Cisco 2811 Security Policy - Page 21
no set session-key outbound esp spi cipher hex-key-data [authenticator hex-key-data]
![]() |
UPC - 882658101816
View all Cisco 2811 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 21 highlights
available in the DRAM; therefore this command will completely zeroize this key. The following command will zeroize the pre-shared keys from the DRAM: • no set session-key inbound ah spi hex-key-data • no set session-key outbound ah spi hex-key-data • no set session-key inbound esp spi cipher hex-key-data [authenticator hex-key-data] • no set session-key outbound esp spi cipher hex-key-data [authenticator hex-key-data] • no crypto isakmp key The DRAM running configuration must be copied to the start-up configuration in NVRAM in order to completely zeroize the keys. The RSA keys are zeroized by issuing the CLI command "crypto key zeroize rsa". All SSL/TLS session keys are zeroized automatically at the end of the SSL/TLS session. The module supports the following keys and critical security parameters (CSPs). Key/CSP Algorithm Description Storage Zeroization Method Name Location PRNG Seed X9.31 This is the seed for X9.31 PRNG. DRAM Automatically every 400 This CSP is stored in DRAM and bytes, or turn off the updated periodically after the router. generation of 400 bytes - after this it is reseeded with router-derived entropy; hence, it is zeroized periodically. Also, the operator can turn off the router to zeroize this CSP. PRNG Seed Key X9.31 This is the seed key for the PRNG. DRAM Turn off the router Diffie Hellman private exponent Diffie Hellman public key skeyid skeyid_d skeyid_a skeyid_e DH DH Keyed SHA-1 Keyed SHA-1 HMAC-SHA-1 TRIPLEDES/AES The private exponent used in Diffie-Hellman (DH) exchange as part of IKE. Zeroized after DH shared secret has been generated. The public key used in DiffieHellman (DH) exchange as part of IKE. Zeroized after the DH shared secret has been generated. Value derived from the shared secret within IKE exchange. Zeroized when IKE session is terminated. The IKE key derivation key for non ISAKMP security associations. DRAM DRAM DRAM DRAM The ISAKMP security association DRAM authentication key. The ISAKMP security association DRAM encryption key. Automatically after shared secret generated. Automatically after shared secret generated. Automatically after IKE session terminated. Automatically after IKE session terminated. Automatically after IKE session terminated. Automatically after IKE session terminated. © Copyright 2007 Cisco Systems, Inc. 21 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
![](/manual_guide/products/cisco-2811-security-policy-bb590f6/21.png)