Cisco Cisco IOS Software Release 12.4(23)

will be transmitted on another. Typically, for packet flows that are to be protected by the TOE security 
functions, packet flows received on trusted network interfaces will be encrypted using IPSec before 
being transmitted out an untrusted interface.

The products defined by the TOE are used to construct secure Intranets and Extranets.

Within an Intranet, there can be some network segments that are not trusted because they are physically 
insecure or outside the control of the owners of the Intranet. Examples of untrusted network segments 
include wide area links provided by a carrier, microwave links, wireless links, and links shared with other 
organizations. (See 

The Intranet may also include transmission paths that cross an insecure network that is not controlled by 
the owner of the Intranet. A common example is the interconnection of two networks trusted by the same 
organization over the Internet.

In both cases, the Intranet owner may wish to provide confidentiality, authenticity, and integrity for 
packet flows transmitted over the untrusted portions of the Intranet. The TOE provides this as a 
functional extension to existing internetworking devices, thereby, creating a secure Intranet. 
(See

)

Internetworking device

Trusted logical
network path

Untrusted physical
network link

Trusted network

Untrusted network

Management system

230594