within a Context 6-22
Feature History for Multiple Context Mode 6-23
CHAPTER
7 Using the Startup Wizard 7-1
Information About the Startup Wizard 7-1
Licensing Requirements for the Startup Wizard 7-1
Contents
ix
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Prerequisites for the Startup Wizard 7-2
Guidelines and Limitations 7-2
Startup Wizard Screens for ASA 5500 Series Adaptive Security Appliances 7-3
Startup Wizard Screens for the ASA 5505 Adaptive Security Appliance 7-3
Step 1 - Starting Point or Welcome 7-4
Step 2 - Basic Configuration 7-5
Step 3 - Time Zone and Clock Configuration 7-5
Step 4 - Auto Update Server 7-6
Step 5 - Management IP Address Configuration 7-6
Step 6 - Interface Selection 7-6
Step 7 - Switch Port Allocation 7-7
Step 8 - Interface IP Address Configuration 7-8
Step 9 - Internet Interface Configuration - PPPoE 7-8
Step 10 - Business Interface Configuration - PPPoE 7-9
Step 11 - Home Interface Configuration - PPPoE 7-10
Step 12 - General Interface Configuration 7-10
Step 13 - Static Routes 7-11
Adding or Editing Static Routes 7-11
Step 14 - DHCP Server 7-11
Step 15 - Address Translation (NAT/PAT) 7-12
Step 16 - Administrative Access 7-13
Adding or Editing Administrative Access Entry 7-13
Step 17 - Easy VPN Remote Configuration 7-14
Step 18 - Startup Wizard Summary 7-16
Other Interfaces Configuration 7-16
Editing Interfaces 7-16
Configuring IPv6 Neighbor Discovery 7-18
Configuring Neighbor Solicitation Messages 7-18
Configuring the Neighbor Solicitation Message Interval 7-19
Configuring the Neighbor Reachable Time 7-19
Configuring DAD Settings 7-20
Configuring IPv6 Addresses on an Interface 7-21
Configuring IPv6 Prefixes on an Interface 7-21
Configuring Router Advertisement Messages 7-22
Configuring the Router Advertisement Transmission Interval 7-23
Configuring the Router Lifetime Value 7-24
Suppressing Router Advertisement Messages 7-25
Configuring IPv6 Static Neighbors 7-25
Adding an IPv6 Static Neighbor 7-25
Contents
x
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Editing Static Neighbors 7-26
Deleting Static Neighbors 7-26
Viewing and Clearing Dynamic Neighbors 7-27
Interface Configuration 7-27
Outside Interface Configuration - PPPoE 7-27
Outside Interface Configuration 7-28
Feature History for the Startup Wizard 7-29
CHAPTER
8 Configuring Interfaces 8-1
Information About Interfaces 8-1
ASA 5505 Interfaces 8-2
Understanding ASA 5505 Ports and Interfaces 8-2
Maximum Active VLAN Interfaces for Your License 8-2
VLAN MAC Addresses 8-4
Power over Ethernet 8-4
Monitoring Traffic Using SPAN 8-4
ASA 5580 Interfaces 8-5
Auto-MDI/MDIX Feature 8-5
Security Levels 8-5
Dual IP Stack 8-6
Management Interface (ASA 5510 and Higher) 8-6
Licensing Requirements for Interfaces 8-6
Guidelines and Limitations 8-7
Default Settings 8-8
Starting Interface Configuration (ASA 5510 and Higher) 8-9
Task Flow for Starting Interface Configuration 8-9
Enabling the Physical Interface and Configuring Ethernet Parameters 8-10
Configuring a Redundant Interface 8-12
Configuring a Redundant Interface 8-12
Changing the Active Interface 8-14
Configuring VLAN Subinterfaces and 802.1Q Trunking 8-14
Assigning Interfaces to Contexts and Automatically Assigning MAC Addresses (Multiple Context
Mode)
8-16
Starting Interface Configuration (ASA 5505) 8-16
Task Flow for Starting Interface Configuration 8-16
Configuring VLAN Interfaces 8-17
Configuring and Enabling Switch Ports as Access Ports 8-18
Configuring and Enabling Switch Ports as Trunk Ports 8-19
Completing Interface Configuration (All Models) 8-21
Contents
xi
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Task Flow for Completing Interface Configuration 8-21
