Cisco ASA 5505 Configuration Manual page 1781

Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for services
IKE
(such as IPsec) that require keys. Before any
appliance must verify the identity of its peer. Identification can be done by manually entering
preshared keys into both hosts or by a
part of another protocol suite called
ISAKMP/Oakley) is defined in RFC 2409.
IKE Extended Authenticate (Xauth) is implemented per the IETF draft-ietf-ipsec-isakmp-xauth-04.txt
IKE Extended
Authentication (extended authentication). This protocol provides the capability of authenticating a user within IKE
using
IKE Mode Configuration is implemented per the IETF draft-ietf-ipsec-isakmp-mode-cfg-04.txt. IKE
IKE Mode
Configuration Mode Configuration provides a method for a security gateway to download an IP address (and other
network level configuration) to the VPN client as part of an IKE negotiation.
Internet Locator Service. ILS is based on LDAP and is ILSv2 compliant. ILS was developed by
ILS
Microsoft for use with its NetMeeting, SiteServer, and Active Directory products.
Internet Message Access Protocol. Method of accessing e-mail or bulletin board messages kept on a
IMAP
mail server that can be shared. IMAP permits client e-mail applications to access remote message
stores as if they were local without actually transferring the message.
An access rule automatically created by the adaptive security appliance based on default rules or as a
implicit rule
result of user-defined rules.
International Mobile Subscriber Identity. One of two components of a
IMSI
the NSAPI. See also NSAPI.
The first interface, usually port 1, that connects your internal, trusted network protected by the
inside
adaptive security appliance. See also interface,
The adaptive security appliance inspects certain application-level protocols to identify the location of
inspection engine
embedded addressing information in traffic. Inspection allows
addresses and to update any checksum or other fields that are affected by the translation. Because
many protocols open secondary
sessions to determine the port numbers for secondary channels. The initial session on a well-known
port is used to negotiate dynamically assigned port numbers. The application inspection engine
monitors these sessions, identifies the dynamic port assignments, and permits data exchange on these
ports for the duration of the specific session. Some of the protocols that the adaptive security appliance
can inspect are CTIQBE, FTP, H.323, HTTP, MGCP, SMTP, and SNMP.
The physical connection between a particular network and a adaptive security appliance.
interface
The IP address of the adaptive security appliance network interface. Each interface IP address must
interface IP address
be unique. Two or more interfaces must not be given the same IP address or IP addresses that are on
the same IP network.
Human-readable name assigned to the adaptive security appliance network interface. The inside
interface name
interface default name is "inside" and the outside interface default name is "outside." See also
and outside.
The use of
interface PAT
PAT,
OL-20339-01
TACACS+ or RADIUS.
PAT where the PAT IP address is also the IP address of the outside interface. See
Static PAT.
IPsec traffic can be passed, each adaptive security
CA service. IKE is a hybrid protocol that uses part
SKEME inside the ISAKMP
interface name.
TCP or UDP ports, each application inspection engine also monitors
Cisco ASA 5500 Series Configuration Guide using ASDM
framework. IKE (formerly known as
GTP tunnel ID, the other being
NAT to translate these embedded
Glossary
Oakley and
inside
Dynamic
GL-9