Cisco 7206VXR NPE-400 - Manuals

Cisco 7206VXR NPE-400 – Manual in PDF format online.

Manuals:

Manual

Manual Cisco 7206VXR NPE-400

Summary

Page 2 - Documentation Feedback, page 18; FIPS 140-2 Submission Package; Vendor evidence document; Overview; Cisco 7206VXR routers support the following features:

2 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 FIPS 140-2 Submission Package • Documentation Feedback, page 18 • Obtaining Technical Assistance, page 18 • Obtaining Additional Publications and Information, page 20 FIPS 140-2 Submission Package The Se...

Page 3 - Cryptographic Module; Module Interfaces

3 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Cryptographic Module Cryptographic Module The Cisco 7206VXR NPE-400 router with VAM is a multiple-chip standalone cryptographic module. The Cisco 7206VXR supports multi-protocol routing and bridging with...

Page 4 - Table 1; LED

4 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Module Interfaces Table 1 shows the front panel LEDs, which provide overall status of the router operation. The front panel displays whether or not the router is booted, if the redundant power is attache...

Page 6 - Note; Roles and Services; Cisco 7206VXR Installation and Configuration Guide; Router Physical Interface

6 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Roles and Services In addition to the built-in interfaces, the router also has additional port adapters that can optionally be placed in an available slot. These port adapters have many embodiments, incl...

Page 7 - “Secure Operation” section on page 16; Crypto Officer Role

7 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Roles and Services The User and Crypto Officer passwords and the RADIUS/TACACS+ shared secrets must each be at least 8 alphanumeric characters in length. See the “Secure Operation” section on page 16 for...

Page 8 - Physical Security; Figure 4

8 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Physical Security Physical Security The router is encased in a steel chassis. The front of the router includes six port adapter slots. The rear of the router includes on-board LAN connectors, PC Card slo...

Page 9 - Cryptographic Key Management

9 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Cryptographic Key Management Figure 4 Tamper Evidence Label Placement (Front View) Figure 5 Tamper Evidence Label Placement (Rear View) Cryptographic Key Management The router securely administers both c...

Page 10 - CSP Name; Same as above; no crypto; command zeroizes it. This key

10 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Cryptographic Key Management The module supports the following critical security parameters (CSPs): Table 2 Critical Security Parameters # CSP Name Description Storage 1 CSP 1 This is the seed key for X...

Page 11 - The RSA public key of the CA. The; no; no crypto ca trust; label

11 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Cryptographic Key Management 14 CSP14 The IPSec encryption key. Zeroized when IPSec session is terminated. DRAM(plaintext) 15 CSP15 The IPSec authentication key. The zeroization is the same as above. DR...

Page 12 - Figure 6; command zeroizes the

12 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Cryptographic Key Management The services accessing the CSPs, the type of access and which role accesses the CSPs are listed in the Figure 6 . 25 CSP25 This key is used by the router to authenticate its...

Page 14 - The module supports three types of key management schemes:

14 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Cryptographic Key Management The module supports DES (only for legacy systems), 3DES, DES-MAC, TDES-MAC, AES, SHA-1, HMAC SHA-1, MD5, MD4, HMAC MD5, Diffie-Hellman, RSA (for digital signatures and encry...

Page 15 - Key Zeroization

15 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Self-Tests Key Zeroization All of the keys and CSPs of the module can be zeroized. Please refer to the Description column of Table 2 for information on methods to zeroize each key and CSP. Self-Tests To...

Page 16 - Continuous random number generator test; Secure Operation; Initial Setup; “Physical Security”; System Initialization and Configuration; configure terminal; enable; configure terminal

16 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Secure Operation – Continuous random number generator test Secure Operation The Cisco 7206VXR NPE-400 router with a single VPN Acceleration Module (VAM) meets all the Level 2 requirements for FIPS 140-2...

Page 17 - IPSec Requirements and Cryptographic Algorithms; Obtaining Documentation; You can access the most current Cisco documentation at this URL:

17 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Obtaining Documentation • If the Crypto Officer loads any IOS image onto the router, this will put the router into a non-FIPS mode of operation. IPSec Requirements and Cryptographic Algorithms There are...

Page 18 - You can access the Cisco website at this URL:; Ordering Documentation; You can find instructions for ordering documentation at this URL:; Documentation Feedback; We appreciate your comments.; Obtaining Technical Assistance

18 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Documentation Feedback You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml O...

Page 19 - Cisco Technical Support Website; For a complete list of Cisco TAC contacts, go to this URL:; Definitions of Service Request Severity

19 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Obtaining Technical Assistance Cisco Technical Support Website The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco produ...

Page 20 - Obtaining Additional Publications and Information; The Cisco

20 FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM OL-3959-01 Obtaining Additional Publications and Information Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online...