Glossary
GL-15
Cisco ASA 5500 Series Configuration Guide using the CLI
PPTP Point-to-Point Tunneling Protocol. PPTP was introduced by Microsoft to provide secure remote
access to Windows networks; however, because it is vulnerable to attack, PPTP is commonly used
only when stronger security methods are not available or are not required. PPTP Ports are pptp,
1723/tcp, 1723/udp, and pptp. For more information about PPTP, see RFC 2637. See also PAC, PPTP
GRE, PPTP GRE tunnel, PNS, PPTP session, and PPTP TCP.
PPTP GRE Version 1 of GRE for encapsulating PPP traffic.
PPTP GRE tunnel A tunnel defined by a PNS-PAC pair. The tunnel protocol is defined by a modified version of GRE.
The tunnel carries PPP datagrams between the PAC and the PNS. Many sessions are multiplexed on a
single tunnel. A control connection operating over TCP controls the establishment, release, and
maintenance of sessions and of the tunnel itself.
PPTP session PPTP is connection-oriented. The PNS and PAC maintain the state for each user that is attached to a
PAC. A session is created when an end-to-end PPP connection is attempted between a dial-up user and
the PNS. The datagrams related to a session are sent over the tunnel between the PAC and PNS.
PPTP TCP Standard TCP session over which PPTP call control and management information is passed. The
control session is logically associated with, but separate from, the sessions being tunneled through a
PPTP tunnel.
preshared key A preshared key provides a method of IKE authentication that is suitable for networks with a limited,
static number of IPsec peers. This method is limited in scalability because the key must be configured
for each pair of IPsec peers. When a new IPsec peer is added to the network, the preshared key must
be configured for every IPsec peer with which it communicates. Using certificates and CAs provides
a more scalable method of IKE authentication.
primary, primary
unit
The ASA normally operating when two units, a primary and secondary, are operating in failover mode.
privileged EXEC
mode
The highest privilege level at the ASA CLI. Any user EXEC mode command will work in privileged
EXEC mode. The privileged EXEC mode prompt appears as follows after you enter the enable
command:
hostname> enable
hostname#
See also command-specific configuration mode, global configuration mode, user EXEC mode.
protocol, protocol
literals
A standard that defines the exchange of packets between network nodes for communication. Protocols
work together in layers. Protocols are specified in the ASA configuration as part of defining a security
policy by their literal values or port numbers. Possible ASA protocol literal values are ahp, eigrp, esp,
gre, icmp, igmp, igrp, ip, ipinip, ipsec, nos, ospf, pcp, snp, tcp, and udp.
Proxy-ARP Enables the ASA to reply to an ARP request for IP addresses in the global pool. See also ARP.
public key A public key is one of a pair of keys that are generated by devices involved in public key infrastructure.
Data encrypted with a public key can only be decrypted using the associated private key. When a
private key is used to produce a digital signature, the receiver can use the public key of the sender to
verify that the message was signed by the sender. These characteristics of key pairs provide a scalable
and secure method of authentication over an insecure media, such as the Internet.