Transparent firewall mode – Cisco ASA 5505 User Manual
Page 1958
Glossary
GL-20
Cisco ASA 5500 Series Configuration Guide using the CLI
TCP Intercept
With the TCP intercept feature, once the optional embryonic connection limit is reached, and until the
embryonic connection count falls below this threshold, every SYN bound for the affected server is
intercepted. For each SYN, the ASA responds on behalf of the server with an empty SYN/ACK
segment. The ASA retains pertinent state information, drops the packet, and waits for the client
acknowledgment. If the ACK is received, a copy of the client SYN segment is sent to the server and
the
three-way handshake is performed between the ASA and the server. If this three-way
handshake completes, the connection may resume as normal. If the client does not respond during any
part of the connection phase, then the ASA retransmits the necessary segment using exponential
back-offs.
TDP
Tag Distribution Protocol. TDP is used by tag switching devices to distribute, request, and release tag
binding information for multiple network layer protocols in a tag switching network. TDP does not
replace routing protocols. Instead, it uses information learned from routing protocols to create tag
bindings. TDP is also used to open, monitor, and close TDP sessions and to indicate errors that occur
during those sessions. TDP operates over a connection-oriented transport layer protocol with
guaranteed sequential delivery (such as
). The use of TDP does not preclude the use of other
mechanisms to distribute tag binding information, such as piggybacking information on other
protocols.
Telnet
A terminal emulation protocol for TCP/IP networks such as the
. Telnet is a common way to
control web servers remotely; however, its security vulnerabilities have led to its replacement by
.
TFTP
Trivial File Transfer Protocol. TFTP is a simple protocol used to transfer files. It runs on UDP and is
explained in depth in RFC 1350.
TID
Tunnel Identifier.
TLS
Transport Layer Security. A future IETF protocol to replace
.
traffic policing
The traffic policing feature ensures that no traffic exceeds the maximum rate (bits per second) that you
configure, which ensures that no one traffic flow can take over the entire resource.
transform set
See
.
translate,
translation
See
.
transparent firewall
mode
A mode in which the ASA is not a router hop. You can use transparent firewall mode to simplify your
network configuration or to make the ASA invisible to attackers. You can also use transparent firewall
mode to allow traffic through that would otherwise be blocked in
. See also
transport mode
An
encryption mode that encrypts only the data portion (payload) of each packet but leaves the
header untouched. Transport mode is less secure than tunnel mode.
TSP
TAPI Service Provider. See also
.
tunnel mode
An
encryption mode that encrypts both the header and data portion (payload) of each packet.
Tunnel mode is more secure than transport mode.