Cisco Cisco IOS Software Release 12.4(23)
Installation and Configuration for Common Criteria EAL2 Evaluated Cisco IOS IPSec
Audience
3
Installation and Configuration for Common Criteria EAL2 Evaluated Cisco IOS IPSec
Audience
This document is written for administrators configuring a Cisco IOS router in accordance with the
Common Criteria evaluated Cisco IOS IPSec. This document assumes you are familiar with networks
and network terminology, that you are a trusted individual, and that you have been trained for use with
IPSec technology and its applications; for example, site-to-site Virtual Private Networks (VPNs). There
are no components of the Cisco IP System that are accessible to non-administrative users (end-users),
and hence there is no user-level documentation.
Common Criteria evaluated Cisco IOS IPSec. This document assumes you are familiar with networks
and network terminology, that you are a trusted individual, and that you have been trained for use with
IPSec technology and its applications; for example, site-to-site Virtual Private Networks (VPNs). There
are no components of the Cisco IP System that are accessible to non-administrative users (end-users),
and hence there is no user-level documentation.
Supported Hardware and Software Versions
The hardware and software combinations that are complaint with Common Criteria evaluated Cisco IOS
IPSec are outlined in
IPSec are outlined in
. To display the hardware version of an IPSec/VPN Hardware module, use
the show diag command.
Table 1
Supported Hardware and Software for the Common Criteria Evaluated Cisco IOS IPSec
Hardware Family
Supported Models
IPSec Hardware
Acceleration Module
Acceleration Module
1
1.
Support for RSA public/private key pairs for IKE authentication requires the use of an IPSec hardware acceleration
module. Models listed as using “Built In” modules do not support RSA public/private key pairs for IKE authentication.
module. Models listed as using “Built In” modules do not support RSA public/private key pairs for IKE authentication.
Cisco IOS Release
Cisco 800 series
871, 876, 877, 878,
851, 851W, 857,
857W
851, 851W, 857,
857W
Built In
Cisco IOS 12.4(6)T3
Cisco 1800 series
1841
optionally with
AIM-VPN/BPII-PLUS
AIM-VPN/BPII-PLUS
Cisco IOS 12.4(7)
1801, 1802, 1803,
1811, 1812
1811, 1812
Built In
Cisco IOS 12.4(6)T3
Cisco 2800 series
2801,2811, 2821,
2851
2851
optionally with
AIM-VPN/EPII-PLUS
AIM-VPN/EPII-PLUS
Cisco IOS 12.4(7)
Cisco 3800 series
3825
optionally with
AIM-VPN/EPII-PLUS
AIM-VPN/EPII-PLUS
Cisco IOS 12.4(7)
3845
optionally with
AIM-VPN/HPII-PLUS
AIM-VPN/HPII-PLUS
Cisco IOS 12.4(7)
Cisco 7200 series
7204, 7206
SA-VAM2+
Cisco IOS 12.4(7)
Cisco 7300 series
7301
SA-VAM2+
Cisco IOS 12.4(7)
Cisco 7600
Catalyst 6500
Any 6500 or 7600
with Supervisor
Engine 720,
720-3B, or
720-3BXL
with Supervisor
Engine 720,
720-3B, or
720-3BXL
SPA-IPSEC-2G
Cisco IOS 12.2(33)SRA