Help PIX cisco IOS выдает 96 команд (112 разделов с описанием команд приведено в документации C:\1\Cisco_PIX_Firewall\co | |||||||||||
1 | aaa | Enable, disable, or view TACACS+, RADIUS or LOCAL user authentication, authorization and acco | |||||||||
aaa accounting | Enable, disable, or view LOCAL, TACACS+, or RADIUS user accounting (on | ||||||||||
aaa authentication | Enable, disable, or view LOCAL, TACACS+, or RADIUS user authentication ( | ||||||||||
aaa authorization | Enable or disable LOCAL or TACACS+ user authorization services. (Configur | ||||||||||
aaa proxy-limit | Specifies the number of concurrent proxy connections allowed per user. (Conf | ||||||||||
Usage: | |||||||||||
[no] aaa authentication|authorization|accounting include|exclude <svc> <if_name> <l_ip | |||||||||||
[no] aaa authentication serial|telnet|ssh|http|enable console <server_tag> | |||||||||||
[no] aaa authentication|authorization|accounting match <access_list_name> <if_name> | |||||||||||
[no] aaa authorization command {LOCAL | tacacs_server_tag} aaa proxy-limit <proxy lim | |||||||||||
2 | aaa-server | Define AAA Server group | |||||||||
Specify an AAA server. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] aaa-server <tag> [<(if_name)>] host <ip_address> [<key>] [timeout <seconds>] | |||||||||||
aaa-server <tag> protocol tacacs+|radius | |||||||||||
clear aaa-server [<tag>] | |||||||||||
[no] aaa-server radius-authport [<auth_port>] | |||||||||||
[no] aaa-server radius-acctport [<acct_port>] | |||||||||||
3 | access-group | Bind an access-list to an interface to filter inbound traffic | |||||||||
Binds the access list to an interface. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] access-group <access-list> in interface <if_name> | |||||||||||
4 | access-list | Add an access list | |||||||||
Create an access list, or use downloadable access lists. (Downloadable access lists are supported for RADIUS servers only). (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] access-list compiled | |||||||||||
[no] access-list <id> compiled | |||||||||||
[no] access-list <id> deny|permit <protocol>|object-group <protocol_obj_grp_id> | |||||||||||
<sip> <smask> | object-group <network_obj_grp_id> | |||||||||||
[<operator> <port> [<port>] | object-group <service_obj_grp_id>] | |||||||||||
<dip> <dmask> | object-group <network_obj_grp_id> | |||||||||||
[<operator> <port> [<port>] | object-group <service_obj_grp_id>] | |||||||||||
[no] access-list <id> deny|permit icmp | |||||||||||
<sip> <smask> | object-group <network_obj_grp_id> | |||||||||||
<dip> <dmask> | object-group <network_obj_grp_id> | |||||||||||
[<icmp_type> | object-group <icmp_type_obj_grp_id>] | |||||||||||
5 | activation-key | Modify activation-key. | |||||||||
Updates the activation key on your PIX Firewall and checks the activation key running on your PIX F | |||||||||||
Usage: | |||||||||||
activation-key <activation-key-four-tuple> | |||||||||||
show activation-key | |||||||||||
Result of firewall command: "sh activation-key" | |||||||||||
Serial Number: 807112150 (0x301b8dd6) | |||||||||||
Running Activation Key: 0xfed72fb7 0x36ed2c14 0x0bd663eb 0x00aa3e31 | |||||||||||
Licensed Features: | |||||||||||
Failover: Disabled | |||||||||||
VPN-DES: Enabled | |||||||||||
VPN-3DES: Disabled | |||||||||||
Maximum Interfaces: 2 | |||||||||||
Cut-through Proxy: Enabled | |||||||||||
Guards: Enabled | |||||||||||
URL-filtering: Enabled | |||||||||||
Inside Hosts: 10 | |||||||||||
Throughput: Limited | |||||||||||
IKE peers: 5 | |||||||||||
The flash activation key is the SAME as the running key. | |||||||||||
6 | age | This command is deprecated. See ipsec, isakmp, map, ca commands | |||||||||
7 | alias | Administer overlapping addresses with dual NAT. | |||||||||
Administer overlapping addresses with dual NAT. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] alias [<(if_name)>] <dnat_ip> <foreign_ip> [<mask>] | |||||||||||
8 | apply | Apply outbound lists to source or destination IP addresses | |||||||||
Usage: | |||||||||||
[no] apply [(<if_name>)] <outbound_id> outgoing_src|outgoing_dest | |||||||||||
9 | arp | Change or view the arp table, and set the arp timeout value | |||||||||
Change or view the ARP cache, and set the timeout value. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] arp <if_name> <ip> <mac> [alias] | |||||||||||
[no] arp timeout <seconds> | |||||||||||
10 | auth-prompt | Customize authentication challenge, reject or acceptance prompt | |||||||||
Change the AAA challenge text. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no | clear] auth-prompt [prompt | accept | reject] "<prompt text>" | |||||||||||
11 | auto-update | Configure auto update support | |||||||||
Specifies how often to poll an Auto Update Server. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
auto-update device-id hardware-serial | hostname | ipaddress [<if_name>] | mac-address [<if_name>] | string <text> | |||||||||||
no auto-update device-id | |||||||||||
auto-update poll-period <poll-period> [<retry-count> [<retry-period>]] | |||||||||||
no auto-update poll-period | |||||||||||
auto-update server <url> [verify-certificate] | |||||||||||
no auto-update server | |||||||||||
auto-update timeout <period> | |||||||||||
no auto-update timeout | |||||||||||
12 | blocks | Show system buffer utilization | |||||||||
Result of firewall command: "sh blocks" | |||||||||||
SIZE | MAX | LOW | CNT | ||||||||
4 | 600 | 597 | 600 | ||||||||
80 | 400 | 398 | 399 | ||||||||
256 | 100 | 99 | 100 | ||||||||
1550 | 932 | 634 | 673 | ||||||||
13 | ca | CEP (Certificate Enrollment Protocol) Create and enroll RSA key pairs into a PKI (Public Key Infrastructure). | |||||||||
ca | Configure the PIX Firewall to interoperate with a certification authority (CA). (C | ||||||||||
ca generate rsa key | The ca generate rsa command generates RSA key pairs for your PIX Firewall. | ||||||||||
Usage: | |||||||||||
ca generate rsa key|specialkey <key_modulus_size> | |||||||||||
ca identity <ca_nickname> <ca_ipaddress | hostname>[:<ca_script_location>] [<ldap_i | |||||||||||
ca configure <ca_nickname> ca|ra <retry_period> <retry_count> [crloptional] | |||||||||||
ca authenticate <ca_nickname> [<fingerprint>] | |||||||||||
ca enroll <ca_nickname> <challenge_password> [serial] [ipaddress] | |||||||||||
[no] ca save all | |||||||||||
show ca certificate | |||||||||||
show ca mypubkey rsa | |||||||||||
ca zeroize rsa | |||||||||||
Result of firewall command: "show ca mypubkey rsa" | |||||||||||
% Key pair was generated at: 20:06:31 UTC Jun 7 2003 | |||||||||||
Key name: pixfirewall.ciscopix.com | |||||||||||
Usage: General Purpose Key | |||||||||||
Key Data: | |||||||||||
307c300d 06092a86 4886f70d 01010105 00036b00 30680261 00ce4a57 54bb7280 | |||||||||||
0d2e8b0c 8a55a2ba bab2bd07 8d3fcf62 d85e1411 0135e898 16021b78 f4359c26 | |||||||||||
169b94c5 1cccf467 f9cbca7a c414e7eb bd3a9bae f13d0b23 3055f83a b362112a | |||||||||||
73a608c1 12a14db1 0d337e54 2a1f13dc ba5b2f94 578933d7 b7020301 0001 | |||||||||||
14 | capture | Capture inbound and outbound packets on one or more interfaces | |||||||||
Enables packet capture capabilities for packet sniffing and network fault isolation. (Configuration mo | |||||||||||
Usage: | |||||||||||
capture <capture-name> [access-list <acl-name>] [buffer <buf-size>] [ethernet-type <ty | |||||||||||
clear capture <capture-name> | |||||||||||
no capture <capture-name> [access-list] [interface <if-name>] | |||||||||||
show capture [<capture-name> [access-list <acl-name>] [count <number>] [detail] [du | |||||||||||
15 | checksum | View configuration information cryptochecksum | |||||||||
Result of firewall command: "sh checksum" | |||||||||||
Cryptochecksum: 99fa64ee 32accc00 4e83bf0b c0bc907d | |||||||||||
16 | chunkstat | Display chunk stats | |||||||||
Result of firewall command: "sh chunkstat" | |||||||||||
Chunk statistics: created 1, destroyed: 0,sibs created: 0, sibs trimmed: 0 | |||||||||||
Dump of chunk at 80a5bf48, name "DHCPD Internal Radix Tree Nodes", data start @ 80 | |||||||||||
flink: 80650e00, blink: 80650e00 | |||||||||||
next: cccccccc, next_sibling: 00000000, prev_sibling: 00000000 | |||||||||||
flags 00000005 | |||||||||||
maximum chunk elt's: 32, elt size: 36, index first free 31 | |||||||||||
# chunks in use: 1, HWM of total used: 1, alignment: 8 | |||||||||||
всего выдало 359 строк | |||||||||||
17 | clear | Removes configuration files and commands from the configuration, or resets command values. (All | |||||||||
18 | clock | Show and set the date and time of PIX | |||||||||
Set the PIX Firewall clock for use with the PIX Firewall Syslog Server (PFSS) and the Public Key Infrastructure (PKI) protocol. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
clock set <hh:mm:ss> {<day> <month> | <month> <day>} <year> | |||||||||||
clock summer-time <zone> recurring [<week> <weekday> <month> <hh:mm> <week> | |||||||||||
clock summer-time <zone> date {<day> <month> | <month> <day>} <year> <hh:mm> { | |||||||||||
no clock summer-time | |||||||||||
clock timezone <zone> <hours> [<minutes>] | |||||||||||
no clock timezone | |||||||||||
show clock [detail] | |||||||||||
Result of firewall command: "sh clock" | |||||||||||
21:42:53.880 UTC Sat Jun 7 2003 | |||||||||||
19 | conduit | Add conduit access to higher security level network or ICMP | |||||||||
Add, delete, or show conduits through the PIX Firewall for incoming connections. However, the conduit command has been superseded by the access-list command. We recommend that you migrate your configuration away from the conduit command to maintain future compatibility. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] conduit deny|permit <protocol>|object-group <protocol_obj_grp_id> | |||||||||||
<g_ip> <g_mask> | object-group <network_obj_grp_id> | |||||||||||
[<operator> <port> [<port>] | object-group <service_obj_grp_id>] | |||||||||||
<f_ip> <f_mask> | object-group <network_obj_grp_id> | |||||||||||
[<operator> <port> [<port>] | object-group <service_obj_grp_id>] | |||||||||||
[no] conduit deny|permit icmp <g_ip> <g_mask> | object-group <network_obj_grp_id> | |||||||||||
<f_ip> <f_mask> | object-group <network_obj_grp_id> | |||||||||||
[<icmp_type> | object-group <icmp_type_obj_grp_id>] | |||||||||||
20 | configure | Configure from terminal, floppy, memory, network, or factory-default. The configuration will be merg | |||||||||
Clear or merge the current configuration with that on floppy or in flash memory, start configuration | |||||||||||
Usage: | |||||||||||
configure [terminal|floppy|memory] | |||||||||||
configure http[s]://[<user>:<password>@]<location>[:<port>]/<pathname> | |||||||||||
configure net [<location>]:[<pathname>] | |||||||||||
configure factory-default [<inside_ip> [<mask>]] | |||||||||||
clear configure [primary|secondary|all] | |||||||||||
Result of firewall command: "sh configure" | |||||||||||
: Saved | |||||||||||
: Written by enable_15 at 23:24:35.446 UTC Tue Jun 3 2003 | |||||||||||
PIX Version 6.2(2) | |||||||||||
nameif ethernet0 outside security0 | |||||||||||
nameif ethernet1 inside security100 | |||||||||||
enable password 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
passwd 2KFQnbNIdI.2KYOU encrypted | |||||||||||
hostname pixfirewall | |||||||||||
domain-name ciscopix.com | |||||||||||
fixup protocol ftp 21 | |||||||||||
fixup protocol http 80 | |||||||||||
fixup protocol h323 h225 1720 | |||||||||||
fixup protocol h323 ras 1718-1719 | |||||||||||
fixup protocol ils 389 | |||||||||||
fixup protocol rsh 514 | |||||||||||
fixup protocol rtsp 554 | |||||||||||
fixup protocol smtp 25 | |||||||||||
fixup protocol sqlnet 1521 | |||||||||||
fixup protocol sip 5060 | |||||||||||
fixup protocol skinny 2000 | |||||||||||
names | |||||||||||
pager lines 24 | |||||||||||
interface ethernet0 10baset | |||||||||||
interface ethernet1 10full | |||||||||||
mtu outside 1500 | |||||||||||
mtu inside 1500 | |||||||||||
ip address outside 213.147.32.39 255.255.255.0 | |||||||||||
ip address inside 192.168.1.1 255.255.255.0 | |||||||||||
ip audit info action alarm | |||||||||||
ip audit attack action alarm | |||||||||||
pdm logging informational 100 | |||||||||||
pdm history enable | |||||||||||
arp timeout 14400 | |||||||||||
nat (inside) 0 0.0.0.0 0.0.0.0 0 0 | |||||||||||
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1 | |||||||||||
timeout xlate 0:05:00 | |||||||||||
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30: | |||||||||||
timeout uauth 0:05:00 absolute | |||||||||||
aaa-server TACACS+ protocol tacacs+ | |||||||||||
aaa-server RADIUS protocol radius | |||||||||||
aaa-server LOCAL protocol local | |||||||||||
http server enable | |||||||||||
http 192.168.1.0 255.255.255.0 inside | |||||||||||
no snmp-server location | |||||||||||
no snmp-server contact | |||||||||||
snmp-server community public | |||||||||||
no snmp-server enable traps | |||||||||||
floodguard enable | |||||||||||
no sysopt route dnat | |||||||||||
telnet timeout 5 | |||||||||||
ssh timeout 5 | |||||||||||
dhcpd address 192.168.1.2-192.168.1.33 inside | |||||||||||
dhcpd lease 3600 | |||||||||||
dhcpd ping_timeout 750 | |||||||||||
dhcpd auto_config outside | |||||||||||
terminal width 80 | |||||||||||
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d | |||||||||||
21 | copy | Change software images without requiring access to the TFTP monitor mode. (Configuration mode.) | |||||||||
USAGE: | |||||||||||
copy capture:<capture-name> tftp://<location>/<pathname> [pcap] | |||||||||||
copy http[s]://[<user>:<password>@]<location>[:<port>]/<pathname>flash[:[image | pd | |||||||||||
copy tftp[:[[//location][/pathname]]] flash[:[image | pdm]] | |||||||||||
22 | conn | Display connection information | |||||||||
Result of firewall command: "show conn" | |||||||||||
0 in use, 0 most used | |||||||||||
23 | cpu | Display cpu usage | |||||||||
Result of firewall command: "sh cpu usage" | |||||||||||
CPU utilization for 5 seconds = 0%; 1 minute: 1%; 5 minutes: 1% | |||||||||||
24 | crypto | Configure IPsec, IKE, and CA | |||||||||
crypto dynamic-ma | Create, view, or delete a dynamic crypto map entry. (Configuration mode.) | ||||||||||
crypto ipsec | Create, view, or delete IPSec security associations, security association glob | ||||||||||
crypto map | Create, modify, view or delete a crypto map entry. Also used to delete a cryp | ||||||||||
Usage: | |||||||||||
crypto { ca | dynamic-map | map | ipsec | isakmp } ... | |||||||||||
25 | curpriv | Display current privilege level | |||||||||
Result of firewall command: "sh curpriv" | |||||||||||
Username : enable_15 | |||||||||||
Current privilege level : 15 | |||||||||||
Current Mode/s : P_PRIV P_CONF | |||||||||||
26 | debug | Debug packets or ICMP tracings through the PIX Firewall. | |||||||||
You can debug packets or ICMP tracings through the PIX Firewall. The debug command provides inf | |||||||||||
Usage: | |||||||||||
[no] debug icmp trace | |||||||||||
[no] debug packet <if_name> [src <s_ip> [netmask <m>]] | |||||||||||
[dst <d_ip> [netmask <m>]] | |||||||||||
[[proto icmp]|[proto tcp [sport <s_p>] [dport <d_p>]] | |||||||||||
|[proto udp [sport <s_p>] [dport d_p]] [rx|tx|both] | |||||||||||
[no] debug sqlnet | |||||||||||
[no] debug crypto ipsec|isakmp|ca | |||||||||||
[no] debug dhcpc detail|error|packet | |||||||||||
[no] debug dhcpd event|packet | |||||||||||
[no] debug vpdn error|event|packet | |||||||||||
[no] debug ppp error|io|uauth|chap|upap|negotiation | |||||||||||
[no] debug pppoe error|packet|event | |||||||||||
[no] debug ssh | |||||||||||
[no] debug h323 h225|h245|ras asn|event | |||||||||||
[no] debug fover <sub option> | |||||||||||
[no] debug rtsp | |||||||||||
[no] debug fixup <udp|tcp> | |||||||||||
[no] debug rip | |||||||||||
[no] debug pdm history | |||||||||||
[no] debug ssl [cipher|device] | |||||||||||
[no] debug dns <resolver|all> | |||||||||||
[no] debug sip | |||||||||||
[no] debug skinny | |||||||||||
[no] debug access-list <all|standard|turbo> | |||||||||||
[no] debug radius [session|all|user <user_name>] | |||||||||||
[no] debug ntp [adjust|authentication|events|loopfilter|packets|params| | |||||||||||
select|sync|validity] | |||||||||||
[no] debug ils | |||||||||||
[no] debug igmp | |||||||||||
[no] debug mfwd | |||||||||||
[no] debug xdmcp | |||||||||||
27 | dhcpd | Configure DHCP Server | |||||||||
The dhcpd command controls the DHCP server feature. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
dhcpd address <ip1>[-<ip2>] [<srv_ifc_name>] | |||||||||||
dhcpd dns <dnsip1> [<dnsip2>] | |||||||||||
dhcpd wins <winsip1> [<winsip2>] | |||||||||||
dhcpd lease <lease_length> | |||||||||||
dhcpd ping_timeout <timeout> | |||||||||||
dhcpd domain <domain_name> | |||||||||||
dhcpd option <code> {ascii <string> | hex <hex_string> | ip <address_1> [<address_2>] | |||||||||||
dhcpd auto_config [<clnt_ifc_name>] | |||||||||||
dhcpd enable [<srv_ifc_name>] | |||||||||||
show dhcpd [binding|statistics] | |||||||||||
Result of firewall command: "sh dhcpd" | |||||||||||
dhcpd address 192.168.1.2-192.168.1.33 inside | |||||||||||
dhcpd lease 3600 | |||||||||||
dhcpd ping_timeout 750 | |||||||||||