Configuring General Interface Parameters 8-22
PPPoE IP Address and Route Settings 8-25
Configuring Advanced Interface Parameters 8-26
Configuring IPv6 Addressing 8-27
Configuring the Link-Local Address on an Interface (Transparent Firewall Mode) 8-30
Allowing Same Security Level Communication 8-31
Enabling Jumbo Frame Support (ASA 5580, Multiple Mode) 8-32
Monitoring Interfaces 8-32
ARP Table 8-33
DHCP 8-33
DHCP Server Table 8-33
DHCP Client Lease Information 8-33
DHCP Statistics 8-35
MAC Address Table 8-35
Dynamic ACLs 8-36
Interface Graphs 8-36
Graph/Table 8-38
PPPoE Client 8-39
Interface Connection 8-39
Track Status for 8-39
Monitoring Statistics for 8-39
Feature History for Interfaces 8-40
CHAPTER
9 Configuring Basic Settings 9-1
Configuring the Hostname, Domain Name, and Passwords 9-1
Setting the Date and Time 9-2
Setting the Date and Time Using an NTP Server 9-3
Add/Edit NTP Server Configuration 9-3
Setting the Date and Time Manually 9-5
Configuring HTTP Redirect 9-5
Edit HTTP/HTTPS Settings 9-6
Configuring the Master Passphrase 9-6
Information About the Master Passphrase 9-6
Licensing Requirements for the Master Passphrase 9-7
Guidelines and Limitations 9-7
Adding or Changing the Master Passphrase 9-7
Disabling the Master Passphrase 9-8
Recovering the Master Passphrase 9-9
Contents
xii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Feature History for the Master Passphrase 9-9
Configuring the DNS Server 9-10
Defining ASDM Preferences 9-11
Using the ASDM Assistant 9-13
Enabling History Metrics 9-13
Setting the Management IP Address for a Transparent Firewall 9-14
Information About the Management IP Address 9-14
Licensing Requirements for the Management IP Address for a Transparent Firewall 9-14
Guidelines and Limitations 9-14
Configuring the IPv4 Address 9-15
Configuring the IPv6 Address 9-16
Configuring the Global Address 9-16
Configuring the Link-Local Addresses Automatically 9-17
Configuring DAD Settings 9-17
Feature History for the Management IP Address for a Transparent Firewall 9-18
CHAPTER
10 Configuring DHCP 10-1
Information About DHCP 10-1
Licensing Requirements for DHCP 10-1
Guidelines and Limitations 10-2
Configuring DHCP Relay Services 10-2
Editing DHCP Relay Agent Settings 10-4
Adding or Editing Global DHCP Relay Server Settings 10-4
Configuring a DHCP Server 10-5
Editing DHCP Servers 10-6
Configuring Advanced DHCP Options 10-7
DHCP Monitoring 10-8
Feature History for DHCP 10-9
CHAPTER
11 Configuring Dynamic DNS 11-1
Information about DDNS 11-1
Licensing Requirements for DDNS 11-1
Guidelines and Limitations 11-2
Configuring Dynamic DNS 11-2
DDNS Monitoring 11-4
Feature History for DDNS 11-4
Contents
xiii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
CHAPTER
12 Configuring Web Cache Services Using WCCP 12-1
Information About WCCP 12-1
Guidelines and Limitations 12-1
Licensing Requirements for WCCP 12-2
Configuring WCCP Service Groups 12-3
Adding or Editing WCCP Service Groups 12-3
Configuring Packet Redirection 12-4
Adding or Editing Packet Redirection 12-4
WCCP Monitoring 12-4
Feature History for WCCP 12-5
CHAPTER
13 Configuring Objects 13-1
Configuring Network Objects and Groups 13-1
Network Object Overview 13-2
Configuring a Network Object 13-2
Configuring a Network Object Group 13-3
Using Network Objects and Groups in a Rule 13-4
Viewing the Usage of a Network Object or Group 13-4
Configuring Service Objects and Service Groups 13-5
Information about Service Objects and Service Groups 13-5
Adding and Editing a Service Object 13-6
Adding a Service Object 13-6
Editing a Service Object 13-6
Adding and Editing a Service Group 13-7
Adding a Service Group 13-7
