Cisco 2621 User Manual page 25

Non-FIPS Approved Algorithms
The following algorithms are not FIPS approved and should be disabled:
•
•
•
•
•
Protocols
The following network services affect the security data items and must not be configured: NTP,
TACACS+, RADIUS, Kerberos.
SNMP v3 over a secure IPSec tunnel may be employed for authenticated, secure SNMP gets and sets.
Since SNMP v2C uses community strings for authentication, only gets are allowed under SNMP v2C.
Remote Access
Auxiliary terminal services must be disabled, except for the console. The following configuration
disables login services on the auxiliary console line.
line aux 0
no exec
Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system and
the module. The Crypto officer must configure the module so that any remote connections via telnet are
secured through IPSec.
Network Modules and WAN Interface Cards
With over 70 modular interface options, the Cisco 2651 provides solutions for data, voice, video, hybrid
dial access, virtual private networks (VPNs), and multi-protocol data routing. The high-performance,
modular architecture protects customers' investment in network technology and integrates the functions
of several devices into a single, manageable solution.
Each network module and WAN Interface Card (WIC) meets FIPS 140-1 requirements for physical
interfaces. They are classified as data input interfaces and data output interfaces. Network modules and
WICs are an external interface, similar to the 100Base-T LAN ports. They expand the router's physical
interfaces with multi-port ATM modules, multi-port Ethernet modules, high-speed serial interfaces, etc.
A list all network modules and WICs is included with this document (See the
Cards" section on page
78-13697-01
RSA for encryption
MD-4 and MD-5 for signing
ah-sha-hmac
esp-sha-hmac
HMAC SHA-1
13).
Network Modules and WAN Interface Cards
Cisco 2651 Modular Access Router Security Policy
"Tables of Supported
11