User Guide
Page 2
...FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is part of the Cisco 2621XM and 2651XM routers. "Secure Operation of the Cisco 2621XM/2651XM Router" specifically addresses the required configuration for the FIPS-mode of products at www.cisco.com. • The NIST ...VPN/EP FIPS 140-2 Non-Proprietary Security Policy 2 OL-6262-01 This introduction section is available on the Cisco 2621XM and Cisco 2651XM routers and the Cisco 2600 Series from the following sources: • The Cisco Systems website contains information on the Cisco Systems website at www.cisco...
...FIPS 140-2 Validation Submission Documentation is Cisco-proprietary and is part of the Cisco 2621XM and 2651XM routers. "Secure Operation of the Cisco 2621XM/2651XM Router" specifically addresses the required configuration for the FIPS-mode of products at www.cisco.com. • The NIST ...VPN/EP FIPS 140-2 Non-Proprietary Security Policy 2 OL-6262-01 This introduction section is available on the Cisco 2621XM and Cisco 2651XM routers and the Cisco 2600 Series from the following sources: • The Cisco Systems website contains information on the Cisco Systems website at www.cisco...
User Guide
Page 7
... services. A complete description of all the management and configuration capabilities of the Cisco 2621XM and 2651XM Routers can use the encryption and decryption functionality after authentication to the Crypto Officer role by providing a valid username and password. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262...
... services. A complete description of all the management and configuration capabilities of the Cisco 2621XM and 2651XM Routers can use the encryption and decryption functionality after authentication to the Crypto Officer role by providing a valid username and password. Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262...
User Guide
Page 8
...version of IOS currently running • Network Functions-connect to the IOS executive program. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. If the password is correct, the User... is entirely encased by accessing the console port with AIM-VPN/EP FIPS 140..., ports, TCP connection establishment, or packet direction. • Status Functions-view the router configuration, routing tables, active sessions, use Gets to be removed (see Figure 5) to allow ...
...version of IOS currently running • Network Functions-connect to the IOS executive program. Cisco 2621XM and Cisco 2651XM Modular Access Routers with a terminal program. If the password is correct, the User... is entirely encased by accessing the console port with AIM-VPN/EP FIPS 140..., ports, TCP connection establishment, or packet direction. • Status Functions-view the router configuration, routing tables, active sessions, use Gets to be removed (see Figure 5) to allow ...
User Guide
Page 9
Figure 5 Cisco 2621XM and Cisco 2651XM Chassis Removal The 2621XM/2651XM Router POWER RPS ACTIVITY Cisco 2600 SERIES 99497 Any NM or WIC ... and WICs must be populated with each router, and additional covers may be ordered from Cisco. The temperature of the label covers the enclosure and the other half covers the WAN ...Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 9 The tamper evidence label should be followed to remove the enclosure will leave tamper evidence. Once the router has been configured...
Figure 5 Cisco 2621XM and Cisco 2651XM Chassis Removal The 2621XM/2651XM Router POWER RPS ACTIVITY Cisco 2600 SERIES 99497 Any NM or WIC ... and WICs must be populated with each router, and additional covers may be ordered from Cisco. The temperature of the label covers the enclosure and the other half covers the WAN ...Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 9 The tamper evidence label should be followed to remove the enclosure will leave tamper evidence. Once the router has been configured...
User Guide
Page 12
... key is considered plaintext for authentication. (plaintext) The key used in DRAM. NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with a new password. DRAM (plaintext) The ARAP key that is identical to encrypt this...This key NVRAM is zeroized when the "no username password" zeroizes the password (that it with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01 However, it is in the module binary..., this password is zeroized upon completion of the configuration file. NVRAM (plaintext) The RADIUS shared secret.
... key is considered plaintext for authentication. (plaintext) The key used in DRAM. NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with a new password. DRAM (plaintext) The ARAP key that is identical to encrypt this...This key NVRAM is zeroized when the "no username password" zeroizes the password (that it with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01 However, it is in the module binary..., this password is zeroized upon completion of the configuration file. NVRAM (plaintext) The RADIUS shared secret.
User Guide
Page 13
... Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 r CSP 2 r CSP 3 r CSP 4 r CSP 5 r CSP 6 r CSP 7 r CSP 8 r CSP 9 r CSP 10 r CSP 11 r dr w d r w d r w d r w d r w d r w d r w d r w d r w d r w d r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP...
