Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Release Notes Version 7.0(6)

Downloads

Table Of Contents

Cisco ASA 5500 Series Release Notes Version 7.0(6)

Contents

Introduction

System Requirements

Memory Requirements

Determining the Software Version

Upgrading to a New Software Release

New Features

Important Notes

Important Notes in Release 7.0

Common Criteria EAL4+

FIPS 140-2

Hostname and Domain Name Limitation

WebVPN ACLS and DNS Hostname

Proxy Server and ASA

Mismatch PFS

ACS Radius Authorization Server

Readme Document for the Conduits and Outbound List Conversion Tool 1.2

User Upgrade Guide

Features not Supported in Version 7.0

MIB Supported

Downgrade to Previous Version

Caveats

Open Caveats - Release 7.0(6)

Resolved Caveats - Release 7.0(6)

Related Documentation

Software Configuration Tips on the Cisco TAC Home Page

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Cisco ASA 5500 Series Release Notes Version 7.0(6)

August 2006

Contents

This document includes the following sections:

Introduction

System Requirements

New Features

Important Notes

Caveats

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

The Cisco ASA 5500 series security appliance delivers unprecedented levels of defense against threats to the network with deeper web inspection and flow specific analysis, improved secure connectivity through end-point security posture validation and voice and video over VPN support. It also provides enhanced support for intelligent information networks through improved network integration, resiliency, and scalability. This release introduces significant enhancements to all major functional areas, including: firewalling and inspection services, VPN services, network integration, high-availability services, and management/monitoring.

For more information on all the new features, see New Features.

Additionally, the Cisco ASA 5500 series security appliance software supports Adaptive Security Device Manager. ASDM is a browser-based, Java applet used to configure and monitor the software on the security appliances. ASDM is loaded from the security appliance, then used to configure, monitor, and manage the device.

System Requirements

The sections that follow list the system requirements for operating a Cisco ASA 5500 series security appliance. This section includes the following topics:

Memory Requirements

Determining the Software Version

Upgrading to a New Software Release

Memory Requirements

Table 1 lists the DRAM memory requirements for the Cisco ASA 5500 series security appliance.

Table 1 DRAM Memory Requirements 

ASA Model
DRAM Memory

ASA 5510

256 MB

ASA 5520

512 MB

ASA 5540

1 GB


All Cisco ASA 5500 series security appliances require a minimum of 64 MB of internal CompactFlash.

Determining the Software Version

Use the show version command to verify the software version of your Cisco ASA 5500 series security appliance.

Upgrading to a New Software Release

If you have a Cisco.com (CDC) login, you can obtain software from the following website:

http://www.cisco.com/kobayashi/sw-center/

New Features

Version 7.0(6) includes several caveat resolutions

Important Notes

Important Notes in Release 7.0

This section lists important notes related to release 7.0(6).

Common Criteria EAL4+

For information on common criteria EAL4+, see the Installation and Configuration for Common Criteria EAL4 Evaluated Cisco Adaptive Security Appliance, Version 7.0(6) document.

FIPS 140-2

The Cisco ASA 5500 series security appliance is on the FIPS 140-2 Pre-Validation List.

Hostname and Domain Name Limitation

When using ASDM, the hostname and domain names combined should not be more than 63 characters long. If the hostname and domain names combined is more than 63 characters, you will get an error message.

WebVPN ACLS and DNS Hostname

When a deny webtype URL ACL (DNS-based) is defined, but the DNS-based URL is not reachable, a "DNS Error" popup is displayed on the browser. The ACL hitcounter is also not incremented.

If the URL ACL is defined by an IP instead of DNS name, then the traffic flow hitting the ACL will be recorded in the hitcounter and a "Connection Error" is displayed on the browser.

Proxy Server and ASA

If WebVPN is configured to use an HTTP(S)-proxy server to service all requests for browsing HTTP and/or HTTPS sites, the client/browser may expect the following behavior:

1. If the ASA cannot communicate with the HTTPS or HTTPS proxy server, a "connection error" is displayed on the client browser.

2. If the HTTP(S) proxy cannot resolve or reach the requested URL, it should send an appropriate error to the ASA, which in turn will display it to the client browser.

Only when the HTTP(S) proxy server notifies the ASA of the inaccessible URL, can the ASA notify the error to the client browser.

Mismatch PFS

The PFS setting on the VPN client and the security appliance must match.

ACS Radius Authorization Server

When certificate authentication is used in conjuction with Radius authorization, the ACS server sends a bogus Group=CISCOACS:0003b9c6/5a940131/username and is displayed in the vpn-session database.

Readme Document for the Conduits and Outbound List Conversion Tool 1.2

The Cisco ASA 5500 series security appliance Outbound/Conduit Conversion tool assists in converting configurations with outbound or conduit commands to similar configurations using ACLs. ACL-based configurations provide uniformity and leverage the powerful ACL feature set. ACL based configurations provide the following benefit:

ACE Insertion capability - System configuration and management is greatly simplified by the ACE insertion capability that allows users to add, delete or modify individual ACEs.

User Upgrade Guide

For a list of deprecated features, and user upgrade information, go to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/migr_vpn/index.htm

Features not Supported in Version 7.0

The following features are not supported in Version 7.0(6):

PPPoE

L2TP over IPSec

PPTP

MIB Supported

For information on MIB Support, go to:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

Downgrade to Previous Version

To downgrade to a previous version of the operating system software (software image), use the downgrade command in privileged EXEC mode. For more information and a complete description of the command syntax, see the Cisco Security Appliance Command Reference.

Caveats

The following sections describe the caveats for the 7.0(6) release.

For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:

Commands are in boldface type.

Product names and acronyms may be standardized.

Spelling errors and typos may be corrected.

Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:

http://www.cisco.com/support/bugtools

To become a registered cisco.com user, go to the following website:

http://tools.cisco.com/RPF/register/register.do

Open Caveats - Release 7.0(6)

Table 2 Open Caveats 

ID Number
Software Release 7.0(6)
Corrected
Caveat Title

CSCeh98117

No

Tunnel-group passwords in cleartext when viewed with more

CSCsc36891

No

Higher CPU utilization for url filtering in recent releases.

CSCsc98412

No

PIX console accounting doesn't appear in ACS Logged-In User report

CSCsd69625

No

EZVPN:IOS C876 Client can't connect to ASA using digi certs and noXauth

CSCsd99279

No

IKE: interop with Macintosh vpn client problem with transparent tunnel

CSCse06951

No

SNMP process stops working on PIX when the utilization is high

CSCse40999

No

SSH conns limited to 4 instead of 5

CSCse48144

No

cut-through proxy authentication misbehavior

CSCse67035

No

VPN filter deny outbound traffic if return is not permitted.

CSCse73922

No

Cmds excuted in SSH / Telnet sessions continue after session disconnects

CSCse74721

No

complete IPSEC SA deleted upon receiving delete for old SPI's

CSCse86968

No

Standby unit sends accounting records for replicated DACL commands

CSCse88062

No

Standby pix crashes following replication

CSCse98719

No

Connection fails with the CA cert of 4096 bits fails with Error #72eh

CSCsf05931

No

AAA: group-lock does not handle tunnel-group names with spaces

CSCsf06947

No

Large FTP transfer over L2L tunnel between PIX and Netscreen breaking


Resolved Caveats - Release 7.0(6)

Table 3 Resolved Caveats 

ID Number
Software Release 7.0(6)
Corrected
Caveat Title

CSCee00612

Yes

F1 floods network if Syslog is not available

CSCei47678

Yes

SNMP packet size standards in RFC3417 not fully supported.

CSCek40279

Yes

Increase in CPU utilization when OSPF is enabled

CSCsd03664

Yes

Reload w/ Thread Name:Session Manager w/ high volume of L2L VPN traffic

CSCsd47976

Yes

Traceback on nameif command on unused intf with 8000 static commands

CSCsd59936

Yes

Registering to the RP for PIM fails if fragmented in more then 12 packs

CSCsd82355

Yes

Malformed syslog packets may be generated.

CSCsd85345

Yes

Traceback may occur in fover_parse on 7.0.4

CSCsd89983

Yes

Access-list entered at line 1 is ineffective until access-group is rede

CSCsd90505

Yes

traceback with assertion in file "vf_api.c", line 264

CSCsd92296

Yes

DHCP relay failed after failover

CSCsd93207

Yes

Show failover indicates different uptimes on devices in failover pair

CSCsd93380

Yes

Packets for VPN-l2l peer get dropped instead of encrypted

CSCsd94835

Yes

Proxy may queue too many packets when url filtering client is down

CSCsd94875

Yes

Traceback in VPN/IPSec CLI code when clear crypto ipsec sa counter

CSCsd95170

Yes

PIX 7.0(4)10 : reporting incorrect context CPU usage

CSCsd97077

Yes

ASA/PIX - crash from SiVus SIP tester inside to outside w/ inspect/fixup

CSCsd97134

Yes

PIX/ASA ignores OSPF DBDs during adajency building

CSCsd98071

Yes

conns fail after two successful authentications to virtual telnet IP

CSCsd98435

Yes

DHCPD pool does not allow to set ip add on interface once it is removed

CSCsd99200

Yes

Traceback in 7.1.2 caused by strict http inspection

CSCsd99709

Yes

PIX gets high cpu when type q to interrupt output of show conf

CSCse00173

Yes

PIX 515 fails to synch via serial based failover with VPN config

CSCse00303

Yes

Traceback during active/active config replication with 4 syslog servers

CSCse00756

Yes

URL filtering using Websense locks up downloads.

CSCse00996

Yes

tcp normalizer drop to-the-box traffic not conforming to RFC793 (MSS)

CSCse01293

Yes

Traceback in the arp_forward_thread

CSCse02354

Yes

PIX crash by dispatch unit

CSCse02703

Yes

Passwords in startup config may be changed without user intervention

CSCse02722

Yes

SSL Handshake failure with self signed cert

CSCse03299

Yes

VPN clients behind same PAT device using IPSEC/TCP & NAT-T fails IKE neg

CSCse04610

Yes

EzVPN: assert Thread Name: IKE Daemon (Old pc 0x00501f6d ebp 0x03401418)

CSCse06536

Yes

ASA 7.1 : ASR not forwarding fragmented IP packets between contexts

CSCse07242

Yes

Crash in pix_flash_config_thread

CSCse08300

Yes

Show block shows inuse and current values greater than max

CSCse08731

Yes

FIPS reload on failed ACL Checksum after clear config all

CSCse09591

Yes

ASA5540 crashes in IPsec message handler

CSCse10714

Yes

Shun behavior change in 7.x

CSCse11010

Yes

VPN:tback IKE Daemon (Old pc 0x001a9ee5 ebp 0x023d8dd8) 515 w/VAC +

CSCse11384

Yes

ASA crash in dhcp_daemon

CSCse14214

Yes

Malformed ICMPv6 NA packet causes PIX to crash and reload

CSCse14296

Yes

Trustpoint not found if ASA not enrolled with the trustpoint

CSCse14402

Yes

EzVPN:5505 Phase 2 SAs fail to establish causing tunnel to drop

CSCse15977

Yes

ASA/PIX reboot if 2 admin sessions are working on the same capture

CSCse19020

Yes

PPTP Pass-through not working due to inspection

CSCse20501

Yes

Passive FTP to Multinet server fails

CSCse22150

Yes

Traceback during config synch and console at More

CSCse22853

Yes

Active unit crash in accept/http when disabling DHCP relay

CSCse23164

Yes

PIX crash

CSCse23554

Yes

Memory leak within event_smtpmgr:es_SmtpSndMSG function

CSCse23751

Yes

Nested crash dump doesn't stop

CSCse27184

Yes

basic attribute is not checked in all mode config attributes...

CSCse29840

Yes

AdmissionConfirm received without an AdmissionRequest, ACF dropped

CSCse30049

Yes

SSH conns to the box not removed after a Failover

CSCse30061

Yes

PIX/ASA VPN decompress error when decrypting packet with IP compression

CSCse32309

Yes

PIX/ASA: Timeout of secondary flow causes crash in thread Checkheaps

CSCse33143

Yes

Dynamic ACL created under with command access-list <name> d ...

CSCse34179

Yes

MFW-R: traceback in 'clear cfg all' during a performance test.

CSCse35566

Yes

ASA 7.0.5 Traceback in Dispatch unit on clear xlate

CSCse37787

Yes

ASA: Standby crashed after becoming Active with VPN connections

CSCse38039

Yes

ASA drops small ICMP length packets with IPsec/UDP

CSCse40332

Yes

ASA multiple mode rollback of config failed for admin and other VC

CSCse40583

Yes

PIX 7 should not reply to the IP network address

CSCse40671

Yes

RTSP w/PAT, PIX set client_ports to NULL

CSCse45308

Yes

Static nailed rule does not match conn destined for that address

CSCse45450

Yes

PIX/ASA Crash in aaa thread

CSCse45694

Yes

Standby: Traceback in Thread Name: IKE Daemon with dACL

CSCse46292

Yes

Traceback in obj-f1/bld_pkt:_AddOctetString+17 in snmp thread

CSCse48193

Yes

ASA vulnerable to cross-site scripting when using WebVPN

CSCse50716

Yes

PIX 7.0.5.1 URL Filtering Traceback Thread Name: Dispatch Unit

CSCse50804

Yes

OSPF stuck in EXCHANGE in certain assymetric routing scenarios

CSCse53294

Yes

ASA Crash- when an SSH connection is made and "conf t" is issued

CSCse53344

Yes

IKE: vpn-tunnel-protocol attribute is not checked if the value is 0

CSCse54749

Yes

210007 LU allocate xlate failed syslog generated by overlapping nat cfg

CSCse58985

Yes

sh uauth shows 32 in-progress and prevents SSH to ASA using LOCAL db

CSCse61315

Yes

SSMIO-4GE SFP interfaces G1/1 - G1/3 don't operate

CSCse62914

Yes

Standby device Traceback in Thread Name: tcp_thread

CSCse66235

Yes

Memory exhausts with logging flash-bufferwrap and high syslog level

CSCse70993

Yes

Traceback observed in Thread Name: ci/console

CSCse75523

Yes

Received ARP request collision when issuing write standby

CSCse76115

Yes

Cascade delimiter not inserted with correct priority for dynamic crypto.

CSCse77122

Yes

FTP-data connection not replicated back to primary after failover

CSCse77680

Yes

P2 in progress test broken - could cause unexpected rekey.

CSCse77855

Yes

buffer leak upon IPSEC spoofing.

CSCse78065

Yes

# sign in config not replicated to Standby unit

CSCse78299

Yes

Primary/Secondary units become Active state when failover link failed

CSCse80001

Yes

Traceback in IKE daemon while trying to post event (syslog)

CSCse81384

Yes

traffic delay when dynamic arp entry times out

CSCse81633

Yes

ASA 4GE-SSM Gig ports silently drop IGMP joins

CSCse83905

Yes

dhcprelay stops working if FW interface ip address is modified

CSCse88873

Yes

IPV6: TCP SYN-ACK with layer 2 padding dropped

CSCse94241

Yes

Reload with Thread Name:vpnlb_thread when taking over as failover active

CSCse96289

Yes

Traceback with Thread Name: Dispatch Unit

CSCsf00368

Yes

Crashinfo file may incorrectly show 0% free memory


Related Documentation

For additional information on the Cisco ASA 5500 series security appliance, refer to the following URL on Cisco.com:

http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html

Software Configuration Tips on the Cisco TAC Home Page

The Cisco Technical Assistance Center has many helpful pages. If you have a CDC account you can visit the following websites for assistance:

TAC Troubleshooting, Sample Configurations, Hardware Info, Software Installations and more:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/tsd_products_support_series_home.html

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:

http://www.cisco.com/univercd/home/home.htm

The Product Documentation DVD is created monthly and is released in the middle of the month. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

Ordering Documentation

You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

If you do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Documentation Feedback

You can provide feedback about Cisco technical documentation on the Cisco Technical Support & Documentation site area by entering your comments in the feedback form available in every online document.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to do the following:

Report security vulnerabilities in Cisco products

Obtain assistance with security incidents that involve Cisco products

Register to receive security information from Cisco

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.

Product Alerts and Field Notices

Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive Cisco Product Alerts and Cisco Field Notices by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

To access the Product Alert Tool, you must be a registered Cisco.com user. To register as a Cisco.com user, go to this URL:

http://tools.cisco.com/RPF/register/register.do

Registered users can access the tool at this URL:

http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Note Use the Cisco Product Identification Tool to locate your product serial number before submitting a request for service online or by phone. You can access this tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Tip Displaying and Searching on Cisco.com

If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.

To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. On the Cisco.com home page, click the Advanced Search link under the Search box and then click the Technical Support & Documentation.radio button.

To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411
Australia: 1 800 805 227
EMEA: +32 2 704 55 55
USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the magazine for Cisco networking professionals. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can subscribe to Packet magazine at this URL:

http://www.cisco.com/packet

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

"What's New in Cisco Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of "What's New in Cisco Documentation" at this URL:

http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2006 Cisco Systems, Inc. All rights reserved.

Printed in the USA on recycled paper containing 10% postconsumer waste.