Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
5-13
Cisco ASA Series 명령 참조, S 명령      
 
5      show crashinfo through show curpriv 명령
  show crypto accelerator statistics     
Diffie-Hellman 통계는 모듈러스 크기가 1024보다 큰 암호화 작업이 소프트웨어에서 수행되고 있음
을 보여 줍니다(예: DH5(Diffie-Hellman 그룹 5에서 1536 사용)). 이 경우 2048비트 키 인증서는 소프
트웨어에서 처리되며, 이로 인해 많은 세션이 실행 중인 경우 CPU 사용량이 증가할 수 있습니다. 
참고
ASA 5505(Cavium CN505 프로세서 탑재)는 하드웨어 가속화 768비트 및 1024비트 키 생성에 대해 
Diffie-Hellman 그룹 1 및 2만 지원합니다. Diffie-Hellman 그룹 5(1536비트 키 생성)는 소프트웨어
에서 수행됩니다.
Adaptive Security Appliance의 단일 암호화 엔진은 IPsec 및 SSL 작업을 수행합니다. 부팅 시 하드
웨어 암호화 가속기에 로드된 암호화(Cavium) 마이크로코드의 버전을 표시하려면 show version 명
령을 입력합니다. 예를 들면 다음과 같습니다.
ciscoasa(config) show version
Cisco Adaptive Security Appliance Software Version 8.0(4)8
Device Manager Version 6.1(5)
Compiled on Wed 15-Oct-09 17:27 by builders
System image file is “disk0:/interim/asa804-8-k8.bin”
Config file at boot was "startup-config"
asa up 5 days 17 hours
Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 512MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                              Boot microcode   : CN1000-MC-BOOT-2.00
                              SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                              IPsec microcode  : CNlite-MC-IPSECm-MAIN-2.05
DSA 통계는 2단계로 키 생성을 보여 줍니다. 첫 번째 단계에서는 시스템의 여러 사용자 간에 공유
할 수 있는 알고리즘 파라미터를 선택합니다. 두 번째 단계에서는 단일 사용자의 개인 키 및 공개 
키를 계산합니다.
SSL 통계는 하드웨어 암호화 가속기에 대한 SSL 트랜잭션에 포함된 프로세서 중심적 공개 키 암
호화 알고리즘에 대한 기록을 보여 줍니다.
RNG 통계는 키로 사용할 동일한 난수 집합을 자동으로 생성할 수 있는 발신자 및 수신자에 대한 
기록을 보여 줍니다.
글로벌 컨피그레이션 모드에서 입력된 다음 예에서는 전역 암호화 가속기 통계를 보여 줍니다.
ciscoasa # show crypto accelerator statistics
Crypto Accelerator Status
-------------------------
[Capacity]
   Supports hardware crypto: True
   Supports modular hardware crypto: False
   Max accelerators: 1
   Max crypto throughput: 100 Mbps
   Max crypto connections: 750
[Global Statistics]
   Number of active accelerators: 1
   Number of non-operational accelerators: 0
   Input packets: 700
   Input bytes: 753488
   Output packets: 700
   Output error packets: 0
   Output bytes: 767496
[Accelerator 0]