Editing a Service Group 13-8
Browse Service Groups 13-9
Licensing Requirements for Objects and Groups 13-9
Guidelines and Limitations for Objects and Groups 13-10
Configuring Regular Expressions 13-10
Creating a Regular Expression 13-10
Building a Regular Expression 13-13
Testing a Regular Expression 13-14
Creating a Regular Expression Class Map 13-15
Configuring Time Ranges 13-15
Add/Edit Time Range 13-16
Adding a Time Range to an Access Rule 13-16
Add/Edit Recurring Time Range 13-18
Contents
xiv
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
CHAPTER
14 Configuring Public Servers 14-1
Public Server Overview 14-1
Adding a Public Server 14-2
Adding a Public Server that Enables Static NAT 14-2
Adding a Public Server that Enables Static NAT with Port Address Translation 14-2
Editing a Public Server 14-3
PART
3 Configuring ACLs
CHAPTER
15 Using the ACL Manager 15-1
Standard ACL 15-1
Extended ACL 15-2
Add/Edit/Paste ACE 15-3
CHAPTER
16 Adding a WebtypeACL 16-1
Licensing Requirements for Webtype ACLs 16-1
Guidelines and Limitations 16-1
Default Settings 16-2
Using Webtype ACLs 16-2
Task Flow for Configuring Webtype ACLs 16-2
Adding a Webtype ACL and ACE 16-2
Editing Webtype ACLs and ACEs 16-4
Deleting Webtype ACLs and ACEs 16-5
Feature History for Webtype Access Lists 16-5
CHAPTER
17 Adding a StandardACL 17-1
Information About Standard ACLs 17-1
Licensing Requirements for Standard ACLs 17-1
Guidelines and Limitations 17-1
Default Settings 17-2
Adding Standard ACLs 17-2
Using Standard ACLs 17-3
Adding a Standard ACL 17-3
Adding an ACE to a Standard ACL 17-3
Editing an ACE in a Standard ACL 17-4
Feature History for Standard ACLs 17-4
Contents
xv
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
PART
4 Configuring IP Routing
CHAPTER
18 Information About Routing 18-1
Information About Routing 18-1
Switching 18-1
Path Determination 18-2
Supported Route Types 18-2
Static Versus Dynamic 18-2
Single-Path Versus Multipath 18-3
Flat Versus Hierarchical 18-3
Link-State Versus Distance Vector 18-3
How Routing Behaves Within the Adaptive Security Appliance 18-4
Egress Interface Selection Process 18-4
Next Hop Selection Process 18-4
Supported Internet Protocols for Routing 18-5
Information About the Routing Table 18-5
Displaying the Routing Table 18-5
How the Routing Table Is Populated 18-6
Backup Routes 18-7
How Forwarding Decisions are Made 18-7
Dynamic Routing and Failover 18-8
Information About IPv6 Support 18-8
Features that Support IPv6 18-9
IPv6-Enabled Commands 18-9
IPv6 Command Guidelines in Transparent Firewall Mode 18-10
Entering IPv6 Addresses in Commands 18-10
Disabling Proxy ARPs 18-11
CHAPTER
19 Configuring Static and Default Routes 19-1
Information About Static and Default Routes 19-1
Licensing Requirements for Static and Default Routes 19-2
Guidelines and Limitations 19-2
Configuring Static and Default Routes 19-2
Configuring a Static Route 19-3
Add/Edit a Static Route 19-3
Configuring Static Route Tracking 19-6
Deleting Static Routes 19-6
Configuring a Default Static Route 19-7
Contents
xvi
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Limitations on Configuring a Default Static Route 19-7
Configuring IPv6 Default and Static Routes 19-8
Monitoring a Static or Default Route 19-8
Configuration Examples for Static or Default Routes 19-9
Feature History for Static and Default Routes 19-9
CHAPTER
20 Defining Route Maps 20-1
Route Maps Overview 20-1
Permit and Deny Clauses 20-2
Match and Set Clause Values 20-2
Licensing Requirements for Route Maps 20-3
Guidelines and Limitations 20-3
Defining a Route Map 20-4
Add/Edit a Route Map 20-4
Customizing a Route Map 20-5
