Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to Site VPN FIPS 140-2

Need advice/suggestions on being compliant with FIPS-140, I have configured IPSEC VPN tunnels between C2811 routers and passing unclassified traffic using 3DES encryption and SHA MD5 and shared password and in transport mode. Thanks for any help

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Site-to Site VPN FIPS 140-2

Hi Steve,

This link would provide you with all the information regarding the FIPS complicant encryption algorithms for theIPSec  vpn tunnel:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1038.pdf

(In the above link, refer to section 3.3, IPsec Requirements and cryptographic requirements)

Following algorithms are not FIPS compliant.

DES
MD-5 for signing
MD-5 HMAC

Let me know if this provides you with the required information.

Cheers,

Rudresh V

2 REPLIES
Cisco Employee

Re: Site-to Site VPN FIPS 140-2

Hi Steve,

This link would provide you with all the information regarding the FIPS complicant encryption algorithms for theIPSec  vpn tunnel:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1038.pdf

(In the above link, refer to section 3.3, IPsec Requirements and cryptographic requirements)

Following algorithms are not FIPS compliant.

DES
MD-5 for signing
MD-5 HMAC

Let me know if this provides you with the required information.

Cheers,

Rudresh V

New Member

Re: Site-to Site VPN FIPS 140-2

Thanks Rudresh, that was exactly the information I needed!

1949
Views
0
Helpful
2
Replies