1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Gateway
  5. VPN Gateway
  6. User manual

Avaya VPN Gateway User Manual page 59

Vpn gateway
Hide thumbs
Table of Contents

Advertisement

6. Split the wrap key from HSM card 0 onto the CODE-SO and CODE-USER iKeys.
User Guide
Enter a new HSM-SO password for card 1:<define a new HSM-SO
password, or use the same HSM-SO password as for card 0>
Re-enter to confirm:
The HSM-SO iKey has been updated.
Verify that HSM-USER iKey (blue) is inserted in card 1 (with
flashing LED).
Hit enter when done.
Enter a new HSM-USER password for card 1:<define a new HSM-USER
password, or use the same HSM-USER password as for card 0>
Re-enter to confirm:
The HSM-USER iKey has been updated.
Card 1 successfully initialized.
This step is related to splitting the software wrap key used internally in the cluster,
and then loading the split wrap key onto the two black CODE-SO and CODE-USER
iKeys. These iKeys will then be used to transfer the cluster wrap key onto another
HSM card either within the same ASA 310-FIPS device (as in
page 60), or to HSM cards in an ASA 310-FIPS device that is added to the current
cluster.
Each ASA 310-FIPS device is shipped with four black CODE iKeys. However, you
will only need to use two of these in one given cluster. The extra two black iKeys
can be used to create a pair of backup CODE iKeys. For more information about
how to create a pair of backup CODE iKeys, see the splitkey command on the
HSM menu (described under Maintenance Menu in the Command Reference).
To successfully split and load the cluster wrap key onto the correct iKeys, you need
the following:
• Two black CODE iKeys, supposedly labeled "CODE-SO" and "CODE-USER"
respectively.
If the black iKeys are not already labeled CODE-SO and CODE-USER respectively,
you are recommended to do so before inserting them. Whenever the cluster wrap
key needs to be transferred onto an initialized HSM card, you will be prompted for
the specific CODE iKey, in turns. Having each iKey properly labeled CODE-SO and
CODE-USER respectively will make this procedure easier.
( newsetup, continued)
Should new or existing CODE iKeys be used? (new/existing)
[new]:<press ENTER to select new>
Verify that CODE-SO iKey (black) is inserted in card 0 (with
flashing LED).
Hit enter when done.
Verify that HSM-USER iKey (blue) is inserted in card 0 (with
flashing LED).
Hit enter when done.
Verify that CODE-USER iKey (black) is inserted in card 0 (with
Installing an ASA 310-FIPS
step 7
on
April 2013
59

Advertisement

Table of Contents
loading

Related Manuals for Avaya VPN Gateway

Related Products for Avaya VPN Gateway

This manual is also suitable for:

3050-vmAvg 3050-vm3070-vmAvg 3070-vm3090-vmAvg 3090-vm

Table of Contents