Cisco OL-4015-08 Guía de usuario Pagina 353
- Pagina / 688
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
16-11
Cisco Router and Security Device Manager Version 2.2 User’s Guide
OL-4015-08
Chapter 16 Security Audit
Fix It Page
Enable TCP Keepalives for Inbound Telnet Sessions
Security Audit enables TCP keep alive messages for both inbound and outbound
Telnet sessions whenever possible. Enabling TCP keep alives causes the router to
generate periodic keep alive messages, letting it detect and drop broken Telnet
connections.
The configuration that will be delivered to the router to enable TCP keep alives
for inbound Telnet sessions is as follows:
service tcp-keepalives-in
This fix can be undone. To learn how, click Undoing Security Audit Fixes.
Enable TCP Keepalives for Outbound Telnet Sessions
Security Audit enables TCP keep alive messages for both inbound and outbound
Telnet sessions whenever possible. Enabling TCP keep alives causes the router to
generate periodic keep alive messages, letting it detect and drop broken Telnet
connections.
The configuration that will be delivered to the router to enable TCP keep alives
for outbound Telnet sessions is as follows:
service tcp-keepalives-out
This fix can be undone. To learn how, click Undoing Security Audit Fixes.
Enable Sequence Numbers and Time Stamps on Debugs
Security Audit enables sequence numbers and time stamps on all debug and log
messages whenever possible. Time stamps on debug and log messages indicate
the time and date that the message was generated. Sequence numbers indicate the
sequence in which messages that have identical time stamps were generated.
Knowing the timing and sequence that messages are generated is an important
tool in diagnosing potential attacks.
The configuration that will be delivered to the router to enable time stamps and
sequence numbers is as follows:
service timestamps debug datetime localtime show-timezone msec
service timestamps log datetime localtime show-timeout msec
- Customer Order Number: 1
- Text Part Number: OL-4015-08 1
- CONTENTS 3
- Contents 10
- OL-4015-06 10
- Home Page 25
- Configuration Overview 26
- Total Supported LAN 27
- Configured LAN 27
- Interface 27
- Chapter 1 Home Page 28
- No. of Static Routes 29
- Dynamic Routing 29
- Protocols 29
- LAN Wizard 31
- Ethernet Configuration 32
- LAN Wizard: DHCP Address Pool 34
- DHCP Options 35
- LAN Wizard: VLAN Mode 36
- LAN Wizard: Switch Port 36
- IRB Bridge 37
- BVI Configuration 37
- DHCP Pool for BVI 38
- IRB for Ethernet 39
- Chapter 2 LAN Wizard 41
- Create Connection Wizards 45
- ISDN Wizard Welcome Window 47
- Analog Modem Welcome Window 47
- Aux Backup Welcome Window 47
- Select Interface 48
- Encapsulation: PPPoE 48
- IP Unnumbered 50
- Static IP Address 50
- Dynamic (DHCP Client) 50
- Easy IP (IP Negotiated) 51
- Switch Type and SPIDs 53
- ISDN Switch Type 54
- I Have SPIDs 54
- Dial String 55
- Addresses 56
- Autodetect 58
- Available Encapsulations 58
- Configure LMI and DLCI 60
- Configure Clock Settings 61
- T1 Framing 62
- Line Code 62
- Data Coding 62
- Facilities Data Link (FDL) 62
- What is Basic Ping Testing? 66
- How does SDM Troubleshoot? 67
- Activity 69
- Recommended action(s) 69
- Asynchronous Interface? 73
- Edit Interface/Connection 77
- Details About Interface 79
- Reset/Delete 80
