Cisco 2651XM User Guide

Cisco 2651XM - VPN Bundle Router Manual

Get Cisco 2651XM - VPN Bundle Router PDF manuals and user guides
UPC - 746320731841
View all Cisco 2651XM manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco 2651XM manual content summary:

  • Cisco 2651XM | User Guide - Page 1
    non-proprietary Cryptographic Module Security Policy for the 2621XM and 2651XM Modular Access Routers with AIM-VPN/EP. This security policy describes how the 2621XM and 2651XM routers (Hardware Version: 2621XM, 2651XM; AIM-VPN/EP: Hardware Version 1.0, Board Version B0; Firmware Version: IOS 12.3(3d
  • Cisco 2651XM | User Guide - Page 2
    voice and data infrastructure to reduce costs. The Cisco 2621XM and 2651XM routers offer versatility, integration, and security to branch offices. With over 100 Network Modules (NMs) and WAN Interface Cards (WICs), the modular architecture of the Cisco router easily allows interfaces to be upgraded
  • Cisco 2651XM | User Guide - Page 3
    to Ethernet routing with up to 30 thousand packets per second (Kpps) throughput capacity for the 2621XM, and 40 Kpps for the 2651XM. Module Interfaces The interfaces for the router are located on the rear panel as shown in Figure 2. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN
  • Cisco 2651XM | User Guide - Page 4
    100BASE-T Ethernet 0/1 (RJ-45) Network module 10/100BASE-T Ethernet 0/0 (RJ-45) Auxiliary port Console (RJ-45) port (RJ-45) The Cisco 2621XM and 2651XM routers feature a console port, an auxiliary port, dual fixed LAN interfaces, a Network Module slot, and two WIC slots. LAN support includes
  • Cisco 2651XM | User Guide - Page 5
    SERIAL 0 SEE MANUAL BEFORE INSTALLATION WIC CONN 2A/S FDX W0 Cisco 2621 10/100 ETHERNET 0/1 10/100 ETHERNET 0/0 CONSOLE AUX 10/100BASE-T Ethernet 0/1 (RJ-45) 10/100BASE-T Ethernet 0/0 (RJ-45) Auxiliary port (RJ-45) Console port (RJ-45) 99495 Table 1 Cisco 2621XM and Cisco 2651XM Rear
  • Cisco 2651XM | User Guide - Page 6
    Console Port Auxiliary Port 10/100BASE-TX LAN Port WIC Interface Network Module Interface Power Switch Console Port Auxiliary Port FIPS 140-2 Logical Interface Data Input Interface Data Output Interface Control Input Interface Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP
  • Cisco 2651XM | User Guide - Page 7
    • Configure the router-define network interfaces and settings, create command aliases, set the protocols the router will support, enable interfaces and network services, set system date and time, and load authentication information. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN
  • Cisco 2651XM | User Guide - Page 8
    Services-display directory of files kept in flash memory Physical Security The router is entirely encased by a thick steel chassis. The rear of the unit provides 1 Network Module slot, 2 WIC slots, on-board LAN connectors, Console/Auxiliary connectors, the power cable connection and a power
  • Cisco 2651XM | User Guide - Page 9
    covers are included with each router, and additional covers may be ordered from Cisco. The same procedure mentioned below to apply tamper evidence labels for NMs and WICs must also be followed to apply tamper evidence labels for the slot covers. Once the router has been configured in to meet FIPS
  • Cisco 2651XM | User Guide - Page 10
    Cisco 2611 LINK ETHERNET 1 ACT LINK ETHERNET 0 ACT CONSOLE AUX 100-240V- 1A 50/60 Hz 47 W POWER RPS ACTIVITY Cisco 2600SERIES 99498 The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the router, remove Network Modules or WIC
  • Cisco 2651XM | User Guide - Page 11
    it is a public key; however, it is zeroized as mentioned here. DRAM (plaintext) The fixed key used in Cisco vendor ID generation. This key is embedded in the module binary image and can be deleted by erasing the Flash. NVRAM (plaintext) The IPSec encryption key. Zeroized when IPSec session is
  • Cisco 2651XM | User Guide - Page 12
    ) The TACACS+ shared secret. This shared secret is zeroized by executing the "no" form of the TACACS+ shared secret set command. NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01
