|
|
|
PPTP Access Concentrator. A device attached to one or more PSTN or ISDN lines capable of
PPP operation and of handling the
PPTP protocol. The PAC needs to implement TCP/IP to pass traffic to one or more
PNSs. It may also tunnel non-IP protocols.
|
|
|
|
|
|
The ASA feature that gathers and reports a wide variety of feature statistics, such as connections/second, xlates/second, and so on.
|
|
Perfect Forwarding Secrecy. PFS enhances security by using a different security key for the
IPsec Phase 1 and Phase 2
SAs. Without PFS, the same security key is used to establish
SAs in both phases. PFS ensures that a given
IPsec
SA key was not derived from any other secret (like some other keys). In other words, if someone were to break a key, PFS ensures that the attacker would not be able to derive any other key. If PFS were not enabled, someone could hypothetically break the
IKE
SA secret key, copy all the
IPsec protected data, and then use knowledge of the
IKE
SA secret to compromise the
IPsec
SA setup by this
IKE
SA. With PFS, breaking
IKE would not give an attacker immediate access to
IPsec. The attacker would have to break each
IPsec
SA individually.
|
|
|
|
|
|
Protocol Independent Multicast. PIM provides a scalable method for determining the best paths for distributing a specific multicast transmission to a group of hosts. Each host has registered using IGMP to receive the transmission. See also
PIM-SM.
|
|
Protocol Independent Multicast-Sparse Mode. With PIM-SM, which is the default for Cisco routers, when the source of a multicast transmission begins broadcasting, the traffic is forwarded from one MC router to the next, until the packets reach every registered host. See also
PIM.
|
|
An
ICMP request sent by a host to determine if a second host is accessible.
|
|
Private Internet eXchange. The Cisco PIX 500 series ASAs ranged from compact, plug-and-play desktop models for small/home offices to carrier-class gigabit models for the most demanding enterprise and service provider environments. Cisco PIX ASAs provided robust, enterprise-class integrated network security services to create a strong multilayered defense for fast changing network environments. The PIX has been replaced by the Cisco ASA 5500 series.
|
|
A standard for the transfer of PKI-related data, such as private keys, certificates, and other data. Devices supporting this standard let administrators maintain a single set of personal identity information.
|
|
PPTP Network Server. A PNS is envisioned to operate on general-purpose computing/server platforms. The PNS handles the server side of
PPTP. Because
PPTP relies completely on TCP/IP and is independent of the interface hardware, the PNS may use any combination of IP interface hardware including
LAN and
WAN devices.
|
|
Lets you identify local traffic for address translation by specifying the source and destination addresses (or ports) in an access list.
|
|
Post Office Protocol. Protocol that client e-mail applications use to retrieve mail from a mail server.
|
|
|
|
A field in the packet headers of
TCP and
UDP protocols that identifies the higher level service which is the source or destination of the packet.
|
|
Point-to-Point Protocol. Developed for dial-up
ISP access using analog phone lines and modems.
|
|
Point-to-Point Protocol over Ethernet. An IP protocol that encapsulates
PPP packets and sends them over a local network or the internet to establish a connection to a host, usually between a client and an
ISP.
|
|
Point-to-Point Tunneling Protocol. PPTP was introduced by Microsoft to provide secure remote access to Windows networks; however, because it is vulnerable to attack, PPTP is commonly used only when stronger security methods are not available or are not required. PPTP Ports are pptp, 1723/tcp, 1723/udp, and pptp. For more information about PPTP, see RFC 2637. See also
PAC,
PPTP GRE,
PPTP GRE tunnel,
PNS,
PPTP session, and
PPTP TCP.
|
|
Version 1 of GRE for encapsulating PPP traffic.
|
|
A tunnel defined by a
PNS-
PAC pair. The tunnel protocol is defined by a modified version of
GRE. The tunnel carries
PPP datagrams between the
PAC and the
PNS. Many sessions are multiplexed on a single tunnel. A control connection operating over
TCP controls the establishment, release, and maintenance of sessions and of the tunnel itself.
|
|
PPTP is connection-oriented. The
PNS and
PAC maintain the state for each user that is attached to a
PAC. A session is created when an end-to-end
PPP connection is attempted between a dial-up user and the
PNS. The datagrams related to a session are sent over the tunnel between the
PAC and
PNS.
|
|
Standard
TCP session over which
PPTP call control and management information is passed. The control session is logically associated with, but separate from, the sessions being tunneled through a
PPTP tunnel.
|
|
A preshared key provides a method of
IKE authentication that is suitable for networks with a limited, static number of
IPsec peers. This method is limited in scalability because the key must be configured for each pair of
IPsec peers. When a new
IPsec peer is added to the network, the preshared key must be configured for every
IPsec peer with which it communicates. Using
certificates and
CAs provides a more scalable method of
IKE authentication.
|
|
The ASA normally operating when two units, a primary and secondary, are operating in failover mode.
|
|
The highest privilege level at the ASA CLI. Any user EXEC mode command will work in privileged EXEC mode. The privileged EXEC mode prompt appears as follows after you enter the
enable command:
|
protocol, protocol literals
|
A standard that defines the exchange of packets between network nodes for communication. Protocols work together in layers. Protocols are specified in the ASA configuration as part of defining a security policy by their literal values or port numbers. Possible ASA protocol literal values are ahp, eigrp, esp, gre, icmp, igmp, igrp, ip, ipinip, ipsec, nos, ospf, pcp, snp, tcp, and udp.
|
|
Enables the ASA to reply to an
ARP request for IP addresses in the global pool. See also
ARP.
|
|
A public key is one of a pair of keys that are generated by devices involved in public key infrastructure. Data encrypted with a public key can only be decrypted using the associated private key. When a private key is used to produce a digital signature, the receiver can use the public key of the sender to verify that the message was signed by the sender. These characteristics of key pairs provide a scalable and secure method of authentication over an insecure media, such as the
Internet.
|