Enter a new HSM-SO password for card 1:
<define a new HSM-SO
password, or use the same HSM-SO password as for card 0>
Re-enter to confirm:
The HSM-SO iKey has been updated.
Verify that HSM-USER iKey (blue) is inserted in card 1 (with
flashing LED).
Hit enter when done.
Enter a new HSM-USER password for card 1:
<define a new HSM-USER
password, or use the same HSM-USER password as for card 0>
Re-enter to confirm:
The HSM-USER iKey has been updated.
Card 1 successfully initialized.
6. Split the wrap key from HSM card 0 onto the CODE-SO and CODE-USER iKeys.
This step is related to splitting the software wrap key used internally in the cluster,
and then loading the split wrap key onto the two black CODE-SO and CODE-USER
iKeys. These iKeys will then be used to transfer the cluster wrap key onto another
HSM card either within the same ASA 310-FIPS device (as in
step 7
on
page 60), or to HSM cards in an ASA 310-FIPS device that is added to the current
cluster.
Each ASA 310-FIPS device is shipped with four black CODE iKeys. However, you
will only need to use two of these in one given cluster. The extra two black iKeys
can be used to create a pair of backup CODE iKeys. For more information about
how to create a pair of backup CODE iKeys, see the
splitkey
command on the
HSM menu (described under Maintenance Menu in the
Command Reference
).
To successfully split and load the cluster wrap key onto the correct iKeys, you need
the following:
• Two black CODE iKeys, supposedly labeled "CODE-SO" and "CODE-USER"
respectively.
If the black iKeys are not already labeled CODE-SO and CODE-USER respectively,
you are recommended to do so before inserting them. Whenever the cluster wrap
key needs to be transferred onto an initialized HSM card, you will be prompted for
the specific CODE iKey, in turns. Having each iKey properly labeled CODE-SO and
CODE-USER respectively will make this procedure easier.
( newsetup, continued)
Should new or existing CODE iKeys be used? (new/existing)
[new]:
<press ENTER to select new>
Verify that CODE-SO iKey (black) is inserted in card 0 (with
flashing LED).
Hit enter when done.
Verify that HSM-USER iKey (blue) is inserted in card 0 (with
flashing LED).
Hit enter when done.
Verify that CODE-USER iKey (black) is inserted in card 0 (with
Installing an ASA 310-FIPS
User Guide
April 2013 59
Summary of Contents for 3050-VM
Page 1: ...User Guide Avaya VPN Gateway Release 9 0 NN46120 104 Issue 04 04 April 2013 ...
Page 4: ...4 User Guide April 2013 Comments infodev avaya com ...
Page 12: ...12 User Guide April 2013 ...
Page 20: ...New in this release 20 User Guide April 2013 Comments infodev avaya com ...
Page 30: ...Introducing the VPN Gateway 30 User Guide April 2013 Comments infodev avaya com ...
Page 36: ...Introducing the ASA 310 FIPS 36 User Guide April 2013 Comments infodev avaya com ...
Page 74: ...Upgrading the AVG Software 74 User Guide April 2013 Comments infodev avaya com ...
Page 86: ...Managing Users and Groups 86 User Guide April 2013 Comments infodev avaya com ...
Page 130: ...The Command Line Interface 130 User Guide April 2013 Comments infodev avaya com ...
Page 162: ...Supported Ciphers 162 User Guide April 2013 Comments infodev avaya com ...
Page 212: ...Syslog Messages 212 User Guide April 2013 Comments infodev avaya com ...
Page 242: ...Definition of Key Codes 242 User Guide April 2013 Comments infodev avaya com ...
Page 259: ...Creating a Port Forwarder Authenticator User Guide April 2013 259 ...
Page 266: ...Using the Port Forwarder API 266 User Guide April 2013 Comments infodev avaya com ...
Page 274: ...X 509 274 User Guide April 2013 Comments infodev avaya com ...