Cisco 2620 User Guide - Page 11
Table 4, Critical Security Parameters continued - flash
UPC - 746320181783
View all Cisco 2620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 11 highlights
The 2621XM/2651XM Router Table 4 Critical Security Parameters (continued) 4 CSP 4 5 CSP 5 6 CSP 6 7 CSP 7 8 CSP 8 9 CSP 9 10 CSP 10 11 CSP 11 12 CSP 12 13 CSP 13 14 CSP 14 15 CSP 15 16 CSP 16 17 CSP 17 Same as above DRAM (plaintext) Same as above DRAM (plaintext) Same as above DRAM (plaintext) The IKE session encrypt key. The zeroization is the same as above. DRAM (plaintext) The IKE session authentication key. The zeroization is the same DRAM as above. (plaintext) The RSA private key. "crypto key zeroize" command zeroizes this NVRAM key. (plaintext) The key used to generate IKE skeyid during preshared-key authentication. "no crypto isakmp key" command zeroizes it. This key can have two forms based on whether the key is related to the hostname or the IP address. NVRAM (plaintext) This key generates keys 3, 4, 5 and 6. This key is zeroized after DRAM generating those keys. (plaintext) The RSA public key used to validate signatures within IKE. These keys are expired either when CRL (certificate revocation list) expires or 5 secs after if no CRL exists. After above expiration happens and before a new public key structure is created this key is deleted. This key does not need to be zeroized because it is a public key; however, it is zeroized as mentioned here. DRAM (plaintext) The fixed key used in Cisco vendor ID generation. This key is embedded in the module binary image and can be deleted by erasing the Flash. NVRAM (plaintext) The IPSec encryption key. Zeroized when IPSec session is terminated. DRAM (plaintext) The IPSec authentication key. The zeroization is the same as above. DRAM (plaintext) The RSA public key of the CA. "no crypto ca trust " command invalidates the key and it frees the public key label which in essence prevent use of the key. This key does not need to be zeroized because it is a public key. NVRAM (plaintext) This key is a public key of the DNS server. Zeroized using the same mechanism as above. "no crypto ca trust " command invalidate the DNS server's public key and it frees the public key label which in essence prevent use of that key. This label is different from the label in the above key. This key does not need to be zeroized because it is a public key. NVRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 11