Cisco 2811 Series 운영 - 페이지 23
{카테고리_이름} Cisco 2811 Series에 대한 운영을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 2811 Series 31 페이지. 2800 series integrated services routers
Cisco 2811 Series에 대해서도 마찬가지입니다: 데이터시트 (20 페이지), 설치 및 업그레이드 (14 페이지), 운영 (31 페이지), 빠른 시작 매뉴얼 (47 페이지)
•
IPSec Requirements and Cryptographic Algorithms
•
•
•
Protocols
•
•
Remote Access
•
•
Related Documentation
For more information about the Cisco 2811 and Cisco 2821 Integrated Services Routers, refer to the
following documents:
•
•
OL-8663-01
RADIUS and TACACS+ shared secret key sizes must be at least 8 characters long, and must include
at least one number and one letter.
The only type of key management that is allowed in FIPS mode is Internet Key Exchange (IKE).
Although the IOS implementation of IKE allows a number of algorithms, only the following
algorithms are allowed in a FIPS 140-2 configuration:
ah-sha-hmac
–
esp-des
–
esp-sha-hmac
–
esp-3des
–
esp-aes
–
The following algorithms are not FIPS approved and should not be used during FIPS-approved
mode:
RSA
–
MD-5 for signing
–
MD-5 HMAC
–
SNMP v3 over a secure IPSec tunnel may be employed for authenticated, secure SNMP gets and
sets. Since SNMP v2C uses community strings for authentication, only gets are allowed under
SNMP v2C.
SSL is not an Approved protocol, and shall not be used in FIPS mode.
Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system
and the module. The Crypto officer must configure the module so that any remote connections via
telnet are secured through IPSec, using FIPS-approved algorithms. Note that all users must still
authenticate after remote access is granted.
SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm.
The Crypto officer must configure the module so that SSH uses only FIPS-approved algorithms.
Note that all users must still authenticate after remote access is granted.
Cisco 2800 Series Integrated Services Routers Quick Start Guides
Cisco 2800 Series Hardware Installation documents
Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy
Related Documentation
23