Page 30 of 72
Note: Details for the password encryption aes command can be found in the: [10] Under
Reference Guides Command References Security and VPN See manual Cisco IOS
Security Command Reference: Commands M to R.
4.3 Clock Management
Clock management is restricted to the privileged administrator.
[15] contains information on setting the local hardware clock or NTP sources. When Network
Time Protocol (NTP) is configured, the time is synchronized with a NTP server over NTPv3.
NTP runs on UDP, which in turn runs on IP. NTP Version 3 (NTPv3) is documented in RFC
1305.
4.4 Identification and Authentication
Configuration of Identification and Authentication settings is restricted to the privileged
administrator.
The ASR can be configured to use any of the following authentication methods:
Remote authentication (RADIUS)
o Refer to “Authentication Server Protocols” elsewhere in this document for more
details.
Local authentication (password or SSH public key authentication);
o Note: this should only be configured for local fallback if the remote authentication
server is not available.
X.509v3 certificates
o Refer to “X.509 Certificates” in Section Error! Reference source not
found.below for more details.
4.5 Login Banners
The TOE may be configured by the privileged administrators with banners using the banner
login command. This banner is displayed before the username and password prompts. To create
a banner of text “This is a banner” use the command
banner login ^c This is a banner ^c
where c is the delimiting character. The delimiting character may be any character except ?, and
it must not be part of the banner message.
4.6 Virtual Private Networks (VPN)
4.6.1 IPsec Overview
The TOE allows all privileged administrators to configure Internet Key Exchange (IKE) and
IPSEC policies. IPsec provides the following network security services:
To Next Page
Loading...
