Cisco 2691 Series Kullanıcı Kılavuzu - Sayfa 41

Ağ Donanımı Cisco 2691 Series için çevrimiçi göz atın veya pdf Kullanıcı Kılavuzu indirin. Cisco 2691 Series 48 sayfaları. Modular routers
Ayrıca Cisco 2691 Series için: Yükleme ve Biçimlendirme (34 sayfalar), Veri Sayfası (8 sayfalar), Hızlı Başlangıç Kılavuzu (29 sayfalar)

Sayfayı Yazdır

Table 19

SRDI/Role/Service Access Policy

CSP 27

CSP 28

CSP 29

CSP 30

CSP 31

The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1,

HMAC-SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and

encryption/decryption (for IKE authentication)), cryptographic algorithms. The MD5, HMAC MD5, and

MD4 algorithms are disabled when operating in FIPS mode.

The module supports three types of key management schemes:

Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key are

•

exchanged manually and entered electronically.

Internet Key Exchange method with support for exchanging pre-shared keys manually and entering

•

electronically.

–

Internet Key Exchange with RSA-signature authentication.

•

All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected

by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto

Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual

tunnels are directly associated with that specific tunnel only via the IKE protocol.

Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary

OL-6083-01

The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers

Role and Service Access to CSPs (Continued)

The pre-shared keys are used with Diffie-Hellman key agreement technique to derive DES,

3DES or AES keys.

The pre-shared key is also used to derive HMAC-SHA-1 key.