- Connection: Ethernet for IRB 82
- DHCP Relay 83
- Existing Dynamic DNS Methods 84
- Add Dynamic DNS Method 84
- Wireless 86
- Association 86
- Inspect Rule 87
- Edit Switch Port 88
- Mode Group 89
- Stacking Partner 89
- Bridge Group Number 89
- IP Directed Broadcasts 90
- IP Proxy ARP 90
- IP Route Cache-Flow 91
- IP Redirects 91
- IP Mask-Reply 91
- IP Unreachables 91
- Connection: VLAN 92
- Connection: Subinterfaces 93
- Add or Edit BVI Interface 94
- Connection: Ethernet LAN 95
- Connection: Ethernet WAN 96
- Ethernet Properties 97
- Connection: ADSL 99
- Encapsulation 100
- Virtual Path Identifier 100
- Virtual Circuit Identifier 100
- IP Address 100
- Operating Mode 101
- Authentication 101
- Dynamic DNS 101
- Hostname 101
- Connection: ADSL over ISDN 102
- Connection: G.SHDSL 104
- Equipment Type 106
- Configure DSL Controller 108
- DSL Connections 109
- LMI Type 113
- Clock Settings 114
- Add or Edit GRE Tunnel' 118
- OL-4015-08 119
- Connection: ISDN BRI 120
- Remote Phone Number 121
- Connection: Analog Modem 123
- Connection: (AUX Backup) 125
- Clear Line 126
- Backup Details 126
- SPID Details 128
- Dialer Options 129
- Enable Multilink PPP 130
- Backup Configuration 131
- Next Hop Forwarding 132
- Create Firewall 133
- Advanced Firewall 134
- What Do You Want to Do? 134
- Outside (untrusted) Interface 136
- Inside (trusted) Interfaces 136
- Select the outside interface 136
- Source Host/Network 137
- DMZ Interface 137
- DMZ Service Configuration 138
- To edit a DMZ service entry: 138
- Select Inspection Rule 140
- Protocol 140
- Audit Trail 140
- Preview Commands Button 141
- Inside (trusted) Interface(s) 142
- How Do I 143
- Enable Logging 144
- New Network or Host? 148
- Concentrator? 149
- Firewall Policy 155
- Select a Traffic Flow 156
- Edit Firewall Policy/ACL 157
- Service Area header fields 160
- Service Area buttons 160
- Service Area Entry Fields 162
- Applications Area 163
- Apply Changes Button 164
- Discard Changes Button 164
- App-Name 165
- Alert Action 166
- Audit Action 166
- Program Number 166
- Wait Time 166
- Range (optional) 167
- Java Applet Blocking 168
- SDM Warning: Inspection Rule 169
- SDM Warning: Firewall 170
- Application Security 171
- E-mail Drawer 172
- HTTP Drawer 172
- Instant Messaging Drawer 172
- Point-to-Point Drawer 172
- Applications/Protocols Drawer 172
- Policy Name 173
- Associate 173
- Global Settings 173
- Edit Button 174
- Applications Column 174
- Options Column 174
- Router Traffic 175
- Set time out value checkbox 176
- Enable audit trail 176
- Header Options 177
- Content Options 177
- Verify Content Type checkbox 178
- Set Content Length checkbox 178
- Instant Messaging 179
- Point-to-Point Applications 179
- Applications/Protocols 180
- TCP Connection Timeout Value 181
- TCP FIN Wait Timeout Value 182
- TCP IdleTimeout Talue 182
- UDP Idle Timeout Value 182
- DNS Timeout Value 182
- Enable audit globally 183
- Enable alert globally 183
- Edit Inspection Rule 184
- MAX Data field 185
- Secure Login Checkbox 185
- Reset Checkbox 185
- Router Traffic Checkbox 185
- Site-to-Site VPN 187
- Create Site to Site VPN 189
- Site-to-Site VPN Wizard 190
- View Defaults 191
- VPN Connection Information 192
- Digital Certificate 193
- Traffic to Encrypt 193
- IKE Proposals 194
- Encryption 195
- D-H Group 196
- Transform Set 197
