[Contents] [Prev] [Next] [Index] [Report an Error]

Authorizing the AS II FIPS PIC

Before you can use an installed AS II FIPS PIC for external IPSec, the Crypto Officer must authorize it. Authorization enables the AS II FIPS PIC, generates the cryptographic keys used for mutual authentication of the Routing Engine and AS II FIPS PIC, and generates the session key used for encryption and decryption of CSPs sent from the Routing Engine. It also creates a database of installed AS II FIPS PICs by serial number and status (authorized, not authorized).

The following automatically occurs when the AS II FIPS PIC is authorized:

Mutual authentication using IPSec takes place between the active Routing Engine and the authorized PIC based on the default password on the PIC.
The Routing Engine and AS II FIPS PIC generate private-public key pairs and exchange their public keys over the secure IPSec session.
The Routing Engine sends the authorized PIC a new password used for zeroization.

The request services fips authorize pic command enables the Crypto Officer to authorize each individual AS II FIPS PIC:



crypto-officer@host> request services fips
authorize pic fpc-slot 2 

     pic-slot 0
Authorization started. 
PIC authorized successfully.

You cannot authorize all installed AS II FIPS PICs at once. You cannot “re-authorize�? an installed AS II FIPS PIC that has already been authorized:



crypto-officer@host> request services fips
authorize pic fpc-slot 2 

     pic-slot 2
Command failed as PIC sp-2/2/0 is already enabled. You
need to zeroize it first to enable it.

[Contents] [Prev] [Next] [Index] [Report an Error]