dhcpd auto_config outside | |||||||||||
28 | disable | Exit privileged mode and return to unprivileged mode. (Privileged mode.) | |||||||||
29 | domain-name | Change domain name | |||||||||
Change the IPSec domain name. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
domain-name <name> | |||||||||||
Result of firewall command: "sh domain-name" | |||||||||||
domain-name ciscopix.com | |||||||||||
30 | dynamic-map | Specify a dynamic crypto map template | |||||||||
View or delete a dynamic crypto map entry. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
crypto dynamic-map <map> <seq> | |||||||||||
match address <acl-name> | | |||||||||||
set pfs {group1|group2} | | |||||||||||
set peer <ip-addr> | | |||||||||||
set transform-set <proposal> [<proposal> ...]| | |||||||||||
set security-association lifetime | {seconds <secs>|kilobytes <kbytes>} | |||||||||||
31 | eeprom | show or reprogram the 525 onboard i82559 devices | |||||||||
This command applies only to PIX 525 models with serial numbers 44480380055 through 44480480 | |||||||||||
Usage: | |||||||||||
show eeprom | |||||||||||
eeprom update | |||||||||||
Result of firewall command: "sh eeprom" | |||||||||||
This eeprom does not support the platform | |||||||||||
32 | enable | Configure enable passwords | |||||||||
Start privileged mode or access privilege levels. (Unprivileged mode for enable, and Configuration mo | |||||||||||
Usage: | |||||||||||
enable password [<pw>] [level <level>] [encrypted] | |||||||||||
no enable password level <level> | |||||||||||
show enable | |||||||||||
Result of firewall command: "show enable" | |||||||||||
enable password 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
33 | established | Allow inbound connections based on established connections | |||||||||
Permit return connections on ports other than those used for the originating connection based on an established connection. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] established <est_protocol> <dport> [sport] [permitto <protocol> <port>[-<port>]] [p | |||||||||||
34 | exit | Exit an access mode. (All modes.) | |||||||||
35 | failover | Enable/disable PIX failover feature to a standby PIX | |||||||||
Change or view access to the optional failover feature. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] failover [active] | |||||||||||
failover ip address <if_name> <ip_address> | |||||||||||
failover mac address <ifc_name> <act_mac> <stn_mac> | |||||||||||
failover reset | |||||||||||
failover link <if_name> | |||||||||||
failover poll <seconds> | |||||||||||
failover replication http | |||||||||||
failover lan unit primary|secondary | interface <lan_if_name>| key <key_secret>| enable | |||||||||||
show failover [lan [detail]] | |||||||||||
Result of firewall command: "sh failover" | |||||||||||
No license for Failover | |||||||||||
36 | filter | Enable, disable, or view URL, Java, and ActiveX filtering | |||||||||
Enables, disables, or displays URL, Java, or ActiveX filtering. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] filter url <port>[-<port>]|except <lcl_ip> <mask> <frgn_ip> <mask> [allow] [proxy-bl | |||||||||||
[no] filter ActiveX|Java <port>[-<port>] <lcl_ip> <mask> <frgn_ip> <mask> | |||||||||||
37 | fixup | Add or delete PIX service and feature defaults | |||||||||
fixup protocol | Modifies PIX Firewall protocol fixups to add, delete, or change services and fe | ||||||||||
Usage: | |||||||||||
[no] fixup protocol <prot> [<option>] <port>[-<port>] | |||||||||||
38 | flashfs | Show, destroy, or preserve filesystem information | |||||||||
Clear, display, or downgrade filesystem information. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no|clear|show] flashfs [downgrade 4.X|5.1|5.0] | |||||||||||
Result of firewall command: "sh flashfs" | |||||||||||
flash file system: version:2 magic:0x12345679 | |||||||||||
file 0: | origin: 0 | length:1540152 | |||||||||
file 1: | origin: 1572864 | length:1644 | |||||||||
file 2: | origin: 0 | length:0 | |||||||||
file 3: | origin: 1703936 | length:4748324 | |||||||||
file 4: | origin: 7864320 | length:280 | |||||||||
39 | floodguard | Enable or disable Flood Defender to protect against flood attacks. (Configuration mode.) | |||||||||
USAGE: | |||||||||||
[no] floodguard | |||||||||||
40 | fragment | Configure the IP fragment database | |||||||||
The fragment command provides additional management of packet fragmentation and improves com | |||||||||||
Usage: | |||||||||||
fragment {size|chain|timeout} <limit> [<interface>] | |||||||||||
show fragment [<interface>] | |||||||||||
clear fragment | |||||||||||
Result of firewall command: "sh fragment" | |||||||||||
Interface: outside | |||||||||||
Size: 200, Chain: 24, Timeout: 5 | |||||||||||
Queue: 0, Assemble: 0, Fail: 0, Overflow: 0 | |||||||||||
Interface: inside | |||||||||||
Size: 200, Chain: 24, Timeout: 5 | |||||||||||
Queue: 0, Assemble: 0, Fail: 0, Overflow: 0 | |||||||||||
41 | global | Specify, delete or view global address pools, or designate a PAT(Port Address Translated) address | |||||||||
Create or delete entries from a pool of global addresses. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] global [(<ext_if_name>)] <nat_id> {<global_ip>[-<global_ip>] [netmask <global_mas | |||||||||||
42 | h225 | Show the current h225 data stored for each connection. | |||||||||
Result of firewall command: "sh h225" | |||||||||||
Total: 0 | LOCAL | TPKT | FOREIGN | TPKT | |||||||
43 | h245 | List the h245 connections. | |||||||||
Result of firewall command: "sh h245" | |||||||||||
Total: 0 | LOCAL | TPKT | FOREIGN | TPKT | |||||||
44 | h323-ras | Show the current h323 ras data stored for each connection. | |||||||||
Result of firewall command: "sh h323-ras" | |||||||||||
Total: 0 | GK | Callert | |||||||||
45 | help | Display help information. (Unprivileged, Privileged, and Configuration modes.) | |||||||||
USAGE: | |||||||||||
Help list | |||||||||||
46 | hostname | Change the host name in the PIX Firewall command line prompt. (Configuration mode.) | |||||||||
USAGE: | |||||||||||
hostname <name> | |||||||||||
47 | history | Display the session command history | |||||||||
48 | http | Configure HTTP server | |||||||||
Enables the PIX Firewall HTTP server and specifies the clients that are permitted to access it. Addit | |||||||||||
Usage: | |||||||||||
[no] http <local_ip> [<mask>] [<if_name>] | |||||||||||
[no] http server enable | |||||||||||
49 | icmp | Configure access for ICMP traffic that terminates at an interface | |||||||||
Enable or disable pinging to an interface. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] icmp permit|deny <ip-address> <net-mask> [<icmp-type>] <if-name> | |||||||||||
[clear|show] icmp | |||||||||||
50 | interface | Identify network interface type, speed duplex, and if shutdown | |||||||||
Identify network interface speed and duplex. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
interface <hardware_id> [<hw_speed> [<shutdown>]] | |||||||||||
Result of firewall command: "sh interface" | |||||||||||
interface ethernet0 "outside" is up, line protocol is down | |||||||||||
Hardware is i82559 ethernet, address is 000c.850c.66d7 | |||||||||||
IP address 213.147.32.39, subnet mask 255.255.255.0 | |||||||||||
MTU 1500 bytes, BW 10000 Kbit half duplex | |||||||||||
0 packets input, 0 bytes, 0 no buffer | |||||||||||
Received 0 broadcasts, 0 runts, 0 giants | |||||||||||
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort | |||||||||||
0 packets output, 0 bytes, 0 underruns | |||||||||||
0 output errors, 0 collisions, 0 interface resets | |||||||||||
0 babbles, 0 late collisions, 0 deferred | |||||||||||
0 lost carrier, 0 no carrier | |||||||||||
input queue (curr/max blocks): hardware (128/128) software (0/0) | |||||||||||
output queue (curr/max blocks): hardware (0/0) software (0/0) | |||||||||||
interface ethernet1 "inside" is up, line protocol is up | |||||||||||
Hardware is i82559 ethernet, address is 000c.850c.66d8 | |||||||||||
IP address 192.168.1.1, subnet mask 255.255.255.0 | |||||||||||
MTU 1500 bytes, BW 10000 Kbit full duplex | |||||||||||
6987 packets input, 647172 bytes, 0 no buffer | |||||||||||
Received 95 broadcasts, 0 runts, 0 giants | |||||||||||
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort | |||||||||||
11068 packets output, 13354718 bytes, 0 underruns | |||||||||||
0 output errors, 0 collisions, 0 interface resets | |||||||||||
0 babbles, 0 late collisions, 0 deferred | |||||||||||
0 lost carrier, 0 no carrier | |||||||||||
input queue (curr/max blocks): hardware (128/128) software (0/8) | |||||||||||
output queue (curr/max blocks): hardware (1/15) software (0/9) | |||||||||||
51 | igmp | Clear or display IGMP groups | |||||||||
Refer to the multicast command for the igmp subcommands. | |||||||||||
Usage: | |||||||||||
show igmp [<group>|interface <interface_name>] [detail] | |||||||||||
clear igmp [<group>|interface <interface_name>] | |||||||||||
52 | ip | Set the ip address and mask for an interface/ Define a local address pool / Configure Unicast RPF on an interface / Configure the Intrusion Detection System | |||||||||
ip address | Identifies addresses for network interfaces, and enables you to set the numbe | ||||||||||
ip audit | Configures IDS signature use. (Configuration mode.) | ||||||||||
ip local pool | Identify addresses for a local pool. (Configuration mode.) | ||||||||||
ip verify reverse-pat | Implements Unicast RPF IP spoofing protection. (Configuration mode.) | ||||||||||
Usage: | |||||||||||
ip address <if_name> <ip_address> [<mask>] | |||||||||||
ip address <if_name> dhcp [setroute] [retry <retry_cnt>] | |||||||||||
ip address <if_name> pppoe [setroute] | |||||||||||
ip address <if_name> <ip_address> <mask> pppoe [setroute] | |||||||||||
ip local pool <poolname> <ip1>[-<ip2>] | |||||||||||
ip verify reverse-path interface <if_name> | |||||||||||
ip audit [name|signature|interface|attack|info] ... | |||||||||||
show|clear ip audit count [global] [interface <interface>] | |||||||||||
show ip address <if_name> [pppoe|dhcp [lease|server]] | |||||||||||
Result of firewall command: "sh ip" | |||||||||||
System IP Addresses: | |||||||||||
ip address outside 213.147.32.39 255.255.255.0 | |||||||||||
ip address inside 192.168.1.1 255.255.255.0 | |||||||||||
Current IP Addresses: | |||||||||||
ip address outside 213.147.32.39 255.255.255.0 | |||||||||||
ip address inside 192.168.1.1 255.255.255.0 | |||||||||||
53 | ipsec | Configure IPSEC policy | |||||||||
Usage: | |||||||||||
crypto ipsec transform-set <trans-name> [ ah-md5-hmac|ah-sha-hmac ] [ esp-des|esp-3 | |||||||||||
crypto ipsec transform-set <trans-name> mode transport | |||||||||||
show crypto ipsec { sa [map <map-name>|address|detail|identity] | |||||||||||
clear crypto [ipsec] sa { peer <addr> |map <map-name> | counters | entry <addr> <prot | |||||||||||
54 | isakmp | Configure ISAKMP policy | |||||||||
isakmp | Negotiates IPSec security associations and enables IPSec secure communi | ||||||||||
isakmp policy | The isakmp policy commands are included with the isakmp commands. Plea | ||||||||||
Usage: | |||||||||||
isakmp policy <priority> authen <pre-share|rsa-sig> | |||||||||||
isakmp policy <priority> encrypt <des|3des> | |||||||||||
isakmp policy <priority> hash <md5|sha> | |||||||||||
isakmp policy <priority> group <1|2> | |||||||||||
isakmp policy <priority> lifetime <seconds> | |||||||||||
isakmp key <key-string> address <ip> [netmask <mask>] [no-xauth] [no-config-mode] | |||||||||||
isakmp enable <if_name> | |||||||||||
isakmp identity <address|hostname|key-id> [<key-id-string>] | |||||||||||
isakmp keepalive <seconds> [<retry seconds>] | |||||||||||
isakmp client configuration address-pool local <poolname> [<pif_name>] | |||||||||||
isakmp peer fqdn|ip <fqdn|ip> [no-xauth] [no-config-mode] | |||||||||||
55 | kill | Terminate a Telnet session. (Privileged mode.) | |||||||||
Usage: | |||||||||||
kill <telnet_id> | |||||||||||
56 | local-host | Display or clear the local host network information | |||||||||
57 | logging | Enable logging facility | |||||||||
Enable or disable syslog and SNMP logging. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] logging on | |||||||||||
[no] logging timestamp | |||||||||||
[no] logging standby | |||||||||||
[no] logging host [<in_if>] <l_ip> [tcp|udp/port#] | |||||||||||
[no] logging console <level> | |||||||||||
[no] logging buffered <level> | |||||||||||
[no] logging monitor <level> | |||||||||||
[no] logging history <level> | |||||||||||
[no] logging trap <level> | |||||||||||
[no] logging message <syslog_id> | |||||||||||
[no] logging facility <fac> | |||||||||||
logging queue <queue_size> | |||||||||||
Result of firewall command: "sh logging" | |||||||||||
Syslog logging: disabled | |||||||||||
Facility: 20 | |||||||||||
Timestamp logging: disabled | |||||||||||
Standby logging: disabled | |||||||||||
Console logging: disabled | |||||||||||
Monitor logging: disabled | |||||||||||
Buffer logging: disabled | |||||||||||
Trap logging: disabled | |||||||||||
History logging: disabled | |||||||||||
58 | login | Initiates the log-in prompt on the PIX Firewall for starting a session, accessing another privilege level | |||||||||
59 | map | Configure IPsec crypto map | |||||||||
Usage: | |||||||||||
crypto map <map> <seq> | |||||||||||
ipsec-manual|ipsec-isakmp | | |||||||||||
match address <acl-number> | | |||||||||||
set pfs {group1|group2} | | |||||||||||
set peer <ip-addr> | | |||||||||||
set transform-set <trans-name> | | |||||||||||
set security-association lifetime | {seconds <sec>|kilobytes <kbytes>}| | |||||||||||
set session-key {inbound|outbound} ah <spi> <hex-key> | | |||||||||||
set session-key {inbound|outbound} esp <spi> cipher <hex-key> authenticato | |||||||||||
crypto map <map> client configuration address initiate|respond | |||||||||||
crypto map <map> client [token] authentication <aaa-server> | |||||||||||
Result of firewall command: "sh map" | |||||||||||
No crypto maps found. | |||||||||||
60 | memory | System memory utilization | |||||||||
Result of firewall command: "sh memory" | |||||||||||
16777216 bytes total, 4538368 bytes free | |||||||||||
61 | mroute | Configure a multicast route | |||||||||
Configures a static multicast route. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] mroute <src> <smask> <in_if_name> <dst> <dmask> <out_if_name> [show|clear] | |||||||||||
62 | mtu | Specify MTU(Maximum Transmission Unit) for an interface | |||||||||
Specify the maximum transmission unit (MTU) for an interface. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
mtu <if_name> <bytes> | (64-65535) | |||||||||||
63 | multicast | Configure multicast on an interface | |||||||||
Enables multicast traffic to pass through the PIX Firewall. Includes an igmp subcommand mode for | |||||||||||
Usage: | |||||||||||
[no] multicast interface <interface_name> | |||||||||||
[show|clear] multicast | |||||||||||
64 | name | Associate a name with an IP address | |||||||||
name/ names | Associate a name with an IP address. (Configuration mode.) | ||||||||||
Usage: | |||||||||||
[no] name <ip_address> <name> | |||||||||||
65 | nameif | Assign a name to an interface | |||||||||
Name interfaces and assign security level. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
nameif <hardware_id> <if_name> <security_lvl> | |||||||||||
no nameif | |||||||||||
Result of firewall command: "sh nameif" | |||||||||||
nameif ethernet0 outside security0 | |||||||||||
nameif ethernet1 inside security100 | |||||||||||
66 | names | Enable, disable or display IP address to name conversion | |||||||||
name/ names | Associate a name with an IP address. (Configuration mode.) | ||||||||||
Usage: | |||||||||||
[no] names | |||||||||||
67 | nat | Associate a network with a pool of global IP addresses | |||||||||
Associate a network with a pool of global IP addresses. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] nat [(<if_name>)] <nat_id> <local_ip> [<mask> | |||||||||||
[dns] [outside] | |||||||||||
[<max_conns> [emb_limit> [<norandomseq>]]]] | |||||||||||
[no] nat [(if_name)] 0 [access-list <acl-name> [outside]] | |||||||||||
Result of firewall command: "sh nat" | |||||||||||
nat (inside) 0 0.0.0.0 0.0.0.0 0 0 | |||||||||||
68 | object-group | Create an object group for use in 'access-list', 'conduit', etc | |||||||||
Defines object groups that you can use to optimize your configuration. Objects such as hosts, prot | |||||||||||
Usage: | |||||||||||
[no] object-group protocol | network | icmp-type <obj_grp_id> | |||||||||||
[no] object-group service <obj_grp_id> tcp|udp|tcp-udp | |||||||||||
show object-group [protocol | service | icmp-type | network] | |||||||||||
show object-group id <obj_grp_id> | |||||||||||
clear object-group [protocol | service | icmp-type | network] | |||||||||||
69 | ntp | Configure Network Time Protocol | |||||||||
Synchronizes the PIX Firewall with a network time server using the Network Time Protocol (NTP). (Configuration mode.) | |||||||||||
Usage: | |||||||||||
ntp authenticate | |||||||||||
no ntp authenticate | |||||||||||
ntp authentication-key <number> md5 <value> | |||||||||||
no ntp authentication-key <number> | |||||||||||
ntp server <ip_address> [key <number>] source <if_name> [prefer] | |||||||||||
no ntp server <ip_address> | |||||||||||
ntp trusted-key <number> | |||||||||||
no ntp trusted-key <number> | |||||||||||
show ntp [associations [detail] | status] | |||||||||||
70 | outbound | Create an outbound access list | |||||||||
outbound/ apply | Create an access list for controlling Internet use. (Configuration mode.) | ||||||||||
Usage: | |||||||||||
[no] outbound <outbound_id> permit|deny|except <ip> [<mask> [port[-port]] [<protocol>] | |||||||||||
71 | pager | Control page length for pagination | |||||||||
Enable or disable screen paging. (Privileged mode.) | |||||||||||
Usage: | |||||||||||
[no] pager [lines <lines>] | |||||||||||
72 | passwd | Change Telnet console access password | |||||||||
Set password for Telnet access to the PIX Firewall console. (Privileged mode.) | |||||||||||
Usage: | |||||||||||
passwd <password> encrypted | |||||||||||
Result of firewall command: "passwd lenmax" | |||||||||||
The command has been sent to the firewall | |||||||||||
Result of firewall command: "sh passwd" | |||||||||||
passwd 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
73 | pdm | Configure Pix Device Manager | |||||||||
These commands support communication between the PIX Firewall and a browser running the Cisc | |||||||||||
Usage: | |||||||||||
pdm disconnect <session_id> | |||||||||||
pdm history enable | |||||||||||
pdm logging [<level> [<messages>]] | |||||||||||
show pdm history [view {all|12h|5d|60m|10m}] [snapshot] | |||||||||||
[feature {all|blocks|cpu|failover|ids|interface <if_name>| | |||||||||||
memory|perfmon|sas|tunnels|xlates}] [pdmclient] | |||||||||||
show pdm logging | |||||||||||
show pdm sessions | |||||||||||
clear pdm | |||||||||||
clear pdm location | |||||||||||
clear pdm logging | |||||||||||
Result of firewall command: "sh pdm sessions" | |||||||||||
0 192.168.1.9 | |||||||||||
74 | perfmon | View performance information. (Privileged mode.) | |||||||||
Usage: | |||||||||||
perfmon interval <seconds> | |||||||||||
perfmon quiet | verbose | |||||||||||
perfmon settings | |||||||||||
75 | ping | Determine if other IP addresses are visible from the PIX Firewall. (Privileged mode.) | |||||||||
Usage: | |||||||||||
ping [if_name] <host> | |||||||||||
76 | privilege | Configure/Display privilege levels for commands | |||||||||
Configures or displays command privilege levels. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] privilege [{show | clear | configure}] level <level> [mode {enable|configure}] command <command> | |||||||||||
show privilege [all | {command <command>} | {level <level>}] | |||||||||||
clear privilege | |||||||||||
77 | quit | Configures or displays command privilege levels. (Configuration mode.) | |||||||||
Usage: | |||||||||||
quit|exit|^Z | |||||||||||
78 | reload | Reboot and reload the configuration. (Privileged mode.) | |||||||||
Usage: | |||||||||||
reload [noconfirm] | |||||||||||
79 | processes | Display processes | |||||||||
Result of firewall command: "sh processes" | |||||||||||
PC | SP | STATE | Runtime | SBASE | Stack | Process | |||||
Hsi | 800b0e09 | 80759798 | 8052ddd8 | 0 | 80758810 | 3928/4096 | arp_timer | ||||
Lsi | 800b5271 | 8077c880 | 8052ddd8 | 0 | 8077b908 | 3912/4096 | FragDBGC | ||||
Lwe | 8000f9fe | 808b6cc0 | 80531508 | 0 | 808b5e48 | 3704/4096 | dbgtrace | ||||
Lwe | 8020685d | 808b8e20 | 80507300 | 0 | 808b6ed8 | 8008/8192 | Logger | ||||
Hsi | 8020a4ed | 808bbee8 | 8052ddd8 | 0 | 808b9f70 | 7700/8192 | tcp_fast | ||||
Hsi | 8020a38d | 808bdf78 | 8052ddd8 | 0 | 808bc000 | 8008/8192 | tcp_slow | ||||
Lsi | 80137edd | 809400f0 | 8052ddd8 | 0 | 8093f168 | 3928/4096 | xlate clean | ||||
Lsi | 80137deb | 80941170 | 8052ddd8 | 0 | 809401f8 | 3912/4096 | uxlate clea | ||||
Mwe | 8012f423 | 8095dc88 | 8052ddd8 | 0 | 8095bcf0 | 7908/8192 | tcp_interc | ||||
Lsi | 80256f4d | 8096c430 | 8052ddd8 | 0 | 8096b4a8 | 3900/4096 | route_proc | ||||
Hsi | 8011bd84 | 8096d4a0 | 8052ddd8 | 0 | 8096c538 | 3844/4096 | Hosts con | ||||
Hwe | 800da249 | 80999b10 | 8052ddd8 | 0 | 80995ba8 | 16048/163 | isakmp_ti | ||||
Lsi | 801217ac | 809a6d80 | 8052ddd8 | 0 | 809a5df8 | 3928/4096 | perfmon | ||||
Hwe | 800d6f61 | 809aeb60 | 804eda20 | 0 | 809adc18 | 3912/4096 | Ipsec resp | ||||
Mwe | 800d2671 | 809b0c20 | 8052ddd8 | 0 | 809aeca8 | 7860/8192 | Ipsec resp | ||||
Hwe | 801c089b | 809c2f98 | 8053d5f8 | 0 | 809c1040 | 7096/8192 | qos_metri | ||||
Lwe | 8012ff5a | 809d9d08 | 80539908 | 0 | 809d8e90 | 3704/4096 | pix/trace | ||||
Lwe | 8013016a | 809dad98 | 80539fd0 | 0 | 809d9f20 | 3704/4096 | pix/tconsol | ||||
Hwe | 800b2dd0 | 809dce28 | 80753b9c | 0 | 809dafb0 | 7196/8192 | pix/intf1 | ||||
Hwe | 800b2dd0 | 809deee8 | 80753b58 | 180 | 809dd040 | 5068/8192 | pix/intf0 | ||||
Hwe | 80015207 | 809e4be8 | 80318530 | 0 | 809e10e0 | 14780/163 | ci/console | ||||
Csi | 801299b3 | 809e60c8 | 8052ddd8 | 10 | 809e5170 | 3540/4096 | update_cp | ||||
Hwe | 8011a791 | 80a08880 | 804ef288 | 0 | 80a069f8 | 7676/8192 | uauth0 | ||||
Hwe | 8011a791 | 80a0a920 | 804ef298 | 0 | 80a08a98 | 7676/8192 | uauth1 | ||||
Hwe | 802090d1 | 80a0ca00 | 80793e1c | 0 | 80a0ab28 | 7896/8192 | uauth | ||||
Hwe | 8021b280 | 80a0db30 | 805077c8 | 0 | 80a0cbb8 | 3960/4096 | udp_timer | ||||
Hsi | 800aa0d2 | 80a0f490 | 8052ddd8 | 0 | 80a0e518 | 3892/4096 | 557mcfix | ||||
Crd | 800aa087 | 80a10540 | 8052e240 | 3890250 | 80a0f5a8 | 3704/4096 | 557poll | ||||
Lsi | 800aa139 | 80a115b0 | 8052ddd8 | 0 | 80a10638 | 3748/4096 | 557timer | ||||
Cwe | 800b2e00 | 80a22638 | 8077ecf8 | 0 | 80a216f0 | 3912/4096 | fover_ip1 | ||||
Cwe | 800abb55 | 80a23688 | 808420b4 | 230 | 80a22780 | 3620/4096 | ip/1:1 | ||||
Hwe | 800b2e00 | 80a24758 | 8077ecd0 | 0 | 80a23810 | 3912/4096 | icmp1 | ||||
Mwe | 8021aff6 | 80a257d8 | 807cd974 | 0 | 80a248a0 | 3896/4096 | riprx/1 | ||||
Msi | 801c8831 | 80a268a8 | 8052ddd8 | 0 | 80a25930 | 3888/4096 | riptx/1 | ||||
Hwe | 800b2e00 | 80a27910 | 8077eca8 | 10 | 80a269d8 | 3784/4096 | udp_threa | ||||
Hwe | 800b2e00 | 80a28988 | 8077ec80 | 1010 | 80a27a80 | 3360/4096 | tcp_thread | ||||
Cwe | 800b2e00 | 80a29a68 | 8077ec58 | 0 | 80a28b20 | 3912/4096 | fover_ip0 | ||||
Cwe | 800abb55 | 80a2aab8 | 807cec04 | 0 | 80a29bb0 | 3848/4096 | ip/0:0 | ||||
Hwe | 800b2e00 | 80a2bb88 | 8077ec30 | 0 | 80a2ac40 | 3912/4096 | icmp0 | ||||
Mwe | 8021aff6 | 80a2cc18 | 807cd934 | 0 | 80a2bce0 | 3896/4096 | riprx/0 | ||||
Msi | 801c8831 | 80a2dcf8 | 8052ddd8 | 0 | 80a2cd80 | 3888/4096 | riptx/0 | ||||
Hwe | 800b2e00 | 80a2ed60 | 8077ec08 | 0 | 80a2de28 | 3896/4096 | udp_threa | ||||
Hwe | 800b2e00 | 80a2fdd8 | 8077ebe0 | 0 | 80a2eed0 | 3848/4096 | tcp_thread | ||||
Hwe | 802092e5 | 80a56d30 | 8078031c | 20 | 80a56a88 | 300/1024 | listen/http1 | ||||
Mwe | 80021681 | 80a59028 | 8052ddd8 | 0 | 80a570a0 | 7892/8192 | DHCPD Ti | ||||
Mwe | 801992c2 | 80a5e490 | 8052ddd8 | 0 | 80a5c518 | 7704/8192 | Crypto CA | ||||
Mwe | 80112884 | 80a78e60 | 804ef028 | 38490 | 80a77538 | 4664/8192 | http1 | ||||
M* | 80209c9f | 7ffffe2c | 8052de00 | 10 | 80a79aa0 | 4116/8192 | http1 | ||||
80 | rip | Broadcast default route or passive RIP | |||||||||
Change RIP settings. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] rip <if_name> default|passive [version <1|2>] [authentication <text|md5> <key> <ke | |||||||||||
81 | route | Enter a static route for an interface | |||||||||
Enter a static or default route for the specified interface. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] route <if_name> <foreign_ip> <mask> <gateway> [<metric>] | |||||||||||
Result of firewall command: "sh route" | |||||||||||
outside 0.0.0.0 0.0.0.0 213.147.32.33 1 OTHER static | |||||||||||
inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static | |||||||||||
outside 213.147.32.0 255.255.255.0 213.147.32.39 1 CONNECT static | |||||||||||
83 | running-config | Display the current running configuration | |||||||||
Result of firewall command: "sh running-config" | |||||||||||
: Saved | |||||||||||
: | |||||||||||
PIX Version 6.2(2) | |||||||||||
nameif ethernet0 outside security0 | |||||||||||
nameif ethernet1 inside security100 | |||||||||||
enable password 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
passwd 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
hostname pixfirewall | |||||||||||
domain-name ciscopix.com | |||||||||||
fixup protocol ftp 21 | |||||||||||
fixup protocol http 80 | |||||||||||
fixup protocol h323 h225 1720 | |||||||||||
fixup protocol h323 ras 1718-1719 | |||||||||||
fixup protocol ils 389 | |||||||||||