... Role Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy Security Relevant Data Item CSP 1 r CSP 2 r CSP 3 r CSP 4 r CSP 5 r CSP 6 r CSP 7 r CSP 8 r CSP 9 r CSP 10 r CSP 11 r dr w d r w d r w d r w d r w d r w d r w d r w d r w d r w d r w d Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP...
User Guide
Page 14
...Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 12 CSP 13 CSP 14 CSP 15 CSP 16 CSP 17 CSP 18 CSP 19 CSP 20 CSP 21 CSP 22 CSP 23 r r w d r r w d r r w d r r w d r r w r r w d r r w d r r w d r r w d r r w w d d r r w d r r w d Cisco 2621XM and Cisco... 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 14 OL-6262-01
...Configure the Router Define Rules and Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cards SRDI/Role/Service Access Policy CSP 12 CSP 13 CSP 14 CSP 15 CSP 16 CSP 17 CSP 18 CSP 19 CSP 20 CSP 21 CSP 22 CSP 23 r r w d r r w d r r w d r r w d r r w r r w d r r w d r r w d r r w d r r w w d d r r w d r r w d Cisco 2621XM and Cisco... 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 14 OL-6262-01
User Guide
Page 15
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 15 Table 5 Role and Service Access to CSPs (continued) The 2621XM/2651XM Router Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status...
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 15 Table 5 Role and Service Access to CSPs (continued) The 2621XM/2651XM Router Role/Service User Role Status Functions Network Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules and Filters Status...
User Guide
Page 18
...; IPSec Requirements and Cryptographic Algorithms • There are two types of key management method that are allowed in a FIPS 140-2 configuration: - esp-des Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 18 OL-6262-01 The password must be at least 8 characters long. • If...
...; IPSec Requirements and Cryptographic Algorithms • There are two types of key management method that are allowed in a FIPS 140-2 configuration: - esp-des Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 18 OL-6262-01 The password must be at least 8 characters long. • If...
User Guide
Page 19
... • Cisco 2600 Series Hardware Installation Guide • Software Configuration Guide for signing - MD-5 HMAC Protocols All SNMP operations must configure the module so that SSH uses only FIPS-approved algorithms. Related Documentation For more information about the Cisco 2621XM and Cisco 2651XM modular access... Cisco Systems. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.com Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP...
... • Cisco 2600 Series Hardware Installation Guide • Software Configuration Guide for signing - MD-5 HMAC Protocols All SNMP operations must configure the module so that SSH uses only FIPS-approved algorithms. Related Documentation For more information about the Cisco 2621XM and Cisco 2651XM modular access... Cisco Systems. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.com Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP...
User Guide
Page 21
... a critical impact to resolve the situation. Severity 4 (S4)-You require information or assistance with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 21 Cisco 2621XM and Cisco 2651XM Modular Access Routers with Cisco product capabilities, installation, or configuration. There is impaired, but do not have a user ID or password, you can register...
... a critical impact to resolve the situation. Severity 4 (S4)-You require information or assistance with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy OL-6262-01 21 Cisco 2621XM and Cisco 2651XM Modular Access Routers with Cisco product capabilities, installation, or configuration. There is impaired, but do not have a user ID or password, you can register...
User Guide
Page 22
... by Cisco Systems, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to Cisco Press at this URL: http://www.cisco.com/go to scores of the latest industry trends, technology breakthroughs, and Cisco products and... and private internets and intranets. You can access Packet magazine at this URL: http://www.cisco.com/en/US/learning/index.html Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 22 OL-6262-01 For current...
... by Cisco Systems, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to Cisco Press at this URL: http://www.cisco.com/go to scores of the latest industry trends, technology breakthroughs, and Cisco products and... and private internets and intranets. You can access Packet magazine at this URL: http://www.cisco.com/en/US/learning/index.html Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 22 OL-6262-01 For current...
Hardware Installation Guide
Page 71
... Installation Guide 3-25 For configuration procedures using SDM to perform the initial configuration. for help with a virtual private network (VPN) bundle, Cisco Router and Security Device Manager is now available Press RETURN to configure the router, see the router rebooting and ROM monitor information in the Cisco IOS Configuration Fundamentals Configuration Guide for initial configuration using one of the...
... Installation Guide 3-25 For configuration procedures using SDM to perform the initial configuration. for help with a virtual private network (VPN) bundle, Cisco Router and Security Device Manager is now available Press RETURN to configure the router, see the router rebooting and ROM monitor information in the Cisco IOS Configuration Fundamentals Configuration Guide for initial configuration using one of the...