Cisco PIX 500 Series Configuration Manual page 1096

Glossary
Interprets and modifies applications so that they render correctly over a WebVPN connection.
Content
Rewriting/Transfor
mation
A cookie is a object stored by a browser. Cookies contain information, such as user preferences, to
cookie
persistent storage.
Central Processing Unit. Main processor.
CPU
Cyclical Redundancy Check. Error-checking technique in which the frame recipient calculates a
CRC
remainder by dividing frame contents by a prime binary divisor and compares the calculated remainder
to a value stored in the frame by the sending node.
Certificate Revocation List. A digitally signed message that lists all of the current but revoked
CRL
certificates listed by a given CA. This is analogous to a book of stolen charge card numbers that allow
stores to reject bad credit cards. When certificates are revoked, they are added to a CRL. When you
implement authentication using certificates, you can choose to use CRLs or not. Using CRLs lets you
easily revoke certificates before they expire, but the CRL is generally only maintained by the
RA. If you are using CRLs and the connection to the
requested, the authentication request will fail. See also CA, certificate,
Call Reference Value. Used by
CRV
Encryption, authentication, integrity, keys and other services used for secure communication over
cryptography
networks. See also
A data structure with a unique name and sequence number that is used for configuring VPNs on the
crypto map
security appliance. A crypto map selects data flows that need security processing and defines the policy
for these flows and the crypto peer that traffic needs to go to. A crypto map is applied to an interface.
Crypto maps contain the ACLs, encryption standards, peers, and other parameters necessary to specify
security policies for VPNs using
Computer Telephony Interface Quick Buffer Encoding. A protocol used in IP telephony between the
CTIQBE
Cisco CallManager and CTI
protocol inspection module and supports NAT, PAT, and bi-directional NAT. This enables Cisco IP
SoftPhone and other Cisco TAPI/JTAPI applications to communicate with Cisco CallManager for call
setup and voice traffic across the security appliance.
Enables the security appliance to provide faster traffic flow after user authentication. The cut-through
cut-through proxy
proxy challenges a user initially at the application layer. After the security appliance authenticates the
user, it shifts the session flow and all traffic flows directly and quickly between the source and
destination while maintaining session state information.
D
Describes any method that manipulates data so that no attacker can read it. This is commonly achieved
data confidentiality
by data encryption and keys that are only available to the parties involved in the communication.
Describes mechanisms that, through the use of encryption based on
data integrity
algorithms, allow the recipient of a piece of protected data to verify that the data has not been modified
in transit.
Cisco Security Appliance Command Line Configuration Guide
GL-4
H.225.0 to distinguish call legs signalled between two entities.
VPN and IPSec.
IKE and IPSec. See also VPN.
TAPI and JTAPI
CA or RA is not available when authentication is
public
applications. CTIQBE is used by the TAPI/JTAPI
secret key
CA or an
key, RA.
or public key
OL-12172-03