Network Services And Protocols; Table 8: Protocols And Services - Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures

6 Network Services and Protocols

The table below lists the network services/protocols available on the ASR as a client (initiated outbound) and/or server (listening for
inbound connections), all of which run as system-level processes. The table indicates whether each service or protocol is allowed to
be used in the certified configuration.
For more detail about each service, including whether the service is limited by firewall mode (routed or transparent), or by context
(single, multiple, system), refer to Command Reference guides listed in Table 2.
Service or Description
Protocol
DHCP Dynamic Host
Configuration
Protocol
DNS Domain Name
Service
ESP Encapsulating
Security Payload (part
of IPsec)
FTP File Transfer Protocol
ICMP Internet Control
Message Protocol
IKE Internet Key
Exchange
IPsec Internet Protocol
Security (suite of
protocols including
IKE, ESP and AH)
Kerberos A ticket-based
authentication
protocol
Table 9: Protocols and Services
Client Allowed
(initiating)
Yes Yes
Yes Yes
Yes Yes
Yes No
Yes Yes
Yes Yes
Yes Yes
Yes Over IPsec
Server Allowed
(terminating)
Yes Yes
No n/a
Yes Yes
No n/a
Yes Yes
Yes Yes
Yes Yes
No n/a
Allowed use in the certified configuration
No restrictions.
No restrictions.
Configure ESP as described in the section
Error! Reference source not found.of this
document.
Use SCP or HTTPS instead.
No restrictions.
As described in section Error! Reference
source not found. of this document.
Only to be used for securing traffic that
originates from or terminates at the ASA, not
for "VPN Gateway" functionality to secure
traffic through the ASA. See IKE and ESP
for other usage restrictions.
If used for authentication of ASA
administrators, tunnel this authentication
protocol secure with IPsec.
Page 63 of 72