EasyManuals Logo

Cisco ASR 1001 User Manual

Cisco ASR 1001
72 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #33 background imageLoading...
Page #33 background image
Page 33 of 72
TOE-common-criteria(config-isakmp)# exit
TOE-common-criteria(config)# Crypto isakmp key cisco123!cisco123!CISC address
11.1.1.4
Note: Pre-shared keys on the TOE must be at least 22 characters in length and
can be composed of any combination of upper and lower case letters, numbers,
and special characters (that include: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”,
“(“, and “)”).
The TOE supports pre-shared keys up to 127 characters in length. While longer
keys increase the difficulty of brute-force attacks, longer keys increase processing
time.
TOE-common-criteria (config-isakmp)# group 14
This selects DH Group 14 (2048-bit MODP) for IKE, but 19 (256-bit Random
ECP), 24 (2048-bit MODP with 256-bit POS), 20 (384-bit Random ECP), 15
(3072 bit MODP), and 16 (4096-bit MODP) are also allowed and supported.
TOE-common-criteria (config-isakmp)# lifetime 86400
The default time value for Phase 1 SAs is 24 hours (86400 seconds), but this
setting can be changed using the command above with different values.
TOE-common-criteria (config-isakmp)# crypto isakmp aggressive-mode disable
Main mode is the default mode and the crypto isakmp aggressive-mode disable
ensures all IKEv1 Phase 1 exchanges will be handled in the default main mode.
TOE-common-criteria(config-isakmp)#exit
4.6.1.2 IKEv2 Transform Sets
An Internet Key Exchange version 2 (IKEv2) proposal is a set of transforms used in the
negotiation of IKEv2 SA as part of the IKE_SA_INIT exchange. An IKEv2 proposal is regarded
as complete only when it has at least an encryption algorithm, an integrity algorithm, and a
Diffie-Hellman (DH) group configured. If no proposal is configured and attached to an IKEv2
policy, then the default proposal is used in the negotiation, and it contains selections that are not
valid for the TOE. Thus the following settings must be set in configuring the IPsec with IKEv2
functionality for the TOE:
TOE-common-criteria # conf t
TOE-common-criteria (config)#crypto ikev2 proposal sample
TOE-common-criteria (config-ikev2-proposal)# integrity sha1
TOE-common-criteria (config-ikev2-proposal)# encryption aes-cbc-128
This configures IPsec IKEv2 to use AES-CBC-128 for payload encryption. AES-
CBC-256 can be selected with ‘encryption aes-cbc-256’. AES-GCM-128 and
AES-GCM-256 can also be selected similarly.

Table of Contents

Other manuals for Cisco ASR 1001

Preview: Hardware Installation Guide
Hardware Installation Guide702 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 1001 and is the answer not in the manual?

Cisco ASR 1001 Specifications

General IconGeneral
Ethernet LANYes
Cabling technology10/100/1000Base-T(X)
Networking standards-
Ethernet LAN data rates10, 100, 1000 Mbit/s
Ethernet interface typeGigabit Ethernet
USB ports quantity1
Ethernet LAN (RJ-45) ports4
VPN tunnels quantity8000
Product colorGray
Rack capacity1U
AC input voltage85 - 264 V
Power source typeAC
AC input frequency50 - 60 Hz
Power consumption (typical)250 W
SafetyUL60950-1 CSA, C22.2 No. 60950-1-03, EN 60950-1, IEC 60950-1, AS/NZS 60950.1
CertificationFCC 47CFR15 Class A AS/NZS CISPR 22 CISPR 22 Class A EN55022 Class A ICES-003 Class A VCCI Class A CNS-13438 Class A EN61000-3-2 EN61000-3-3
Internal memory8192 MB
Operating altitude0 - 3048 m
Storage temperature (T-T)0 - 50 °C
Operating temperature (T-T)0 - 40 °C
Storage relative humidity (H-H)5 - 95 %
Operating relative humidity (H-H)5 - 90 %
Weight and Dimensions IconWeight and Dimensions
Depth461.5 mm
Width439.42 mm
Height43.43 mm
Weight11350 g

Related product manuals