Table of Contents
Advertisement
62 Initial Setup
7
8
Copyright © 2007-2008 Nortel Networks
.
labeled CODE-SO and CODE-USER respectively will make this
procedure easier.
( new setup, continued)
Should new or existing CODE iKeys be used? (new/existi
ng) [new]:
<press ENTER to select new>
Verify that CODE-SO iKey (black) is inserted in card 0
(with flashing LED).
Hit enter when done.
Verify that HSM-USER iKey (blue) is inserted in card 0
(with flashing LED).
Hit enter when done.
Verify that CODE-USER iKey (black) is inserted in card 0
(with flashing LED).
Hit enter when done.
Wrap key successfully split from card 0.
Note: Unlike the HSM-SO and the HSM-USER iKeys, the
CODE-SO and CODE-USER iKeys are not specific for each
HSM card. Instead, the CODE-SO and CODE-USER iKeys
are specific for each cluster of ASA 310-FIPS units. Therefore,
if you have more than one cluster of ASA 310-FIPS units, you
need to take steps so that you can identify to which cluster a
pair of CODE-SO and CODE-USER iKeys is associated.
Transfer the cluster wrap key from the CODE-SO and
CODE-USER iKeys onto HSM card 1.
( new setup, continued)
Verify that CODE-SO iKey (black) is inserted in card 1
(with flashing LED).
Hit enter when done.
Verify that HSM-USER iKey (blue) is inserted in card 1
(with flashing LED).
Hit enter when done.
Verify that CODE-USER iKey (black) is inserted in card 1
(with flashing LED).
Hit enter when done.
Wrap key successfully combined to card 1.
If you have selected FIPS mode as the security mode, define
a passphrase.
If you selected FIPS mode prior to initializing HSM card 0
3
), you will also be asked to define a passphrase. Make sure
you remember the passphrase as you will be prompted for the
same passphrase when adding other ASA 310-FIPS units to the
Nortel VPN Gateway
User Guide
NN46120-104 02.01 Standard
14 April 2008
(Step
Advertisement
Table of Contents
