Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] capture command capturing debug command output IPS traffic on hub on MPLS IP IDS on RSPAN on SPAN on VACL packets on FWSM sniffer traces "cascade" replication case studies Hairpinning, configuring PEAP configuration 2nd RADIUS configuration on Cisco IOS routers troubleshooting VPDN on Cisco IOS routers user permissions on Router MC ACS roles 2nd CiscoWorks Server roles VPDN configuration on Cisco IOS routers Catalyst 2900/3500XL switches, configuring IPS traffic capture with SPAN Catalyst 2900/3600XL switches, configuring SPAN Catalyst 2950 switches, configuring IPS traffic capture with SPAN Catalyst 2950/3550 and 3750 switches, configuring SPAN Catalyst 3550 switches, configuring IPS traffic capture with SPAN Catalyst 3750 switches, configuring IPS traffic capture with SPAN Catalyst 4000/6000 switches running CatOS, configuring SPAN Catalyst 4000/6000 switches running Native IOS, configuring SPAN Catalyst 6500, IDSM-2 blade Command and Control port, configuring event generation, troubleshooting front panel indicator lights hardware issues on CatOS, troubleshooting hardware issues on Native IOS, troubleshooting hardware requirements installing Maintenance Partition, upgrading Promiscuous mode configuring troubleshooting re-imaging removing from switch serial cable, connecting signature update, installing slot assignment sniffing ports supported ports TCP reset upgrading to version 5.x user passwords, recovering VACL Capture versus IDS Appliance categorizing CS ACS problem areas CatOS, Native IOS show commands CBAC (Context-Based Access Control) Active FTP connections, handling anti-spoofing configuration, best practices asymmetric routing, troubleshooting Cisco IOS code base, upgrading connection states connectivity, troubleshooting CPU utilization, verifying FAQs half-open connections, manipulating threshold values HTTP inspection, verifying dropped packets interaction with IPsec interoperability with NAT IP fragmentation, mitigating Java blocking, configuring misconfigured ACLs, troubleshooting misconfigured IP inspection, troubleshooting misconfigured NAT, troubleshooting multi-channel protocols inspecting 2nd securing packet drops, troubleshooting packet flow across routers performance, troubleshooting protecting inside network router security configuration, best practices single channel protocol inspection application-layer protocols ICMP SMTP UDP switching path, troubleshooting performance issues TCP SYN flood attacks, mitigating troubleshooting UDP connection timeout, selecting UDP inspection, troubleshooting URL filtering configuring troubleshooting CEP (Certificate Enrollment Protocol), PKI configuring troubleshooting CFG directory (CSA MC) challenge-response-based authentication changing database maximum event limit check pointing CiscoWorks Common Services database checking status of Firewall MC processes CIDEE (Cisco Intrusion Detection Event Exchange) CIFS access, configuring on VPN 3000 Concentrator series circular blocks Cisco AV-Pairs Cisco IOS routers AAA accounting, configuring Auth-proxy, troubleshooting command authorization dial-up networking, troubleshooting exec authorization router management, troubleshooting VPDN case study X-Auth, troubleshooting IPsec VPNs PKI, troubleshooting Remote Access client VPN connections, troubleshooting NM-CIDS, managing RADIUS configuration, case study VPDN troubleshooting, case study VPNs, DMVPN Cisco IOS Software, upgrading code base on CBAC routers Cisco PIX firewalls [See PIX firewalls.] Cisco Secure ACS mode (CiscoWorks Common Services) Cisco Security Agent Management Center (CSA MC) license key Cisco switches AAA 802.1x FAQs authorization, troubleshooting IBNS PEAP configuration, case study switch management 2nd IBNSs IEEE 802.1x framework CiscoWorks Common Services database backing up FAQs installing database management minimum requirements problems, troubleshooting user management issues license key, upgrading licenses, troubleshooting managing, best practices MDCSUPPORT files collected by MDCSupportInformation.zip file, file summary Privileges resolving DNS errors restore procedures 2nd Roles running on multi-homed machines user authentication, case study user management CiscoWorks Common Services Desktop, launching on browser CiscoWorks MDCSupportInformation.zip, file contents classifier clear crypto sa command CLI (command-line interface) IPS sensors, licensing clientless SSL VPN mode (VPN 3000 Concentrator series) configuring troubleshooting closing NM-CIDS sessions cluster redundancy on VPN 3000 Concentrator series collecting MDCSupport file on Windows platform combined sensor mode (IPS) Command and Control port on IDSM-2 5-minute output rate, checking configuring on NM-CIDS configuring command authorization, troubleshooting on Cisco routers commands capture clear crypto sa debug debug aaa accounting debug aaa authentication debug aaa authorization debug application-protocol debug commands, FWSM-related debug fixup tcp|udp debug icmp trace debug ip inspect debug pix process debug sanity debug tunnel diagnostic level complete for PIX flash file system intrusion-detection module ip port-map iplog nslookup packet ping recover application-partition service-module, connecting to NM-CIDS show aaa servers show aaa user show accounting show asp drop show authorization show blocks show commands for IPsec Phase 1 tunnel negotiations for IPsec Phase 2 tunnel negotiations FWSM-related show configuration show connection show cpu usage show crypto ipsec show crypto map show dot1x all show dot1x statistics show events show interfaces show ip inspect show local-host show localusers show module show output filters show radius show radius statistics show running config 2nd show running logging show security acl show service-policy 2nd show span show statistics show tacacs 2nd show tech-support 2nd show test show traffic show trunk show users show version 2nd 3rd 4th show vlan brief show xlate tcpdump telnet time-range traceroute winmsd common services license key commonly asked questions [See 802.1x, FAQs.] communication architecture for CSA MC of