cc/td/doc/product/rtrmgmt/cw2000/mgt_pix
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.1.2

Supported Devices
Support for PIX Firewall and Firewall Services Module CLI Commands

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.1.2


Revised: April 30, 2003

This document includes:

Supported Devices

Table 1 lists the devices supported by Management Center for Firewalls 1.1.2.

Table 1   Devices

Series Devices Supported Software

Cisco PIX Firewall Series

PIX 501, PIX 506, PIX 506E, PIX 515, PIX 515E, PIX 525, PIX 535

PIX OS 6.0(x), PIX OS 6.1(x), PIX OS 6.2(x), PIX OS 6.3

FWSM

N/A

FWSM 1.1.1, 1.1.2

Support for PIX Firewall and Firewall Services Module CLI Commands

PIX Firewall and Firewall Services Module (FWSM) CLI commands receive different levels of support from Firewall MC 1.1.2. You should fully understand the level of support that each command receives from Firewall MC. This understanding will enable you to use commands or command combinations in PIX Firewall and FWSM configuration files so that import operations and deployment jobs succeed.

The levels of support provided by Firewall MC are:


Note    To access ending commands, select Configuration > Settings > Configuring Additions > Ending Commands.

Command descriptions showin in the table use these conventions:

Table 2   PIX Firewall Version 1.1.2 CLI Commands Support Status

Command Reference CLI Commands Supported Unsupported Error Ignored Discarded Not Used
aaa accounting

aaa accounting include | exclude acctg_service inbound | outbound | if_name local_ip local_mask foreign_ip foreign_mask group_tag

Note Include and exclude are not supported, but can be manually converted to an ACL.

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

aaa accounting match acl_name inbound | outbound | if_name group_tag

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

aaa authentication

aaa authentication include | exclude authen_service inbound | outbound | if _name local_ip local_mask foreign_ip foreign_mask group_tag

Note Include and exclude are not supported, but can be manually converted to an ACL.

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

aaa authentication match acl_name inbound | outbound | if_name group_tag

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

aaa authentication [enable | telnet | ssh | http] console group_tag

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

aaa authentication [serial | enable | telnet | ssh | http] console group_tag

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

aaa authorization

aaa authorization command {LOCAL | tacacs_server_tag}

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

aaa authorization include | exclude author_service inbound | outbound | if_name local_ip local_mask foreign_ip foreign_mask

Note Include and exclude are not supported, but can be manually converted to an ACL.

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

aaa authorization match acl_name inbound | outbound | if_name group_tag

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

aaa mac-exempt

aaa mac-exempt match id

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

aaa proxy-limit

aaa proxy-limit proxy limit | disable

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

aaa-server

aaa-server group_tag (if_name) host server_ip key timeout seconds

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

 

aaa-server group_tag protocol auth_protocol

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

aaa-server radius-acctport port

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

aaa-server radius-authport port

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

debug radius session

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

access-group

access-group acl_ID in interface interface_name

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

access-list

access-list [acl_ID] compiled

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

access-list deny-flow-max n

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

access-list alert-interval secs

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

access-list acl_ID [deny | permit] icmp {source_addr | local_addr} {source_mask | local_mask} {destination_addr | remote_addr} {destination_mask | remote_mask} icmp_type

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

access-list acl_ID {deny | permit} protocol {source_addr | local_addr} {source_mask | local_mask} [operator port [port] {destination_addr | remote_addr} {destination_mask | remote_mask} [operator port [port]

PIX

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

access-list id {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

access-list id {deny | permit} {protocol | object-group protocol_obj_grp_id {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id] {destination_addr | remote_addr} {destination_mask | remote_mask} | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]}

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

access-list id deny|permit {any | <ip> <mask>}

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

debug access-list all | standard

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

debug access-list all | standard | turbo

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

activation-key

activation-key activation-key-four-tuple

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

alias

alias [(if_name)] dnat_ip foreign_ip [netmask]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

arp

arp if_name ip_address mac_address [ alias ]

