Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. DES/3DES VIRTUAL PRIVATE NETWORK ENCRYPTION AIM FOR 2600-BASE PERFORMANCE
  5. Specification Guide

Cisco DES/3DES VIRTUAL PRIVATE NETWORK ENCRYPTION AIM FOR 2600-BASE PERFORMANCE Specification Guide

Download
Page of 12
Cisco Systems, Inc.
All contents are Copyright © 2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 12
Features
Cisco fully supports the entire set of Request For Comments (RFCs) describing IPSec and related protocols, RFCs
2401-2410. In particular, Cisco supports the following features:
• AES—The Advanced Encryption Standard (AES). The National Institute of Standards and Technology (NIST)
created AES, as a new Federal Information Processing Standard (FIPS) publication, and is privacy transforms for
IPSec and Internet Key Exchange (IKE). AES has a variable key length—the algorithm can specify a 128-bit key
(default), a 192-bit key, or a 256-bit key. The new AIM-VPN/BPII, AIM-VPN/EPII and HPII are optimized for
AES128 only in hardware. The new AIM-VPN/BPII-PLUS, AIM-VPN/EPII-PLUS and HPII-PLUS are optimized
for all three AES key sizes: AES128, AES192, and AES256 in hardware. See for details on AES
).
• IPSec—Uses encryption technology to provide data confidentiality, integrity, and authenticity between
participating peers in a private network. Cisco provides full encapsulating security payload (ESP) and
authentication header (AH) support.
• IKE—Based on the Internet Security Association Key Management Protocol, or ISAKMP/Oakley, provides
security association management. IKE authenticates each peer in an IPSec transaction, negotiates security policy,
and handles the exchange of session keys.
• Certificate management—Cisco fully supports the X509.V3 certificate system for device authentication and the
Simple Certificate Enrollment Protocol (SCEP), a protocol for communicating with certificate authorities. Several
vendors, including Verisign, Entrust Technologies, and Microsoft support Cisco SCEP and are interoperable with
Cisco devices.
• DES, 3DES, AES—Encryption is required for all packets destined for an IPSec tunnel. The Cisco 1700, 2600,
3600, and 3700 Series VPN Module encrypts data with DES or 3DES while freeing the main processor for other
tasks. AIM-VPN/BPII, AIM-VPN/EPII and HPII can also support AES.
• RSA signatures and Diffie-Hellman—Used every time an IPSec tunnel is established to authenticate the IKE SA.
Diffie-Hellman is used to derive the shared secret encryption key for the protection of data across the IKE SA,
including the negotiation of the IPSec policy to be used.
• Enhanced security—Hardware-based cryptography offers several security advantages over software-based
solutions, including enhanced protection of keys.
Certifications
Cisco is committed to maintaining an active product certification and evaluation program for customer’s worldwide.
We recognize that certifications and evaluations are important to our customers, and we continue to be a leader in
providing certified and evaluated products to the marketplace. We also will continue to work with international
security standards bodies to help shape the future of certified and evaluated products, and will work to accelerate
certification and evaluation processes. Certification and evaluation are considered at the earliest part of our product
development cycle, and we will continue to position our security products to insure that customers have a variety of
certified and evaluated products to meet their needs.