6-9
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
Chapter 6 FIPS Operation
Returning to Normal Operation
Returning to Normal Operation
Follow these steps to return the Secure Content Accelerator to normal operation.
1.
Connect to the device using a serial management session and enter Privileged
Mode.
[FIPS] SCA> enable
[FIPS] SCA#
2.
Disable FIPS operation.
[FIPS] SCA# no fips enable
3.
Press y when prompted to reboot the Secure Content Accelerator. After the
device reboots, you are prompted for the access-level password. When the
password is accepted, the “[FIPS]” portion of the prompt is removed,
reflecting normal operation of the Secure Content Accelerator.
Backend Server
Configuration
Mode
secpolicy
You can assign any security policy(ies); however, if
non-FIPS-compliant security policies are assigned, the
backend server is marked as “FIPS suspended” upon
exiting Backend Server Configuration mode.
Reverse-Proxy
Server
Configuration
Mode
secpolicy
You can assign any security policy(ies); however, if
non-FIPS-compliant security policies are assigned, the
reverse-proxy server is marked as “FIPS suspended”
upon exiting Reverse-Proxy Server Configuration
mode.
Security Policy
Configuration
Mode
crypto
You can create only security policies containing
FIPS-approved algorithms: DES-CBC-SHA,
EXP1024-DES-CBC-SHA, and/or DES-CBC3-SHA.
Server
Configuration
Mode
secpolicy
You can assign any security policy(ies); however, if
non-FIPS-compliant security policies are assigned, the
server is marked as “FIPS suspended” upon exiting
Server Configuration mode.
Table 6-2
FIPS Mode Command Changes (continued)
Mode
Command
Notes