Site-to Site VPN FIPS 140-2

Answered Question
Sep 29th, 2010
User Badges:

Need advice/suggestions on being compliant with FIPS-140, I have configured IPSEC VPN tunnels between C2811 routers and passing unclassified traffic using 3DES encryption and SHA MD5 and shared password and in transport mode. Thanks for any help

Correct Answer by Rudresh V about 6 years 7 months ago

Hi Steve,


This link would provide you with all the information regarding the FIPS complicant encryption algorithms for theIPSec  vpn tunnel:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1038.pdf

(In the above link, refer to section 3.3, IPsec Requirements and cryptographic requirements)


Following algorithms are not FIPS compliant.

DES
MD-5 for signing
MD-5 HMAC


Let me know if this provides you with the required information.


Cheers,

Rudresh V

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Rudresh V Sun, 10/03/2010 - 06:18
User Badges:
  • Cisco Employee,

Hi Steve,


This link would provide you with all the information regarding the FIPS complicant encryption algorithms for theIPSec  vpn tunnel:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1038.pdf

(In the above link, refer to section 3.3, IPsec Requirements and cryptographic requirements)


Following algorithms are not FIPS compliant.

DES
MD-5 for signing
MD-5 HMAC


Let me know if this provides you with the required information.


Cheers,

Rudresh V

bryantsteve Mon, 10/04/2010 - 05:33
User Badges:

Thanks Rudresh, that was exactly the information I needed!

Actions

This Discussion