Name: Cisco ASR 1002
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Page 40 of 72

 Use the stop keyword to specify that the certificate is already trusted. This is the

default setting.

 Use the continue keyword to specify that the that the subordinate CA certificate

associated with the trustpoint must be validated.

 The parent-trustpoint argument specifies the name of the parent trustpoint the

certificate must be validated against.

Note: A trustpoint associated with the root CA cannot be configured to be validated to

the next level. The chain-validation command is configured with the continue keyword

for the trust point associated with the root CA, an error message will be displayed and

the chain validation will revert to the default chain-validation command setting.

4. Exit:

TOE-common-criteria(ca-trustpoint)# exit

4.6.4.8 Certificate Validation

By default the TOE will validate the certificate of the IPsec peer including a Basic Constraints

extension. No configuration is required by the administrator. Optionally as a way to test a Basic

Constraints extension, the administrator can add subject name restrictions to the CA root

trustpoint. Refer to How to Configure Certificate Enrollment for a PKI” in [22]. A portion of an

example TOE configuration follows below.

TOE-common-criteria (config)# crypto pki certificate map <certificate map name> 1

subject-name co example

TOE-common-criteria (config)# crypto pki trustpoint CAroot

TOE-common-criteria (ca-trustpoint)# enrollment terminal

TOE-common-criteria (ca-trustpoint)# match certificate <certificate map name>

TOE-common-criteria (ca-trustpoint)#end

TOE-common-criteria (config)# crypto pki trustpoint CA sub

TOE-common-criteria (ca-trustpoint)# enrollment terminal

TOE-common-criteria (ca-trustpoint)# subject-name CN=example.organization.com,OU=Spiral

Dept,O=Example

TOE-common-criteria (ca-trustpoint)# match certificate <certificate map name>

TOE-common-criteria (ca-trustpoint)#end

The administrator should find an error message stating that certificate chain validation has failed

because a certificate in the chain was not a valid CA certificate.

4.6.4.9 Setting X.509 for use with IKE

Once X.509v3 keys are installed on the TOE, they can be set for use with IKEv1 with the

commands:

TOE-common-criteria (config)#crypto isakmp policy 1

TOE-common-criteria (config-isakmp)# authentication rsa-sig

Other manuals for Cisco ASR 1002

Replacing120 pages

Hardware Installation Guide702 pages

Quick Start Guide36 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco ASR 1002 and is the answer not in the manual?

Cisco ASR 1002 Specifications

General

Ethernet LAN	Yes
Cabling technology	10/100/1000Base-T(X)
Networking standards	IEEE 802.3
Ethernet LAN data rates	10, 100, 1000 Mbit/s
Ethernet interface type	Gigabit Ethernet
DHCP client	-
Supported network protocols	BGP, GRE, OSPF, DVMRP, EIGRP, IS-IS, IGMPv3, PIM-SM, PIM-SSM
Ethernet LAN (RJ-45) ports	4
Security algorithms	SSH
VPN tunnels quantity	8000
Safety	UL60950-1 CSA, C22.2 No. 60950-1-03, EN 60950-1, IEC 60950-1, AS/NZS 60950.1
Certification	FCC 47CFR15 Class A AS/NZS CISPR 22 CISPR 22 Class A EN55022 Class A ICES-003 Class A VCCI Class A CNS-13438 Class A EN61000-3-2 EN61000-3-3
Internal memory	4096 MB
AC input voltage	85 - 264 V
Power source type	AC
AC input frequency	50 - 60 Hz
Power consumption (typical)	560 W
Operating altitude	0 - 3048 m
Storage temperature (T-T)	0 - 50 °C
Operating temperature (T-T)	0 - 40 °C
Storage relative humidity (H-H)	5 - 95 %
Operating relative humidity (H-H)	5 - 90 %
Product color	Gray
Rack capacity	2U