Glossary
GL-24
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
PPTP Point-to-Point Tunneling Protocol. Creates client-initiated tunnels by
encapsulating packets into IP datagrams for transmission over TCP/IP-based
networks. Can be used as an alternative to the L2F and L2TP tunneling
protocols. Proprietary Microsoft protocol.
pre-shared key One of three authentication methods offered in IPSec, with the other two
methods being RSA encrypted nonces, and RSA signatures. Pre-shared keys
allow for one or more clients to use individual shared secrets to authenticate
encrypted tunnels to a gateway using IKE. Pre-shared keys are commonly used
in small networks of up to 10 clients. With pre-shared keys, there is no need to
involve a CA for security.
The Diffie-Hellman key exchange combines public and private keys to create a
shared secret to be used for authentication between IPSec peers. The shared
secret can be shared between two or more peers. At each participating peer, you
would specify a shared secret as part of an IKE policy. Distribution of this
pre-shared key usually takes place through a secure out-of-band chann el. When
using a pre-shared key, if one of the participating peers is not configured with
the same pre-shared key, the IKE SA cannot be established. An IKE SA is a
prerequisite to an IPSec SA. You must configure the pre-shared key at all peers.
Digital certification and wildcard pre-shared keys (which allow for one or more
clients to use a shared secret to authenticate encr ypted tunnels to a gateway) are
alternatives to pre-shared keys. Both digital certification and wildcard
pre-shared keys are more scalable than pre-shared keys.
private key See public key encryption.
pseudo random An ordered sequence of bits that appears superficially similar to a truly random
sequence of the same bits. A key generated from a pseudo random number is
called a nonce.