Ping, S. it – Cisco ASA 5505 User Manual

Glossary

GL-14

Cisco ASA 5500 Series Configuration Guide using the CLI

PFS

Perfect Forwarding Secrecy. PFS enhances security by using a different security key for the

IPsec

Phase 1 and Phase 2

SA

s. Without PFS, the same security key is used to establish

SA

s in both phases.

PFS ensures that a given

IPsec

SA

key was not derived from any other secret (like some other keys).

In other words, if someone were to break a key, PFS ensures that the attacker would not be able to
derive any other key. If PFS were not enabled, someone could hypothetically break the

IKE

SA

secret

key, copy all the

IPsec

protected data, and then use knowledge of the

IKE

SA

secret to compromise

the

IPsec

SA

setup by this

IKE

SA

. With PFS, breaking

IKE

would not give an attacker immediate

access to

IPsec

. The attacker would have to break each

IPsec

SA

individually.

Phase 1

See

IPsec Phase 1

.

Phase 2

See

IPsec Phase 2

.

PIM

Protocol Independent Multicast. PIM provides a scalable method for determining the best paths for
distributing a specific multicast transmission to a group of hosts. Each host has registered using IGMP
to receive the transmission. See also

PIM-SM

.

PIM-SM

Protocol Independent Multicast-Sparse Mode. With PIM-SM, which is the default for Cisco routers,
when the source of a multicast transmission begins broadcasting, the traffic is forwarded from one MC
router to the next, until the packets reach every registered host. See also

PIM

.

ping

An

ICMP

request sent by a host to determine if a second host is accessible.

PIX

Private Internet eXchange. The Cisco PIX 500 series ASAs ranged from compact, plug-and-play
desktop models for small/home offices to carrier-class gigabit models for the most demanding
enterprise and service provider environments. Cisco PIX ASAs provided robust, enterprise-class
integrated network security services to create a strong multilayered defense for fast changing network
environments. The PIX has been replaced by the Cisco ASA 5500 series.

PKCS12

A standard for the transfer of PKI-related data, such as private keys, certificates, and other data.
Devices supporting this standard let administrators maintain a single set of personal identity
information.

PNS

PPTP

Network Server. A PNS is envisioned to operate on general-purpose computing/server

platforms. The PNS handles the server side of

PPTP

. Because

PPTP

relies completely on TCP/IP and

is independent of the interface hardware, the PNS may use any combination of IP interface hardware
including

LAN

and

WAN

devices.

Policy NAT

Lets you identify local traffic for address translation by specifying the source and destination
addresses (or ports) in an access list.

POP

Post Office Protocol. Protocol that client e-mail applications use to retrieve mail from a mail server.

Pool

See

IP pool

.

Port

A field in the packet headers of

TCP

and

UDP

protocols that identifies the higher level service which

is the source or destination of the packet.

PPP

Point-to-Point Protocol. Developed for dial-up

ISP

access using analog phone lines and modems.

PPPoE

Point-to-Point Protocol over Ethernet. An IP protocol that encapsulates

PPP

packets and sends them

over a local network or the internet to establish a connection to a host, usually between a client and
an

ISP

.