Chapter 1 Overview

Features

CA—In addition, Certificate Authority (CA) interoperability is provided in support of the IPSec standard, using Certificate Enrollment Protocol (CEP). CEP permits Cisco IOS devices and CAs to communicate so that your Cisco IOS device can obtain and use digital certificates from the CA. Although IPSec can be implemented in your network without the use of a CA, using a CA provides manageability and scalability for IPSec.

The component technologies implemented for IPSec include:

DES and Triple DES—The Data Encryption Standard (DES) and Triple DES (3DES) are used to encrypt packet data. Cisco IOS implements the 3-key triple DES and DES-CBC with Explicit IV. Cipher Block Chaining (CBC) requires an initialization vector (IV) to start encryption. The IV is explicitly given in the IPSec packet.

MD5 (HMAC variant)—MD5 is a hash algorithm. HMAC is a keyed hash variant used to authenticate data.

SHA (HMAC variant)—SHA is a hash algorithm. HMAC is a keyed hash variant used to authenticate data.

IPSec as implemented in Cisco IOS software supports the following additional standards:

AH—Authentication Header is a security protocol that provides data authentication and optional antireplay services.

The AH protocol allows for the use of various authentication algorithms; Cisco IOS has implemented the mandatory MD5 and SHA (HMAC variants) authentication algorithms. The AH protocol provides antireplay services.

ESP—Encapsulating Security Payload is a security protocol that provides data privacy services, optional data authentication, and antireplay services. ESP encapsulates the data to be protected. The ESP protocol allows for the use of various cipher algorithms and (optionally) various authentication algorithms. Cisco IOS software implements the mandatory 56-bit DES-CBC with Explicit IV or Triple DES as the encryption algorithm, and MD5 or SHA (HMAC variants) as the authentication algorithms. The updated ESP protocol provides antireplay services.

Features

This section describes the ISA/ISM features, as listed in Table 1-1.

Table 1-1 Features

Feature

Description

 

 

Physical

Integrated Service Adapter (ISA)

 

Integrated Service Module (ISM)

 

 

Platform Support

Cisco 7100 series

 

Cisco 7120 series and Cisco 7140 series

 

Cisco 7200 series and Cisco 7200VXR series (ISA only)1

 

Cisco 7202, Cisco 7204, and Cisco 7206

 

Cisco 7204VXR and Cisco 7206VXR

 

 

Hardware Prerequisites

None

 

 

Throughput

Up to full duplex DS3 (90 Mbps) using 3DES

 

 

Integrated Services Adapter and Integrated Services Module Installation and Configuration

 

OL-3575-01 B0

1-3

 

 

 

Page 19
Image 19
Cisco Systems SM-ISM, SA-ISA manual Features, Feature Description