Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems 7206VXR NPE-400 manual Obtaining Documentation, Protocols, Remote Access, Cisco.com

Models: 7206VXR NPE-400

1 22

Download 22 pages 11.99 Kb

Page 17

IPSec Requirements and Cryptographic Algorithms

Obtaining Documentation

•If the Crypto Officer loads any IOS image onto the router, this will put the router into a non-FIPS mode of operation.

IPSec Requirements and Cryptographic Algorithms

There are two types of key management method that are allowed in FIPS mode: Internet Key Exchange (IKE) and IPSec manually entered keys.

Although the IOS implementation of IKE allows a number of algorithms, only the following algorithms are allowed in a FIPS 140-2 configuration:

•ah-sha-hmac

•esp-des

•esp-sha-hmac

•esp-3des

•esp-aes

The following algorithms are not FIPS approved and should be disabled:

•MD-4 and MD-5 for signing

•MD-5 HMAC

Protocols

All SNMP operations must be performed within a secure IPSec tunnel.

Remote Access

•Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system and the module. The Crypto Officer must configure the module so that any remote connections via telnet are secured through IPSec.

•SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm. The Crypto Officer must configure the module so that SSH uses only FIPS-approved algorithms.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

	OL-3959-01	17

Image 17

Cisco Systems 7206VXR NPE-400 manual Obtaining Documentation, IPSec Requirements and Cryptographic Algorithms, Protocols

Contents

Introduction Roles and Services, page Physical Security, pageIntroduction, page FIPS 140-2 Submission Package, page Overview, page Cryptographic Module, page Module Interfaces, pageOverview FIPS 140-2 Submission PackageDocumentation Feedback, page Obtaining Technical Assistance, page Obtaining Additional Publications and Information, pageFigure 1 Cisco 7206VXR NPE-400 Router Front View Cryptographic ModuleModule Interfaces Figure 2 Cisco 7206VXR Router Front Panel LEDs IndicationDescription Color LED LabelState FunctionFIPS 140-2 Logical Interface Roles and ServicesRouter Physical Interface User Role Crypto Officer RolePhysical Security Cryptographic Key Management Storage CSP NameDescription Critical Security ParametersCSP Name crypto ca trust label commandDescription StorageStorage CSP NameDescription OL-3959-01 Figure 6 Role and Service Access to CSPsCryptographic Key Management The module supports three types of key management schemes Key Zeroization Self-TestsSecure Operation Initial SetupSystem Initialization and Configuration Obtaining Documentation Remote AccessIPSec Requirements and Cryptographic Algorithms ProtocolsOrdering Documentation Documentation FeedbackObtaining Technical Assistance Definitions of Service Request Severity Submitting a Service RequestCisco Technical Support Website http//tools.cisco.com/RPF/register/register.dohttp//cisco.com/univercd/cc/td/doc/pcat Obtaining Additional Publications and InformationCopyright 2004 Cisco Systems, Inc. All rights reserved Obtaining Additional Publications and InformationOL-3959-01 OL-3959-01 Obtaining Additional Publications and Information