Cisco 7604 Configuration Guide - Page 705

Glossary CBC Cipher Block Chaining. A cryptographic technique that increases the encryption strength of an algorithm. CBC requires an initialization vector (IV) to start encryption. The IV is explicitly given in the IPSec packet. certificate A signed cryptographic object that contains the identity of a user or device and the public key of the CA that issued the certificate. Certificates have an expiration date and may also be placed on a CRL if known to be compromised. Certificates also establish non-repudiation for IKE negotiation, which means that you can prove to a third party that IKE negotiation was completed with a specific peer. CHAP Challenge Handshake Authentication Protocol. CLI command-line interface. The primary interface for entering configuration and monitoring commands to the FWSM. client/server computing Distributed computing (processing) network systems in which transaction responsibilities are divided into two parts: client (front end) and server (back end). Also called distributed computing. See also RPC. command-specific From global configuration mode, some commands enter a command-specific configuration mode. All configuration mode user EXEC, privileged EXEC, global configuration, and command-specific configuration commands are available in this mode. See also global configuration mode, privileged EXEC mode, user EXEC mode. configuration, A file on the FWSM that represents the equivalent of settings, preferences, and properties config, config file administered by ASDM or the CLI. cookie A cookie is a object stored by a browser. Cookies contain information, such as user preferences, to persistent storage. CPU Central Processing Unit. Main processor. CRC cyclical redundancy check. Error-checking technique in which the frame recipient calculates a remainder by dividing frame contents by a prime binary divisor and compares the calculated remainder to a value stored in the frame by the sending node. CRL Certificate Revocation List. A digitally signed message that lists all of the current but revoked certificates listed by a given CA. This is analogous to a book of stolen charge card numbers that allow stores to reject bad credit cards. When certificates are revoked, they are added to a CRL. When you implement authentication using certificates, you can choose to use CRLs or not. Using CRLs lets you easily revoke certificates before they expire, but the CRL is generally only maintained by the CA or an RA. If you are using CRLs and the connection to the CA or RA is not available when authentication is requested, the authentication request will fail. See also CA, certificate, public key, RA. CRV Call Reference Value. Used by H.225.0 to distinguish call legs signalled between two entities. cryptography Encryption, authentication, integrity, keys and other services used for secure communication over networks. See also VPN and IPSec. crypto map A data structure with a unique name and sequence number that is used for configuring VPNs on the FWSM. A crypto map selects data flows that need security processing and defines the policy for these flows and the crypto peer that traffic needs to go to. A crypto map is applied to an interface. Crypto maps contain the ACLs, encryption standards, peers, and other parameters necessary to specify security policies for VPNs using IKE and IPSec. See also VPN. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM GL-3