EasyManuals Logo
Home>Cisco>Network Router>2621XM

Cisco 2621XM User Manual

Cisco 2621XM
24 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #16 background imageLoading...
Page #16 background image
16
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
The 2621XM/2651XM Router
The module supports three types of key management schemes:
Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key are
exchanged manually and entered electronically.
Internet Key Exchange method with support for exchanging pre-shared keys manually and entering
electronically.
The pre-shared keys are used with Diffie-Hellman key agreement technique to derive DES,
3DES or AES keys.
The pre-shared key is also used to derive HMAC-SHA-1 key.
Internet Key Exchange with RSA-signature authentication.
All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected
by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto
Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual
tunnels are directly associated with that specific tunnel only via the IKE protocol.
Key Zeroization:
All of the keys and CSPs of the module can be zeroized. Please refer to the Description column of
Table 4 for information on methods to zeroize each key and CSP.
Self-Tests
In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router includes
an array of self-tests that are run during startup and periodically during operations. If any of the self-tests
fail, the router transitions into an error state. Within the error state, all secure data transmission is halted
and the router outputs status information indicating the failure.
Note After the router recovers from failure of a power-up self-test performed by the AIM-VPN/EP, the
router only allows plaintext traffic to pass through and no encrypted traffic is allowed.
Self-tests performed by the IOS image:
Power-up tests
Firmware integrity test
RSA signature KAT (both signature and verification)
DES KAT
TDES KAT
AES KAT
SHA-1 KAT
PRNG KAT
Power-up bypass test
Diffie-Hellman self-test
HMAC SHA-1 KAT

Table of Contents

Other manuals for Cisco 2621XM

Preview: User Guide
User Guide20 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 2621XM and is the answer not in the manual?

Cisco 2621XM Specifications

General IconGeneral
BrandCisco
Model2621XM
CategoryNetwork Router
LanguageEnglish

Related product manuals