Cisco 2811 - Voice Security Bundle Router 운영 - 페이지 22
{카테고리_이름} Cisco 2811 - Voice Security Bundle Router에 대한 운영을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 2811 - Voice Security Bundle Router 31 페이지. Integrated services routers
Cisco 2811 - Voice Security Bundle Router에 대해서도 마찬가지입니다: 빠른 시작 매뉴얼 (45 페이지)
IKE session
TRIPLE-
encrypt key
DES/AES
IKE session
HMAC-SHA-1
authentication
key
ISAKMP
Shared secret
preshared
IKE hash key
HMAC-SHA-1
IKE RSA
RSA
Authentication
private Key
IKE RSA
RSA
Authentication
Public Key
IKE RSA
RSA
Encrypted
Nonce Private
Key
IKE RSA
RSA
Encrypted
Nonce Public
Key
IPSec
DES/TRIPLE-
encryption
DES/AES
key
IPSec
HMAC-SHA-1
authentication
key
Configuration
AES
encryption
key
Router
Shared secret
authentication
key 1
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
The IKE session encrypt key.
The IKE session authentication
key.
The key used to generate IKE
skeyid during preshared-key
authentication. "no crypto isakmp
key" command zeroizes it. This key
can have two forms based on
whether the key is related to the
hostname or the IP address.
This key generates the IKE shared
secret keys. This key is zeroized
after generating those keys.
RSA private key for IKE
authentication. Generated or
entered like any RSA key, set as
IKE RSA Authentication Key with
the "crypto keyring" or "ca trust-
point" command.
RSA public key for IKE
authentication. Generated or
entered like any RSA key, set as
IKE RSA Authentication Key with
the "crypto keyring" or "ca trust-
point" command.
RSA private key for IKE encrypted
nonces. Generated like any RSA,
with the "usage-keys" parameter
included.
RSA public key for IKE encrypted
nonces. Generated like any RSA,
with the "usage-keys" parameter
included.
The IPSec encryption key. Zeroized
when IPSec session is terminated.
The IPSec authentication key. The
zeroization is the same as above.
The key used to encrypt values of
the configuration file. This key is
zeroized when the "no key config-
key" is issued. Note that this
command does not decrypt the
configuration file, so zeroize with
care.
This key is used by the router to
authenticate itself to the peer. The
router itself gets the password (that
is used as this key) from the AAA
server and sends it onto the peer.
The password retrieved from the
22
DRAM
Automatically after IKE
session terminated.
DRAM
Automatically after IKE
session terminated.
NVRAM
"# no crypto isakmp
key"
DRAM
Automatically after
generating IKE shared
secret keys.
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
"# Clear Crypto IPSec SA"
DRAM
"# Clear Crypto IPSec SA"
DRAM
NVRAM
"# no key config-key"
DRAM
Automatically upon
completion of
authentication attempt.