Cisco Cisco IOS Software Release 12.4(23)
2.0 TOE Description
Document Organization
12
Security Target For Cisco IOS IPSec
will be transmitted on another. Typically, for packet flows that are to be protected by the TOE security
functions, packet flows received on trusted network interfaces will be encrypted using IPSec before
being transmitted out an untrusted interface.
functions, packet flows received on trusted network interfaces will be encrypted using IPSec before
being transmitted out an untrusted interface.
2.4 Application Note
The products defined by the TOE are used to construct secure Intranets and Extranets.
2.4.1 Secure Intranets
Within an Intranet, there can be some network segments that are not trusted because they are physically
insecure or outside the control of the owners of the Intranet. Examples of untrusted network segments
include wide area links provided by a carrier, microwave links, wireless links, and links shared with other
organizations. (See
insecure or outside the control of the owners of the Intranet. Examples of untrusted network segments
include wide area links provided by a carrier, microwave links, wireless links, and links shared with other
organizations. (See
Figure 4
Insecure Intranet
The Intranet may also include transmission paths that cross an insecure network that is not controlled by
the owner of the Intranet. A common example is the interconnection of two networks trusted by the same
organization over the Internet.
the owner of the Intranet. A common example is the interconnection of two networks trusted by the same
organization over the Internet.
In both cases, the Intranet owner may wish to provide confidentiality, authenticity, and integrity for
packet flows transmitted over the untrusted portions of the Intranet. The TOE provides this as a
functional extension to existing internetworking devices, thereby, creating a secure Intranet.
(See
packet flows transmitted over the untrusted portions of the Intranet. The TOE provides this as a
functional extension to existing internetworking devices, thereby, creating a secure Intranet.
(See
)
Internetworking device
Trusted logical
network path
network path
Untrusted physical
network link
network link
Trusted network
Untrusted network
Management system
230594