- Traffic to Protect 199
- Summary of the Configuration 200
- Spoke Configuration 201
- GRE Tunnel Information 202
- Tunnel Destination 203
- IP Address of the GRE tunnel 203
- Pre-Shared Key 204
- Backup GRE Tunnel Information 205
- Routing Information 206
- Static Routing Information 207
- Select Routing Protocol 208
- Edit Site-to-Site VPN 209
- Site-to-Site VPN Connections 210
- Add Button 211
- Add new connection 212
- Add Additional Crypto Maps 213
- Crypto Map Wizard: Welcome 214
- Crypto Map Wizard: General 214
- Security Association Lifetime 215
- Crypto Map Wizard: Peers 216
- Destination 218
- Delete Connection 219
- Generate Mirror 220
- Step 14 Click OK 230
- Easy VPN Remote 231
- Connection Settings 232
- Interfaces 234
- Inside Interfaces 235
- Outside Interface 235
- Connection Control 235
- Summary of Configuration 236
- Edit Easy VPN Remote 237
- Add or Edit Easy VPN Remote 243
- Tunnel Control 244
- Device Authentication 248
- User Authentication (XAuth) 248
- Enter SSH Credentials 249
- XAuth Login Window 250
- Network Extension Options 252
- User Authentication 253
- Easy VPN Server 259
- Interface and Authentication 260
- Local Only 261
- RADIUS Only 261
- RADIUS and Local Only 261
- User Accounts for XAuth 263
- Add RADIUS Server 263
- Create an Easy VPN Server 264
- General Group Information 265
- DNS and WINS Configuration 266
- Split Tunneling 267
- Split DNS 268
- Client Settings 269
- Browser Proxy 270
- Firewall Are-U-There 270
- Include Local LAN 270
- Perfect Forward Secrecy (PFS) 270
- Choose Browser Proxy Settings 271
- Browser Proxy Settings Name 272
- Proxy Settings 272
- Client Update 274
- Client Type 275
- Revisions 275
- Browser Proxy Settings 276
- Add or Edit Easy VPN Server 277
- • Initiate 278
- • Respond 278
- Group Policies Configuration 280
- Details Window 282
- Local Pools 283
- Add or Edit IP Local Pool 284
- Dynamic Multipoint VPN 285
- Chapter 11 DMVPN 286
- Type of Hub 287
- Configure Pre-Shared Key 287
- Digital Certificates 288
- Confirm Pre-Shared Key 288
- Subnet Mask 288
- Advanced Button 289
- NHRP Authentication String 289
- NHRP Network ID 289
- NHRP Hold Time 289
- Primary Hub 290
- DMVPN Network Topology 293
- Specify Hub Information 294
- SDM Warning: DMVPN Dependency 295
- Firewall 296
- View Details 296
- General Panel 298
- NHRP Panel 299
- NHRP Map Configuration 300
- Routing Panel 301
- RIP Fields 302
- OSPF Fields 302
- EIGRP Fields 302
- VPN Global Settings 305
- XAuth Timeout 306
- IKE Identity 306
- Dead Peer Detection 306
- VPN Global Settings: IKE 307
- VPN Global Settings: IPSec 308
- VPN Key Encryption Settings 309
- IP Security 311
- Seq. No 312
- Add or Edit IPSec Policy 313
- Name of IPSec Policy 315
- Description 315
- Sequence Number 315
- Chapter 13 IP Security 316
- IPSec Policies 316
- Available Transform Sets 317
- Selected Transform Sets 317
- Dynamic Crypto Map Sets 319
- IPSec Profiles 320
- ESP Encryption 322
- ESP Integrity 323
- AH Integrity 323
- IP Compression 323
- Add or Edit Transform Set 324
- Name of this transform set 325
- IP Compression (COMP-LZS) 326
- IPSec Rules 327
- Internet Key Exchange 329
- IKE Policies 330
- Add or Edit IKE Policy 332
- IKE Pre-shared Keys 334
- Add or Edit Pre Shared Key 335
- IP Address/Subnet Mask 336
- User Authentication [Xauth] 336
- VPN Troubleshooting 337
- Failure Reason(s) 338
- Test Specific Client Button 339
- Continue Button 340
- Close Button 340
- Have SDM generate VPN Traffic 341
- Security Audit 343
- One-Step Lockdown 345
- Welcome Page 346
- Interface Selection Page 346
- Report Card Page 347
- Fix It Page 347
- Disable Finger Service 348
- Disable PAD Service 349
- Disable CDP 351
- Disable IP Source Route 352
- Enable IP CEF 354
- Disable IP Gratuitous ARPs 354
- Set TCP Synwait Time 355
- Set Banner 356
- Set Enable Secret Password 357
- Disable SNMP 357
- Set Scheduler Interval 358
- Set Scheduler Allocate 358
- Set Users 359
- Enable Telnet Settings 359
- Enable NetFlow Switching 359
- Disable IP Redirects 360
- Disable IP Proxy ARP 360
- Disable IP Directed Broadcast 361
- Disable MOP Service 362
- Disable IP Unreachables 362
- Disable IP Mask Reply 362
- Set Access Class on VTY Lines 365
- Enable AAA 366
- Configuration Summary Screen 367
- SDM and Cisco IOS AutoSecure 367
- Undoing Security Audit Fixes 370
- Enable Secret and Banner Page 372
- Logging Page 373
- Static Routing 375
- What Do You Want To Do? 376
- Add or Edit IP Static Route 377
- Forwarding 378
- Optional 378
- Add or Edit an RIP Route 379
- Add or Edit an OSPF Route 379
- IP Network List 380
- Available Interface List 380
- Make Interface Passive 380
- Add or Edit EIGRP Route 381
- Chapter 17 Routing 382
- Network Address Translation 383
- Basic NAT Wizard: Welcome 384
- Basic NAT Wizard: Connection 384
- Advanced NAT Wizard: Welcome 385
- Advanced NAT Wizard: Networks 386
- Add Network 387
- Type of Server 389
- Original Port 389
- Translated Port 389
- Designate NAT Interfaces 390
- Address Pools 391
- Translation Timeouts 391
- Clone selected entry on Add 392
- What do you want to do? 392
- Translation Timeout Settings 394
- Edit Route Map 396
- Add or Edit Address Pool 398
- Network Mask 399
- Direction 400
- Translate from Interface 400
- Translate to Interface 401
- Redirect Port 402
- Configuration Scenarios 402
- Access Rule 407
- How Do I . . 410
- Intrusion Prevention System 413
- IPS Rules 414
- Select Interfaces 415
- SDF Location 415
- IPS Rule Wizard Summary 416
- IPS Rules Configuration 416
- Inbound IPS/Outbound IPS 418
- VFR Status 418
- IPS Filter Details 418
- Both/Inbound/Outbound 419
- Inbound Filter 419
- Import Signatures 420
- File Selection 421
- Signature Filter 422
- Signature Edit 423
- Signatures 424
- Delete button 425
- Enable button 425
- Disable button 425
- Import button 425
- Summary/Details Button 426
- Signature List 426
- Right-click Context Menu 427
- Undelete All button 427
- Undelete button 427
- Assign Actions 428
- Signature Tree 429
- Signature List Area 429
- Add, Edit, or Clone Signature 430
- Specify SDF on this router 431
- Specify SDF using URL 431
- Autosave 432
- Notification Method Status 434
- Configured SDF Locations 434
- Edit Global Settings 435
- SDEE Messages 436
- SDEE Message Text 437
- IDS error messages 438
- Network Module Management 439
- IDS Network Module Status 440
- Configure 441
- IP Address Determination 442
- IDS NM Sensor Interface 443
- Date & Time 444
- IP CEF Setting 444
- IDS NM Initial Setup 444
- Network Module Login 445
- Feature Unavailable 445
- Quality of Service 447
- QoS Wizard 448
- Interface Selection 448
- QoS Policy Generation 448
- Bandwidth Allocation 449
- View QoS Class Details 450
- Summary of the configuration 451
- Edit QoS Policy 451
- Qos Policy Details 452
- Edit QoS Class 453
- Queuing Type 454
- DSCP Marking 454
- Add a Protocol 455
- QoS Status 456
- View Interval 457
- Start Monitoring 457
- Statistics 458
- Network Admission Control 459
- Enable AAA Button 460
- Launch NAC Wizard Button 460
- How Do I List 460
- RADIUS Server 461
- Details Button 462
- Use for NAC Checkbox 462
- Select the Interface(s) 463
- NAC Exception List 463
- Add, Edit, and Delete Buttons 464
- Type List 464
- Specify Address Field 464
- Policy Field 464
- Policy List 465
- Add Exception Policy 465
- Agentless Host Policy 466
- NAC Router Management Access 467
- Open Interface ACL 467
- Edit NAC Tab 469
- Exception List Window 470
- Exception Policies Window 470
- EAPoUDP Timeouts 471
- Configure a NAC Policy 472
- Router Properties 475
- Password Tab 476
- Date and Time Properties 477
- Edit Date and Time 478
- Authentication Key 480
- Add an NTP Server 481
- IP Address/Hostname 482
- Logging to buffer 482
- Enable SNMP 483
- Community String 483
- Trap Receiver 483
- SNMP Server Location 483
- SNMP Server Contact 483
- Router Access 484
- Add or Edit a Username 485
- Privilege Level 486
- View Password 487
- Edit VTY Lines 488
- Authentication/Authorization 489
- Host/Network 490
- Management Interface 490
- Permitted Protocols 490
- SDM Warning: ANY Not Allowed 492
- SDM Warning: SDM Not Allowed 493
- Key modulus size 494
- Generate RSA Key 494
- DHCP Configuration 495
- Add or Edit DHCP Pool 496
- DHCP Bindings 497
- Add or Edit DHCP Binding 498
- DNS Properties 500
- Dynamic DNS Methods 500
- Tasks > DNS 502
- ACL Editor 503
- No. of Rules 504
- To configure rules: 504
- Rules Windows 505
- First column 506
- Name/Number 506
- Attributes 508
- Add or Edit a Rule 509
- Rule Entry List 510
- Interface Association 510
- Associate with an Interface 511
- Select an Interface 512
- Specify a Direction 512
- Add a Standard Rule Entry 513
- Add an Extended Rule Entry 515
- Destination Host/Network 516
- Protocol and Service 517
- Select a Rule 518
- Rule Category 519
- Port-to-Application Mapping 521
- Application Protocol Column 522
- Port Type Column 522
- Port Column 522
- Protocol Type Column 522
- Access List Column 522
- Add or Edit Port Map Entry 523
- Host of Service Field 524
- Accounting 525
- AAA Servers and Groups 526
- AAA Servers Window 527
- Add or Edit a TACACS+ Server 528
- Add or Edit a RADIUS Server 529
- AAA Server Groups Window 530
- Authentication NAC 532
- Method 1 Column 533
- Method 2, 3, and 4 Columns 533
- Name/Specify 533
- Move Up/Down 534
- Router Provisioning 535
- Router Provisioning from USB 536
- Public Key Infrastructure 537
- Cut and Paste/Import from PC 538
- Welcome to the SCEP Wizard 539
- CA server nickname 540
- Enrollment URL 540
- Advanced Options 541
- Other Subject Attributes 542
- RSA Keys 543
- Summary 544
- Enrollment Status 545
- Cut and Paste Wizard Welcome 545
- Enrollment Task 545
- Enrollment Request 546
- Import CA certificate 547
- Import Router Certificate(s) 548
- Delete Button 549
- Check Revocation Button 549
- Trustpoint Information 550
- Certificate Details 550
- Revocation Check 551
- Revocation Check, CRL Only 551
- RSA Keys Window 552
- Generate RSA Key Pair 553
- USB Tokens 554
- Add or Edit USB Token 555
- SDP Troubleshooting Tips 557
- Open Firewall 558
- Open Firewall Details 559
- Resetting to Factory Defaults 561
- Microsoft Windows NT 562
- Microsoft Windows 2000 562
- Microsoft Windows XP 563
- This Feature Not Supported 564
- More About 565
- IP Addresses and Subnet Masks 566
- Host and Network Fields 567
- IP Address/Wildcard Mask 568
- Host Name/IP 568
- DHCP Address Pools 569
- Services and Ports 570
- TCP Services 571
- UDP Services 572
- ICMP Message Types 574
- IP Services 575
- More About NAT 577
- Scenario 2 578
- Scenario 3 578
- Scenario 4 579
- Scenario 1 580
- More About VPN 582
- • Security and VPN Devices 583
- • Field Notices 583
- More About IKE 585
- More About IKE Policies 586
- 1. ah-md5-hmac 587
- 2. esp-3des and 587
- 3. ah-sha-hmac 587
- Examples 588
- May Be Read-Only 590
- Configure the Hub First 596
- Assigning Spoke Addresses 597
- SDM White Papers 598
- Getting Started 599
- What’s New in this Release? 600
- Cisco IOS Versions Supported 600
- Viewing Router Information 601
- Overview 602
- Resource Status 603
- Interface Status 603
- Firewall Status Group 604
- VPN Status Group 604
- NAC Status Group 605
- Log Group 605
- Interface Status Area 607
- VPN Status 608
- Test Tunnel.. Button 609
- IPSec Tunnels 609
- DMVPN Tunnels 610
- Easy VPN Servers 611
- Update button 612
- Disconnect button 612
- Firewall Status 613
- Application Security Log 614
- NAC Status 615
- • Severity Column 617
- File Menu Commands 621
- Write to Startup Config 622
- Reset to Factory Defaults 622
- File Management 622
- Refresh Button 623
- Format Button 623
- New Folder Button 623
- Load File From PC Button 623
- Copy Button 623
- Save SDF to PC 625
- Edit Menu Commands 629
- Preferences 630
- View Menu Commands 631
- Running Config 632
- Show Commands 632
- SDM Default Rules 632
- Access Rules 633
- VPN - IKE Policy 633
- VPN - Transform Sets 633
- Tools Menu Commands 635
- USB Token PIN Settings 636
- Update SDM 637
- Update SDM from CD 639
- Help Menu Commands 641
- About SDM 642
- Symbols and 643
- Numerics 643
- Glossary 644
- VPN connection 675
- VPN mirror policy 676
- X.509 certificate 677
Relacionado con productos y manuales para Redes Cisco OL-4015-08
Redes Cisco NMH Series Guía de instalación
(20 paginas)
(20 paginas)
Redes Cisco Aironet 340 Series Información técnica
(19 paginas)
(19 paginas)
Redes Cisco IPS4345 Manual de usuario
(61 paginas)
(61 paginas)
Redes Cisco IAD2435-8FXS Especificaciones
(124 paginas)
(124 paginas)
Redes Cisco AIR-PCM352 - Aironet 350 Series 11Mbps Wireless LAN PC Card Adapter Manual de usuario
(16 paginas)
(16 paginas)
Redes Cisco E2500 Guía de usuario
(80 paginas)
(80 paginas)
Redes Cisco 1710 Manual de usuario
(11 paginas)
(11 paginas)
Redes Cisco 1700 Series Especificaciones
(258 paginas)
(258 paginas)
Redes Cisco SB 107 Guía de usuario
(155 paginas)
(155 paginas)
Redes Cisco SG 300-28P Manual de usuario
(13 paginas)
(13 paginas)
Redes Cisco 4451-X Manual de servicio
(34 paginas)
(34 paginas)
Redes Cisco 1105 Manual de usuario
(16 paginas)
(16 paginas)
Redes Cisco SGE2000 Especificaciones
(50 paginas)
(50 paginas)
Redes Cisco SRW224 Manual de usuario
(5 paginas)
(5 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.073 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales