45-36
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
Device Interface: IP Type (PIX/ASA 7.0+)
A security device operating in single-context, routed mode requires IP addressing for its interfaces;
however, firewall interfaces do not have IP addresses until you assign them. Note that in transparent
mode, the device acts as an access-control bridge (a “bump in the wire”)—you assign different VLANs
to each interface, but IP addressing is not necessary.
The Add/Edit Interface dialog box presented for an independent ASA or PIX 7.0+ device in
single-context, routed mode includes the section IP Type, where you specify the type of IP addressing
for the interface and provide related parameters, as described here. (The IP Type section of the Add/Edit
Interface dialog box for PIX 6.3 devices is described in Device Interface: IP Type (PIX 6.3), page 45-18.)
Prefix Lifetime You can expand this section of the dialog box to display the following
expiration options:
Lifetime Duration – Select this option to define prefix expiration
as a length of time; the following options are enabled:
Valid Lifetime – The amount of time (in seconds) that the
specified IPv6 prefix is advertised as being valid. Enter a value
from 0 to 4294967295 seconds. The maximum value
represents infinity (that is, the lifetime does not expire), which
can also be specified by the checking the Infinite box. The
default is 2592000 (30 days).
Preferred Lifetime – The amount of time (in seconds) that the
specified IPv6 prefix is advertised as being preferred. Enter a
value from 0 to 4294967295 seconds. The maximum value
represents infinity (that is, the lifetime does not expire), which
can also be specified by the checking the Infinite box. The
default is 604800 (7 days). The Preferred Lifetime must less
than or equal to the Valid Lifetime.
Lifetime Expiration Date – Select this option to define prefix
expiration as a specific date. Note that acceptable values for this
date can range from today’s date to one year from today’s date. The
following options are enabled:
Vali d – The prefix is advertised as being valid until this date
and time are reached. Enter a date in the form Mmm dd yyyy
(that is, three-letter month abbreviation, two-digit date, and
four-digit year), or click the calendar icon to select a date from
a scrolling calendar. Also, enter the time of expiration on the
specified date, in the form hh:mm, based on a 24-hour clock.
Preferred – The prefix is advertised as being preferred until
this date and time are reached. Enter a date in the form Mmm dd
yyyy (that is, three-letter month abbreviation, two-digit date,
and four-digit year), or click the calendar icon to select a date
from a scrolling calendar. Also, enter the time of expiration on
the specified date, in the form hh:mm, based on a 24-hour clock.
The Preferred date and time must be earlier than or equal to the
Valid date and time.
Table45-7 IPv6 Prefix Editor Dialog Box (Continued)
Element Description