Before You Begin - Cisco 2800 Series Manual

Before You Begin

List of Terms
ATM—Asynchronous Transfer Mode. A connection switching protocol that organizes data into 53-byte
cell units, transmitting them via digital signals. Each cell is processed asynchronously (hence the name)
relative to the transmission or arrival of other cells within a single message. Cells are also queued before
being transmitted in a multiplexing fashion. ATM can be used for many different services, including
voice, video, or data.
DNS—Domain Name Server. Maps names to Internet Protocol (IP) addresses and addresses to names.
Domain Name Servers maintain lists of domain name and IP address mappings.
DPD—Dead peer detection. An implementation of a client keepalive functionality, to check the
availability of the VPN device on the other end of an IPSec tunnel.
IKE—Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for
services (such as IPSec) that require keys. Before any IPSec traffic can be passed, each
router/firewall/host must verify the identity of its peer. This can be done by manually entering preshared
keys into both hosts or can be done by a certification authority (CA) service.
IPSec—IP Security. A framework of open standards that provides data confidentiality, data integrity,
and data authentication between participating peers. IPSec provides these security services at the IP
layer. IPSec uses IKE to handle the negotiation of protocols and algorithms based on local policy and to
generate the encryption and authentication keys to be used by IPSec. IPSec can protect one or more data
flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a
host.
ISAKMP—Internet Security Association Key Management Protocol. A protocol for key exchange
encryption and authentication. ISAKMP requires at least one pair of messages to be exchanged between
two VPN-connected peers before a secure link can be established.
NETBEUI—NetBIOS extended user interface. A transport protocol associated with Microsoft-based
networks. Unlike TCP/IP, NETBEUI is not a routable network protocol.
NetBIOS—Network Basic Input/Output System. A peer-to-peer low-level networking protocol dating
back to the 1980s, NetBIOS links network operating systems with network hardware. NetBIOS is not
routable and must be encapsulated with TCP/IP to pass through routers.
SA—Security association. This is a unidirectional channel negotiated by IPSec, with a pair of SAs
required for two-way communication. SAs are used to index session keys and initialization vectors.
SHDSL—Symmetrical High-Speed Digital Subscriber Line. An implementation of DSL that operates at
equal speeds in both transmission directions, at rates from 192 kbps to 2.3 Mbps.
WINS—Windows Internet Naming Service. A service in Microsoft-based networks that translates
hostnames into IP addresses. Using NETBEUI protocol, it is also compatible with NetBIOS.
Before You Begin
The following are the requirements for using this configuration example.
Conventions
For more information on document conventions, see the
OL-6340-01
2
Easy VPN Configuration Example
Cisco Technical Tips Conventions.