Cisco Cisco 7206 VXR - Manuals

Cisco Cisco 7206 VXR – Manual in PDF format online.

Manuals:

Manual

Manual Cisco Cisco 7206 VXR

Summary

Page 2 - References; Vendor evidence document

2 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router References This document deals with operations and capabilities of the 7206 VXR NPE-400 router in the technical terms of a FIPS 140-1 cryptographic module security policy. For more information on Cisco 7206 VXR NPE-400 rout...

Page 3 - Cisco 7200 VXR routers support the following features:; Figure 1

3 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router Cisco 7200 VXR routers accommodate a variety of network interface port adapters and an I/O controller. A Cisco 7200 VXR router equipped with an NPE-400 can support up to six high-speed port adapters and can also support hig...

Page 4 - Module Interfaces; Input/Output Controller; Figure 2; Table 1

4 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router The NPE-400 has three levels of cache: a primary and a secondary cache that are internal to the microprocessor, and a tertiary 4-MB external cache that provides additional high-speed storage for data and instructions. Cisco...

Page 5 - Table 3; Integrated Service Adapter; Figure 3; LED

5 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router . All of these physical interfaces are separated into the logical interfaces from FIPS as described in Table 3 . Integrated Service Adapter The ISA is a single-width service adapter. It provides high-performance, hardware-a...

Page 6 - Table 2

6 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router Figure 3 LEDs for ISA Crypto Card Refer to Table 2 for further description of the ISA LEDs All of these physical interfaces are separated into the logical interfaces from FIPS as described in Table 3 . ENCRYPT/COMP SA-ISA E...

Page 7 - Roles and Services; Router Physical Interface

7 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router * Disabled in FIPS mode. See the “Secure Operation of the Cisco 7206 VXR NPE-400 Router” section in this document for more information. In addition to the built-in interfaces, the router also has additional port adapters th...

Page 8 - Cryptographic Officer Services; “Initial; User Services; Physical Security

8 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router Cryptographic Officer Services During initial configuration of the router, a cryptographic officer (crypto officer) password (the “enable” password) is defined and all management services are available from this role. The c...

Page 9 - The labels completely cure within five minutes.

9 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router Once the router has been configured to meet FIPS 140-1 Level 2 requirements, the router cannot be accessed without signs of tampering. To seal the system, apply serialized tamper-evidence labels as follows: • Clean the cove...

Page 10 - Figure 4; Note

10 Cisco 7206 VXR Router with ISA Security Policy The 7206 VXR NPE-400 Router Figure 4 shows the tamper evidence label placements. Figure 4 Tamper Evidence Label Placement The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to remove port ad...

Page 11 - Cryptographic Key Management; Secure Operation of the Cisco 7206 VXR NPE-400 Router; Initial Setup; System Initialization and Configuration; configure; command line, the crypto officer enters the following syntax:

11 Cisco 7206 VXR Router with ISA Security Policy Secure Operation of the Cisco 7206 VXR NPE-400 Router Cryptographic Key Management The router securely administers both cryptographic keys and other critical security parameters such as passwords. The tamper evidence seals provide physical protection...

Page 12 - The crypto officer enters the following syntax at the “#” prompt:; Non FIPS-Approved Algorithms; RSA for encryption; Protocols

12 Cisco 7206 VXR Router with ISA Security Policy Secure Operation of the Cisco 7206 VXR NPE-400 Router • The crypto officer must create the “enable” password for the crypto officer role. The password must be at least 8 characters and is entered when the crypto officer first engages the enable comma...

Page 13 - Obtaining Documentation; World Wide Web; and can be more current than; Ordering Documentation; Cisco documentation is available in the following ways:; Documentation Feedback; Feedback; in the toolbar and select; Documentation; . After you complete; Submit; to send it to Cisco.

13 Cisco 7206 VXR Router with ISA Security Policy Obtaining Documentation • Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system and the module. The crypto officer must configure the module so that any remote connections via telnet are secured through IPSec...

Page 14 - We appreciate your comments.; Obtaining Technical Assistance; Technical Assistance Center; Contacting TAC by Using the Cisco TAC Website

14 Cisco 7206 VXR Router with ISA Security Policy Obtaining Technical Assistance To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Attn Document Resource ConnectionCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95...

Page 15 - P3 and P4 level problems are defined as follows:; Contacting TAC by Telephone; P1 and P2 level problems are defined as follows:

15 Cisco 7206 VXR Router with ISA Security Policy Obtaining Technical Assistance P3 and P4 level problems are defined as follows: • P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue. • P4—You need information or assistance on...