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

arp timeout seconds

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

auth-prompt

auth-prompt [ accept | reject | prompt ] string

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

auto-update

auto-update device-id harware-serial | hostname | ipaddress [if_name] | mac-address [if_name] string text

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

auto-update poll-period poll_period [retry_count [retry_period]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

auto-update server url [verify_certificate]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

auto-update timeout period

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

banner

banner {exec | login | motd} text

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ca

ca authenticate ca_nickname [fingerprint]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca configure ca_nickname ca | ra retry_period retry_count [crloptional]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

ca crl request ca_nickname

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca enroll ca_nickname challenge_password [serial] [ipaddress]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca generate rsa {key | specialkey} key_modulus_size

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca identity ca_nickname ca_ipaddress[:ca_script_location] [ldap_ip address]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca save all

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca subject-name ca_nickname X.500_string

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ca verifycertdn X.500_string

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ca zeroize rsa [keypair_name]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ca generate rsa key

ca generate rsa key modulus

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

capture

capture capture_name [access-list acl_name][buffer bytes] [ethernet-type type][interface name] [packet-length bytes] [circular-buffer]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

clear

clear file configuration | pdm | pki

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

clock

clock set hh:mm:ss {day month | month day} year

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

clock summer-time zone recurring [week weekday month hh:mm week weekday month hh:mm] [offset]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

clock summer-time zone date {day month | month day} year hh:mm {day month | month day} year hh:mm [offset]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

clock timezone zone hours [minutes]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

conduit

Note Conduits rely on the converter tool to translate conduits and outbounds to access-list commands.

conduit permit | deny protocol global_ip global_mask [operator port [port]] foreign_ip foreign_mask [operator port [port]]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

conduit permit | deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

conduit deny | permit protocol | object-group protocol_obj_grp_id global_ip global_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id] foreign_ip foreign_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

conduit deny | permit icmp global_ip global_mask | object-group network_obj_grp_id foreign_ip foreign_mask | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

configure

configure factory-default [inside_ip_address [address_mask]]

Note Applies to PIX 501 and PIX 506/506E only.

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

 

configure floppy

Note Applies only to older PIX Firewalls that have a floppy drive.

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

configure http[s] :// [user:password@] location [ :port ] / http_pathname

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

configure memory

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

configure net [[server_ip]:[filename]]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

configure terminal

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

console

console timeout number

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

copy

copy capture: capture_name tftp://location/path [pcap]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

 

copy http[s]://[user:password@] location [:port ] / http_pathname flash [: [image | pdm] ]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image | pdm]]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

crashinfo

crashinfo test

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

crashinfo force [page-fault | watchdog]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

crashinfo save [enable | disable]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

crypto dynamic-map

crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname | ip-address

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [group1 | group2]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [ transform-set-name9]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto ipsec

crypto ipsec security-association lifetime seconds seconds | kilobytes kilobytes

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto ipsec transform-set transform-set-name mode transport

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map

crypto map map-name client [token] authentication aaa-server-name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

crypto map map-name client configuration address initiate | respond

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name interface interface-name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num ipsec-isakmp | ipsec-manual [dynamic dynamic-map-name]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num match address acl_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num set peer hostname | ip-address

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num set pfs [group1 | group2]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

crypto map map-name seq-num set session-key inbound | outbound ah spi hex-key-string

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num set session-key inbound | outbound esp spi cipher hex-key-string [authenticator hex-key-string]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

debug

debug

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

dhcpd

dhcpd address ip1[-ip2] [if_name]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

dhcpd auto_config [client_ifx_name]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

dhcpd dns dns1 [dns2]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

 

dhcpd domain domain_name

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

dhcpd enable [if_name]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

dhcpd lease lease_length

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

dhcpd option 66 ascii {server_name | server_ip_str}

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

dhcpd option 150 ip server_ip1 [server_ip2]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

dhcpd ping timeout timeout

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

dhcpd wins wins1 [wins2]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

disable

disable

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

domain-name

domain-name name

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

 

 

