Cisco 2621XM 사용자 설명서 - 페이지 41
{카테고리_이름} Cisco 2621XM에 대한 사용자 설명서을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 2621XM 48 페이지. Non-proprietary security policy
Cisco 2621XM에 대해서도 마찬가지입니다: 운영 (25 페이지), 사용자 설명서 (20 페이지)
Table 19
SRDI/Role/Service Access Policy
CSP 27
CSP 28
CSP 29
CSP 30
CSP 31
The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1,
HMAC-SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and
encryption/decryption (for IKE authentication)), cryptographic algorithms. The MD5, HMAC MD5, and
MD4 algorithms are disabled when operating in FIPS mode.
The module supports three types of key management schemes:
Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key are
•
exchanged manually and entered electronically.
Internet Key Exchange method with support for exchanging pre-shared keys manually and entering
•
electronically.
–
–
Internet Key Exchange with RSA-signature authentication.
•
All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected
by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto
Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual
tunnels are directly associated with that specific tunnel only via the IKE protocol.
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
OL-6083-01
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Role and Service Access to CSPs (Continued)
The pre-shared keys are used with Diffie-Hellman key agreement technique to derive DES,
3DES or AES keys.
The pre-shared key is also used to derive HMAC-SHA-1 key.
r
r
w
d
r
w
d
r
w
d
r
w
d
r
w
d
41