Cisco Cisco IOS Software Release 12.4(23)
Installation and Configuration for Common Criteria EAL2 Evaluated Cisco IOS IPSec
Hardware Versions of Hardware IPSec VPN Modules
15
Installation and Configuration for Common Criteria EAL2 Evaluated Cisco IOS IPSec
Enabling Time Stamps
By default, all audit records are not stamped with the time and date, which are generated from the system
clock when an event occurs.
clock when an event occurs.
The Common Criteria evaluated Cisco IOS IPSec requires that the time-stamp feature be enabled on your
Cisco IOS router. To enable the time stamp of audit events, use the service timestamps log datetime
command.
Cisco IOS router. To enable the time stamp of audit events, use the service timestamps log datetime
command.
To ensure that the timestamps option is meaningful, the system clock in your router must be set
correctly. (See the following section, “
correctly. (See the following section, “
,” for more information.)
Setting the System Clock
To provide accurate time stamps for logging and to ensure that your router can process validity dates for
digital certificates, the system clock must be set. Some models of Cisco IOS routers have real-time
clocks that maintain real time when the router is powered down; these real-time clocks are used to
initialize the system clock at startup. Other models of Cisco IOS routers do not have a real-time clock
and must obtain the correct date and time from a reliable time source using the NTP. One example of a
reliable time source is a Cisco IOS router with a real-time clock operating as an NTP Server.
digital certificates, the system clock must be set. Some models of Cisco IOS routers have real-time
clocks that maintain real time when the router is powered down; these real-time clocks are used to
initialize the system clock at startup. Other models of Cisco IOS routers do not have a real-time clock
and must obtain the correct date and time from a reliable time source using the NTP. One example of a
reliable time source is a Cisco IOS router with a real-time clock operating as an NTP Server.
lists router clock functions for use with Cisco IOS IPSec.
Hardware Versions of Hardware IPSec VPN Modules
lists the hardware versions of IPSec VPN modules.
Table 7
Cisco IOS Router Clock Functions
Hardware Family
Real-time Clock
System Clock Documentation
Cisco 800 series
No
NTP client
The chapter “Performing Basic System
Management” (fcf012.pdf) in the part
“System and Network Management” of the
Management” (fcf012.pdf) in the part
“System and Network Management” of the
Cisco 1800 series
Cisco 2800series
Cisco 3800 series
Cisco 7200s eries
Cisco 7300 series
Cisco 7600 series
Cisco 6500 series
Cisco 2800series
Cisco 3800 series
Cisco 7200s eries
Cisco 7300 series
Cisco 7600 series
Cisco 6500 series
Yes
Internal; can
be NTP
server
be NTP
server
Table 8
IPSec VPN Acceleration Modules Hardware Versions
Product Name
Cisco Part Number and Revisions
SPA-IPSEC-2G
68-2163-02, B0
SA-VAM2+
68-2288-05, C0
AIM-VPN/HPII-PLUS
800-24800-01, D0
AIM-VPN/EPII-PLUS
800-24799-01, D0
AIM-VPN/BPII-PLUS
800-24660-01, D0