X

eeprom

eeprom update

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

enable

enable [priv_1evel]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

enable password [pw] [encrypted]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

enable password [pw] [level priv_level] [encrypted]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

established

established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

exit

exit

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

failover

failover

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

failover active

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

failover ip address if_name ip_address

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

failover lan enable

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

failover lan interface if_name

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

failover lan key key_secret

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

failover lan unit primary | secondary

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

 

failover link [stateful_if_name]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

failover mac address mif_name act_mac stn_mac

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

failover poll seconds

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

failover replicate http

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

failover reset

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

failover timeout seconds

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

 

 

X

filter

filter activex port local_ip mask foreign_ip mask

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

filter ftp dest-port local_ip local_mask foreign_ip foreign_mask [allow] [interact-block]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

filter java port[-port] local_ip mask foreign_ip mask

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

filter url [port[-port]] local_ip local_mask foreign_ip foreign_mask [allow]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

filter url [http | port[-port]] local_ip local_mask foreign_ip ofreign_mask [allow]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

filter url [http | port[-port]] local_ip local_mask foreign_ip ofreign_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]

Note Syntax errors are generated on [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

filter url except local_ip local_mask foreign_ip foreign_mask

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

fixup protocol

fixup protocol ctiqbe 2748

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

fixup protocol esp-ike

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

fixup protocol ftp [strict] [port]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol http [port[-port]]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol h323 {h225 | ras} port [-port]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol icmp error

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

fixup protocol ils [port[-port]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

fixup protocol mgcp [port [-port]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

fixup protocol pptp 1723

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

 

fixup protocol rsh [514]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol rtsp [port]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol sip [5060]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol sip udp [5060]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol skinny [2000]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol smtp [port[-port]]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fixup protocol sqlnet [port[-port]]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

flashfs

flashfs downgrade {4.x | 5.0 | 5.1}

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

floodguard

floodguard enable

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

floodguard disable

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fragment

Note Fragments can be imported correctly, but will generate commands per interface only.

fragment size database-limit [interface]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fragment chain chain-limit [interface]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

fragment timeout seconds [interface]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

global

global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

help

help

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

hostname

hostname newname

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

http

http ip_address [netmask] [if_name]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

http server enable

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

icmp

icmp permit | deny [host] src_addr [src_mask] [type] int_name

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

igmp

Note See the multicast command for igmp subcommands.

interface

Note See also router interface command reference for ospf subcommand support.

interface <interface name>

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

interface hardware_id [hardware_speed] [shutdown]

PIX Firewall OS

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

interface hardware_id vlan_id [logical | physical] [shutdown]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

 

interface hardware_id change-vlan old_vlan_id new_vlan_id

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

ospf authentication [message-digest | null]

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf authentication-key password

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf cost interface_cost

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf database-filter all out

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf dead-interval seconds

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf hello-interval seconds

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf message-digest-key key-id md5 key

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

 

ospf mtu-ignore

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf priority number

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf retransmit-interval seconds

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ospf transmit-delay seconds

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ip address

ip address if_name ip_address [netmask]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

ip address outside dhcp [setroute] [retry retry_cnt]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

ip address if_name pppoe [setroute]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip address if_name ip_address netmask pppoe [setroute]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip audit

ip audit attack [action [alarm] [drop] [reset]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip audit info [action [alarm] [drop] [reset]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip audit interface if_name audit_name

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip audit name audit_name attack [action [alarm] [drop] [reset]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip audit name audit_name info [action [alarm] [drop] [reset]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip audit signature signature_number disable

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

ip local pool

ip local pool pool_name pool_start-address[-pool_end-address]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ip prefix-list

Note See also prefix-list commands.

ip prefix-list list-name [seq seq-value] {deny | permit network/length}[ge ge-value] [le le-value]

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ip prefix-list sequence-number

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

ip verify reverse-path

ip verify reverse-path interface int_name

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

isakmp

isakmp client configuration address-pool local pool-name [interface-name]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp enable interface-name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp identity {address | hostname}

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp identity {address | hostname | [key-id key_id_string]}

