EasyManua.ls Logo

Cisco ISR 4000 series User Manual

Cisco ISR 4000 series
66 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #19 background imageLoading...
Page #19 background image
Cisco ISR 4000 Family Routers Administrator Guidance
Page 19 of 66
Recovery from an event where the connection is unintentionally broken is to follow the steps to
establish a connection as listed above.
3.3.2 Authentication Server Protocols
RADIUS (outbound) for authentication of TOE administrators to remote authentication servers are
disabled by default but should be enabled by administrators in the evaluated configuration.
To configure RADIUS refer to [5]. Use best practices for the selection and protection of a
key to ensure that the key is not easily guessable and is not shared with unauthorized users.
These protocols are to be tunneled over an IPSec connection in the evaluated configuration. The
instructions for setting up this communication are the same as those for protecting communications
with a syslog server, detailed in Section 3.3.5below.
3.3.3 Logging Configuration
1. Logging of command execution must be enabled:
TOE-common-criteria(config)#archive
TOE-common-criteria(config)#no logging console
TOE-common-criteria(config-archive)#log config
TOE-common-criteria(config-archive-log-cfg)#logging enable
TOE-common-criteria(config-archive-log-cfg)#hidekeys
TOE-common-criteria(config-archive-log-cfg)#notify syslog
TOE-common-criteria(config-archive-log-cfg)#exit
TOE-common-criteria(config-archive)#exit
2. Add year to the timestamp:
3. TOE-common-criteria(config)# service timestamps log datetime year
4. Enable any required debugging. Debugging is needed for radius (if used), isakmp (if using
ikev1), ipsec, ikev2 (if using ikev2), and ntp to generate the events required in the Security
Target, however administrators should use discretion when enabling a large number of
debugs on an on-going basis:
5. TOE-common-criteria# debug radius authentication
TOE-common-criteria# debug crypto isakmp
TOE-common-criteria# debug crypto ipsec
TOE-common-criteria# debug crypto ikev2
TOE-common-criteria# debug ntp all
6. Set the size of the logging buffer. It is recommended to set it to at least 150000000:
7. TOE-common-criteria(config)# logging buffer 150000000

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Cisco ISR 4000 series and is the answer not in the manual?

Cisco ISR 4000 series Specifications

General IconGeneral
Routing PerformanceUp to 2 Gbps
Switching CapacityVaries by model
Operating SystemCisco IOS XE
DimensionsVaries by model
WeightVaries by model
SeriesISR 4000
WAN PortsVaries by model
LAN PortsVaries by model
RedundancyYes
TypeModular
Routing ThroughputUp to 2 Gbps
MemoryUp to 16 GB
Modular SlotsVaries by model
Power SupplyAC or DC options
Product FamilyISR (Integrated Services Router)
ModelsISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451-X
StorageSSD options
Network InterfacesGigabit Ethernet, SFP
Security FeaturesFirewall, VPN
Virtualization SupportYes
ModularityYes
Operating Temperature0 to 40°C
Humidity5% to 95% noncondensing

Summary

Secure Acceptance and Initial Setup Procedures

Secure Acceptance of TOE

Initial Setup via Console

Basic configuration via console connection before network connection.

Enabling FIPS Mode

Details configuration steps to enable FIPS mode for the crypto engine.

Administrator Configuration and Credentials

Configuring usernames, passwords, and AAA authentication for administrators.

Network Configuration and Security Settings

Network Protocols and Cryptography

Covers protocols, crypto settings, and secure administration.

Remote Administration (SSH)

Logging Configuration

Enabling command execution logging, timestamps, and buffer settings.

Base Firewall Rule Configuration

Defines base packet filtering rules for the TOE.

Secure Management and Operations

Password Complexity and Management

Enforces password complexity requirements like minimum length and character types.

VPN Configuration (IPsec)

Information Flow Policies

Security Events, Services, and Modes of Operation

Security Relevant Events

Related product manuals