Specifications

ManualsBrandsCisco ManualsComputer equipment1841 - 1841 Integrated Services Router

© Copyright 2007 Cisco Systems, Inc.

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

21

IKE RSA

Authentication

Public Key

RSA RSA public key for IKE authentication.

Generated or entered like any RSA key, set

as IKE RSA Authentication Key with the

“crypto keyring” or “ca trust-point”

command.

NVRAM “# crypto key zeroize rsa"

IKE RSA

Encrypted

Nonce Private

Key

RSA RSA private key for IKE encrypted nonces.

Generated like any RSA, with the “usage-

keys” parameter included.

NVRAM “# crypto key zeroize rsa"

IKE RSA

Encrypted

Nonce Public

Key

RSA RSA public key for IKE encrypted nonces.

Generated like any RSA, with the “usage-

keys” parameter included.

NVRAM “# crypto key zeroize rsa"

IPSec

encryption

key

DES/TRIPLE-

DES/AES

The IPSec encryption key. Zeroized when

IPSec session is terminated.

DRAM

“# Clear Crypto IPSec SA”

IPSec

authentication

key

HMAC-SHA-1 The IPSec authentication key. The

zeroization is the same as above.

DRAM

“# Clear Crypto IPSec SA”

Configuration

encryption

key

AES The key used to encrypt values of the

configuration file. This key is zeroized when

the “no key config-key” is issued. Note that

this command does not decrypt the

configuration file, so zeroize with care.

NVRAM “# no key config-key”

Router

authentication

key 1

Shared secret This key is used by the router to

authenticate itself to the peer. The router

itself gets the password (that is used as this

key) from the AAA server and sends it onto

the peer. The password retrieved from the

AAA server is zeroized upon completion of

the authentication attempt.

DRAM Automatically upon

completion of authentication

attempt.

PPP

authentication

key

RFC 1334 The authentication key used in PPP. This

key is in the DRAM and not zeroized at

runtime. One can turn off the router to

zeroize this key because it is stored in

DRAM.

DRAM Turn off the router.

Router

authentication

key 2

Shared Secret This key is used by the router to

authenticate itself to the peer. The key is

identical to Router authentication key 1

except that it is retrieved from the local

database (on the router itself). Issuing the

“no username password” zeroizes the

password (that is used as this key) from the

local database.

NVRAM “# no username password”

SSH session

key

Various

symmetric

This is the SSH session key. It is zeroized

when the SSH session is terminated.

DRAM Automatically when SSH

session terminated

User

password

Shared Secret The password of the User role. This

password is zeroized by overwriting it with a

new password.

NVRAM Overwrite with new password

Enable

password

Shared Secret The plaintext password of the CO role. This

password is zeroized by overwriting it with a

new password.

NVRAM Overwrite with new password