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

isakmp keepalive seconds [retry_seconds]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp nat-traversal [natkeepalive]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

isakmp peer fqdn fqdn no-xauth no-config-mode

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp policy

isakmp policy priority authentication pre-share | rsa-sig

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp policy priority encryption aes | aes-192| aes-256 | des | 3des

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp policy priority group1 | 5

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp policy priority group1 | 2 | 5

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

isakmp policy priority hash md5 | sha

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

isakmp policy priority lifetime seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

kill

kill

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

logging

logging on

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging buffered level

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging console level

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging device-id {hostname | ipaddress if_name | string text}

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

 

logging facility facility

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging history level

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging host [in_if_name] ip_address [protocol/port]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging host [in_if_name] ip_address [protocol/port] format emblem

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

logging message syslog_id

PIX Firewall

 

 

 

 

 

X

FWSM

X

 

 

 

 

 

logging message syslog_id [level level]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

logging monitor level

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging queue queue_size

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

 

logging standby

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging timestamp

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

logging trap level

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

login

login

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

mac-list

mac-list id deny | permit mac macmask

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

management-
access

management-access mgmt_if

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

mgcp

mgcp call-agent ip_address group_id

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

mgcp command-queue limit

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

mgcp gateway ip_address group_id

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

mroute

mroute src smask in-if-name dst dmask out-if-name

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

multicast

multicast interface interface_name [max-groups number]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

igmp forward interface interface_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

igmp access-group acl_id

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

igmp join-group group

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

igmp max-groups number

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

igmp query-interval seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

igmp query-max-response-time seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

igmp version {1 | 2}

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

mtu

mtu if_name bytes

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

name/names

name ip_address name

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

names

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

nameif

nameif vlan_id if_name security_level

PIX Firewall

 

 

 

 

 

X

FWSM

X

 

 

 

 

 

nameif hardware_id if_name security_level

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

nat

nat [(if_name)] id address [netmask][norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

nat [(if_name)] nat_id local_ip [netmask [max_conns [em_limit]]] [norandomseq]

PIX Firewall

 

 

 

 

 

X

FWSM

X

 

 

 

 

 

nat [(if_name)] id address [netmask [outside] [dns] [norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

nat [(if_name)] 0 access-list acl_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ntp

ntp authenticate

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ntp authentication-key number md5 value

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ntp server ip_address [key number] source if_name [prefer]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

ntp trusted-key number

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

object-group

object-group grp_id

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

object-group description description_text

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

object-group icmp-type grp_id icmp-group icmp_type

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

object-group network grp_id network-object host host_addr network-object host_addr netmask

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

object-group protocol grp_id protocol-object protocol

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

object-group service grp_id {tcp | udp | tcp-udp} port-object eq service port-object range begin_service end_service

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

X

 

 

 

outbound / apply

Note Outbounds rely on the converter tool to translate outbounds and conduits to access-list commands.

apply [(if_name)] list_ID outgoing_src | outgoing_dest

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

outbound list_ID permit | deny ip_address [netmask [port[-port]] [protocol]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

outbound list_ID except ip_address [netmask [port[-port]] [protocol]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

pager

pager [lines number]

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

password

{password | passwd} password [encrypted]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

pdm

pdm history enable

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

pdm history [view {all | 12h | 5d | 60m | 10m}] [snapshot] [feature {all | blocks | cpu | failover | ids | interface if_name | memory | perfmon | xlates}] [pdmclient]

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

 

pdm location ip_address netmask if_name

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

pdm logging [level [messages]]

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

perfmon

perfmon verbose

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

perfmon interval seconds

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

perfmon quiet

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

perfmon settings

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

ping

ping [if_name] ip_address

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

prefix-list

Note See also ip prefix-list commands.

prefix-list list_name [seq seq_value] {permit | deny prefix / len} [ge min_value] [le max_value]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

prefix-list sequence-number

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

privilege

privilege [show | clear | configure] level level [mode enable | configure] command command

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

quit

quit

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

reload

reload

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

reload noconfirm

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

rip

rip if_name default | passive [version [1 | 2]] [authentication [text | md5 key (key_id)]]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

route

route if_name ip_address netmask gateway_ip [metric]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

route-map

route-map map_tag [permit | deny] [seq_num]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

match [interface | route-type | metric | ip address | ip next-hop | ip route-source]

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

set metric [+ | -] metric_value

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

set metric-type type-1 | type-2 | internal | external

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

set ip next-hop ip-address [ip-address...]

