Cisco PIX 500 Series Configuration Manual page 1101

Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for services
IKE
(such as IPSec) that require keys. Before any
verify the identity of its peer. This can be done by manually entering preshared keys into both hosts
or by a
called
and is defined in RFC 2409.
IKE Extended Authenticate (Xauth) is implemented per the IETF draft-ietf-ipsec-isakmp-xauth-04.txt
IKE Extended
("extended authentication" draft). This protocol provides the capability of authenticating a user within
Authentication
IKE using
IKE Mode Configuration is implemented per the IETF draft-ietf-ipsec-isakmp-mode-cfg-04.txt. IKE
IKE Mode
Mode Configuration provides a method for a security gateway to download an IP address (and other
Configuration
network level configuration) to the VPN client as part of an IKE negotiation.
Internet Locator Service. ILS is based on LDAP and is ILSv2 compliant. ILS was developed by
ILS
Microsoft for use with its NetMeeting, SiteServer, and Active Directory products.
Internet Message Access Protocol. Method of accessing e-mail or bulletin board messages kept on a
IMAP
mail server that can be shared. IMAP permits client e-mail applications to access remote message
stores as if they were local without actually transferring the message.
An access rule automatically created by the security appliance based on default rules or as a result of
implicit rule
user-defined rules.
International Mobile Subscriber Identity. One of two components of a
IMSI
the NSAPI. See also NSAPI.
The first interface, usually port 1, that connects your internal, "trusted" network protected by the
inside
security appliance. See also interface,
The security appliance inspects certain application-level protocols to identify the location of
inspection engine
embedded addressing information in traffic. This allows
and to update any checksum or other fields that are affected by the translation. Because many
protocols open secondary
sessions to determine the port numbers for secondary channels. The initial session on a well-known
port is used to negotiate dynamically assigned port numbers. The application inspection engine
monitors these sessions, identifies the dynamic port assignments, and permits data exchange on these
ports for the duration of the specific session. Some of the protocols that the security appliance can
inspect are CTIQBE, FTP, H.323, HTTP, MGCP, SMTP, and SNMP.
The physical connection between a particular network and a security appliance.
interface
The IP address of a security appliance network interface. Each interface IP address must be unique.
interface ip_address
Two or more interfaces must not be given the same IP address or IP addresses that are on the same IP
network.
Human readable name assigned to a security appliance network interface. The inside interface default
interface names
name is "inside" and the outside interface default name is "outside." Any perimeter interface default
names are "intfn", such as intf2 for the first perimeter interface, intf3 for the second perimeter
interface, and so on to the last interface. The numbers in the intf string corresponds to the position of
the interface card in the security appliance. You can use the default names or, if you are an experienced
user, give each interface a more meaningful name. See also inside, intfn, outside.
OL-12172-03
CA service. IKE is a hybrid protocol that uses part
SKEME inside ISAKMP framework. This is the protocol formerly known as ISAKMP/Oakley,
TACACS+ or RADIUS.
TCP or
IPSec traffic can be passed, each security appliance must
Oakley
interface names.
NAT
UDP ports, each application inspection engine also monitors
Cisco Security Appliance Command Line Configuration Guide
and part of another protocol suite
GTP tunnel ID, the other being
to translate these embedded addresses
Glossary
GL-9