fixup protocol rsh 514 | |||||||||||
fixup protocol rtsp 554 | |||||||||||
fixup protocol smtp 25 | |||||||||||
fixup protocol sqlnet 1521 | |||||||||||
fixup protocol sip 5060 | |||||||||||
fixup protocol skinny 2000 | |||||||||||
names | |||||||||||
pager lines 24 | |||||||||||
interface ethernet0 10baset | |||||||||||
interface ethernet1 10full | |||||||||||
mtu outside 1500 | |||||||||||
mtu inside 1500 | |||||||||||
ip address outside 213.147.32.39 255.255.255.0 | |||||||||||
ip address inside 192.168.1.1 255.255.255.0 | |||||||||||
ip audit info action alarm | |||||||||||
ip audit attack action alarm | |||||||||||
pdm logging informational 100 | |||||||||||
pdm history enable | |||||||||||
arp timeout 14400 | |||||||||||
nat (inside) 0 0.0.0.0 0.0.0.0 0 0 | |||||||||||
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1 | |||||||||||
timeout xlate 0:05:00 | |||||||||||
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30: | |||||||||||
timeout uauth 0:05:00 absolute | |||||||||||
aaa-server TACACS+ protocol tacacs+ | |||||||||||
aaa-server RADIUS protocol radius | |||||||||||
aaa-server LOCAL protocol local | |||||||||||
http server enable | |||||||||||
http 192.168.1.0 255.255.255.0 inside | |||||||||||
no snmp-server location | |||||||||||
no snmp-server contact | |||||||||||
snmp-server community public | |||||||||||
no snmp-server enable traps | |||||||||||
floodguard enable | |||||||||||
no sysopt route dnat | |||||||||||
telnet timeout 5 | |||||||||||
ssh timeout 5 | |||||||||||
dhcpd address 192.168.1.2-192.168.1.33 inside | |||||||||||
dhcpd lease 3600 | |||||||||||
dhcpd ping_timeout 750 | |||||||||||
dhcpd auto_config outside | |||||||||||
terminal width 80 | |||||||||||
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d | |||||||||||
: end | |||||||||||
84 | service | Enable system services | |||||||||
Reset inbound connections. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
service {resetinbound|resetoutside} | |||||||||||
85 | setup | The setup command prompts you to enter the information needed to use the Cisco PIX Device Man | |||||||||
86 | session | Access an internal AccessPro router console | |||||||||
Access an embedded AccessPro router console; only use this command if you have an AccessPro | |||||||||||
Usage: | |||||||||||
[no] session enable | |||||||||||
87 | show | View command information. (All modes.) | |||||||||
show blocks/ clear blocks | Show system buffer utilization. (Privileged mode.) | ||||||||||
show checksum | Display the configuration checksum. (Unprivileged mod | ||||||||||
show conn | Display all active connections. (Privileged mode.) | ||||||||||
show cpu usage | The show cpu usage command displays CPU utilizatio | ||||||||||
show history | Display previously entered commands. (Privileged mod | ||||||||||
show local-host/clear local host | View local host network states. (Privileged mode (show | ||||||||||
show memory | Show system memory utilization. (Privileged mode.) | ||||||||||
show processes | Display processes. (Privileged mode.) | ||||||||||
show running-config | Display the PIX Firewall running configuration. (Privilege | ||||||||||
show startup-config | Display the PIX Firewall startup configuration. (Privilege | ||||||||||
show tech-support | View information to help a support analyst. (Privileged | ||||||||||
show traffic/clear traffic | Shows interface transmit and receive activity. (Privilege | ||||||||||
show uauth/clear uauth | Delete all authorization caches for a user. (Privileged m | ||||||||||
show version | View the PIX Firewall operating information. (Unprivilege | ||||||||||
show xlate/clear xlate | View or clear translation slot information. (Privileged m | ||||||||||
88 | shun | Manages the filtering of packets from undesired hosts | |||||||||
The shun command enables a dynamic response to an attacking host by preventing new connectio | |||||||||||
Usage: | |||||||||||
shun src_ip [dst_ip sport dport [prot]] | |||||||||||
no shun src_ip | |||||||||||
show shun [src_ip|statistics] | |||||||||||
clear shun [statistics] | |||||||||||
89 | snmp-server | Provide SNMP and event information | |||||||||
Provide PIX Firewall event information through SNMP. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] snmp-server community|contact|location <text> | |||||||||||
[no] snmp-server host [<if_name>] <local_ip> [trap|poll] | |||||||||||
[no] snmp-server enable traps | |||||||||||
Result of firewall command: "sh snmp-server" | |||||||||||
no snmp-server location | |||||||||||
no snmp-server contact | |||||||||||
snmp-server community public | |||||||||||
no snmp-server enable traps | |||||||||||
90 | ssh | Add SSH access to PIX console, set idle timeout, display list of active SSH sessions & terminate a | |||||||||
Specify a host for PIX Firewall console access through Secure Shell (SSH). (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] ssh <local_ip> [<mask>] [<if_name>] | |||||||||||
ssh timeout <number> | |||||||||||
show ssh sessions [<client_ip>] | |||||||||||
ssh disconnect <session_id> | |||||||||||
91 | startup-config | Display the startup configuration | |||||||||
Result of firewall command: "sh startup-config" | |||||||||||
: Saved | |||||||||||
: Written by enable_15 at 23:24:35.446 UTC Tue Jun 3 2003 | |||||||||||
PIX Version 6.2(2) | |||||||||||
nameif ethernet0 outside security0 | |||||||||||
nameif ethernet1 inside security100 | |||||||||||
enable password 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
passwd 2KFQnbNIdI.2KYOU encrypted | |||||||||||
hostname pixfirewall | |||||||||||
domain-name ciscopix.com | |||||||||||
fixup protocol ftp 21 | |||||||||||
fixup protocol http 80 | |||||||||||
fixup protocol h323 h225 1720 | |||||||||||
fixup protocol h323 ras 1718-1719 | |||||||||||
fixup protocol ils 389 | |||||||||||
fixup protocol rsh 514 | |||||||||||
fixup protocol rtsp 554 | |||||||||||
fixup protocol smtp 25 | |||||||||||
fixup protocol sqlnet 1521 | |||||||||||
fixup protocol sip 5060 | |||||||||||
fixup protocol skinny 2000 | |||||||||||
names | |||||||||||
pager lines 24 | |||||||||||
interface ethernet0 10baset | |||||||||||
interface ethernet1 10full | |||||||||||
mtu outside 1500 | |||||||||||
mtu inside 1500 | |||||||||||
ip address outside 213.147.32.39 255.255.255.0 | |||||||||||
ip address inside 192.168.1.1 255.255.255.0 | |||||||||||
ip audit info action alarm | |||||||||||
ip audit attack action alarm | |||||||||||
pdm logging informational 100 | |||||||||||
pdm history enable | |||||||||||
arp timeout 14400 | |||||||||||
nat (inside) 0 0.0.0.0 0.0.0.0 0 0 | |||||||||||
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1 | |||||||||||
timeout xlate 0:05:00 | |||||||||||
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30: | |||||||||||
timeout uauth 0:05:00 absolute | |||||||||||
aaa-server TACACS+ protocol tacacs+ | |||||||||||
aaa-server RADIUS protocol radius | |||||||||||
aaa-server LOCAL protocol local | |||||||||||
http server enable | |||||||||||
http 192.168.1.0 255.255.255.0 inside | |||||||||||
no snmp-server location | |||||||||||
no snmp-server contact | |||||||||||
snmp-server community public | |||||||||||
no snmp-server enable traps | |||||||||||
floodguard enable | |||||||||||
no sysopt route dnat | |||||||||||
telnet timeout 5 | |||||||||||
ssh timeout 5 | |||||||||||
dhcpd address 192.168.1.2-192.168.1.33 inside | |||||||||||
dhcpd lease 3600 | |||||||||||
dhcpd ping_timeout 750 | |||||||||||
dhcpd auto_config outside | |||||||||||
terminal width 80 | |||||||||||
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d | |||||||||||
92 | static | Configure one-to-one address translation rule | |||||||||
Configure a persistent one-to-one address translation rule by mapping a local IP address to a global | |||||||||||
Usage: | |||||||||||
[no] static [(internal_if_name, external_if_name)] | |||||||||||
{<global_ip>|interface} <local_ip> [dns] [netmask <mask>] | |||||||||||
[<max_conns> [<emb_limit> [<norandomseq>]]] | |||||||||||
[no] static [(internal_if_name, external_if_name)] {tcp|udp} | |||||||||||
{<global_ip>|interface} <global_port> | |||||||||||
<local_ip> <local_port> [dns] [netmask <mask>] | |||||||||||
[<max_conns> [<emb_limit> [<norandomseq>]]] | |||||||||||
93 | syslog | Enable syslog message facility. Obsolete command replaced by the logging command. (Privileged mode.) | |||||||||
Usage: | |||||||||||
[no] logging on | |||||||||||
[no] logging timestamp | |||||||||||
[no] logging standby | |||||||||||
[no] logging host [<in_if>] <l_ip> [tcp|udp/port#] | |||||||||||
[no] logging console <level> | |||||||||||
[no] logging buffered <level> | |||||||||||
[no] logging monitor <level> | |||||||||||
[no] logging history <level> | |||||||||||
[no] logging trap <level> | |||||||||||
[no] logging message <syslog_id> | |||||||||||
[no] logging facility <fac> | |||||||||||
logging queue <queue_size> | |||||||||||
94 | sysopt | Set system functional option | |||||||||
Change PIX Firewall system options. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] sysopt connection { permit-ipsec | permit-l2tp | | |||||||||||
permit-pptp | timewait | {tcpmss [minimum] <bytes>} } | |||||||||||
[no] sysopt ipsec pl-compatible | |||||||||||
[no] sysopt noproxyarp <if-name> | |||||||||||
[no] sysopt nodnsalias { inbound | outbound } | |||||||||||
[no] sysopt security fragguard | |||||||||||
[no] sysopt radius ignore-secret | |||||||||||
[no] sysopt uauth allow-http-cache | |||||||||||
[no] sysopt route dnat | |||||||||||
Result of firewall command: "sh sysopt" | |||||||||||
no sysopt security fragguard | |||||||||||
no sysopt connection timewait | |||||||||||
sysopt connection tcpmss 1380 | |||||||||||
sysopt connection tcpmss minimum 0 | |||||||||||
no sysopt nodnsalias inbound | |||||||||||
no sysopt nodnsalias outbound | |||||||||||
no sysopt radius ignore-secret | |||||||||||
no sysopt uauth allow-http-cache | |||||||||||
no sysopt connection permit-ipsec | |||||||||||
no sysopt connection permit-pptp | |||||||||||
no sysopt connection permit-l2tp | |||||||||||
no sysopt ipsec pl-compatible | |||||||||||
no sysopt route dnat | |||||||||||
95 | tcpstat | Display status of tcp stack and tcp connections | |||||||||
Result of firewall command: "sh tcpstat" | |||||||||||
CURRENT | MAX | TOTAL | |||||||||
tcb_cnt | 3 | 5 | 320 | ||||||||
proxy_cnt | 0 | 0 | 160 | ||||||||
tcp_xmt pkts = 12218 | |||||||||||
tcp_rcv good pkts = 868 | |||||||||||
tcp_rcv drop pkts = 0 | |||||||||||
tcp bad chksum = 0 | |||||||||||
tcp user hash add = 290 | |||||||||||
tcp user hash add dup = 0 | |||||||||||
tcp user srch hash hit = 7893 | |||||||||||
tcp user srch hash miss = 582 | |||||||||||
tcp user hash delete = 288 | |||||||||||
tcp user hash delete miss = 0 | |||||||||||
lip = 192.168.1.1 fip = 192.168.1.9 lp = 443 fp = 1122 st = 4 rexqlen = 0 inqlen = 0 tw_timer = 0 to | |||||||||||
lip = 0.0.0.0 fip = 0.0.0.0 lp = 443 fp = 0 st = 1 rexqlen = 0 inqlen = 0 tw_timer = 0 to_timer = 0 cl | |||||||||||
lip = 192.168.1.1 fip = 192.168.1.9 lp = 443 fp = 1423 st = 4 rexqlen = 1 inqlen = 0 tw_timer = 0 to | |||||||||||
96 | tech-support | Tech support | |||||||||
Result of firewall command: "sh tech-support" | |||||||||||
Cisco PIX Firewall Version 6.2(2) | |||||||||||
Cisco PIX Device Manager Version 2.1(1) | |||||||||||
Compiled on Fri 07-Jun-02 17:49 by morlee | |||||||||||
pixfirewall up 2 hours 28 mins | |||||||||||
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz | |||||||||||
Flash E28F640J3 @ 0x3000000, 8MB | |||||||||||
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB | |||||||||||
0: ethernet0: address is 000c.850c.66d7, irq 9 | |||||||||||
1: ethernet1: address is 000c.850c.66d8, irq 10 | |||||||||||
Licensed Features: | |||||||||||
Failover: Disabled | |||||||||||
VPN-DES: Enabled | |||||||||||
VPN-3DES: Disabled | |||||||||||
Maximum Interfaces: 2 | |||||||||||
Cut-through Proxy: Enabled | |||||||||||
Guards: Enabled | |||||||||||
URL-filtering: Enabled | |||||||||||
Inside Hosts: 10 | |||||||||||
Throughput: Limited | |||||||||||
IKE peers: 5 | |||||||||||
Serial Number: 807112150 (0x301b8dd6) | |||||||||||
Running Activation Key: 0xfed72fb7 0x36ed2c14 0x0bd663eb 0x00aa3e31 | |||||||||||
Configuration last modified by enable_15 at 22:19:24.612 UTC Sat Jun 7 2003 | |||||||||||
------------------ show config (run time) ------------------ | |||||||||||
: | |||||||||||
PIX Version 6.2(2) | |||||||||||
nameif ethernet0 outside security0 | |||||||||||
nameif ethernet1 inside security100 | |||||||||||
enable password 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
passwd 9bGG8GMY4xqeq5Hr encrypted | |||||||||||
hostname pixfirewall | |||||||||||
domain-name ciscopix.com | |||||||||||
fixup protocol ftp 21 | |||||||||||
fixup protocol http 80 | |||||||||||
fixup protocol h323 h225 1720 | |||||||||||
fixup protocol h323 ras 1718-1719 | |||||||||||
fixup protocol ils 389 | |||||||||||
fixup protocol rsh 514 | |||||||||||
fixup protocol rtsp 554 | |||||||||||
fixup protocol smtp 25 | |||||||||||
fixup protocol sqlnet 1521 | |||||||||||
fixup protocol sip 5060 | |||||||||||
fixup protocol skinny 2000 | |||||||||||
names | |||||||||||
pager lines 24 | |||||||||||
interface ethernet0 10baset | |||||||||||
interface ethernet1 10full | |||||||||||
mtu outside 1500 | |||||||||||
mtu inside 1500 | |||||||||||
ip address outside 213.147.32.39 255.255.255.0 | |||||||||||
ip address inside 192.168.1.1 255.255.255.0 | |||||||||||
ip audit info action alarm | |||||||||||
ip audit attack action alarm | |||||||||||
pdm logging informational 100 | |||||||||||
pdm history enable | |||||||||||
arp timeout 14400 | |||||||||||
nat (inside) 0 0.0.0.0 0.0.0.0 0 0 | |||||||||||
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1 | |||||||||||
timeout xlate 0:05:00 | |||||||||||
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30: | |||||||||||
timeout uauth 0:05:00 absolute | |||||||||||
aaa-server TACACS+ protocol tacacs+ | |||||||||||
aaa-server RADIUS protocol radius | |||||||||||
aaa-server LOCAL protocol local | |||||||||||
http server enable | |||||||||||
http 192.168.1.0 255.255.255.0 inside | |||||||||||
no snmp-server location | |||||||||||
no snmp-server contact | |||||||||||
snmp-server community public | |||||||||||
no snmp-server enable traps | |||||||||||
floodguard enable | |||||||||||
no sysopt route dnat | |||||||||||
telnet timeout 5 | |||||||||||
ssh timeout 5 | |||||||||||
dhcpd address 192.168.1.2-192.168.1.33 inside | |||||||||||
dhcpd lease 3600 | |||||||||||
dhcpd ping_timeout 750 | |||||||||||
dhcpd auto_config outside | |||||||||||
terminal width 80 | |||||||||||
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d | |||||||||||
------------------ show blocks ------------------ | |||||||||||
SIZE | MAX | LOW | CNT | ||||||||
4 | 600 | 597 | 600 | ||||||||
80 | 400 | 398 | 398 | ||||||||
256 | 100 | 99 | 100 | ||||||||
1550 | 932 | 634 | 668 | ||||||||
------------------ show interface ------------------ | |||||||||||
interface ethernet0 "outside" is up, line protocol is down | |||||||||||
Hardware is i82559 ethernet, address is 000c.850c.66d7 | |||||||||||
IP address 213.147.32.39, subnet mask 255.255.255.0 | |||||||||||
MTU 1500 bytes, BW 10000 Kbit half duplex | |||||||||||
0 packets input, 0 bytes, 0 no buffer | |||||||||||
Received 0 broadcasts, 0 runts, 0 giants | |||||||||||
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort | |||||||||||
0 packets output, 0 bytes, 0 underruns | |||||||||||
0 output errors, 0 collisions, 0 interface resets | |||||||||||
0 babbles, 0 late collisions, 0 deferred | |||||||||||
0 lost carrier, 0 no carrier | |||||||||||
input queue (curr/max blocks): hardware (128/128) software (0/0) | |||||||||||
output queue (curr/max blocks): hardware (0/0) software (0/0) | |||||||||||
interface ethernet1 "inside" is up, line protocol is up | |||||||||||
Hardware is i82559 ethernet, address is 000c.850c.66d8 | |||||||||||
IP address 192.168.1.1, subnet mask 255.255.255.0 | |||||||||||
MTU 1500 bytes, BW 10000 Kbit full duplex | |||||||||||
8657 packets input, 829764 bytes, 0 no buffer | |||||||||||
Received 117 broadcasts, 0 runts, 0 giants | |||||||||||
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort | |||||||||||
13462 packets output, 15910763 bytes, 0 underruns | |||||||||||
0 output errors, 0 collisions, 0 interface resets | |||||||||||
0 babbles, 0 late collisions, 0 deferred | |||||||||||
0 lost carrier, 0 no carrier | |||||||||||
input queue (curr/max blocks): hardware (128/128) software (0/8) | |||||||||||
output queue (curr/max blocks): hardware (3/15) software (0/9) | |||||||||||
------------------ show process ------------------ | |||||||||||
PC SP STATE Runtime SBASE Stack Process | |||||||||||
Hsi | 800b0e09 | 80759798 | 8052ddd8 | 0 | 80758810 | 3928/4096 | arp_timer | ||||
Lsi | 800b5271 | 8077c880 | 8052ddd8 | 0 | 8077b908 | 3912/4096 | FragDBGC | ||||
… | … | … | … | … | … | … | … | ||||
------------------ show failover ------------------ | |||||||||||
No license for Failover | |||||||||||
97 | telnet | Add telnet access to PIX console and set idle timeout | |||||||||
