Mod1700-vpn installation guide

The tamper evidence label should be placed so that one half of the label covers the enclosure and the other half covers the right WAN interface card slot. Step 6 The labels completely cure within five minutes. The tamper evidence label should be placed so that the one half of the tamper evidence label covers the right side of the enclosure and the other half covers the right side of the front of the router.

The tamper evidence label should be placed so that the one half of the tamper evidence label covers the left side of the enclosure and the other half covers the left side of the front of the router. The tamper evidence label should be placed so that the half of the label covers the bottom of the enclosure and the other half covers the first WAN interface card slot. The tamper evidence label should be placed so that the half of the label covers the bottom of the enclosure and the other half covers the second WAN interface card slot.

Step 6 Place the fifth label on the router as shown in Figure 6. The tamper evidence label should be placed so that the half of the label covers the bottom of the enclosure and the other half covers the third WAN interface card slot.

Step 7 Place the sixth label on the router as shown in Figure 6. The tamper evidence label should be placed so that the half of the label covers the bottom of the enclosure and the other half covers the fourth WAN interface card slot.

Step 8 The labels completely cure within five minutes. The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the router, remove WIC cards, or remove the front faceplate will damage the tamper evidence seals or the painted surface and metal of the module cover. Since the tamper evidence seals have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the module has not been tampered.

Tamper evidence seals can also be inspected for signs of tampering, which include the following: curled corners, bubbling, crinkling, rips, tears, and slices. The word "OPEN" may appear if the label was peeled back. The router securely administers both cryptographic keys and other critical security parameters such as passwords.

The tamper evidence seals provide physical protection for all keys. All keys are also protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto Officer. This is the seed key for X9. This key is stored in DRAM and updated periodically after the generation of bites; hence, it is zeroized periodically.

Also, the operator can turn off the router to zeroize this key. The private exponent used in Diffie-Hellman DH exchange.

Zeroized after DH shared secret has been generated. The shared secret within IKE exchange. Zeroized when IKE session is terminated. The RSA private key. The key used to generate IKE skeyid during preshared-key authentication. This key can have two forms based on whether the key is related to the hostname or the IP address. This key generates keys 3, 4, 5 and 6. This key is zeroized after generating those keys. After above expiration happens and before a new public key structure is created this key is deleted.

This key does not need to be zeroized because it is a public key; however, it is zeroized as mentioned here. The fixed key used in Cisco vendor ID generation.

This key is embedded in the module binary image and can be deleted by erasing the Flash. This key does not need to be zeroized because it is a public key. This key is a public key of the DNS server. Zeroized using the same mechanism as above.

This label is different from the label in the above key. The ARAP key that is hardcoded in the module binary image. This key can be deleted by erasing the Flash. This is an ARAP user password used as an authentication key. A function uses this key in a DES algorithm for authentication. The key used to encrypt values of the configuration file.

This key is zeroized when the "no key config-key" is issued. This key is used by the router to authenticate itself to the peer. The router itself gets the password that is used as this key from the AAA server and sends it onto the peer. The password retrieved from the AAA server is zeroized upon completion of the authentication attempt. Zeroized after the termination of the SSH session. This key does not need to be zeroized because it is a public key; However, it is zeroized as mentioned here.

The authentication key used in PPP. This key is in the DRAM and not zeroized at runtime. One can turn off the router to zeroize this key because it is stored in DRAM. The key is identical to 22 except that it is retrieved from the local database on the router itself. Issuing the "no username password" zeroizes the password that is used as this key from the local database. This is the SSH session key. It is zeroized when the SSH session is terminated. The password of the User role.

This password is zeroized by overwriting it with a new password. The plaintext password of the CO role. The ciphertext password of the CO role. However, the algorithm used to encrypt this password is not FIPS approved.

Therefore, this password is considered plaintext for FIPS purposes. All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto Officer needs to be authenticated to store keys. All Diffie-Hellman DH keys agreed upon for individual tunnels are directly associated with that specific tunnel only via the IKE protocol.

All the keys and CSPs of the module can be zeroized. Please refer to the Description column of Table 5 for information on methods to zeroize each key and CSP. Skip to content A few years ago, setting up a VPN or connecting to a VPN protocol would have required a decent degree of technical knowledge, a fair amount of time, and some patience.

Navigate to the Apple menu using the Apple logo at the top of the screen. Like Windows, you now simply have to connect to the newly created VPN connection through your network options, which is as easy as connecting to a new WiFi source. Setting up a VPN on Android Just like desktops, you can establish a manual VPN connection on your mobile device, although the options for doing so are often a little harder to find.

To add a manual connection, click the plus sign in the top right corner. Ready to set up your VPN? Read more about these services here! Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface.

You can install the following types of modules in an ASI card:. Table 3 provides information about the modules that are recommended for installation in ASI cards:. You can install the following types of modules in an MRP Table 4 provides information about the modules that you can install in the MRP You can hot swap cards while the Cisco ICS is operating.

With hot swapping, you do not need to power down the system. Do not force the faceplate into its slot. This action can damage the pins on the backplane if they are not aligned properly with the module or card.

Fully depress the ejector levers to ensure that the card or module connector mates with the backplane correctly. The card or module should be firmly seated in the slot. Any card that is only partially connected to the backplane can disrupt system operation. Use the installation screws at the top and bottom of the card to secure the card firmly in place in the chassis. DIMMs are manufactured with polarization notches to ensure proper orientation and with alignment holes to ensure proper positioning.

Figure 4 shows the notches and holes on a DIMM. DIMMs are installed with the connector edge down. See Figure 1. See Figure 5. This ejects the DIMM from its socket. Step 3 Hold the DIMM with the polarization notches closer to the card edge and with the connector edge at the bottom.

When the DIMM is properly seated, the socket guide posts fit through the alignment holes, and the locking spring clips click into place. See Figure 3. See Figure 7. Step 3 Hold the DIMM with the polarization notches closer to the center of the card and with the connector edge at the bottom. PVDMs are manufactured with a polarization notch to ensure proper orientation and with alignment holes to ensure proper positioning. Figure 9 shows the notch and the holes on a PVDM.

PVDMs are installed connector-edge down. To lift the PVDM out of its socket, pull the locking spring clips on both sides outward, and tilt the PVDM toward the rear of the card, free of the clips.

See Figure Step 3 Hold the PVDM with the polarization notch closer to the card edge and the connector edge at the bottom see Figure Step 4 Beginning with the slot closer to the front of the card, insert the PVDM into the connector slot at an angle, tilted toward the rear of the card. Align or move the PVDM into a vertical position see Figure 11 , using the minimum amount of force required. When the PVDM is properly seated, the socket guide posts fit through the alignment holes, and the connector springs click into place.

Step 5 Ensure that the PVDM is straight and that the alignment holes line up with the plastic guides on the socket see Figure The standoffs should be on the same side of the motherboard as the VPN module socket.

Write the RMA number on the outside of all packages you return and in the reference field Section 2 on the waybill. Return the parts within ten days of the date that you receive the replacement parts, or you will be billed for the outstanding parts at list price. If you are unable to return the parts within this time frame, you must call Asset Recovery at to get an approved extension.

You are responsible for all return shipping costs and customs duties. For all non-U. Send a copy of the waybill and flight details by fax to Cisco USA at You can also send a copy of the waybill and flight details by e-mail to asset-recovery cisco. Either method eliminates the need for further information from you and assists Cisco Systems in closing the RMA. For U. You can access the most current Cisco documentation on the World Wide Web at the following sites:.

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. Registered Cisco. Nonregistered Cisco.