Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
7-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 7 Managing FlexConfigs
Understanding FlexConfig Policies and Policy Objects
ASA_define_traffic_flow_tu
nnel _group
Defines site-to-site VPN tunnel groups listed in the
SYS_FW_MPCRULE_TRAFFICFLOW_TUNNELGROUPNAME
system variable. This variable is populated with tunnel group names
defined in Traffic Flow objects.
ASA_established Permits return access for outbound connections through the security
appliance. This command works with an original connection that is
outbound from a network and protected by the security appliance and a
return connection that is inbound between the same two devices on an
external host.
Uses the established command to specify the destination port that is
used for connection lookups, which gives you more control over the
command and supports protocols where the destination port is known,
but the source port is unknown. The permitto and permitfrom
keywords define the return inbound connection.
ASA_FTP_mode_passive Sets the FTP mode to passive.
ASA_generate_route_map Generates a route map to be used by the pim accept-register
route-map command configured under Platform > Multicast > PIM >
Request Filter. Security Manager exports the route-map name used in
the pim command so that you can configure it as desired.
ASA_IP_audit Uses the ip-audit command to provide the following:
Sets the default actions (alarm, drop, reset) for packets that match
an attack signature.
Sets the default actions (alarm, drop, reset) for packets that match
an informational signature.
Creates a named audit policy that identifies the actions to take
(alarm, drop, reset) when a packet matches a defined attack
signature or an informational signature.
Disables a signature for an audit policy.
Assigns an audit policy to an interface.
ASA_MGCP Identifies a specific map for defining the parameters for Media
Gateway Control Protocol (MGCP) inspection.
ASA_no_router_Id Removes the router ID for each OSPF process.
ASA_no_shut_Intf Loops through and enables all interfaces on a device.
ASA_privilege Sets the privilege levels for the configuration, show and clear
commands.
ASA_route_map Defines a route map for each OSPF process redistribution route map
name.
ASA_RSA_KeyPair_generat
ion
Resets and generates RSA key pairs for certificates.
Table 7-6 Predefined ASA FlexConfig Policy Objects (Continued)
Name Description