- ページ 15
ネットワーク・ルーター Cisco 2801 - Integrated Services RouterのPDF ユーザーマニュアルをオンラインで閲覧またはダウンロードできます。Cisco 2801 - Integrated Services Router 29 ページ。 2800 series integrated services routers
Cisco 2801 - Integrated Services Router にも: データシート (20 ページ), クイック・スタート・マニュアル (47 ページ)
Table 8
Cryptographic Keys and CSPs (Continued)
skeyid_a
HMAC-
SHA-1
skeyid_e
DES/TDES
/AES
IKE session
DES/TDES
encrypt key
/AES
IKE session
HMAC-
authentication
SHA-1
key
ISAKMP
Secret
preshared
IKE hash key
HMAC-
SHA-1
secret_1_0_0
IPSec
DES/TDES
encryption key
/AES
IPSec
HMAC-
authentication
SHA-1
key
Configuration
AES
encryption key
Router
Shared
authentication
secret
key 1
PPP
RFC 1334
authentication
key
Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM-VPN/EPII-Plus
OL-8719-01
The ISAKMP security association authentication
key.
The ISAKMP security association encryption
key.
The IKE session encrypt key.
The IKE session authentication key.
The key used to generate IKE skeyid during
preshared-key authentication. "no crypto isakmp
key" command zeroizes it. This key can have two
forms based on whether the key is related to the
hostname or the IP address.
This key generates the IKE shared secret keys.
This key is zeroized after generating those keys.
The fixed key used in Cisco vendor ID
generation. This key is embedded in the module
binary image and can be deleted by erasing the
Flash.
The IPSec encryption key. Zeroized when IPSec
session is terminated.
The IPSec authentication key. The zeroization is
the same as above.
The key used to encrypt values of the
configuration file. This key is zeroized when the
"no key config-key" is issued. Note that this
command does not decrypt the configuration file,
so zeroize with care.
This key is used by the router to authenticate
itself to the peer. The router itself gets the
password (that is used as this key) from the AAA
server and sends it onto the peer. The password
retrieved from the AAA server is zeroized upon
completion of the authentication attempt.
The authentication key used in PPP. This key is in
the DRAM and not zeroized at runtime. One can
turn off the router to zeroize this key because it is
stored in DRAM.
Cisco 1841 and Cisco 2801 Routers
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
NVRAM
"# no crypto isakmp key"
(plaintext)
DRAM
Automatically after
(plaintext)
generating IKE shared
secret keys.
NVRAM
Deleted by erasing the
(plaintext)
flash.
DRAM
Automatically when IPSec
(plaintext)
session terminated.
DRAM
Automatically when IPSec
(plaintext)
session terminated.
NVRAM
"# no key config-key"
(plaintext)
DRAM
Automatically upon
(plaintext)
completion of
authentication attempt.
DRAM
Turn off the router.
(plaintext)
15