Cisco 7604 Configuration Manual page 719

Conditional statements added to the FWSM configuration to define security policy for a particular
rule
situation. See also ACE, ACL, NAT.
The configuration currently running in RAM on the FWSM. The configuration that determines the
running
configuration operational characteristics of the FWSM.
S
security association. An instance of security policy and keying material applied to a data flow. SAs
SA
are established in pairs by
algorithms and other security parameters used to create a secure tunnel. Phase 1 SAs
establish a secure tunnel for negotiating Phase 2 SAs. Phase 2 SAs
tunnel used for sending user data. Both
another.
needed for a protected data pipe, one per direction per protocol. For example, if you have a pipe that
supports
by destination
IKE
An IKE
Simple Authentication and Security Layer. An Internet standard method for adding authentication
SASL
support to connection-based protocols. SASL can be used between a security appliance and an LDAP
server to secure user authentication.
Skinny Client Control Protocol. A Cisco-proprietary protocol used between Cisco Call Manager and
SCCP
Cisco
Simple Certificate Enrollment Protocol. A method of requesting and receiving (also known as
SCEP
enrolling) certificates from CAs.
Session Definition Protocol. An
SDP
messages can be part of
The backup FWSM when two are operating in failover mode.
secondary unit
A secret key is a key shared only between the sender and receiver. See key,
secret key
You can partition a single FWSM into multiple virtual firewalls, known as security contexts. Each
security context
context is an independent firewall, with its own security policy, interfaces, and administrators.
Multiple contexts are similar to having multiple stand-alone firewalls.
See cryptography.
security services
A method of data transmission in which the bits of a data character are transmitted sequentially over
serial transmission
a single channel.
Simple Gateway Control Protocol. Controls
SGCP
a call-agent).
Serving GPRS Support Node. The SGSN ensures mobility management, session management and
SGSN
packet relaying functions.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
IPSec
IPSec SAs are unidirectional and they are unique in each security protocol. A set of SAs are
ESP between peers, one
(IPSec endpoint) address, security protocol
negotiates and establishes SAs on behalf of IPSec. A user can also establish
SA is used by IKE only, and unlike the
VoIP phones.
SGCP
peers during both phases of IPSec. SAs specify the encryption
IKE and IPSec use SAs, although SAs are independent of one
ESP SA is required for each direction. SAs are uniquely identified
(AH
IPSec SA, it is bidirectional.
IETF protocol for the definition of Multimedia Services. SDP
and MGCP messages.
VoIP gateways by an external call control element (called
(IKE
(IPSec SAs) establish the secure
or ESP), and Security Parameter Index.
IPSec SAs manually.
public key.
Glossary
SAs)
GL-17