Firewall MC of Router MC on IDS MC communication protocols RADIUS authentication operation authorization operation configuring, case study TACACS+ AAA packet flows accounting operation authentication operation authorization operation versus RADIUS compacting CiscoWorks Common Services database CS ACS database CSA MC database comparing RADIUS and TACACS+ compilation process for ACLs on FWSM components of CSA 2nd Conduit to Access-list Converter configuration files for VPN 3000 Concentrator series sysvars.cf configuring AAA best practices on Cisco switches, enable password authentication accounting on Cisco IOS routers on Cisco switches active/active failover on PIX Firewall alerts audits auth-proxy basic router security, best practices blocking CBAC anti-spoofing, best practices clientless SSL VPN mode on VPN 3000 Concentrator series Command and Control interface (NM-CIDS) connectivity on FWSM on PIX Firewall CS ACS AAA Client definition for VPN 3K domain controller mode replication 2nd email notification Firewall MC, Recovery Server FWSM failover multiple SVI interfaces 2nd GRE over IPsec Hairpinning IDM sensors, trusted hosts IDS MC, best practices IDSM-2 Command and Control port Promiscuous mode IPS sensor, Inline mode IPsec LAN-to-LAN VPN tunnels 2nd crypto maps, creating transform sets tunnel groups IPsec over TCP Java blocking LAN-to-LAN tunnels on VPN 3000 Concentrator series LLQ on PIX Firewall local user authentication on VPN 3K login authentication MAPI Proxy on VPN 3000 Concentrator MBS MPLS IP IDS, IPS traffic capture NARs 2nd NAT-T NDS database with CS ACS troubleshooting NM-CIDS, time stamping packet capturing on NM-CIDS PEAP case study 2nd Machine Authentication PIX Firewall multiple context mode policing Remote Access VPN PKI RADIUS dynamic filters on Cisco IOS routers, case study Remote Access VPN connections on VPN 3000 Concentrator series RSPAN, IPS traffic capture sensors on IDS MC shunning, case study SPAN IPS traffic capture on Catalyst 2900/3600XL on Catalyst 2950/3550 and 3750 on Catalyst 4000/6000 running CatOS on Catalyst 4000/6000 running Native IOS Split Tunneling SSL VPN on VPN 3000 Concentrator, Thick Client mode syslog on PIX Firewall TACACS+ on VPN 3K traceback on PIX Firewall transparent firewalls on PIX Firewall URL filtering VACL, IPS traffic capture VPN 3000 Concentrator series Cisco Secure ACS event classes group authentication with RADIUS Group feature Group Lock feature local group and user authentication RADIUS Server Windows NT/2000 Authentication, Unknown User Policy connecting IPS sensor to network serial cable to IDSM-2 to NM-CIDS console connection block connection states, CBAC connectivity on CBAC, troubleshooting on FWSM configuring troubleshooting 2nd on IPS sensors, troubleshooting on PIX Firewall configuring displaying details troubleshooting testing with ping command console access to NM-CIDS, troubleshooting console port (NM-CIDS) Context-Based Access Control [See CBAC (Context-Based Access Control).] CONTINUE packets (TACACS+) control connection cooperation between SecOP and NetOP personnel core dumps generating with Flash disk with FTP with rcp with TFTP testing configuration of corrupt IDS MC licenses, troubleshooting CP (control plane), FWSM architecture CPU utilization on CBAC, verifying on FWSM, troubleshooting on PIX Firewall displaying troubleshooting Cr directory (CSA MC) creating buffer overflow exclusions crypto maps for LAN-to-LAN tunnels database rules DMVPN spoke-to-spoke tunnels dump text files dynamic crypto maps exceptions securitylog.txt file transform sets CRSHDUMP.TXT file Crypto Errors (CS ACS), resolving crypto maps, creating for LAN-to-LAN tunnels crypto socket creation problems (NHRP), troubleshooting cryptographic algorithms cryptographic-based authentication (EAP) CS ACS (Cisco Secure Access Control Server) AAA Client definition for VPN 3K, configuring Active Directory integration application-specific roles as proxy server associated registries backing up best practices categorizing problem areas configuring database, compacting default NAS, adding domain controller mode, configuring domain stripping external user database integration, required components FAQs GUI, recovering lost passwords installing on Windows platform "Logged in Users" report NARs configuring 2nd troubleshooting NASs, bulk importing Novell IDS integration troubleshooting packet flow password encryption RADIUS Server, communicating with VPN 3K replication configuring 2nd troubleshooting SDI integration troubleshooting services, CSAdmin setup procedures for Router MC Shared File Components uninstalling upgrading on Windows platform user names, defining user/NAS import options exporting user and group information importing NAS to CS ACS database importing users to existing database users, deleting CSA Agent application issues, troubleshooting communication with CSA MC, troubleshooting csainfo.bat utility debug mode, turning on disk usage, monitoring installation minimum requirements troubleshooting 2nd license, procuring log files policies polling issues, troubleshooting registration, troubleshooting removing from Windows systems rtrformat utility shims, disabling software, procuring stopping service update issues, troubleshooting CSA MC (Cisco Security Agent Management Console) communication architecture database compacting manual backups, performing purging events from repairing restoring database maintenance default installation directory directory structure disaster recovery DRP installation best practices minimum requirements troubleshooting launching problems with, troubleshooting slow launches, troubleshooting license key, installing licenses importing procuring troubleshooting local database installation, troubleshooting log directory log files management model manually removing components registration remote database installation, troubleshooting uninstalling upgrading on same system on separate system CSAdmin csainfo.bat utility csalog.txt file csauser.dll, disabling CSAuth CSDBSync CSLog CSMon CSRadius service CSSupport utility, files included in Package.cab file CSTacacs service csutil.exe 2nd options |