Cisco FirePOWER ASA 5500 series Configuration Manual page 959

A public key
RSA
a variable key length. The main weakness of RSA is that it is significantly slow to compute compared
to popular secret-key algorithms, such as DES. The Cisco implementation of
Diffie-Hellman
preshared keys). With the
in encrypted form), which is not the case with the RSA encrypt and sign technique. RSA is not public
domain, and must be licensed from RSA Data Security.
Remote Shell. A protocol that allows a user to execute commands on a remote system without having
RSH
to log in to the system. For example, RSH can be used to remotely examine the status of a number of
access servers without connecting to each communication server, executing the command, and then
disconnecting from the communication server.
RTP Control Protocol. Protocol that monitors the
RTCP
information about the on-going session. See also RTP.
Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide
RTP
end-to-end network transport functions for applications transmitting real-time data, such as audio,
video, or simulation data, over multicast or unicast network services. RTP provides such services as
payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time
applications.
Real Time Streaming Protocol. Enables the controlled delivery of real-time data, such as audio and
RTSP
video. RTSP is designed to work with established protocols, such as
Conditional statements added to the security appliance configuration to define security policy for a
rule
particular situation. See also ACE, ACL, NAT.
The configuration currently running in RAM on the security appliance. The configuration that
running
configuration determines the operational characteristics of the security appliance.
S
security association. An instance of security policy and keying material applied to a data flow. SAs
SA
are established in pairs by
algorithms and other security parameters used to create a secure tunnel. Phase 1 SAs
establish a secure tunnel for negotiating Phase 2 SAs. Phase 2 SAs
tunnel used for sending user data. Both
another.
needed for a protected data pipe, one per direction per protocol. For example, if you have a pipe that
supports
by destination
IKE
An IKE
Skinny Client Control Protocol. A Cisco-proprietary protocol used between Cisco Call Manager and
SCCP
Cisco
Simple Certificate Enrollment Protocol. A method of requesting and receiving (also known as
SCEP
enrolling) certificates from CAs.
OL-10088-01
cryptographic algorithm (named after its inventors, Rivest, Shamir, and Adelman) with
exchange to get the secret keys. This exchange can be authenticated with RSA (or
Diffie-Hellman
IPSec
IPSec SAs are unidirectional and they are unique in each security protocol. A set of SAs are
ESP between peers, one
(IPSec endpoint) address, security protocol
negotiates and establishes SAs on behalf of IPSec. A user can also establish
SA is used by IKE only, and unlike the
VoIP phones.
exchange, the DES
QoS of an IPv6
peers during both phases of IPSec. SAs specify the encryption
IKE and IPSec use SAs, although SAs are independent of one
ESP SA is required for each direction. SAs are uniquely identified
(AH
IPSec SA, it is bidirectional.
Cisco Security Appliance Command Line Configuration Guide
IKE uses a
key never crosses the network (not even
RTP connection and conveys
RTP and HTTP.
(IKE
(IPSec SAs) establish the secure
or ESP), and Security Parameter Index.
IPSec SAs manually.
Glossary
SAs)
GL-17