24
Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note
OL-6334-01
Cryptographic Key Management
The module supports the following:
•
DES (only for legacy systems)
•
3DES
•
SHA-1
•
MD-5
•
MD-4
•
SHA-1
•
HMAC
•
DES MAC
•
Triple-DES MAC
•
MD5 HMAC
•
Diffie-Hellman
•
RSA [for digital signatures and encryption/decryption (for IKE authentication)]
Table 4
Role and Service Access to Critical Security Parameters (CSPs)
SRDI/Role/
Service Access Policy
Security
Relevant
Data Item
Critical Security Parameters
Role/Service
—
User Role
—
Status Functions
—
Network Functions
•
CSP 1–20 (R)
•
CSP 22–27 (R)
Terminal Functions
—
Directory Functions
—
Crypto-Officer Role
—
Configure the Router
•
CSP 13 (R/W/D)
•
CSP 19 (R/W/D)
•
CSP 21 (R/W/D)
•
CSP 25 (R/W/D)
Define Rules and Filters
—
Status Functions
—
Manage the Router
CSP 1 (R)
CSP 20–22 (R/W/D)
CSP 24 (D)
CSP 27–31 (R/W/D)
Set Encryption/Bypass
—
Change Port Adapters
—
