Cisco 7604 Configuration Guide - Page 719
Skinny Client Control Protocol. A Cisco-proprietary protocol used between Cisco Call Manager
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 719 highlights
Glossary rule running configuration Conditional statements added to the FWSM configuration to define security policy for a particular situation. See also ACE, ACL, NAT. The configuration currently running in RAM on the FWSM. The configuration that determines the operational characteristics of the FWSM. S SA security association. An instance of security policy and keying material applied to a data flow. SAs are established in pairs by IPSec peers during both phases of IPSec. SAs specify the encryption algorithms and other security parameters used to create a secure tunnel. Phase 1 SAs (IKE SAs) establish a secure tunnel for negotiating Phase 2 SAs. Phase 2 SAs (IPSec SAs) establish the secure tunnel used for sending user data. Both IKE and IPSec use SAs, although SAs are independent of one another. IPSec SAs are unidirectional and they are unique in each security protocol. A set of SAs are needed for a protected data pipe, one per direction per protocol. For example, if you have a pipe that supports ESP between peers, one ESP SA is required for each direction. SAs are uniquely identified by destination (IPSec endpoint) address, security protocol (AH or ESP), and Security Parameter Index. IKE negotiates and establishes SAs on behalf of IPSec. A user can also establish IPSec SAs manually. An IKE SA is used by IKE only, and unlike the IPSec SA, it is bidirectional. SASL Simple Authentication and Security Layer. An Internet standard method for adding authentication support to connection-based protocols. SASL can be used between a security appliance and an LDAP server to secure user authentication. SCCP Skinny Client Control Protocol. A Cisco-proprietary protocol used between Cisco Call Manager and Cisco VoIP phones. SCEP Simple Certificate Enrollment Protocol. A method of requesting and receiving (also known as enrolling) certificates from CAs. SDP Session Definition Protocol. An IETF protocol for the definition of Multimedia Services. SDP messages can be part of SGCP and MGCP messages. secondary unit The backup FWSM when two are operating in failover mode. secret key A secret key is a key shared only between the sender and receiver. See key, public key. security context You can partition a single FWSM into multiple virtual firewalls, known as security contexts. Each context is an independent firewall, with its own security policy, interfaces, and administrators. Multiple contexts are similar to having multiple stand-alone firewalls. security services See cryptography. serial transmission A method of data transmission in which the bits of a data character are transmitted sequentially over a single channel. SGCP Simple Gateway Control Protocol. Controls VoIP gateways by an external call control element (called a call-agent). SGSN Serving GPRS Support Node. The SGSN ensures mobility management, session management and packet relaying functions. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM GL-17