Cisco 2801 - Integrated Services Router Benutzerhandbuch - Seite 22
Blättern Sie online oder laden Sie pdf Benutzerhandbuch für Netzwerk-Router Cisco 2801 - Integrated Services Router herunter. Cisco 2801 - Integrated Services Router 29 Seiten. 2800 series integrated services routers
Auch für Cisco 2801 - Integrated Services Router: Datenblatt (20 seiten), Schnellstart-Handbuch (47 seiten)
Related Documentation
IPSec Requirements and Cryptographic Algorithms
•
•
•
Protocols
SNMP v3 over a secure IPSec tunnel may be employed for authenticated, secure SNMP gets and sets.
Since SNMP v2C uses community strings for authentication, only gets are allowed under SNMP v2C.
SSL is not an approved protocol, and shall not be used in FIPS mode of operations
Remote Access
•
•
Related Documentation
For more information about the Cisco 1841 and Cisco 2801 Integrated Services Routers, refer to the
following documents:
•
•
•
•
Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM-VPN/EPII-Plus
22
The only type of key management protocol that is allowed in FIPS mode is Internet Key Exchange
(IKE), although manual creation of security associations is also permitted.
Although the IOS implementation of IKE allows a number of algorithms, only the following
algorithms are allowed in a FIPS 140-2 configuration:
ah-sha-hmac
–
esp-des
–
esp-sha-hmac
–
esp-3des
–
esp-aes
–
The following algorithms are not FIPS approved and should not be used during FIPS-approved
mode:
MD-5 for signing
–
MD-5 HMAC
–
RSA
–
Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system
and the module. The Crypto officer must configure the module so that any remote connections via
telnet are secured through IPSec, using FIPS-approved algorithms. Note that all users must still
authenticate after remote access is granted.
SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm.
The Crypto officer must configure the module so that SSH uses only FIPS-approved algorithms.
Note that all users must still authenticate after remote access is granted.
Cisco 1800 Series Integrated Services Routers Quick Start Guides
Cisco 1800 Series Hardware Installation documents
Cisco 1800 Series Software Configuration documents
Cisco 1800 Series Cards and Modules
OL-8719-01