Specify the host for PIX Firewall console access via Telnet. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] telnet <local_ip> [<mask>] [<if_name>] | |||||||||||
telnet timeout <number> | |||||||||||
98 | terminal | Set terminal line parameters | |||||||||
Change console terminal settings. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
terminal {width <columns> | [no] monitor} | |||||||||||
99 | tftp-server | Specify default TFTP server address and directory | |||||||||
Specify the IP address of the TFTP configuration server. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
tftp-server [<if_name>] <ip> <directory> | |||||||||||
[no|show|clear] tftp-server | |||||||||||
100 | timeout | Set the maximum idle times | |||||||||
Set the maximum idle time duration. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
timeout [xlate|conn|half-closed|udp|rpc|h323|sip|sip_media|uauth <hh:mm:ss> [...]] | |||||||||||
show timeout [xlate|conn|half-closed|udp|rpc|h323|sip|sip_media|uauth] | |||||||||||
Result of firewall command: "sh timeout" | |||||||||||
timeout xlate 0:05:00 | |||||||||||
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30: | |||||||||||
timeout uauth 0:05:00 absolute | |||||||||||
101 | traffic | Counters for traffic statistics | |||||||||
Result of firewall command: "sh traffic" | |||||||||||
outside: | |||||||||||
received (in 9117.190 secs): | |||||||||||
0 packets | 0 bytes | ||||||||||
0 pkts/sec | 0 bytes/sec | ||||||||||
transmitted (in 9117.190 secs): | |||||||||||
0 packets | 0 bytes | ||||||||||
0 pkts/sec | 0 bytes/sec | ||||||||||
inside: | |||||||||||
received (in 9117.200 secs): | |||||||||||
8876 pack | 852092 bytes | ||||||||||
0 pkts/sec | 93 bytes/sec | ||||||||||
transmitted (in 9117.200 secs): | |||||||||||
13778 pac | 16238530 bytes | ||||||||||
1 pkts/sec | 1310 bytes/sec | ||||||||||
102 | uauth | Display or clear current user authorization information | |||||||||
Result of firewall command: "sh uauth" | |||||||||||
Current | Most Seen | ||||||||||
Authenticated Users | 0 | 0 | |||||||||
Authen In Progress | 0 | 1 | |||||||||
103 | url-cache | Enable URL caching | |||||||||
Caches webserver responses that are pending a permit or deny response from an N2H2 or Websen | |||||||||||
Usage: | |||||||||||
[no] url-cache <dst|src_dst> size <Kbytes> | |||||||||||
104 | url-block | Enable URL pending block buffer and long URL support | |||||||||
Enables long URL support and HTTP response buffering for URL filtering services. (Configuration mo | |||||||||||
Result of firewall command: "show url-block block stat" | |||||||||||
URL Pending Packet Buffer Stats with max block | 0 | ||||||||||
----------------------------------------------------- | |||||||||||
Cumulative number of packets held: | 0 | ||||||||||
Maximum number of packets held (per URL): | 0 | ||||||||||
Current number of packets held (global): | 0 | ||||||||||
Packets dropped due to | |||||||||||
exceeding url-block buffer limit: | 0 | ||||||||||
HTTP server retransmission: | 0 | ||||||||||
Number of packets released back to client: | 0 | ||||||||||
105 | url-server | Specify a URL filter server | |||||||||
Designate a server running either N2H2 or Websense for use with the filter command; you cannot ru | |||||||||||
Usage: | |||||||||||
[no] url-server [<(if_name)>] [vendor websense] host <local_ip> [timeout <seconds>] [pr | |||||||||||
[no] url-server [<(if_name)>] vendor n2h2 host <local_ip> [port <number>] [timeout <sec | |||||||||||
106 | username | Configure user authentication local database | |||||||||
Sets the username for the specified privilege level. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
username <username> {nopassword|password <password>[encrypted]} [privilege <level | |||||||||||
username <username> privilege <level> | |||||||||||
[no|show} username {<name>] | |||||||||||
clear username | |||||||||||
107 | version | Display PIX system software version | |||||||||
Result of firewall command: "sh version" | |||||||||||
Cisco PIX Firewall Version 6.2(2) | |||||||||||
Cisco PIX Device Manager Version 2.1(1) | |||||||||||
Compiled on Fri 07-Jun-02 17:49 by morlee | |||||||||||
pixfirewall up 2 hours 37 mins | |||||||||||
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz | |||||||||||
Flash E28F640J3 @ 0x3000000, 8MB | |||||||||||
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB | |||||||||||
0: ethernet0: address is 000c.850c.66d7, irq 9 | |||||||||||
1: ethernet1: address is 000c.850c.66d8, irq 10 | |||||||||||
Licensed Features: | |||||||||||
Failover: Disabled | |||||||||||
VPN-DES: Enabled | |||||||||||
VPN-3DES: Disabled | |||||||||||
Maximum Interfaces: 2 | |||||||||||
Cut-through Proxy: Enabled | |||||||||||
Guards: Enabled | |||||||||||
URL-filtering: Enabled | |||||||||||
Inside Hosts: 10 | |||||||||||
Throughput: Limited | |||||||||||
IKE peers: 5 | |||||||||||
Serial Number: 807112150 (0x301b8dd6) | |||||||||||
Running Activation Key: 0xfed72fb7 0x36ed2c14 0x0bd663eb 0x00aa3e31 | |||||||||||
Configuration last modified by enable_15 at 22:19:24.612 UTC Sat Jun 7 2003 | |||||||||||
108 | virtual | Set address for authentication virtual servers | |||||||||
Sets the username for the specified privilege level. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
[no] virtual http <ip> [warn] | |||||||||||
[no] virtual telnet <ip> | |||||||||||
109 | vpdn | Configure VPDN (PPTP, L2TP, PPPoE) Policy | |||||||||
Implement the L2TP, PPTP, or PPPoE features. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
vpdn group <name> | |||||||||||
accept dialin pptp|l2tp | |||||||||||
request dialout pppoe | |||||||||||
ppp authentication pap|chap|mschap | | |||||||||||
ppp encryption mppe 40|128|auto [required] | | |||||||||||
client configuration address local <address_pool_name> | | |||||||||||
client configuration dns <dns_ip1> [<dns_ip2>]| | |||||||||||
client configuration wins <wins_ip1> [<wins_ip2>]| | |||||||||||
client authentication local|aaa <auth_aaa_group>| | |||||||||||
client accounting <acct_aaa_group>| | |||||||||||
pptp echo <echo_time>| | |||||||||||
l2tp tunnel hello <hello_time> | |||||||||||
localname <name> | |||||||||||
vpdn username <name> password <passwd> [store-local] | |||||||||||
vpdn enable <if_name> | |||||||||||
show vpdn tunnel [l2tp|pptp|pppoe] [id <tnl_id>|packets|state|summary|transport] | |||||||||||
show vpdn session [l2tp|pptp|pppoe] [id <sess_id>|packets|state|window] | |||||||||||
show vpdn pppinterface [id <dev_id>] | |||||||||||
show vpdn group [<group_name>] | |||||||||||
show vpdn username [user_name] | |||||||||||
clear vpdn [group|interface|tunnel|username] | |||||||||||
110 | vpnclient | Configure Easy VPN Remote | |||||||||
Initiates Easy VPN Remote setup. (Configuration mode.) | |||||||||||
Usage: | |||||||||||
vpnclient vpngroup {groupname} password {preshared_key} | |||||||||||
vpnclient username {xauth_username} password {xauth_password} | |||||||||||
vpnclient server ip_primary [ip_secondary_1] ... [ip_secondary_N] | |||||||||||
vpnclient mode {client-mode | network-extension-mode} | |||||||||||
vpnclient enable | |||||||||||
no vpnclient {vpngroup | username | server | mode | enable} | |||||||||||
show vpnclient | |||||||||||
clear vpnclient | |||||||||||
111 | vpngroup | Configure group settings for Cisco VPN Clients and Cisco Easy VPN Remote products | |||||||||
Supports Cisco VPN Client version 3.x (Cisco Unified VPN Client Framework) and Easy VPN Remo | |||||||||||
Usage: | |||||||||||
vpngroup <group_name> address-pool <pool_name> | |||||||||||
vpngroup <group_name> dns-server <dns_ip_prim> [<dns_ip_sec>] | |||||||||||
vpngroup <group_name> wins-server <wins_ip_prim> [<wins_ip_sec>] | |||||||||||
vpngroup <group_name> default-domain <domain_name> | |||||||||||
vpngroup <group_name> split-tunnel <access_list> | |||||||||||
vpngroup <group_name> split-dns domain_name1 [domain_name2 ... domain_name8] | |||||||||||
vpngroup <group_name> pfs | |||||||||||
vpngroup <group_name> idle-time <idle_seconds> | |||||||||||
vpngroup <group_name> max-time <max_seconds> | |||||||||||
vpngroup <group_name> password <preshared_key> | |||||||||||
112 | who | Show active administration sessions on PIX | |||||||||
Show active Telnet administration sessions on the PIX Firewall. (Unprivileged mode.) | |||||||||||
Usage: | |||||||||||
who [ip] | |||||||||||
113 | xlate | Display current translation and connection slot information | |||||||||
Store, view, or erase the current configuration. (Privileged mode.) | |||||||||||
Result of firewall command: "sh xlate" | |||||||||||
0 in use, 0 most used |