Glossary
GL-9
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
IKE
Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for services
(such as IPsec) that require keys. Before any IPsec traffic can be passed, each adaptive security
appliance must verify the identity of its peer. Identification can be done by manually entering
preshared keys into both hosts or by a CA service. IKE is a hybrid protocol that uses part Oakley and
part of another protocol suite called SKEME inside the ISAKMP framework. IKE (formerly known as
ISAKMP/Oakley) is defined in RFC 2409.
IKE Extended
Authentication
IKE Extended Authenticate (Xauth) is implemented per the IETF draft-ietf-ipsec-isakmp-xauth-04.txt
(extended authentication). This protocol provides the capability of authenticating a user within IKE
using TACACS+ or RADIUS.
IKE Mode
Configuration
IKE Mode Configuration is implemented per the IETF draft-ietf-ipsec-isakmp-mode-cfg-04.txt. IKE
Mode Configuration provides a method for a security gateway to download an IP address (and other
network level configuration) to the VPN client as part of an IKE negotiation.
ILS
Internet Locator Service. ILS is based on LDAP and is ILSv2 compliant. ILS was developed by
Microsoft for use with its NetMeeting, SiteServer, and Active Directory products.
IMAP
Internet Message Access Protocol. Method of accessing e-mail or bulletin board messages kept on a
mail server that can be shared. IMAP permits client e-mail applications to access remote message
stores as if they were local without actually transferring the message.
implicit rule
An access rule automatically created by the adaptive security appliance based on default rules or as a
result of user-defined rules.
IMSI
International Mobile Subscriber Identity. One of two components of a GTP tunnel ID, the other being
the NSAPI. See also NSAPI.
inside
The first interface, usually port 1, that connects your internal, trusted network protected by the
adaptive security appliance. See also interface, interface name.
inspection engine
The adaptive security appliance inspects certain application-level protocols to identify the location of
embedded addressing information in traffic. Inspection allows NAT to translate these embedded
addresses and to update any checksum or other fields that are affected by the translation. Because
many protocols open secondary TCP or UDP ports, each application inspection engine also monitors
sessions to determine the port numbers for secondary channels. The initial session on a well-known
port is used to negotiate dynamically assigned port numbers. The application inspection engine
monitors these sessions, identifies the dynamic port assignments, and permits data exchange on these
ports for the duration of the specific session. Some of the protocols that the adaptive security appliance
can inspect are CTIQBE, FTP, H.323, HTTP, MGCP, SMTP, and SNMP.
interface
The physical connection between a particular network and a adaptive security appliance.
interface IP address
The IP address of the adaptive security appliance network interface. Each interface IP address must
be unique. Two or more interfaces must not be given the same IP address or IP addresses that are on
the same IP network.
interface name
Human-readable name assigned to the adaptive security appliance network interface. The inside
interface default name is “inside” and the outside interface default name is “outside.” See also inside
and outside.
interface PAT
The use of PAT where the PAT IP address is also the IP address of the outside interface. See Dynamic
PAT, Static PAT.
To Next Page
Loading...
Need help?
General
