Cisco Cisco IOS Software Release 12.4(23)
Installation and Configuration for Common Criteria EAL2 Evaluated Cisco IOS IPSec
Configuration Notes
13
Installation and Configuration for Common Criteria EAL2 Evaluated Cisco IOS IPSec
Figure 3
Sample show idprom module 3/0 Output That Shows the IPSec VPN Module Serial
Number
Number
Configuration Notes
The Common Criteria TOE for Cisco IOS IPSec defines the following two groups of features:
•
–
IPSec IKE using pre-shared keys, RSA keys or digital certificates
–
IPSec ESP using tunnel or transport mode with 3DES or AES
–
)
–
Cryptographic key generation and management
•
–
Inbound access-lists
–
Message logging
–
User authentication for access to the Command Line Interface using locally configured accounts
–
Time management
Note
Upon delivery, a Cisco IOS router is not configured to support any of these security enforcing or
supporting functions. To ensure that your router is operating in accordance with Common Criteria
evaluated Cisco IOS IPSec, these functions must be explicitly configured as described in this document
and in the appropriate product documentation.
supporting functions. To ensure that your router is operating in accordance with Common Criteria
evaluated Cisco IOS IPSec, these functions must be explicitly configured as described in this document
and in the appropriate product documentation.
Security Enforcing
Security enforcing features should be configured as described in the following sections of the Cisco IOS
Security Configuration Guide
Security Configuration Guide
–
Configuring Internet Key Exchange for IPSec VPNs (sec_ike.pdf)
–
Configuring Security for VPNs with IPSec (sec_ipse.pdf)
To ensure that your Cisco IOS router configuration is consistent with Common Criteria evaluated
Cisco IOS IPSec, you must consider the IPSec options listed in
Cisco IOS IPSec, you must consider the IPSec options listed in
.
7604_Router#show idprom module 3/0
IDPROM for SPA module #3/0
(FRU is 'IPSec Shared Port Adapter with 2 Gbps DES/3DES/AES')
Product Identifier (PID) : SPA-IPSEC-2G
Version Identifier (VID) : V01
PCB Serial Number : JAB100809MK
Top Assy. Part Number : 68-2163-02
Top Assy. Revision : B0
Hardware Revision : 1.0
CLEI Code : CNUCAC0AAA
230579