PIX Firewall

 

 

 

 

 

X

FWSM

 

X

 

 

 

 

router ospf

router ospf pid

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

area area_id authentication [message-digest]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id default-cost cost

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id filter-list prefix {prefix_list_name in | out}

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id nssa [no-redistribution] [default-information-originate [metric-type 1 | 2] [metric metric_value]] [no-summary]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id range ip_address netmask [advertise | not-advertise]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id stub [no-summary]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

area area_id virtual-link router_id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [authentication-key password] [message-digest-key id md5 password]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

compatible rfc1583

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

default-information originate [always] [metric metric_value] [metric-type {1 | 2}] [route-map map_name]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

distance ospf [intra-area d1][inter-area d2][external d3]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

ignore lsa mospf

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

log-adj-changes [detail]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

network prefix ip_address netmask area area_id

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

redistribute {static | connected} [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

redistribute ospf pid [match {internal | external [1|2] | nssa-external [1|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

router-id ip_address

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

summary-address addr netmask [not-advertise] [tag tag_value]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

timers {spf spf_delay spf_holdtime | lsa-group-pacing seconds}

 

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

routing interface

routing interface interface_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf authentication [message-digest | null]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf authentication-key password

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

ospf cost interface_cost

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf database-filter all out

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf dead-interval seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf hello-interval seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf message-digest-key key-id md5 key

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf mtu-ignore

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf priority number

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

ospf retransmit-interval seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

 

ospf transmit-delay seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

service

service resetinbound | resetoutside

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

session

session enable

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

setup

setup

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

show

show

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

shun

shun src_ip [dst_ip sport dport [protocol]]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

snmp-server

snmp-server community key

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

snmp-server {contact | location} text

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

 

snmp-server host [if_name] ip_addr [trap | poll]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

snmp-server enable traps

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

ssh

ssh ip_address [netmask] [interface_name]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

ssh disconnect session_id

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

ssh timeout mm

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

static

static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address [netmask mask] [norandomseq] [connection_limit [em_limit]]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address dns [netmask mask] [norandomseq] [connection_limit [em_limit]]

PIX Firewall

 

 

X

 

 

 

FWSM

 

 

 

 

 

X

syslog

syslog

Note Deprecated in PIX Firewall OS Version 6.2.

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

sysopt

sysopt connection permit-pptp | permit-l2tp | permit-ipsec

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

sysopt connection tcpmss bytes

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

sysopt connection tcpmss minimum bytes

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

sysopt connection timewait

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

sysopt ipsec pl-compatible

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

sysopt nodnsalias inbound | outbound

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

sysopt noproxyarp if_name

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

sysopt radius ignore-secret

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

sysopt route dnat

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

sysopt security fragguard

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

sysopt uauth allow-http-cache

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

telnet

telnet ip_address [netmask] [if_name]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

telnet timeout minutes

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

terminal

terminal monitor

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

 

terminal width characters

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

tftp-server

tftp-server [if_name] ip _address path

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

timeout

timeout [xlate [hh:mm:ss]] [conn [hh:mm:ss]] [half-closed [hh:mm:ss]] [udp [hh:mm:ss]] [rpc [hh:mm:ss]] [h225 [hh:mm:ss]] [h323 [hh:mm:ss]] [sip [hh:mm:ss]] [sip_media [hh:mm:ss]] [uauth [hh:mm:ss] [absolut | inactivity]]

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

url-block

url-block block block_buffer_limit

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

url-block url-mempool memory_pool_size

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

url-block url-size long_url_size

Note Websense only.

