Administration of the Avaya G350 Media Gateway - Avaya Support
Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support
FIPSTable 15: Critical security parameters 2 of 3Key Description/Usage StorageIKE Session Phase 1 DES keyIKE Session Phase 1 AES keyNoncie, NoncerIPSEC SA phase-2 TDES keyIPSEC SA phase-2 DES keyIPSEC SA phase-2 AES keyIPSEC SA phase-2, HMACkeysIPSEC SA phase-2 keys perprotocolDH private key phase-2DH shared secret phase-2IPSEC SA phase-2 keys perprotocolUser passwordRoot passwordRadius SecretPPPoE CHAP/PAP SecretOSPF SecretSNMPv3 user authenticationpasswordKey used for DES data encryption ofISAKMP SAKey used for AES data encryption ofISAKMP SAPhase 2 initiator and responder noncePhase 2, basic quick modePhase 2, basic quick modePhase 2, basic quick modePhase 2, basic quick modePhase 2, basic quick modePhase 2 Diffie Hellman private keysused in PFS for key renewalPhase 2PFS Diffie Hellman sharedsecret used in PFS for key renewalPhase 2, basic quick modeUsed for password authentication of CLIusersUsed for authentication of default CLIuser during first setupUsed for hashing password with MD5.One secret common to both Primary andSecondary Radius server.Used for authentication to PPPoE serverUsed for hashing password with MD5.One secret defined per peer routeridentity.SNMPv3 operator MD5 authenticationpassword used for authenticating toUser and Read-Only User rolesX9.31 PRNG key Key for X9.31 PRNG2 of 3298 Administration of the Avaya G350 Media Gateway
OverviewTable 15: Critical security parameters 3 of 3Key Description/Usage StorageFixed Serial Number secretEphemeral Serial NumbersecretThe TDES key used for the firstexchange of the serial number and newsession key between Gateway andS8300/Blade server entityThe TDES key used for serial numberand key renewal. This key is periodicallyre-negotiated between S8300/Bladeserver entity and the Gateway.3 of 3Public keysTable 16 lists the public keys available in the module:Table 16: Public keysKeyEphemeral DH phase-1 publickeysEphemeral DH phase-2 publickeysImage download certificate(Avaya root CA RSA public key)License download public keyDescription/UsageGenerated for VPN IKE Phase 1 keyestablishmentGenerated for VPN IKE Phase 2 PFS keyrenewalUsed for authentication of software download.The Avaya Root certificate is hard-coded in theGateway image and is used directly forauthentication of the chain of trust of the AvayaSigning Authority that is downloaded togetherwith the software.Used for authentication of license file validity. Thelicense signing authority public key is hard-codedin the Gateway image and is used directly forauthentication of the digital signature embeddedin the license file.Issue 3 January 2005 299
- Page 248 and 249: Configuring IPSec VPNConfiguration
- Page 250 and 251: Configuring IPSec VPNip-rule 30sour
- Page 252 and 253: Configuring IPSec VPN252 Administra
- Page 254 and 255: Configuring policyAccess control li
- Page 256 and 257: Configuring policyDefining policy l
- Page 258 and 259: Configuring policyAttaching policy
- Page 260 and 261: Configuring policyDevice-wide polic
- Page 262 and 263: Configuring policyEditing and creat
- Page 264 and 265: Configuring policySource and destin
- Page 266 and 267: Configuring policyComposite operati
- Page 268 and 269: Configuring policy●●●CoS —
- Page 270 and 271: Configuring policyThe following com
- Page 272 and 273: Configuring policySimulating packet
- Page 274 and 275: Configuring policy-based routingPol
- Page 276 and 277: Configuring policy-based routingCon
