Cisco 2621XM Operations page 11
Modular access routers with aim-vpn/ep fips 140-2 non-proprietary security policy
Hide thumbs
Also See for 2621XM:
- User manual (20 pages) ,
- Configuration manual (196 pages) ,
- Hardware installation manual (104 pages)
Table of Contents
Advertisement
Table 4
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
Critical Security Parameters (continued)
CSP 4
Same as above
CSP 5
Same as above
CSP 6
Same as above
CSP 7
The IKE session encrypt key. The zeroization is the same as
above.
CSP 8
The IKE session authentication key. The zeroization is the same
as above.
CSP 9
The RSA private key. "crypto key zeroize" command zeroizes this
key.
CSP 10
The key used to generate IKE skeyid during preshared-key
authentication. "no crypto isakmp key" command zeroizes it. This
key can have two forms based on whether the key is related to the
hostname or the IP address.
CSP 11
This key generates keys 3, 4, 5 and 6. This key is zeroized after
generating those keys.
CSP 12
The RSA public key used to validate signatures within IKE. These
keys are expired either when CRL (certificate revocation list)
expires or 5 secs after if no CRL exists. After above expiration
happens and before a new public key structure is created this key
is deleted. This key does not need to be zeroized because it is a
public key; however, it is zeroized as mentioned here.
CSP 13
The fixed key used in Cisco vendor ID generation. This key is
embedded in the module binary image and can be deleted by
erasing the Flash.
CSP 14
The IPSec encryption key. Zeroized when IPSec session is
terminated.
CSP 15
The IPSec authentication key. The zeroization is the same as
above.
CSP 16
The RSA public key of the CA. "no crypto ca trust <label>"
command invalidates the key and it frees the public key label
which in essence prevent use of the key. This key does not need to
be zeroized because it is a public key.
CSP 17
This key is a public key of the DNS server. Zeroized using the
same mechanism as above. "no crypto ca trust <label>" command
invalidate the DNS server's public key and it frees the public key
label which in essence prevent use of that key. This label is
different from the label in the above key. This key does not need
to be zeroized because it is a public key.
The 2621XM/2651XM Router
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
11
Hide quick links:
Advertisement
Table of Contents
