policy-map type inspect esmtp tls-esmtp
  parameters
    allow-tls
    no mask-banner     !! may only be required if you notice issues related to the banner

policy-map global_policy
  class inspection_default
    no inspect esmtp
    inspect esmtp tls-esmtp

Documentation

[ # ]

!! Enable the performance monitoring
asdm history enable

!! View data
show asdm history feature <all|blocks|cpu|failover|ids|interface|memory|perfmon|sas|tunnels|xlates>
show asdm history view <10m|60m|12h|5d|all> feature <all|blocks|cpu|failover|ids|interface|memory|perfmon|sas|tunnels|xlates>

Notes:

  • You can leave off the feature command to view ALL performance data

Documentation

[ # ]

show eigrp topology
show eigrp neighbors
debug eigrp neighbor
debug eigrp fsm

[ # ]

router eigrp <as-num>  !! as number must match on neighbors
 no auto-summary 
 eigrp router-id 10.0.150.3  !! Name for defining the eigrp, name after interface IP
 redistribute static  !! redistribute static routes, can use policy map instead so not ALL statics are distributed
 network 10.0.150.0 255.255.255.0   !! Directly connected network
 network 4.2.2.128 255.255.255.248  !! Directly connected network
 exit

!! configure static routes to point to the interface/IP that you want to monitor and stop advertising the routes when the interface goes down
route <int-to-watch> <network-to-advertise> <subnet> <ip-of-int-to-watch>

[ # ]

access-list no_inspect_ESMTP deny tcp <source> <destination> eq 25
access-list no_inspect_ESMTP permit tcp any any eq 25

class-map no_inspect_ESMTP
 match access-list no_inspect_ESMTP 
 exit

policy-map global_policy 
 class no_inspect_ESMTP 
  inspect ESMTP 
  exit 
 class inspection_default
  no inspect esmtp
  exit

Notes:

  • It's important that the last ACL is specific for port 25 and not all IP. Traffic will break if left as 'ip'

[ # ]

prompt hostname state

[ # ]

failover exec mate <command>

Documentation

[ # ]

cphastop
mount -t iso9660 -o loop <iso_image> /mnt/cdrom
cd /mnt/cdrom
patch add cd

Notes:

  • It's best to verify these steps from Release Notes
  • After install, modify CP object in policy to reflect new version and push policy
  • HFAs will use ./UnixInstallScript instead of 'patch add cd'

[ # ]

useradd -u 0 -o -g 0 -m <username> -s /bin/rbash

[ # ]

clish 
add user <username> uid <uid#> homedir /var/<username>
set user <username> shell /bin/csh
add rba user <username> role monitorRole
save config

Notes:

  • UID should be above 120. If you give a UID of 0, that will give the user read/write access
  • The 'RBA' line assigns the default readonly Voyager role, monitorRole, to the user. If the user does not need Voyager access, this can be ignored.

[ # ]