Nortel Networks NN46120-104 User Manual
Page 61
Installing an ASA 310-FIPS in a New Cluster
61
(
new
setup, continued)
Verify that HSM-SO iKey (purple) is inserted in card 1
(with flashing LED).
Hit enter when done.
Enter a new HSM-SO password for card 1:
HSM-SO password, or use the same HSM-SO password as for
card 0>
Re-enter to confirm:
The HSM-SO iKey has been updated.
Verify that HSM-USER iKey (blue) is inserted in card 1
(with flashing LED).
Hit enter when done.
Enter a new HSM-USER password for card 1:
HSM-USER password, or use the same HSM-USER password as
for card 0>
Re-enter to confirm:
The HSM-USER iKey has been updated.
Card 1 successfully initialized.
6
Split the wrap key from HSM card 0 onto the CODE-SO and
CODE-USER iKeys.
This step is related to splitting the software wrap key used
internally in the cluster, and then loading the split wrap key onto
the two black CODE-SO and CODE-USER iKeys. These iKeys
will then be used to transfer the cluster wrap key onto another
HSM card either within the same ASA 310-FIPS device (as in
), or to HSM cards in an ASA 310-FIPS device that is
added to the current cluster.
Each ASA 310-FIPS device is shipped with four black CODE
iKeys. However, you will only need to use two of these in one
given cluster. The extra two black iKeys can be used to create a
pair of backup CODE iKeys. For more information about how to
create a pair of backup CODE iKeys, see the splitkey command
on the HSM menu (described under Maintenance Menu in the
Command Reference).
To successfully split and load the cluster wrap key onto the
correct iKeys, you need the following:
•
Two black CODE iKeys, supposedly labeled "CODE-SO" and
"CODE-USER" respectively.
If the black iKeys are not already labeled CODE-SO and
CODE-USER respectively, you are recommended to do so
before inserting them. Whenever the cluster wrap key needs to
be transferred onto an initialized HSM card, you will be prompted
for the specific CODE iKey, in turns. Having each iKey properly
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.