- Page 278 and 279: Configuring policy-based routing●
- Page 280 and 281: Configuring policy-based routingMod
- Page 282 and 283: Configuring policy-based routingEdi
- Page 284 and 285: Configuring policy-based routingIn
- Page 286 and 287: Configuring policy-based routingThe
- Page 288 and 289: Setting synchronizationIf, for any
- Page 290 and 291: FIPSFigure 26: Image of the cryptog
- Page 292 and 293: FIPSSupported algorithmsThe cryptog
- Page 294 and 295: FIPSSecurity levelThe cryptographic
- Page 296 and 297: FIPSTable 14: Roles and required id
- Page 300 and 301: FIPSCSP access rights within roles
- Page 302 and 303: FIPSTable 18 shows Role and Service
- Page 304 and 305: FIPSTable 18: Role and service acce
- Page 306 and 307: FIPSPassword guidelinesBelow are ge
- Page 308 and 309: FIPS2. Define the PMI (Primary Mana
- Page 310 and 311: FIPS10. Physically disconnect all n
- Page 312 and 313: FIPS18. To configure all interfaces
- Page 314 and 315: FIPS●Use the snmp-server user use
- Page 316 and 317: FIPS●●TFTPSNMPExample:G350-001(
- Page 318 and 319: FIPSG350-N(super)# ip crypto-list 9
- Page 320 and 321: FIPSError statesTable 19 describes
- Page 322 and 323: FIPSConsiderationsThe following rul
- Page 324 and 325: Traps and MIBsNameParameters(MIB va
- Page 326 and 327: Traps and MIBsNameParameters(MIB va
- Page 328 and 329: Traps and MIBsNameParameters(MIB va
- Page 330 and 331: Traps and MIBsNameParameters(MIB va
- Page 332 and 333: Traps and MIBsMIB FileIP-FORWARD-MI
- Page 334 and 335: Traps and MIBsObjectOIDgenOpResetSu
- Page 336 and 337: Traps and MIBsThe following table p
- Page 338 and 339: Traps and MIBsObject OIDipCidrRoute
- Page 340 and 341: Traps and MIBsObject OIDgenMemUtili
- Page 342 and 343: Traps and MIBsObject OIDdsx1Circuit
- Page 344 and 345: Traps and MIBsThe following table p
- Page 346 and 347: Traps and MIBsObject OIDipOutDiscar
FIPSTable 15: Critical security parameters 2 <strong>of</strong> 3Key Description/Usage StorageIKE Session Phase 1 DES keyIKE Session Phase 1 AES keyNoncie, NoncerIPSEC SA phase-2 TDES keyIPSEC SA phase-2 DES keyIPSEC SA phase-2 AES keyIPSEC SA phase-2, HMACkeysIPSEC SA phase-2 keys perprotocolDH private key phase-2DH shared secret phase-2IPSEC SA phase-2 keys perprotocolUser passwordRoot passwordRadius SecretPPPoE CHAP/PAP SecretOSPF SecretSNMPv3 user au<strong>the</strong>nticationpasswordKey used for DES data encryption <strong>of</strong>ISAKMP SAKey used for AES data encryption <strong>of</strong>ISAKMP SAPhase 2 initiator and responder noncePhase 2, basic quick modePhase 2, basic quick modePhase 2, basic quick modePhase 2, basic quick modePhase 2, basic quick modePhase 2 Diffie Hellman private keysused in PFS for key renewalPhase 2PFS Diffie Hellman sharedsecret used in PFS for key renewalPhase 2, basic quick modeUsed for password au<strong>the</strong>ntication <strong>of</strong> CLIusersUsed for au<strong>the</strong>ntication <strong>of</strong> default CLIuser during first setupUsed for hashing password with MD5.One secret common to both Primary andSecondary Radius server.Used for au<strong>the</strong>ntication to PPPoE serverUsed for hashing password with MD5.One secret defined per peer routeridentity.SNMPv3 operator MD5 au<strong>the</strong>nticationpassword used for au<strong>the</strong>nticating toUser and Read-Only User rolesX9.31 PRNG key Key for X9.31 PRNG2 <strong>of</strong> 3298 <strong>Administration</strong> <strong>of</strong> <strong>the</strong> <strong>Avaya</strong> <strong>G350</strong> <strong>Media</strong> <strong>Gateway</strong>