Table of Contents
Advertisement
Glossary
S
SA
SAID
salt
SDEE
SDF
secret key
security association
lifetime
session key
SHA
Cisco Router and Security Device Manager Version 2.2 User's Guide
GL-28
security association. A set of security parameters agreed upon by two peers to
protect a specific session in a particular tunnel. Both IKE and IPSec use SAs,
although SAs are independent of one another.
IPSec SAs are unidirectional and are unique in each security protocol. An IKE
SA is used by IKE only, and unlike the IPSec SA, it is bidirectional. IKE
negotiates and establishes SAs on behalf of IPSec. A user can also establish
IPSec SAs manually.
A set of SAs is needed for a protected data pipe, one per direction per protocol.
For example, if you have a pipe that supports Encapsulating Security Protocol
(ESP) between peers, one ESP SA is required for each direction. SAs are
uniquely identified by destination (IPSec endpoint) address, security protocol
(AH or ESP), and security parameter index (SPI).
security association ID. Numeric identifier for the SA of a given link.
A string of pseudorandom characters used to enhance cryptographic complexity.
Security Device Event Exchange. A message protocol that can be used to report
on security events, such as alarms generated when a packet matches the
characteristics of a signature.
Signature Definition File. A file, usually in XML format, containing signature
definitions that can be used to load signatures on a security device.
See
symmetric
key.
The predetermined length of time in which an SA is in effect.
A key that is used only once.
Some encryption systems use the Secure Hashing Algorithm to generate digital
signatures, as an alternative to MD5.
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
