Cisco PIX 500 Series Configuration Manual page 1102

Glossary
Any interface, usually beginning with port 2, that connects to a subset network of your design that you
intfn
can custom name and configure.
The use of
interface PAT
PAT,
The global network that uses IP. Not a LAN. See also intranet.
Internet
Intranetwork. A LAN that uses IP. See also
intranet
Internet Protocol. IP protocols are the most popular nonproprietary protocols because they can be used
IP
to communicate across any set of interconnected networks and are equally well suited for
WAN
Intrusion Prevention Service. An in-line, deep-packet inspection-based solution that helps mitigate a
IPS
wide range of network attacks.
An IP protocol address. A security appliance interface ip_address. IP version 4 addresses are 32 bits
IP address
in length. This address space is used to designate the network number, optional subnetwork number,
and a host number. The 32 bits are grouped into four octets (8 binary bits), represented by 4 decimal
numbers separated by periods, or dots. The meaning of each of the four octets is determined by their
use in a particular network.
A range of local IP addresses specified by a name, and a range with a starting IP address and an ending
IP pool
address. IP Pools are used by
interface.
IP Security. A framework of open standards that provides data confidentiality, data integrity, and data
IPSec
authentication between participating peers. IPSec provides these security services at the IP layer.
IPSec uses
generate the encryption and authentication keys to be used by IPSec. IPSec can protect one or more
data flows between a pair of hosts, between a pair of security gateways, or between a security gateway
and a host.
The first phase of negotiating IPSec, includes the key exchange and the
IPSec Phase 1
The second phase of negotiating IPSec. Phase two determines the type of encryption rules used for
IPSec Phase 2
payload, the source and destination that will be used for encryption, the definition of interesting traffic
according to access lists, and the
A transform set specifies the
IPSec transform set
matching the
corresponding algorithms. The
algorithm and HMAC-SHA for authentication.
Internet Security Association and Key Management Protocol. A protocol framework that defines
ISAKMP
payload formats, the mechanics of implementing a key exchange protocol, and the negotiation of a
security association. See IKE.
Internet Service Provider. An organization that provides connection to the
ISP
such as modem dial in over telephone voice lines or DSL.
Cisco Security Appliance Command Line Configuration Guide
GL-10
PAT where the PAT IP address is also the IP address of the outside interface. See
Static PAT.
communications.
DHCP
IKE to handle the negotiation of protocols and algorithms based on local policy and to
IPSec
IPSec policy. A transform describes a security protocol
IPSec
network and Internet.
and VPNs to assign local IP addresses to clients on the inside
IPSec peer. IPSec is applied to the interface in Phase 2.
protocol, encryption algorithm, and hash algorithm to use on traffic
protocol used in almost all transform sets is
Dynamic
LAN
ISAKMP portions of IPSec.
(AH or ESP) with its
ESP with the
Internet via their services,
OL-12172-03
and
DES