Interface, Which is the source, Interface pat – Cisco ASA 5505 User Manual
Page 1947: Inspection engine, Internet
Glossary
GL-9
Cisco ASA 5500 Series Configuration Guide using the CLI
IKE
Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for services
(such as
) that require keys. Before any
traffic can be passed, each ASA must verify the
identity of its peer. Identification can be done by manually entering preshared keys into both hosts or
by a
service. IKE is a hybrid protocol that uses part
and part of another protocol suite called
inside the
framework. IKE (formerly known as ISAKMP/Oakley) is defined in RFC
2409.
IKE Extended
Authentication
IKE Extended Authenticate (Xauth) is implemented per the IETF draft-ietf-ipsec-isakmp-xauth-04.txt
(extended authentication). This protocol provides the capability of authenticating a user within IKE
using
or
.
IKE Mode
Configuration
IKE Mode Configuration is implemented per the IETF draft-ietf-ipsec-isakmp-mode-cfg-04.txt. IKE
Mode Configuration provides a method for a security gateway to download an IP address (and other
network level configuration) to the VPN client as part of an IKE negotiation.
ILS
Internet Locator Service. ILS is based on LDAP and is ILSv2 compliant. ILS was developed by
Microsoft for use with its NetMeeting, SiteServer, and Active Directory products.
IMAP
Internet Message Access Protocol. Method of accessing e-mail or bulletin board messages kept on a
mail server that can be shared. IMAP permits client e-mail applications to access remote message
stores as if they were local without actually transferring the message.
implicit rule
An access rule automatically created by the ASA based on default rules or as a result of user-defined
rules.
IMSI
International Mobile Subscriber Identity. One of two components of a
tunnel ID, the other being
the
. See also
inside
The first interface, usually port 1, that connects your internal, trusted network protected by the ASA.
See also
.
inspection engine
The ASA inspects certain application-level protocols to identify the location of embedded addressing
information in traffic. Inspection allows
to translate these embedded addresses and to update any
checksum or other fields that are affected by the translation. Because many protocols open secondary
ports, each application inspection engine also monitors sessions to determine the port
numbers for secondary channels. The initial session on a well-known port is used to negotiate
dynamically assigned port numbers. The application inspection engine monitors these sessions,
identifies the dynamic port assignments, and permits data exchange on these ports for the duration of
the specific session. Some of the protocols that the ASA can inspect are
.
interface
The physical connection between a particular network and a ASA.
interface IP address
The IP address of the ASA network interface. Each interface IP address must be unique. Two or more
interfaces must not be given the same IP address or IP addresses that are on the same IP network.
interface name
Human-readable name assigned to the ASA network interface. The inside interface default name is
“inside” and the outside interface default name is “outside.” See also
and
.
interface PAT
The use of
where the
IP address is also the IP address of the outside interface. See
.
Internet
The global network that uses
. See also
.