Cisco Systems SM-ISM Manual De Usuario
1-3
Integrated Services Adapter and Integrated Services Module Installation and Configuration
OL-3575-01 B0
Chapter 1 Overview
Features
•
CA—In addition, Certificate Authority (CA) interoperability is provided in support of the IPSec
standard, using Certificate Enrollment Protocol (CEP). CEP permits Cisco IOS devices and CAs to
communicate so that your Cisco IOS device can obtain and use digital certificates from the CA.
Although IPSec can be implemented in your network without the use of a CA, using a CA provides
manageability and scalability for IPSec.
standard, using Certificate Enrollment Protocol (CEP). CEP permits Cisco IOS devices and CAs to
communicate so that your Cisco IOS device can obtain and use digital certificates from the CA.
Although IPSec can be implemented in your network without the use of a CA, using a CA provides
manageability and scalability for IPSec.
The component technologies implemented for IPSec include:
•
DES and Triple DES—The Data Encryption Standard (DES) and Triple DES (3DES) are used to
encrypt packet data. Cisco IOS implements the 3-key triple DES and DES-CBC with Explicit IV.
Cipher Block Chaining (CBC) requires an initialization vector (IV) to start encryption. The IV is
explicitly given in the IPSec packet.
encrypt packet data. Cisco IOS implements the 3-key triple DES and DES-CBC with Explicit IV.
Cipher Block Chaining (CBC) requires an initialization vector (IV) to start encryption. The IV is
explicitly given in the IPSec packet.
•
MD5 (HMAC variant)—MD5 is a hash algorithm. HMAC is a keyed hash variant used to
authenticate data.
authenticate data.
•
SHA (HMAC variant)—SHA is a hash algorithm. HMAC is a keyed hash variant used to
authenticate data.
authenticate data.
IPSec as implemented in Cisco IOS software supports the following additional standards:
•
AH—Authentication Header is a security protocol that provides data authentication and optional
antireplay services.
antireplay services.
The AH protocol allows for the use of various authentication algorithms; Cisco IOS has
implemented the mandatory MD5 and SHA (HMAC variants) authentication algorithms. The AH
protocol provides antireplay services.
implemented the mandatory MD5 and SHA (HMAC variants) authentication algorithms. The AH
protocol provides antireplay services.
•
ESP—Encapsulating Security Payload is a security protocol that provides data privacy services,
optional data authentication, and antireplay services. ESP encapsulates the data to be protected. The
ESP protocol allows for the use of various cipher algorithms and (optionally) various authentication
algorithms. Cisco IOS software implements the mandatory 56-bit DES-CBC with Explicit IV or
Triple DES as the encryption algorithm, and MD5 or SHA (HMAC variants) as the authentication
algorithms. The updated ESP protocol provides antireplay services.
optional data authentication, and antireplay services. ESP encapsulates the data to be protected. The
ESP protocol allows for the use of various cipher algorithms and (optionally) various authentication
algorithms. Cisco IOS software implements the mandatory 56-bit DES-CBC with Explicit IV or
Triple DES as the encryption algorithm, and MD5 or SHA (HMAC variants) as the authentication
algorithms. The updated ESP protocol provides antireplay services.
Features
This section describes the ISA/ISM features, as listed in
Table 1-1
Features
Feature
Description
Physical
Integrated Service Adapter (ISA)
Integrated Service Module (ISM)
Platform Support
Cisco 7100 series
•
Cisco 7120 series and Cisco 7140 series
Cisco 7200 series and Cisco 7200VXR series (ISA only)
1
•
Cisco 7202, Cisco 7204, and Cisco 7206
•
Cisco 7204VXR and Cisco 7206VXR
Hardware Prerequisites
None
Throughput
Up to full duplex DS3 (90 Mbps) using 3DES