  • Cisco 2651XM | User Guide - Page 13
    Table 5 Role and Service Access to CSPs Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role
  • Cisco 2651XM | User Guide - Page 14
    User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 12 CSP 13 CSP 14 CSP 15
  • Cisco 2651XM | User Guide - Page 15
    (continued) The 2621XM/2651XM Router Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role
  • Cisco 2651XM | User Guide - Page 16
    /2651XM Router The module supports three types of key management schemes: • Manual key exchange method that is symmetric. DES/3DES/AES key and HMAC-SHA-1 key are exchanged manually and entered electronically. • Internet Key Exchange method with support for exchanging pre-shared keys manually and
  • Cisco 2651XM | User Guide - Page 17
    tests - Continuous random number generator test Secure Operation of the Cisco 2621XM/2651XM Router The Cisco 2621XM and 2651XM Modular Access Routers with AIM-VPN/EP meet all the Level 2 requirements for FIPS 140-2. Follow the setting instructions provided below to place the module in FIPS mode
  • Cisco 2651XM | User Guide - Page 18
    no service password-recovery end show version Note Once Password Recovery is disabled, administrative access to the module without the password will not be possible. System Initialization and Configuration • The Crypto Officer must perform the initial configuration. Cisco IOS version 12.3(3d
  • Cisco 2651XM | User Guide - Page 19
    officer must configure the module so that SSH uses only FIPS-approved algorithms. Related Documentation For more information about the Cisco 2621XM and Cisco 2651XM modular access routers, refer to the following documents: • Cisco 2600 Series Modular Routers Quick Start Guide • Cisco 2600 Series
  • Cisco 2651XM | User Guide - Page 20
    Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP
  • Cisco 2651XM | User Guide - Page 21
    hours to restore service to satisfactory levels. Severity 4 (S4)-You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS
  • Cisco 2651XM | User Guide - Page 22
    user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies
  • Cisco 2651XM | User Guide - Page 23
    Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press
  • Cisco 2651XM | User Guide - Page 24
    Obtaining Additional Publications and Information Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 24 OL-6262-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
Corporate Headquarters:
Copyright © 2001. Cisco Systems, Inc. All rights reserved.
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706
USA
Cisco 2621XM and Cisco 2651XM Modular
Access Routers with AIM-VPN/EP FIPS 140-2
Non-Proprietary Security Policy
Level 2 Validation
Version 1.3
June 2, 2004
Introduction
This is the non-proprietary Cryptographic Module Security Policy for the 2621XM and 2651XM
Modular Access Routers with AIM-VPN/EP.
This security policy describes how the 2621XM and
2651XM routers (Hardware Version: 2621XM, 2651XM; AIM-VPN/EP: Hardware Version 1.0, Board
Version B0; Firmware Version: IOS 12.3(3d)) meet the security requirements of FIPS 140-2, and how to
operate the 2621XM and 2651XM routers in a secure FIPS 140-2 mode.
This policy was prepared as
part of the Level 2 FIPS 140-2 validation of the 2621XM and 2651XM routers.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2—
Security Requirements for
Cryptographic Modules
) details the U.S. Government requirements for cryptographic modules.
More
information about the FIPS 140-2 standard and validation program is available on the NIST website at
.
This document contains the following sections:
Introduction, page 1
The 2621XM/2651XM Router, page 2
Secure Operation of the Cisco 2621XM/2651XM Router, page 17
Related Documentation, page 19
Obtaining Documentation, page 19
Documentation Feedback, page 20
Obtaining Technical Assistance, page 20
Obtaining Additional Publications and Information, page 22