Name: Cisco ASR 1001
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Page 41 of 72

TOE-common-criteria (config-isakmp)# authentication ecdsa-sig

And for IKEv2 with the commands:

TOE-common-criteria (config)#crypto ikev2 profile sample

TOE-common-criteria(config-ikev2-profile)#authentication [remote | local] rsa-sig

TOE-common-criteria(config-ikev2-profile)#authentication [remote | local] ecdsa-sig

If an invalid certificate is loaded, authentication will not succeed.

4.6.4.10 Deleting Certificates

If the need arises, certificates that are saved on the router can be deleted. The router saves its

own certificates and the certificate of the CA.

To delete the router's certificate from the router's configuration, the following commands can be

used in global configuration mode:

Router# show crypto ca certificates [Displays the certificates stored on router]

Router(config)# crypto ca certificate chain name [Enters certificate chain configuration mode]

Router(config-cert-cha)# no certificate certificate-serial-number [deletes the certificate]

To delete the CA's certificate, the entire CA identity must be removed, which also removes all

certificates associated with the CA—router's certificate and the CA certificate. To remove a CA

identity, the following command in global configuration mode can be used:

Router(config)# no crypto ca identity name [Deletes all identity information and certificates

associated with the CA]

4.6.5 Information Flow Policies

The TOE may be configured by the privileged administrators for information flow control/

firewall rules as well as VPN capabilities using the access control functionality. Configuration

of information flow policies is restricted to the privileged administrator.

The VPNGW Extended Package requires that the TOE be able to support options for information

flow policies that include discarding, bypassing, and protecting. On the TOE, an authorized

administrator can define the traffic rules on the box by configuring access lists (with permit,

deny, and/or log actions) and applying these access lists to interfaces using access and crypto

map sets:

Other manuals for Cisco ASR 1001

Questions and Answers:

Need help?

Do you have a question about the Cisco ASR 1001 and is the answer not in the manual?

General

Ethernet LAN	Yes
Cabling technology	10/100/1000Base-T(X)
Networking standards	-
Ethernet LAN data rates	10, 100, 1000 Mbit/s
Ethernet interface type	Gigabit Ethernet
USB ports quantity	1
Ethernet LAN (RJ-45) ports	4
VPN tunnels quantity	8000
Product color	Gray
Rack capacity	1U
AC input voltage	85 - 264 V
Power source type	AC
AC input frequency	50 - 60 Hz
Power consumption (typical)	250 W
Safety	UL60950-1 CSA, C22.2 No. 60950-1-03, EN 60950-1, IEC 60950-1, AS/NZS 60950.1
Certification	FCC 47CFR15 Class A AS/NZS CISPR 22 CISPR 22 Class A EN55022 Class A ICES-003 Class A VCCI Class A CNS-13438 Class A EN61000-3-2 EN61000-3-3
Internal memory	8192 MB
Operating altitude	0 - 3048 m
Storage temperature (T-T)	0 - 50 °C
Operating temperature (T-T)	0 - 40 °C
Storage relative humidity (H-H)	5 - 95 %
Operating relative humidity (H-H)	5 - 90 %