Defining a Route to Match a Specific Destination Address 20-5
Configuring the Metric Values for a Route Action 20-6
Configuration Example for Route Maps 20-7
Feature History for Route Maps 20-7
CHAPTER
21 Configuring OSPF 21-1
Information About OSPF 21-1
Licensing Requirements for OSPF 21-3
Guidelines and Limitations 21-3
Configuring OSPF 21-3
Customizing OSPF 21-4
Redistributing Routes Into OSPF 21-5
Configuring Route Summarization When Redistributing Routes into OSPF 21-7
Add a Route Summary Address 21-7
Add/Edit OSPF Summary Address 21-8
Configuring Route Summarization Between OSPF Areas 21-8
Configuring OSPF Interface Parameters 21-9
Configuring OSPF Area Parameters 21-12
Configuring OSPF NSSA 21-13
Defining Static OSPF Neighbors 21-14
Configuring Route Calculation Timers 21-15
Logging Neighbors Going Up or Down 21-16
Configuring Filtering in OSPF 21-16
Contents
xvii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Configuring a Virtual Link in OSPF 21-17
Restarting the OSPF Process 21-19
Configuration Example for OSPF 21-19
Monitoring OSPF 21-20
Feature History for OSPF 21-21
CHAPTER
22 Configuring RIP 22-1
Overview 22-1
Routing Update Process 22-2
RIP Routing Metric 22-2
RIP Stability Features 22-2
RIP Timers 22-2
Licensing Requirements for RIP 22-2
Guidelines and Limitations 22-3
Configuring RIP 22-3
Enabling RIP 22-4
Customizing RIP 22-5
Configure the RIP Version 22-5
Configuring Interfaces for RIP 22-6
Editing a RIP Interface 22-6
Configuring the RIP Send and Receive Version on an Interface 22-7
Configuring Route Summarization 22-8
Filtering Networks in RIP 22-9
Adding or Editing a Filter Rule 22-10
Redistributing Routes into the RIP Routing Process 22-10
Enabling RIP Authentication 22-11
Restarting the RIP Process 22-12
Monitoring RIP 22-12
Configuration Example for RIP 22-13
Feature History for RIP 22-13
CHAPTER
23 Configuring EIGRP 23-1
Overview 23-1
Licensing Requirements for EIGRP 23-2
Guidelines and Limitations 23-2
Task List to Configure an EIGRP Process 23-3
Configuring EIGRP 23-3
Contents
xviii
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Enabling EIGRP 23-4
Enabling EIGRP Stub Routing 23-5
Customizing EIGRP 23-6
Defining a Network for an EIGRP Routing Process 23-7
Configuring Interfaces for EIGRP 23-7
Configuring Passive Interfaces 23-8
Configuring the Summary Aggregate Addresses on Interfaces 23-9
Changing the Interface Delay Value 23-10
Enabling EIGRP Authentication on an Interface 23-10
Defining an EIGRP Neighbor 23-11
Redistributing Routes Into EIGRP 23-12
Filtering Networks in EIGRP 23-13
Customizing the EIGRP Hello Interval and Hold Time 23-15
Disabling Automatic Route Summarization 23-15
Configuring Default Information in EIGRP 23-16
Disabling EIGRP Split Horizon 23-17
Restarting the EIGRP Process 23-18
Monitoring EIGRP 23-18
Configuration Example for EIGRP 23-18
Feature History for EIGRP 23-20
CHAPTER
24 Configuring Multicast Routing 24-1
Information About Multicast Routing 24-1
Stub Multicast Routing 24-2
PIM Multicast Routing 24-2
Multicast Group Concept 24-2
Multicast Addresses 24-2
Licensing Requirements for Multicast Routing 24-2
Guidelines and Limitations 24-3
Enabling Multicast Routing 24-3
Customizing Multicast Routing 24-4
Configuring Stub Multicast Routing 24-4
Configuring a Static Multicast Route 24-4
Configuring IGMP Features 24-5
Disabling IGMP on an Interface 24-6
Configuring IGMP Group Membership 24-6
Configuring a Statically Joined IGMP Group 24-7
Controlling Access to Multicast Groups 24-8
Limiting the Number of IGMP States on an Interface 24-8
Contents
xix
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Modifying the Query Messages to Multicast Groups 24-9
