Glossary
GL-14
Cisco ASA Series CLI Configuration Guide
PFS
Perfect Forwarding Secrecy. PFS enhances security by using a different security key for the IPsec
Phase 1 and Phase 2 SAs. Without PFS, the same security key is used to establish SAs in both phases.
PFS ensures that a given IPsec SA key was not derived from any other secret (like some other keys).
In other words, if someone were to break a key, PFS ensures that the attacker would not be able to
derive any other key. If PFS were not enabled, someone could hypothetically break the IKE SA secret
key, copy all the IPsec protected data, and then use knowledge of the IKE SA secret to compromise
the IPsec SA setup by this IKE SA. With PFS, breaking IKE would not give an attacker immediate
access to IPsec. The attacker would have to break each IPsec SA individually.
Phase 1
See IPsec Phase 1.
Phase 2
See IPsec Phase 2.
PIM
Protocol Independent Multicast. PIM provides a scalable method for determining the best paths for
distributing a specific multicast transmission to a group of hosts. Each host has registered using IGMP
to receive the transmission. See also PIM-SM.
PIM-SM
Protocol Independent Multicast-Sparse Mode. With PIM-SM, which is the default for Cisco routers,
when the source of a multicast transmission begins broadcasting, the traffic is forwarded from one MC
router to the next, until the packets reach every registered host. See also PIM.
ping
An ICMP request sent by a host to determine if a second host is accessible.
PIX
Private Internet eXchange. The Cisco PIX 500 series ASAs ranged from compact, plug-and-play
desktop models for small/home offices to carrier-class gigabit models for the most demanding
enterprise and service provider environments. Cisco PIX ASAs provided robust, enterprise-class
integrated network security services to create a strong multilayered defense for fast changing network
environments. The PIX has been replaced by the Cisco ASA 5500 series.
PKCS12
A standard for the transfer of PKI-related data, such as private keys, certificates, and other data.
Devices supporting this standard let administrators maintain a single set of personal identity
information.
PNS
PPTP Network Server. A PNS is envisioned to operate on general-purpose computing/server
platforms. The PNS handles the server side of PPTP. Because PPTP relies completely on TCP/IP and
is independent of the interface hardware, the PNS may use any combination of IP interface hardware
including LAN and WA N devices.
Policy NAT
Lets you identify local traffic for address translation by specifying the source and destination
addresses (or ports) in an access list.
POP
Post Office Protocol. Protocol that client e-mail applications use to retrieve mail from a mail server.
Pool
See IP pool.
Port
A field in the packet headers of TCP and UDP protocols that identifies the higher level service which
is the source or destination of the packet.
PPP
Point-to-Point Protocol. Developed for dial-up ISP access using analog phone lines and modems.
PPPoE
Point-to-Point Protocol over Ethernet. An IP protocol that encapsulates PPP packets and sends them
over a local network or the internet to establish a connection to a host, usually between a client and
an ISP.
To Next Page
Loading...
