cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4585
Views
0
Helpful
2
Replies

Site-to Site VPN FIPS 140-2

bryantsteve
Level 1
Level 1

Need advice/suggestions on being compliant with FIPS-140, I have configured IPSEC VPN tunnels between C2811 routers and passing unclassified traffic using 3DES encryption and SHA MD5 and shared password and in transport mode. Thanks for any help

1 Accepted Solution

Accepted Solutions

Rudresh Veerappaji
Cisco Employee
Cisco Employee

Hi Steve,

This link would provide you with all the information regarding the FIPS complicant encryption algorithms for theIPSec  vpn tunnel:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1038.pdf

(In the above link, refer to section 3.3, IPsec Requirements and cryptographic requirements)

Following algorithms are not FIPS compliant.

DES
MD-5 for signing
MD-5 HMAC

Let me know if this provides you with the required information.

Cheers,

Rudresh V

View solution in original post

2 Replies 2

Rudresh Veerappaji
Cisco Employee
Cisco Employee

Hi Steve,

This link would provide you with all the information regarding the FIPS complicant encryption algorithms for theIPSec  vpn tunnel:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1038.pdf

(In the above link, refer to section 3.3, IPsec Requirements and cryptographic requirements)

Following algorithms are not FIPS compliant.

DES
MD-5 for signing
MD-5 HMAC

Let me know if this provides you with the required information.

Cheers,

Rudresh V

Thanks Rudresh, that was exactly the information I needed!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: