Supported Devices, OS Versions, and Commands for Management Center for PIX Firewalls 1.1(n)

Table 1 lists the devices supported by Management Center for PIX Firewalls 1.1.1.

Series	Devices Supported	Software
Cisco PIX Firewall Series	PIX 501, PIX 506, PIX 506E, PIX 515, PIX 515E, PIX 525, PIX 535	PIX OS 6.0(x), PIX OS 6.1(x), PIX OS 6.2(x)
Firewall Services Module	Firewall Services Module	FWSM 1.1.1, FWSM 1.1.2

PIX MC 1.1.1 Support for PIX Firewall and Firewall Services Module (FWSM) CLI Commands

PIX Firewall and Firewall Services Module (FWSM) CLI commands receive different levels of support from PIX MC 1.1.1. To use commands or command combinations in PIX Firewall configuration files correctly depends upon a full understanding of each command's level of support so that import operations and deployment jobs succeed.

PIX MC 1.1.1 Support for FWSM CLI Commands

Table 2 FWSM Supported CLI Commands

aaa accounting match acl_name inbound | outbound | if_name group_tag

aaa authentication match acl_name inbound | outbound | if_name group_tag

aaa authentication [enable | telnet | ssh | http] console group_tag

aaa authorization match acl_name inbound | outbound | if_name group_tag

aaa authentication | authorization | accounting match acl_name inbound | outbound | interface_name group_tag

aaa-server group_tag (if_name) host server_ip key timeout seconds

aaa-server group_tag protocol auth_protocol

access-group acl_ID in interface interface_name

access-list acl_ID [deny | permit] protocol {source_addr | local_addr} {source_mask | local_mask} operator port {destination_addr | remote_addr} {destination_mask | remote_mask} operator port

access-list acl_ID [deny | permit] icmp {source_addr | local_ addr} {source_mask | local_mask} operator port {destination_addr | remote_addr} {destination_mask | remote_mask} operator port icmp_type

auth-prompt [accept | reject | prompt] string

dhcpd address ip1 [-ip2] [if_name]

dhcpd auto_config [client_ifx_name]

dhcpd dns dns1 [dns2]

dhcpd wins wins1 [wins2]

dhcpd lease lease_length

dhcpd domain domain_name

dhcpd enable [if_name]

dhcpd ping_timeout timeout

enable password [encrypted]

failover

no failover

failover replication http

failover ip address if_name ip_address

[no] failover link [stateful_if_name]

failover unit primary | secondary

failover interface <if_name>

failover poll seconds

failover replication http

filter url port local_ip local_mask foreign_ip foreign_mask [allow]

fixup protocol ftp [strict] [port]

fixup protocol http [port [-port]

fixup protocol h323 {h225 | ras} port [-port]

fixup protocol rsh [514]

fixup protocol rstp [port]

fixup protocol sip [5060]

fixup protocol smtp [port [-port]]

fixup protocol sqlnet [port [-port]]

fixup protocol [protocol [skinny | sip | ...]] [port]

no fixup protocol [protocol] [port]

fragment size database-limit [interface]

fragment chain chain-limit [interface]

fragment timeout seconds [interface]

global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface

hostname newname

http ip_address [netmask] [if_name]

http server enable

icmp permit | deny [host] src_addr [src_mask] [type] int_name

ip address if_name ip_address [netmask]

ip address if_name dhcp [setroute]

ip address outside dhcp [setroute] [retryretry_cnt]

ip audit attack [action [alarm] [drop] [reset]]

ip audit info [action [alarm] [drop] [reset]]

ip audit interface if_name audit_name

ip audit name audit_name attack [action [alarm] [drop] [reset]]

ip audit name audit_name info [action [alarm] [drop] [reset]]

ip audit name audit_name [info]

ip audit signature signature_number disable

ip verify reverse-path interface int_name

[no] logging on

logging buffered level

no logging buffered

logging console level

no logging console

[no] logging facility facility

[no] logging history level

logging host [in_if_name] ip_address [protocol/port]

[no] logging monitor level

logging queue queue_size

[no]logging rate-limit <num> [interval] message <syslogID>

<no> logging rate-limit <num> [interval] level <level>

[no] logging standby

[no] logging timestamp

[no] logging trap level

mtu if_name bytes

name ip_address name

[no] names

nameif harware_id ifname security_level

nat [(if_name)] nat_id local_ip [netmask [max_conns [em_limit]]] [norandomseq]

nat [(if_name)] 0 local_ip [netmask [max_conns [em_limit]]] [norandomseq]

rip if_name default | passive [version [1 | 2]] [authentication [text | md5 key (key_id)]]

route if_name ip_address netmask gateway_ip [metric]

service resetinbound

service resetoutside

snmp-server community key

[no] snmp-server contact text

[no] snmp-server location text

snmp-server host [if_name] ip_addr [trap | poll]

snmp-server enable traps

ssh ip_address [netmask] [interface_name]

ssh timeout mm

static [(internal_if_name, external_if_name)] global_ip local_ip [netmask network_mask] [max_conns [em_limit]] [norandomseq]

[no] sysopt connection tcpmss bytes

[no] sysopt noporxyarp if_name

telnet ip_address [netmask] [if_name]

telnet timeout minutes

tftp-server [if_name] ip_address path

timout [xlate [hh:mm:ss]] [conn [hh:mm:ss]] [half-closed [hh:mm:ss]] [udp [hh:mm:ss]] [rpc [hh:mm:ss]] [h323 [hh:mm:ss]] [sip [hh:mm:ss]] [sip_media [hh:mm:ss]] [uauth [hh:mm:ss]] [absolute | inactivity]]

url-cache dst | src_dst size

url-server [(if_name)] host ip_address [timeout seconds] [protocol [TCP | UDP] version [1| 4]]

Table 4 FWSM Verbatim CLI Commands

arp if_name ip_address mac_address [alias]

arp timeout seconds

crypto ipsec transform-set transform-set-name trasform1 [transform2 [transform3]]

crypto ipsec transform-set transform-set-name mode transport

crypto map map-name client [token] authentication aaa-server-name

crypto map map-name client configuration address initiate | respond

crypto map map-name interface interface-name

crypto map map-name seq-num ipsec-isakmp | ipsec-manual [dynamicdynamic-map-name]

crypto map map-name seq-num match address acl_name

crypto map map-name seq-num set peer hostname | ip-address

crypto map map-name seq-num set pfs [group1 | group2]

crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

crypto map map-name set session0key inbound | outbound ah spi hex-key-string

crypto map map-name set session-key inbound | outbound esp spi cipher hex-key-string [authenticator hex-key-string]

crypto map map-name seq-name set transform-set transfom-set-name1 [transform-set-name6]

crypto dynamic-map dynamic-map-name dynamic-seq-num

crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name

crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname | ip-address

crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [group1 | group2]

crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [transform-set-name9]

failover reset

isakmp policy [priority] group 2

isakmp client configuration address-pool local pool-name [interface-name]

isakmp enable interface-name

isakmp identity address | hostname

isakmp keepalive seconds [retry seconds]

isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]

isakmp peer fqdn fqdn no-xauth no-config-mode

isakmp policy priority authentication pre-share | rsa-sig

isakmp policy priority encryption des | 3des

isakmp policy priority group1 | 2

isakmp policy priority hash md5 | sha

isakmp policy priority lifetimeseconds

[no] logging message syslog_id

pdm history enable

pdm location ip_address netmask if_name

pdm logging [level [messages]]

sysopt uauth allow-http-cache

[no] sysopt connection permit-pptp

sysopt connection permit-12tp

sysopt connection permit-ipsec

[no] sysopt security frag

[no] sysopt connection timewait

[no] sysopt nodnsalias inbound

[no] sysopt nodnsalias outbound

[no] sysopt radius ignore-secret

[no] sysopt route dnat

terminal [no] monitor

terminal width characters

Table 5 FWSM Unsupported CLI Commands

aaa authorization command {LOCAL | tacacs_server_tag}

aaa proxy-limit <proxy limit> | disable

aaa-server radius-acctport port

aaa-server radius-authport port

alias [(if_name)] dnat_ip foreign_ip [netmask]

arp if_name ip_address mac_address [alias]

arp timeout seconds

clear - any command beginning with clear is unsupported

clock

clock set hh:mm:ss month day year

clock set hh:mm:ss day month year

configure net [[server_ip] : [filename]]

configure floppy

configure memory

configure terminal

copy tftp [:[[//location] [/pathname]]] flash [:[image | pdm]]

debug - any command beginning with debug is unsupported

disable

eeprom update

enable

established est_protocol dport [sport] [permitto protocol port [-port]] [permitfrom protocol port [-port]]

failover active

[no] failover replication http

filter activex port local_ip mask foreign_ip mask

filter java port [-port] local_ip mask foreign_ip

filter url except local_ip local_mask foreign_ip foreign_mask [allow]

flashfs downgrade {4.x | 5.0 | 5.1}

help

[no] ip local pool pool_name pool_start-address [-pool_end_address]

kill telnet_id

[no] logging message syslog_id

messages [m-n]

[no] nat [(if_name)] 0 access-list acl_name

no pager

np<1|2|3> cap <addr> <data>

np<1|2|3> ds <addr> <data>

np <1|2|3> cs <addr> <data>

np <1|2|3|all> boot parameter <addr> <value>

np <1|2|3|all> boot only

np <1|2|3|all> status [boot | post | epost]

np <1|2|3|all> run_epost

np <1|2|3|all> oper <filename>

np <1|2|3|all> reset [eppc]

pdm disconnect sesson_id show pdm sessions

pdm history enable

pdm location ip_address netmask if_name

pdm logging [level [message]]

perfmon interval seconds

perfmon quite | verbose

perfmon settings

ping [if_name] ip_address

quit

reload

reload noconfirm

setup Pre-configure PIX Firewall now through interactive prompts [yes]?

show - any command beginning with show is unsupported

shun src_ip [dst_ip sport dport [protocol]]

ssh disconnect session_id

syslog

sysopt connection timewait

sysopt nodnsalias inbound

sysopt nodnsalias outbound

sysopt radius ignore-secret

sysopt route dnat

url-block block block_buffer_limit

url-block url-mempool memory_pool_size

url-block url-size long_url_size

virtual http ip_address [warn]

virtual telnet ip_address

vpngroup group_name address-pool ip pool name

vpngroup group_name default-domain domain_name

vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]

vpngroup group_name idle-time idle_seconds

vpngroup group_name max-time max_seconds

vpngroup group_name password preshared_key

vpngroup group_name split-tunnel acl_name

vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]

who [local_ip]

write - any command beginning with write is unsupported

PIX MC 1.1.1 Support for PIX Firewall CLI Commands

Command Supported Error Verbatim Unsupported Deprecated

aaa authorization command [LOCAL | tacacs_server_tag]
X

access-list [acl_ID] compiled
X

dhcpd option 66 ascii {server_name | server_ip_str}
X

dhcpd option 150 ip server_ip1 [server_ip2]
X

failover lan unit primary | secondary
X

failover lan interface if_name
X

failover lan key key_secret
X

failover lan enable
X

filter url [http | port [-port] local_ip local_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]
X

ip address if_name pppoe [setroute]
X

ip address if_name ip_address netmask pppoe [setroute]
X

vpdn group group_name localname username
X

vpdn group group_name request dialout pppoe
X

Table 8 PIX Firewalls Supported CLI Commands

aaa accounting match acl_name inbound | outbound | if_name group_tag

aaa authentication match acl_name inbound | outbound | if_name group_tag

aaa authentication [serial | enable | telnet | ssh | http] console group_tag

aaa authorization command {LOCAL | tacacs_server_tag}

aaa authorization match acl_name inbound | outbound | if_name group_tag

aaa-server group_tag (if_name) host server_ip key timeout seconds

aaa-server group_tag protocol auth_protocol

access-group acl_ID in interface interface_name

access-list [acl_ID] compiled

access-list acl_ID {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} {destination_addr | remote_addr} {destination_mask | remote_mask} icmp_type

access-list acl_ID {deny | permit} protocol {source_addr | local_addr} {source_mask | local_mask} [operator port [port] {destination_addr | remote_addr} {destination_mask | remote_mask} [operator port [port]

auth-prompt [accept | reject | prompt] string

auto-update device-id harware-serial | hostname | ipaddress [if_name] | mac-address [if_name] string text

auto-update poll-period poll_period [retry_count [retry_period]]

auto-update server url [verify_certificat]

auto-update timeout period

dhcpd address ip1[-ip2] [if_name]

dhcpd auto_config [client_ifx_name]

dhcpd dns dns1 [dns2]

dhcpd wins wins1 [wins2]

dhcpd lease lease_length

dhcpd domain domain_name

dhcpd enable [if_name]

dhcpd option 66 ascii {server_name | server_ip_str}

dhcpd option 150 ip server_ip1 [server_ip2]

dhcpd ping_timeout timeout

enable password [pw] [level priv_level] [encrypted]

[no] failover [active]

failover ip address if_name ip_address

[no] failover lan unit primary | secondary

[no] failover lan interface if_name

[no] failover lan key key_secret

[no] failover lan enable

[no] failover link [stateful_if_name]

failover poll seconds

failover replication http

filter url [http | port[-port]] local_ip local_mask foreign_ip ofreign_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]

fixup protocol ftp [strict] [port]

fixup protocol http [port[-port]]

fixup protocol h323 {h225 | ras} port [-port]

fixup protocol ils [port[-port]]

fixup protocol rsh [545]

fixup protocol rtsp [port]

fixup protocol sip [5060]

fixup protocol skinny [2000]

fixup protocol smtp [port[-port]]

fixup protocol sqlnet [prot[-port]]

fixup protocol skinny port [-port]

floodguard enable

no floodguard

fragment size database-limit [interface]

fragment chain chain-limit [interface]

fragment timeout seconds [interface]

global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface

global [(if_name)] nat_id {{global_ip} [netmask global_mask] | interface}

hostname newname

http ip_address [netmask] [if_name]

http server enable

no http server

icmp permit | deny [host] src_addr [src_mask] [type] int_name

interface hardware_id [hardware_speed] [shutdown]

ip address if_name ip_address [netmask]

ip address outside dhcp [setroute] [retry retry_cnt]

ip address if_name pppoe [setroute]

ip address if_name ip_address netmask pppoe [setroute]

ip audit attack [action [alarm] [drop] [reset]]

ip audit info [action [alarm] [drop] [reset]]

ip audit interface if_name audit_name

ip audit name audit_name attack [action [alarm] [drop] [reset]]

ip audit name audit_name info [action [alarm] [drop] [reset]]

ip audit signature signature_number disable

ip verify reverse-path interface int_name

logging on

no logging

[no] logging buffered level

[no] logging console level

logging facitlity facility

[no] logging history level

logging host [in_if_name] ip_address [protocol/port]

[no] logging monitor level

logging queue queue_size

[no] logging standby

[no] logging timestamp

logging trap level

mtu if_name bytes

nameif hardware_id if_name security_level

nat [(if_name)] 0 access-list acl_name

passwd password [encrypted]

rip if_name default | passive [version [1 | 2]] [authentication [text | md5 key (key_id)]]

route if_name ip_address netmask gateway_ip [metric]

service resetinbound

service resetoutside

snmp-server community key

snmp-server {contact | location} text

snmp-server host [if_name] ip_addr [trap | poll]

snmp-server enable traps

ssh ip_address [netmask] [interface_name]

ssh timeout mm

static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address [dns] [netmask mask] [norandomseq] [connection_limit [em_limit]]

static [(internal_if_name, external_if_name)] {tcp | upd} {global_ip | interface} global_port local_ip local_port [netmask mask] [max_conns [emb_limit [norandomseq]]]

sysopt connection tcpmss bytes

sysopt noproxyarp if_name

telnet ip_address [netmask] [if_name]

telnet timeout minutes

tftp-server [if_name] ip _address path

timeout [xlate [hh:mm:ss]] [conn [hh:mm:ss]] [half-closed [hh:mm:ss]] [udp [hh:mm:ss]] [rpc [hh:mm:ss]] [h323 [hh:mm:ss]] [sip [hh:mm:ss]] [sip_media [hh:mm:ss]] [uauth [hh:mm:ss] [absolut | inactivity]]

url-cache {dst | src_dst} size kbytes

Websense

url-server [(if_name)] vendor websense host local_ip [timout seconds] [protocol {TCP | UDP} version]

vpdn username name password pass store-local

vpdn group group_name localname username

vpdn group group_name request dialout pppoe

vpdn group group_name ppp authentication PAP | CHAP | MSCHAP

vpnclient vpngroup group_name password preshared_key

vpnclient username xauth_username password xauth_password

vpnclient server ip_primary [ip_secondary_1, ip_sendary_2, ..., ip_secondary _n]

vpnclient mode client-mode | network-extension-mode

vpnclinet enable

Table 9 PIX Firewalls Error CLI Commands

aaa accounting include | exclude acctg_service inbound | outbound | if_name local_ip local_mask foreign_ip foreign_mask group_tag

aaa authentication include | exclude authen_service inbound | outbound | if _name local_ip local_mask foreign_ip foreign_mask group_tag

aaa authorization include | exclude author_service inbound | outbound | if_name local_ip local_mask foreign_ip foreign_mask

access-list id {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | object-group netowork_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]

access-list id {deny | permit} {protocol | object-group protocol_obj_grp_id {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id] {destination_addr | remote_addr} {destination_mask | remote_mask} | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]}

apply [(if_name)] list_ID outgoing_src | outgoing_dest

conduit deny | permit icmp global_ip global_mask | object-group network_obj_grp_id foreign_ip foreign_mask | object-group network_obj_grp_id [icmp_type | objet-group icmp_type_obj_grp_id]

conduit permit | deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]

conduit permit | deny protocol global_ip global_mask [operator port [port]] foreign_ip foreign_mask [operator port [port]]

enable password [pw] [level priv_level] [encrypted]

established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]

failover [active]

filter url [http | port [-port]] local_ip local_mask foreign_ip foreign_mask [allow] [proxy-block] [longurl-truncate | lonurl-deny] [cgi-truncate]

nat [(if_name)] ip address [netmask [outside] [dns] [norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]

object-group description description_text

object-group icmp-type grp_id icmp-group icmp_type

object-group grp_id

object-group network grp_id network-object host host_addr network-object host_addr netmask

object-group portocol grp_id protocol-object protocol

object-group service grp_id [tcp | udp | tcp-udp} port-object eq service port-object range begin_service end_service

outbound list_ID except ip_address [netmask [port [-port]] [protocol]

outbound list_ID permit | deny ip_address [netmask [port [-port]] [protocol]

session enable

static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address [dns] [netmask mask] [norandomseq] [connection_limit [em_limit]]

Table 11 PIX Firewalls Unsupported CLI Commands

aaa proxy-limit proxy_limit | disable

aaa-server radius-acctport port

aaa-server radius-authport port

clear - any command beginning with clear is unsupported

clock set hh:mm:ss {day month | month day} year

clock summer-time zone recurring [week weekday month hh:mm week weekday month hh:mm] [offset]

clock timezone zone hours [minutes]

For the PIX 501 and PIX 506/506E only: Configure factory-default [inside_ip_address [address_mask]]

configure http[s] :// [user:password@] location [:port] / http_pathname

configure memory

configure net [[server_ip]:[filename]]

configure terminal

copy capture: capture_name tftp://location/path [pcap]

copy http[s] :// [user:password@] location [:port] / http_pathname flash [: [image | pdm]]

copy tftp [: [[//location] [/tftp_pathname]]] flash[:[image | pdm]]

crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name

crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname | ip-address

crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [group1 | group2]

crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [transform-set-name9]

crypto ipsec security-association lifetime seconds seconds | kilobytes kilobytes

crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]

crypto ipsec transform-set transform-set-name mode transport

crypto map map-name client [token] authentication aaa-server-name

crypto map map-name client configuration address initiate | respond

crypto map map-name interface interface-name

crypto map map-name seq-num ipsec-isakmp | ipsec-manual [dynamic dynamic-map-name]

crypto map map-name seq-num match address acl_name

crypto map map-name seq-num set peer hostname | ip-address

crypto map map-name seq-num set pfs [group1 | group2]

crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

crypto map map-name seq-num set session-key inbound | outbound ah spi hex-key- string

crypto map map-name seq-num set session-key inbound | outbound esp spi cipher hex-key-string [authenticator hex-key-string]

crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]

debug - any command beginning with debug is unsupported

eeprom update

enable [priv_level]

enable password [pw] [level priv_level] [encrypted]

failover mac address mif_name act_mac stn_mac

failover reset

filter activex port local_ip mask foreign_ip mask

filter url except local_ip local_mask foreign_ip foreign_mask

filter java port[-port] local_ip mask foreign_ip mask

filter url port | except local_ip mask foreign_ip mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]

flashfs downgrade {4.x | 5.0 | 5.1}

igmp access-group acl_id

igmp version {1 | 2}

igmp join-group group

igmp query-interval seconds

igmp query-max-response-time seconds

ip local pool pool_name pool_start-address[-pool_end-address]

isakmp client configuration address-pool local pool-name [interface-name]

isakmp enable interface_name

isakmp identity address | hostname

isakmp lifetime seconds [retry_seconds]

isakmp keepalive seconds [retry_seconds]

isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]

isakmp peer fqdn fqdn no-xauth no-config-mode

isakmp policy priority authentication pre-share | rsa-sig

isakmp policy priority encryption des | 3des

isakmp policy priority group1 | 2

isakmp policy priority hash md5 | sha

isakmp policy priority lifetime seconds

logging message syslog_id

logging device-id {hostname | ipaddress if_name | string text}

mroute src smask in-if-name dst dmask out-if-name

multicast interface interface_name [max-groups number]

nat [(if_name)] 0 access-list acl_name

ntp authenticate

ntp authentication-key number md5 value

ntp server ip_address [key number] source if_name [prefer]

ntp trusted-key number

perfmon verbose

perfmon interval seconds

perfmon settings

ping [if_name] ip_address

privilege [show | clear | configure] level level [mode enable | configure] command command

quit

reload

reload noconfirm

degub rip [if_name]

setup

show - any command beginning with show is unsupported

shun src_ip [dst_ip sport dport [protocol]]

[no] sysopt connection permit-pptp | permit-l2pt | permit-ipsec

[no] sysopt connection tcpmss minimum bytes

[no] sysopt connection timewait

sysopt ipsec pl-compatible

[no] sysopt nodnsalias inbound | outbound

sysopt radius ignore-secret

sysopt security fragguard

sysopt uauth allow-http-cache

url-block block block_buffer_limit

url-block url-mempool memory_pool_size

url-block url-size long_url_size

N2H2

url-server [(if_name)] vendor websense host local_ip [port number] [timeout seconds] [protocol {TCP | UDP}]

vpdn enable if_name

vpdn group_name accept dialin pptp|12tp

vpdn group group_name 12tp tunnel hello hello_timout

vpdn group group_name ppp encryption mppe 40 | 128 | auto [required]

vpdn group group_name client configuration address local address_pool_name

vpdn group group_name client configuration dns dns_server_ip1 [dns_sercre_ip2]

vpdn group group_name client configuration wins wins_server_ip1 [wins_server_ip2]

vpdn group group_name client authentication aaa aaa_server_group

vpdn group group_name pptp echo echo_timeout

vpngroup group_name address-pool pool_name

vpngroup group_name default-domain domain_name

vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]

vpngroup group_name idle-time idle_seconds

vpngroup group_name max-time max_seconds

vpngroup group_name password preshared_key

vpngroup group_name pfs

vpngroup group_name split-dns domain_name1 [domain_name2, domain_name3, ..., domain_name8]

vpngroup group_name split-tunnel acl_name

vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]

who [local_ip]

write - any command beginning with write is unsupported

Table of Contents

Supported Devices, OS Versions and Commands for Management Center for
PIX Firewalls 1.1.1