--Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for services (such as IP security
[IPsec]) that require keys. Before any IPsec traffic can be passed, each router, firewall, and host must verify the identity
of its peer. This can be done by manually entering preshared keys into both hosts or by a certification authority (CA) service.
--IP security. IPsec is A framework of open standards that provides data confidentiality, data integrity, and data authentication
between participating peers. IPsec provides these security services at the IP layer. IPsec uses IKE to handle the negotiation
of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPsec.
IPsec can protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security
gateway and a host.
--Internet Security Association and Key Management Protocol. ISAKMP is an Internet IPsec protocol (RFC 2408) that negotiates,
establishes, modifies, and deletes security associations. It also exchanges key generation and authentication data (independent
of the details of any specific key generation technique), key establishment protocol, encryption algorithm, or authentication
--Layer 2 Transport Protocol. L2TP are communications transactions between the L2TP access concentrator (LAC) and the L2TP
network server (LNS) that support tunneling of a single PPP connection. There is a one-to-one relationship among the PPP connection,
L2TP session, and L2TP call.
--network access server. A NAS is a Cisco platform (or collection of platforms, such as an AccessPath system) that interfaces
between the packet world (for example, the Internet) and the circuit world (for example, the public switched telephone network
--perfect forward secrecy. PFS is a cryptographic characteristic associated with a derived shared secret value. With PFS,
if one key is compromised, previous and subsequent keys are not compromised because subsequent keys are not derived from previous
--Queue Manager. The Cisco IP Queue Manager (IP QM) is an intelligent, IP-based, call-treatment and routing solution that
provides powerful call-treatment options as part of the Cisco IP Contact Center (IPCC) solution.
--Remote Authentication Dial-In User Service. RADIUS is a database for authenticating modem and ISDN connections and for tracking
--Rivest, Shamir, and Adelman. Rivest, Shamir, and Adelman are the inventors of the Public-key cryptographic system that can
be used for encryption and authentication.
--security association. A SA is an instance of security policy and keying material that is applied to a data flow.
--Terminal Access Controller Access Control System Plus. TACACS+ is a security application that provides centralized validation
of users attempting to gain access to a router or network access server.
--Virtual Private Network. A VPN enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic
from one network to another. A VPN uses "tunneling" to encrypt all information at the IP level.
--A VPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces
that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table.
In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.
--vendor-specific attribute. A VSA is an attribute that has been implemented by a particular vendor. It uses the attribute
Vendor-Specific to encapsulate the resulting AV pair: essentially, Vendor-Specific = protocol:attribute = value.
--Extended authentication. XAUTH is an optional exchange between IKE Phase 1 and IKE Phase 2, in which the router demands
additional authentication information in an attempt to authenticate the actual user (as opposed to authenticating the peer).