EasyManua.ls Logo

Cisco Catalyst 4503-E - Page 46

Cisco Catalyst 4503-E
88 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Cisco Cat4K NDPP ST 11 March 2014
EDCS-1228241
46
FCS_IPSEC_EXT.1.3 The TSF shall ensure that IKEv1 SA lifetimes are able to
be limited to 24 hours for Phase 1 SAs and 8 hours for
Phase 2 SAs.
FCS_IPSEC_EXT.1.4 The TSF shall ensure that IKEv1 SA lifetimes are able to
be limited to [an administratively configurable number
of kilobytes including the range from 100 200] MB of
traffic for Phase 2 SAs.
FCS_IPSEC_EXT.1.5 The TSF shall ensure that all IKE protocols implement DH
Groups 14 (2048-bit MODP) and [no other DH groups].
FCS_IPSEC_EXT.1.6 The TSF shall ensure that all IKE protocols implement Peer
Authentication using the [rDSA] algorithm.
FCS_IPSEC_EXT.1.7 The TSF shall support the use of pre-shared keys (as
referenced in the RFCs) for use in authenticating its IPsec
connections.
FCS_IPSEC_EXT.1.8 The TSF shall support the following:
Pre-shared keys shall be able to be composed of any
combination of upper and lower case letters, numbers,
and special characters (that include: “!”, “@”, “#”, “$”,
“%”, “^”, “&”, “*”, “(“, and “)”);
Pre-shared keys of 22 characters [no other lengths].
5.2.2.10 FCS_SSH_EXT.1: SSH
FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies
with RFCs 4251, 4252, 4253, and 4254.
FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH connection be rekeyed
after no more than 2
28
packets have been transmitted using
that key.
FCS_SSH_EXT.1.3 The TSF shall ensure that the SSH protocol implements a
timeout period for authentication as defined in RFC 4252 of
[120 seconds], and provide a limit to the number of failed
authentication attempts a client may perform in a single
session to [3] attempts.
FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH protocol implementation
supports the following authentication methods as described in
RFC 4252: public key-based, password-based.
FCS_SSH_EXT.1.5 The TSF shall ensure that, as described in RFC 4253, packets
greater than [35,000] bytes in an SSH transport connection
are dropped.
FCS_SSH_EXT.1.6 The TSF shall ensure that the SSH transport implementation
uses the following encryption algorithms: AES-CBC-128,
AES-CBC-256, [no other algorithms].

Table of Contents

Related product manuals