Cisco Systems ASA5515K9, ASA 5500 , D

Glossary

GL-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Content

Rewriting/Transfor

mation

Interprets and modifies applications so that they render correctly over a clientless SSL VPN

connection.

cookie A cookie is a object stored by a browser. Cookies contain information, such as user preferences, to

persistent storage.

CPU Central Processing Unit. Main processor.

CRC Cyclical Redundancy Check. Error-checking technique in which the frame recipient calculates a

remainder by dividing frame contents by a prime binary divisor and compares the calculated remainder

to a value stored in the frame by the sending node.

CRL Certificate Revocation List. A digitally signed message that lists all of the current but revoked

certificates listed by a given CA. A CRL is analogous to a book of stolen charge card numbers that

allow stores to reject bad credit cards. When certificates are revoked, they are added to a CRL. When

you implement authentication using certificates, you can choose to use CRLs or not. Using CRLs lets

you easily revoke certificates before they expire, but the CRL is generally only maintained by the CA

or an RA. If you are using CRLs and the connection to the CA or RA is not available when

authentication is requested, the authentication request will fail. See also CA, certificate, public key, RA.

CRV Call Reference Value. Used by H.225.0 to distinguish call legs signaled between two entities.

cryptography Encryption, authentication, integrity, keys and other services used for secure communication over

networks. See also VPN and IPsec.

crypto map A data structure with a unique name and sequence number that is used for configuring VPNs on the

ASA. A crypto map selects data flows that need security processing and defines the policy for these

flows and the crypto peer that traffic needs to go to. A crypto map is applied to an interface. Crypto

maps contain the ACLs, encryption standards, peers, and other parameters necessary to specify security

policies for VPNs using IKE and IPsec. See also VPN.

CTIQBE Computer Telephony Interface Quick Buffer Encoding. A protocol used in IP telephony between the

Cisco CallManager and CTI TAPI and JTAPI applications. CTIQBE is used by the TAPI/JTAPI

protocol inspection module and supports NAT, PAT, and bidirectional NAT. This protocol enables

Cisco IP SoftPhone and other Cisco TAPI/JTAPI applications to communicate with Cisco CallManager

for call setup and voice traffic across the ASA.

cut-through proxy Enables the ASA to provide faster traffic flow after user authentication. The cut-through proxy

challenges a user initially at the application layer. After the security appliance authenticates the user,

it shifts the session flow and all traffic flows directly and quickly between the source and destination

while maintaining session state information.

data confidentiality Describes any method that manipulates data so that no attacker can read it. This is commonly achieved

by data encryption and keys that are only available to the parties involved in the communication.

data integrity Describes mechanisms that, through the use of encryption based on secret key or public key

algorithms, allow the recipient of a piece of protected data to verify that the data has not been modified

in transit.