Glossary
GL-10
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
intfn
Any interface, usually beginning with port 2, that connects to a subset network of your design that you
can custom name and configure.
interface PAT
The use of PAT where the PAT IP address is also the IP address of the outside interface. See Dynamic
PAT, Static PAT.
Internet
The global network that uses IP. Not a LAN. See also intranet.
intranet
Intranetwork. A LAN that uses IP. See also network and Internet.
IP
Internet Protocol. IP protocols are the most popular nonproprietary protocols because they can be used
to communicate across any set of interconnected networks and are equally well suited for LAN and
WA N communications.
IPS
Intrusion Prevention Service. An in-line, deep-packet inspection-based solution that helps mitigate a
wide range of network attacks.
IP address
An IP protocol address. A security appliance interface ip_address. IP version 4 addresses are 32 bits
in length. This address space is used to designate the network number, optional subnetwork number,
and a host number. The 32 bits are grouped into four octets (8 binary bits), represented by 4 decimal
numbers separated by periods, or dots. The meaning of each of the four octets is determined by their
use in a particular network.
IP pool
A range of local IP addresses specified by a name, and a range with a starting IP address and an ending
address. IP Pools are used by DHCP and VPNs to assign local IP addresses to clients on the inside
interface.
IPSec
IP Security. A framework of open standards that provides data confidentiality, data integrity, and data
authentication between participating peers. IPSec provides these security services at the IP layer.
IPSec uses IKE to handle the negotiation of protocols and algorithms based on local policy and to
generate the encryption and authentication keys to be used by IPSec. IPSec can protect one or more
data flows between a pair of hosts, between a pair of security gateways, or between a security gateway
and a host.
IPSec Phase 1
The first phase of negotiating IPSec, includes the key exchange and the ISAKMP portions of IPSec.
IPSec Phase 2
The second phase of negotiating IPSec. Phase two determines the type of encryption rules used for
payload, the source and destination that will be used for encryption, the definition of interesting traffic
according to access lists, and the IPSec peer. IPSec is applied to the interface in Phase 2.
IPSec transform set
A transform set specifies the IPSec protocol, encryption algorithm, and hash algorithm to use on traffic
matching the IPSec policy. A transform describes a security protocol (AH or ESP) with its
corresponding algorithms. The IPSec protocol used in almost all transform sets is ESP with the DES
algorithm and HMAC-SHA for authentication.
ISAKMP
Internet Security Association and Key Management Protocol. A protocol framework that defines
payload formats, the mechanics of implementing a key exchange protocol, and the negotiation of a
security association. See IKE.
ISP
Internet Service Provider. An organization that provides connection to the Internet via their services,
such as modem dial in over telephone voice lines or DSL.
To Next Page
Loading...
