Cisco 7604 Configuration Manual page 705

Cipher Block Chaining. A cryptographic technique that increases the encryption strength of an
CBC
algorithm. CBC requires an initialization vector (IV) to start encryption. The IV is explicitly given in
the IPSec
A signed cryptographic object that contains the identity of a user or device and the public key of the
certificate
CA
if known to be compromised. Certificates also establish non-repudiation for
means that you can prove to a third party that
Challenge Handshake Authentication Protocol.
CHAP
command-line interface. The primary interface for entering configuration and monitoring commands
CLI
to the FWSM.
Distributed computing (processing) network systems in which transaction responsibilities are divided
client/server
computing into two parts: client (front end) and server (back end). Also called distributed computing. See also
RPC.
From global configuration mode, some commands enter a command-specific configuration mode. All
command-specific
user EXEC, privileged EXEC, global configuration, and command-specific configuration commands
configuration mode
are available in this mode. See also
mode.
A file on the FWSM that represents the equivalent of settings, preferences, and properties
configuration,
administered by
config, config file
A cookie is a object stored by a browser. Cookies contain information, such as user preferences, to
cookie
persistent storage.
Central Processing Unit. Main processor.
CPU
cyclical redundancy check. Error-checking technique in which the frame recipient calculates a
CRC
remainder by dividing frame contents by a prime binary divisor and compares the calculated
remainder to a value stored in the frame by the sending node.
Certificate Revocation List. A digitally signed message that lists all of the current but revoked
CRL
certificates listed by a given CA. This is analogous to a book of stolen charge card numbers that allow
stores to reject bad credit cards. When certificates are revoked, they are added to a CRL. When you
implement authentication using certificates, you can choose to use CRLs or not. Using CRLs lets you
easily revoke certificates before they expire, but the CRL is generally only maintained by the
an RA. If you are using CRLs and the connection to the
is requested, the authentication request will fail. See also CA, certificate,
Call Reference Value. Used by
CRV
Encryption, authentication, integrity, keys and other services used for secure communication over
cryptography
networks. See also
A data structure with a unique name and sequence number that is used for configuring VPNs on the
crypto map
FWSM. A crypto map selects data flows that need security processing and defines the policy for these
flows and the crypto peer that traffic needs to go to. A crypto map is applied to an interface. Crypto
maps contain the ACLs, encryption standards, peers, and other parameters necessary to specify
security policies for VPNs using
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
packet.
that issued the certificate. Certificates have an expiration date and may also be placed on a
ASDM or the CLI.
VPN and IPSec.
IKE negotiation was completed with a specific peer.
global configuration mode,
CA
H.225.0 to distinguish call legs signalled between two entities.
IKE and IPSec. See also VPN.
IKE negotiation, which
privileged EXEC mode,
or RA is not available when authentication
public key, RA.
Glossary
CRL
user EXEC
CA or
GL-3