cisco-pix

  • View
    40

  • Download
    8

Embed Size (px)

Text of cisco-pix

Cisco PIX Firewall Command ReferenceVersion 6.3

Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100

Customer Order Number: 78-14890-01 Text Part Number: 78-14890-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0401R)

Cisco PIX Firewall Command Reference Copyright 2004 Cisco Systems, Inc. All rights reserved.

CONTENTSAbout This Guide Audienceix x x xi ix ix

Document Objectives Document Organization Document Conventions Related Documentation

Obtaining Documentation xi Cisco.com xi Documentation CD-ROM xi Ordering Documentation xi Documentation Feedback xii Obtaining Technical Assistance xii Cisco.com xii Technical Assistance Center xiii Cisco TAC Website xiii Cisco TAC Escalation Center xiii Obtaining Additional Publications and Information1xiv

CHAPTER

PIX Firewall Software Version 6.3 Commands Using PIX Firewall Commands Introduction 2-1 Tips 2-2 For more information Command Modes Ports2-3 2-6 2-7 2-3 2-1

1-1

CHAPTER

2

2-2

Protocols

Deprecated Commands3

CHAPTER

A through B Commands aaa accounting aaa authorization3-1 3-3 3-13

3-1

aaa authentication

Cisco PIX Firewall Command Reference 78-14890-01

iii

Contents

aaa mac-exempt aaa proxy-limit aaa-server access-group access-list alias arp3-40 3-43 3-45 3-46 3-18

3-16 3-17

3-23 3-25 3-38

activation-key

auth-prompt auto-update banner43-48

CHAPTER

C Commands ca4-1

4-1

ca generate rsa key capture clear clock conduit configure console copy crashinfo crypto ipsec crypto map54-34 4-38 4-11 4-14 4-20 4-22 4-29 4-33

4-10

crypto dynamic-map4-50 4-57

4-46

CHAPTER

D through F Commands debug dhcpd disable5-1 5-12 5-17 5-20 5-20 5-21

5-1

dhcprelay

domain-name dynamic-map eeprom enable5-21 5-24

Cisco PIX Firewall Command Reference

iv

78-14890-01

Contents

established exit filter flashfs fragment65-29 5-29 5-36

5-26

failover

fixup protocol5-56

5-39

floodguard

5-57 5-59

CHAPTER

G through L Commands global help http icmp igmp6-1 6-4 6-6

6-1

hostname6-7 6-8 6-9

interface ip address ip audit

6-10 6-16 6-20 6-24 6-25

ip local pool isakmp kill login76-39 6-40 6-46 6-28

ip verify reverse-path isakmp policy logging6-35

CHAPTER

M through R Commands mac-list mgcp mroute mtu7-7 7-9 7-11 7-1

7-1

management-access7-3 7-6

7-2

multicast nameif

name/names7-13

Cisco PIX Firewall Command Reference 78-14890-01

v

Contents

nat ntp

7-14 7-22 7-27 7-33

object-group pager pdm ping7-38

outbound/apply password7-40 7-47 7-39

perfmon7-48

prefix-list privilege quit reload rip route7-52

7-49 7-50

7-53

7-54 7-56 7-57 7-60 7-66

route-map router ospf

routing interface8

CHAPTER

S Commands service setup show8-1

8-1

session enable8-2 8-4

8-2

show blocks/clear blocks show checksum show chunkstat show conn8-10 8-13 8-8 8-8

8-7

show cpu usage

show crypto engine [verify] show ip local pool show history show memory show ospf8-17 8-17

8-13 8-15

show crypto interface [counters]

show local-host/clear local host8-20 8-22

8-18

Cisco PIX Firewall Command Reference

vi

78-14890-01

Contents

show ospf border-routers show ospf database show ospf flood-list show ospf interface show ospf neighbor show ospf request-list8-24 8-28 8-29 8-30

8-23

8-31 8-32 8-33

show ospf retransmission-list show ospf summary-address show ospf virtual links show processes show routing8-34 8-35 8-36 8-39 8-42 8-33

show running-config show startup-config show tech-support show tcpstat8-50

show traffic/clear traffic show uauth/clear uauth show version shun8-58 8-54

8-52 8-53

show xlate/clear xlate sip ip-address-privacy snmp deny version snmp-server ssh static syslog sysopt98-66 8-69 8-77 8-77 8-62

8-56

8-59

8-61

CHAPTER

T through Z Commands telnet terminal tftp-server timeout url-block url-cache url-server9-6 9-9 9-10 9-12 9-1 9-4 9-5

9-1

Cisco PIX Firewall Command Reference 78-14890-01

vii

Contents

username virtual vpdn vpnclient vpngroup who write9-34 9-34 9-18

9-14

9-15

9-27 9-30

Y and Z CommandsINDEX

9-37

Cisco PIX Firewall Command Reference

viii

78-14890-01

About This GuideThis preface introduces the Cisco PIX Firewall Command Reference and contains the following sections:

Document Objectives, page ix Audience, page ix Document Organization, page x Document Conventions, page x Related Documentation, page xi Obtaining Documentation, page xi Obtaining Technical Assistance, page xii Obtaining Additional Publications and Information, page xiv

Document ObjectivesThis guide contians the commands available for use with the Cisco PIX Firewall to protect your network from unauthorized use and to establish Virtual Private Networks (VPNs) to connect remote sites and users to your network.

AudienceThis guide is for network managers who perform any of the following tasks:

Managing network security Configuring firewalls Managing default and static routes, and TCP and UDP services

Use this guide with the Cisco PIX Firewall Hardware Installation Guide and the Cisco PIX Firewall and VPN Configuration Guide.

Cisco PIX Firewall Command Reference 78-14890-01

ix

About This Guide Document Organization

Document OrganizationThis guide includes the following chapters:

Chapter 1, PIX Firewall Software Version 6.3 Commands, provides you with a quick reference to the commands available in the PIX Firewall software. Chapter 2, Using PIX Firewall Commands, introduces you to the PIX Firewall commands, access modes, and common port and protocol numbers. Chapter 3, A through B Commands, provides detailed descriptions of all commands that begin with the letters A or B. Chapter 4, C Commands, provides detailed descriptions of all commands that begin with the letter C. Chapter 5, D through F Commands, provides detailed descriptions of all commands that begin with the letters D through F. Chapter 6, G through L Commands, provides detailed descriptions of all commands that begin with the letters G through L. Chapter 7, M through R Commands, provides detailed descriptions of all commands that begin with the letters M through R. Chapter 8,