Name: Cisco ASR 1001
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Page 34 of 72

Note: the authorized administrator must ensure that the keysize for this setting is

greater than or equal to the keysize selected for ESP in Section 4.6.2 below. If

AES 128 is selected here, then the highest keysize that can be selected on the TOE

for ESP is AES 128 (either CBC or GCM).

Note: Both confidentiality and integrity are configured with the hash sha and

encryption aes commands respectively. As a result, confidentiality-only mode is

disabled.

TOE-common-criteria (config-ikev2-proposal)# group 14

This selects DH Group 14 (2048-bit MODP) for IKE, but 19 (256-bit Random

ECP), 24 (2048-bit MODP with 256-bit POS), 20 (384-bit Random ECP), 15

(3072 bit MODP), and 16 (4096-bit MODP) are also allowed and supported.

TOE-common-criteria (config)#crypto ikev2 keyring keyring-1

TOE-common-criteria (config-ikev2-keyring)# peer peer1

TOE-common-criteria (config-ikev2-keyring-peer)# address 0.0.0.0 0.0.0.0

TOE-common-criteria (config-ikev2-keyring-peer)# pre-shared-key

cisco123!cisco123!CISC

This section creates a keyring to hold the pre-shared keys referenced in the steps

above. In IKEv2 these pre-shared keys are specific to the peer.

Note: Pre-shared keys on the TOE must be at least 22 characters in length and

can be composed of any combination of upper and lower case letters, numbers,

and special characters (that include: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”,

“(“, and “)”).

The TOE supports pre-shared keys up to 128 bytes in length. While longer keys

increase the difficulty of brute-force attacks, longer keys increase processing

time.

HEX keys generated off system can also be input for IKEv2 using the following

instead of the pre-shared-key command above: ‘pre-shared-key hex [hex key]’.

For example: pre-shared-key hex 0x6A6B6C.

This configures IPsec to use pre-shared keys. X.509 v3 certificates are also

supported for authentication of IPsec peers. See Section 4.6.3 below for

additional information.

TOE-common-criteria (config)#crypto logging ikev2

This setting enables IKEv2 syslog messages.

Note: The configuration above is not a complete IKE v2 configuration, and that additional

settings will be needed. See [18] Configuring Internet Key Exchange Version 2 (IKEv2) for

additional information on IKE v2 configuration.

Other manuals for Cisco ASR 1001

Questions and Answers:

Need help?

Do you have a question about the Cisco ASR 1001 and is the answer not in the manual?

General

Ethernet LAN	Yes
Cabling technology	10/100/1000Base-T(X)
Networking standards	-
Ethernet LAN data rates	10, 100, 1000 Mbit/s
Ethernet interface type	Gigabit Ethernet
USB ports quantity	1
Ethernet LAN (RJ-45) ports	4
VPN tunnels quantity	8000
Product color	Gray
Rack capacity	1U
AC input voltage	85 - 264 V
Power source type	AC
AC input frequency	50 - 60 Hz
Power consumption (typical)	250 W
Safety	UL60950-1 CSA, C22.2 No. 60950-1-03, EN 60950-1, IEC 60950-1, AS/NZS 60950.1
Certification	FCC 47CFR15 Class A AS/NZS CISPR 22 CISPR 22 Class A EN55022 Class A ICES-003 Class A VCCI Class A CNS-13438 Class A EN61000-3-2 EN61000-3-3
Internal memory	8192 MB
Operating altitude	0 - 3048 m
Storage temperature (T-T)	0 - 50 °C
Operating temperature (T-T)	0 - 40 °C
Storage relative humidity (H-H)	5 - 95 %
Operating relative humidity (H-H)	5 - 90 %