Cisco 2821 Series Operazioni - Pagina 22
Sfoglia online o scarica il pdf Operazioni per Router di rete Cisco 2821 Series. Cisco 2821 Series 31. 2800 series integrated services routers
Anche per Cisco 2821 Series: Installazione e aggiornamenti (21 pagine), Scheda tecnica (20 pagine), Operazioni (31 pagine), Manuale di avvio rapido (47 pagine)
IKE session
TRIPLE-
encrypt key
DES/AES
IKE session
HMAC-SHA-1
authentication
key
ISAKMP
Shared secret
preshared
IKE hash key
HMAC-SHA-1
IKE RSA
RSA
Authentication
private Key
IKE RSA
RSA
Authentication
Public Key
IKE RSA
RSA
Encrypted
Nonce Private
Key
IKE RSA
RSA
Encrypted
Nonce Public
Key
IPSec
DES/TRIPLE-
encryption
DES/AES
key
IPSec
HMAC-SHA-1
authentication
key
Configuration
AES
encryption
key
Router
Shared secret
authentication
key 1
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
The IKE session encrypt key.
The IKE session authentication
key.
The key used to generate IKE
skeyid during preshared-key
authentication. "no crypto isakmp
key" command zeroizes it. This key
can have two forms based on
whether the key is related to the
hostname or the IP address.
This key generates the IKE shared
secret keys. This key is zeroized
after generating those keys.
RSA private key for IKE
authentication. Generated or
entered like any RSA key, set as
IKE RSA Authentication Key with
the "crypto keyring" or "ca trust-
point" command.
RSA public key for IKE
authentication. Generated or
entered like any RSA key, set as
IKE RSA Authentication Key with
the "crypto keyring" or "ca trust-
point" command.
RSA private key for IKE encrypted
nonces. Generated like any RSA,
with the "usage-keys" parameter
included.
RSA public key for IKE encrypted
nonces. Generated like any RSA,
with the "usage-keys" parameter
included.
The IPSec encryption key. Zeroized
when IPSec session is terminated.
The IPSec authentication key. The
zeroization is the same as above.
The key used to encrypt values of
the configuration file. This key is
zeroized when the "no key config-
key" is issued. Note that this
command does not decrypt the
configuration file, so zeroize with
care.
This key is used by the router to
authenticate itself to the peer. The
router itself gets the password (that
is used as this key) from the AAA
server and sends it onto the peer.
The password retrieved from the
22
DRAM
Automatically after IKE
session terminated.
DRAM
Automatically after IKE
session terminated.
NVRAM
"# no crypto isakmp
key"
DRAM
Automatically after
generating IKE shared
secret keys.
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
"# Clear Crypto IPSec SA"
DRAM
"# Clear Crypto IPSec SA"
DRAM
NVRAM
"# no key config-key"
DRAM
Automatically upon
completion of
authentication attempt.