Cisco Cisco IOS Software Release 12.4(23)

The Common Criteria TOE for Cisco IOS IPSec defines the following two groups of features:

 

IPSec IKE using pre-shared keys, RSA keys or digital certificates

IPSec ESP using tunnel or transport mode with 3DES or AES

Hardware acceleration of IPSec (see 

) 

Cryptographic key generation and management

Inbound access-lists

Message logging

User authentication for access to the Command Line Interface using locally configured accounts 

Time management

Upon delivery, a Cisco IOS router is not configured to support any of these security enforcing or 
supporting functions. To ensure that your router is operating in accordance with Common Criteria 
evaluated Cisco IOS IPSec, these functions must be explicitly configured as described in this document 
and in the appropriate product documentation.

Security enforcing features should be configured as described in the following sections of the Cisco IOS 
Security Configuration Guide

Configuring Internet Key Exchange for IPSec VPNs (sec_ike.pdf)

Configuring Security for VPNs with IPSec (sec_ipse.pdf)

To ensure that your Cisco IOS router configuration is consistent with Common Criteria evaluated 
Cisco IOS IPSec, you must consider the IPSec options listed in 

.

7604_Router#show idprom module 3/0

IDPROM for SPA module #3/0

 (FRU is 'IPSec Shared Port Adapter with 2 Gbps DES/3DES/AES')

 Product Identifier (PID) : SPA-IPSEC-2G        

 Version Identifier (VID) : V01 

 PCB Serial Number        : JAB100809MK

 Top Assy. Part Number    : 68-2163-02

 Top Assy. Revision       : B0  

 Hardware Revision        : 1.0

 CLEI Code                : CNUCAC0AAA

230579