cc/td/doc/product/vpn/solution/aswan15
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Glossary
A
C
D
E
G
I
M
O
P
Q
S
V

Glossary


A

 

Access VPN

Provides remote access to a corporate intranet or extranet over a shared infrastructure with the same policies as a private network. Access VPNs enable users to access corporate resources whenever, wherever, and however they require. Access VPNs encompass analog, dial, ISDN, Digital Subscriber Line (DSL), mobile IP, and cable technologies to securely connect mobile users, telecommuters, or branch offices.

ACL

Access Control List.

ADSL

Asymmetric Digital Subscriber Line. A type of DSL supporting upstream and downstream speeds that are different.

AH

Authentication Header. A security protocol that provides authentication and optional replay-detection services. AH is embedded in the data to be protected (a full IP datagram, for example). AH can be used either by itself or with Encryption Security Payload (ESP).

ATM

Asynchronous Transfer Mode.

C

 

CAC

Call Admission Control.

CE

Customer Edge router. This device is typically located at the customer site and connects to the service provider network. Same as CPE.

CIC

Cisco InfoCenter.

CLEC

Competitive Local Exchange Carrier.

CO

Central Office.

COS

Class of Service. Classification of traffic that allows differentiated processing using prioritization and QOS features.

CPE

Customer Premises Equipment. Same as CE, more widely used in IPsec VPNs.

CSRC

Cisco Subscriber Registration Center.

D

 

DES

Data Encryption Standard. The DES was published in 1977 by the National Bureau of Standards and is a secret key encryption scheme based on the Lucifer algorithm from IBM. The contrast of DES is public-key. Cisco uses DES in classic crypto (40-bit and 56-bit key lengths), IPsec crypto (56-bit key), and on the PIX Firewall (56-bit key).

 

E

 

Extranet VPN

Links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure using dedicated connections. Businesses enjoy the same policies as a private network, including security, QoS, manageability, and reliability.

 

G

 

GRE

Generic Routing Encapsulation. Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. By connecting multiprotocol subnetworks in a single-protocol backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone environment.

 

I

 

IDS

Intrusion Detection System.

IKE

Internet Key Exchange. A hybrid protocol that uses part Oakley and part of another protocol suite called SKEME inside the Internet Security Association and Key Management Protocol (ISAKMP) framework. IKE is used to establish a shared security policy and authenticated keys for services (such as IPsec) that require keys. Before any IPsec traffic can be passed, each router/firewall/host must be able to verify the identity of its peer. This can be done by manually entering pre-shared keys into both hosts, by a CA service, or the forthcoming secure DNS (DNSSec). This is the protocol formerly known as ISAKMP/Oakley, and is defined in The Internet Key Exchange (IKE). A potential point of confusion is that the acronyms "ISAKMP" and "IKE" are both used in Cisco IOS software to refer to the same thing. These two items are somewhat different, as you will see in the next definition.

Intranet VPN

Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Businesses enjoy the same policies as a private network, including security, quality of service (QoS), manageability, and reliability.

IPAM

IP Address Management.

ISAKMP

Internet Security Association and Key Management Protocol. A protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy.

ISC 3.0

IP Solution Center 3.0

M

 

MD5

Message Digest 5. A one way hashing algorithm that produces a 128-bit hash. Both MD5 and Secure Hash Alogorithm (SHA) are variations on MD4, which is designed to strengthen the security of this hashing algorithm. SHA is more secure than MD4 and MD5. Cisco uses hashes for authentication within the IPsec framework.

 

O

 

OSS

Operations Support Systems.

OSM

Outsource Security/VPN Management provider.

P

 

PE

Provider router. This device connects to one or more customer sites in the service provider network.

POP

Point Of Presence or service provider center.

Q

 

QOS

Quality of Service. Features providing prioritization, policing, congestion management and shaping of the traffic based on its classification.

 

S

 

SLA

Service Level Agreement. Set of parameter values (e.g., availability) that the service provider agrees to provide to customers.

SOC

Security Operations Center.

Stateful Firewall

A secure method of analyzing packets that places extensive information about a data packet in a table. In order for a session to be established, information about the connection must match information stored in the table.

V

 

 

 


hometocprevnextglossaryfeedbacksearchhelp
Posted: Tue May 20 05:24:49 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.