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

url-cache

url-cache {dst | src_dst} size kbytes

PIX Firewall

X

 

 

 

 

 

FWSM

X

 

 

 

 

 

url-server

url-server [(if_name)] vendor n2h2 host local_ip [port number] [timeout seconds] [protocol {TCP | UDP}]

Note N2H2 only.

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

url-server [(if_name)] vendor websense host local_ip [timout seconds] [protocol {TCP | UDP} version]

Note Websense only.

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

url-server [(if_name)] host local_ip [timeout seconds] [protocol {TCP | UDP} version]

Note Websense only.

PIX Firewall

 

 

 

 

 

X

FWSM

X

 

 

 

 

 

username

username username {[{nopassword | password password} [encrypted]] [privilege level]}

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

 

X

virtual

virtual http ip_address [warn]

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

virtual telnet ip_address

PIX Firewall

 

 

 

X

 

 

FWSM

 

 

 

X

 

 

vpdn

vpdn enable if_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpdn group group_name [[accept dialin pptp | l2tp]] | [ppp encryption mppe 40 | 128| auto [required]] | [ client configuration address local address_pool_name ] | [client configuration dns dns_ip1 [dns_ip2]] | [ client configuration wins wins_ip1 [wins_ip2]] | [client authentication local | aaa auth_aaa_group] | [ client accounting acct_aaa_group] | [pptp echo echo_time] | [ l2tp tunnel hello hello_time]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpdn username name password passwd store-local

PIX Firewall (PPPoE only)

X

 

 

 

 

 

PIX Firewall (all other instances)

 

 

 

X

 

 

FWSM

 

 

 

 

 

X

vpdn username name password passwd

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpdn group group_name localname username

PIX Firewall (PPPoE only)

X

 

 

 

 

 

PIX Firewall (all other instances)

 

 

 

X

 

 

FWSM

 

 

 

 

 

X

vpdn group group_name request dialout pppoe

PIX Firewall (PPPoE only)

X

 

 

 

 

 

PIX Firewall (all other instances)

 

 

 

X

 

 

FWSM

 

 

 

 

 

X

vpdn group group_name ppp authentication PAP | CHAP | MSCHAP

PIX Firewall (PPPoE only)

X

 

 

 

 

 

PIX Firewall (all other instances)

 

 

 

X

 

 

FWSM

 

 

 

 

 

X

vpnclient

vpnclient vpngroup group_name password preshared_key

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient username xauth_username password xauth_password

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient server ip_primary [ip_secondary_1, ip_sendary_2, ..., ip_secondary_n]

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient mac-exempt mac_addr_1 mac_mask_1 [mac_addr_2 mac_mask_2]

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient mode client-mode | network-extension-mode

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclinet enable

PIX Firewall

X

 

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient management {[tunnel {ip_addr_1| ip_mask_1} [{ip_addr_2 | ip_mask_1}...]] | [clear]}

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient connect

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpnclient disconnect

PIX Firewall

 

X

 

 

 

 

FWSM

 

 

 

 

 

X

vpngroup

vpngroup group_name address-pool pool_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name authentication-server server_tag

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name backup-server {{ip1 [ip2 ... ip10]} | clear}

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name default-domain domain_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

vpngroup group_name device-pass-through

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name idle-time idle_seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name max-time max_seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name password preshared_key

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name pfs

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name split-dns domain_name1 [domain_name2, domain_name3, ..., domain_name8]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

 

vpngroup group_name split-tunnel acl_name

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name user-authentication

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name user-idle-timeout user_idle_seconds

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]

PIX Firewall

 

X

 

 

 

 

FWSM

 

X

 

 

 

 

who

who [local_ip]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

write

write net [[server_ip]:[filename]]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

write floppy

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

write memory | floppy [uncompressed]

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

 

write standby

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 

write terminal

PIX Firewall

 

 

 

 

X

 

FWSM

 

 

 

 

X

 


hometocprevnextglossaryfeedbacksearchhelp
Posted: Tue May 6 05:39:11 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.