Cisco 2851 - Integrated Services Router User Manual - Page 12
Browse online or download pdf User Manual for Network Router Cisco 2851 - Integrated Services Router. Cisco 2851 - Integrated Services Router 25 pages. Power up and initial configuration procedures
Also for Cisco 2851 - Integrated Services Router: Installation And Upgrades (21 pages), Datasheet (20 pages), Quick Start Manual (47 pages), Configuration (10 pages)
Cisco 2851 Routers
Table 5
Cryptographic Keys and CSPs (Continued)
ISAKMP
Secret
preshared
IKE hash key
HMAC-
SHA-1
secret_1_0_0
IPSec
DES/TDES
encryption key
/AES
IPSec
HMAC-
authentication
SHA-1 or
key
DES MAC
Configuration
AES
encryption key
Router
Shared
authentication
secret
key 1
PPP
RFC 1334
authentication
key
Router
Shared
authentication
Secret
key 2
SSH session
Various
key
symmetric
User password
Shared
Secret
Enable
Shared
password
Secret
Cisco 2851 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy
12
The key used to generate IKE skeyid during
preshared-key authentication. "no crypto isakmp
key" command zeroizes it. This key can have two
forms based on whether the key is related to the
hostname or the IP address.
This key generates the IKE shared secret keys.
This key is zeroized after generating those keys.
The fixed key used in Cisco vendor ID generation.
This key is embedded in the module binary image
and can be deleted by erasing the Flash.
The IPSec encryption key. Zeroized when IPSec
session is terminated.
The IPSec authentication key. The zeroization is
the same as above.
The key used to encrypt values of the
configuration file. This key is zeroized when the
"no key config-key" is issued. Note that this
command does not decrypt the configuration file,
so zeroize with care.
This key is used by the router to authenticate itself
to the peer. The router itself gets the password
(that is used as this key) from the AAA server and
sends it onto the peer. The password retrieved
from the AAA server is zeroized upon completion
of the authentication attempt.
The authentication key used in PPP. This key is in
the DRAM and not zeroized at runtime. One can
turn off the router to zeroize this key because it is
stored in DRAM.
This key is used by the router to authenticate itself
to the peer. The key is identical to Router
authentication key 1 except that it is retrieved
from the local database (on the router itself).
Issuing the "no username password" zeroizes the
password (that is used as this key) from the local
database.
This is the SSH session key. It is zeroized when
the SSH session is terminated.
The password of the User role. This password is
zeroized by overwriting it with a new password.
The plaintext password of the CO role. This
password is zeroized by overwriting it with a new
password.
NVRAM
"# no crypto isakmp
(plaintext)
key"
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
Automatically when
(plaintext)
IPSec session
terminated.
DRAM
Automatically when
(plaintext)
IPSec session
terminated.
NVRAM
"# no key config-key"
(plaintext)
DRAM
Automatically upon
(plaintext)
completion of
authentication attempt.
DRAM
Turn off the router.
(plaintext)
NVRAM
"# no username
(plaintext)
password"
DRAM
Automatically when
(plaintext)
SSH session terminated
NVRAM
Overwrite with new
(plaintext)
password
NVRAM
Overwrite with new
(plaintext)
password
OL-8717-01