Nortel Networks NN46120-104 User Manual
Page 59
Installing an ASA 310-FIPS in a New Cluster
59
2
Follow the instructions for installing a VPN Gateway in a
new cluster.
Read the sections starting with
. When the basic setup is completed, new
prompts for configuring an ASA 310-FIPS will automatically
appear.
3
Choose the appropriate security mode for the ASA 310-FIPS
cluster.
Decide which security mode to use for the new ASA 310-FIPS
cluster—FIPS mode or Extended Security mode. The default
Extended Security mode should be used whenever your security
policy does not explicitly require conforming to the FIPS 140-1,
Level 3 standard.
For more information about the FIPS mode and the Extended
Security mode, see
“Introducing the ASA 310-FIPS” (page 27)
.
(
new
setup, continued)
Use FIPS or Extended Security Mode?
(fips/extended)
[extended]:
extended mode, or change the security mode to fips>
4
Initialize HSM card 0 by inserting the first pair of HSM-SO
and HSM-USER iKeys, and by defining passwords.
and
are related to initializing the HSM cards that
your ASA 310-FIPS is equipped with. The Setup utility will
identify the first HSM card as card 0, and the second HSM
card as card 1. Each HSM card is initialized by inserting the
proper iKeys and defining a password for each user role. To
successfully initialize both HSM cards, you need to have the
following iKeys:
•
One pair of iKeys to be used for initializing HSM card 0.
— The purple HSM Security Officer iKey, embossed with
"HSM-SO".
— The blue HSM User iKey, embossed with "HSM-USER".
Label these iKeys and HSM card 0 in a way so that the
connection between them is obvious. After HSM card 0
has been initialized, this card will only accept the HSM-SO
and HSM-USER iKeys that were used when initializing this
particular HSM card. Even if you choose to use the same
HSM-SO and HSM-USER passwords when you initialize
card 1 as the passwords you defined when initializing card
0, the HSM-SO and HSM-USER iKeys for card 1 are not
interchangeable with the HSM-SO and HSM-USER iKeys for
card 0.
•
One pair of iKeys to be used for initializing HSM card 1.
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.