Changing the IGMP Version 24-9
Configuring PIM Features 24-10
Enabling and Disabling PIM on an Interface 24-10
Configuring a Static Rendezvous Point Address 24-11
Configuring the Designated Router Priority 24-12
Configuring and Filtering PIM Register Messages 24-12
Configuring PIM Message Intervals 24-13
Configuring a Route Tree 24-13
Configuring a Multicast Group 24-14
Filtering PIM Neighbors 24-14
Configuring a Bidirectional Neighbor Filter 24-15
Configuring a Multicast Boundary 24-16
Configuration Example for Multicast Routing 24-17
Additional References 24-18
Related Documents 24-19
RFCs 24-19
Feature History for Multicast Routing 24-19
CHAPTER
25 Configuring IPv6 Neighbor Discovery 25-1
Configuring Neighbor Solicitation Messages 25-1
Configuring the Neighbor Solicitation Message Interval 25-1
Information About Neighbor Solicitation Messages 25-2
Licensing Requirements for Neighbor Solicitation Messages 25-2
Guidelines and Limitations for the Neighbor Solicitation Message Interval 25-3
Default Settings for the Neighbor Solicitation Message Interval 25-3
Configuring the Neighbor Solicitation Message Interval 25-3
Feature History for the Neighbor Solicitation Message Interval 25-4
Configuring the Neighbor Reachable Time 25-4
Information About Neighbor Reachable Time 25-4
Licensing Requirements for Neighbor Reachable Time 25-4
Guidelines and Limitations for Neighbor Reachable Time 25-4
Default Settings for the Neighbor Reachable Time 25-5
Configuring Neighbor Reachable Time 25-5
Configuring DAD Settings 25-5
Configuring IPv6 Addresses on an Interface 25-6
Configuring IPv6 Prefixes on an Interface 25-7
Feature History for Neighbor Reachable Time 25-8
Configuring Router Advertisement Messages 25-8
Contents
xx
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Information About Router Advertisement Messages 25-8
Configuring the Router Advertisement Transmission Interval 25-10
Licensing Requirements for Router Advertisement Transmission Interval 25-10
Guidelines and Limitations for the Router Advertisement Transmission Interval 25-10
Default Settings for Router Advertisement Transmission Interval 25-10
Configuring Router Advertisement Transmission Interval 25-11
Feature History for the Router Advertisement Transmission Interval 25-11
Configuring the Router Lifetime Value 25-12
Licensing Requirements for the Router Lifetime Value 25-12
Guidelines and Limitations for the Router Lifetime Value 25-12
Default Settings for the Router Lifetime Value 25-12
Configuring the Router Lifetime Value 25-13
Feature History for the Router Lifetime Value 25-13
Configuring the IPv6 Prefix 25-14
Licensing Requirements for IPv6 Prefixes 25-14
Guidelines and Limitations for IPv6 Prefixes 25-14
Default Settings for IPv6 Prefixes 25-15
Configuring IPv6 Prefixes 25-15
Suppressing Router Advertisement Messages 25-16
Licensing Requirements for Suppressing Router Advertisement Messages 25-16
Guidelines and Limitations for Suppressing Router Advertisement Messages 25-16
Default Settings for Suppressing Router Advertisement Messages 25-17
Suppressing Router Advertisement Messages 25-17
Feature History for Suppressing Router Advertisement Messages 25-17
Configuring a Static IPv6 Neighbor 25-18
Information About a Static IPv6 Neighbor 25-18
Licensing Requirements for Static IPv6 Neighbor 25-18
Guidelines and Limitations 25-18
Default Settings 25-18
Configuring a Static IPv6 Neighbor 25-19
Editing Static Neighbors 25-19
Deleting Static Neighbors 25-19
Feature History for Configuring a Static IPv6 Neighbor 25-20
PART
5 Configuring Network Address Translation
CHAPTER
26 Information About NAT 26-1
Why Use NAT? 26-1
NAT Terminology 26-2
/