Resetting hsm cards on the asa 310-fips, Resetting – Nortel Networks NN46120-104 User Manual

Page 155

Advertising
background image

Boot User Password

155

Resetting HSM Cards on the ASA 310-FIPS

When removing an ASA 310-FIPS device from a cluster, you have the
option to reset (or de-initialize) the HSM cards.

When an ASA 310-FIPS device that has been removed from a cluster is
installed in a new cluster, or added to an existing cluster, the cards will be
initialized again. This is done by performing a series of steps as part of
the setup procedure of the ASA 310-FIPS device itself. If the Setup utility
detects that the cards have not been reset, you will be prompted to reset
the HSM cards at that time. The HSM cards must be reset before they can
be initialized. You may therefore choose to reset the cards already when
removing the ASA 310-FIPS device from the cluster. Resetting the HSM
cards will clear all sensitive cryptographic information stored on the cards.
Until the cards are initialized again, they will remain in that state.

To reset the HSM cards, you need the following:

The two pairs of HSM-SO and HSM-USER iKeys, where each pair is
associated with a particular HSM card on the ASA 310-FIPS device
you want to delete from the cluster

The HSM-SO password associated with each HSM-SO iKey

Log in as the admin user to the particular ASA 310-FIPS device you
want to delete

If the ASA 310-FIPS device will be used in a different department or
organization after it has been deleted from the cluster, you may want to
change the current password for the HSM-SO iKey and the HSM-USER
iKey before you reset the HSM cards. The user who performs the initial
setup of the ASA 310-FIPS device must then provide the "transient"
passwords known by both parties when initializing the HSM cards, but can
directly change to new HSM-SO and HSM-USER passwords within the
normal initialization procedure.

To change the current password for the HSM-SO iKey before resetting
the HSM cards, use the

/maint/hsm/changepass

command. For more

information about this command, see the "HSM Menu " section under
Maintenance Menu in the Command Reference.

Note:

When moving the ASA 310-FIPS device to a different location,

make sure to maintain the connection between each pair of HSM-SO
and HSM-USER iKeys and the particular HSM card to which they
are associated. To initialize the HSM cards when installing or adding
the device in a cluster, the correct HSM-SO and HSM-USER iKeys
are required, as well as the corresponding HSM-SO and HSM-USER
passwords.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.

Advertising
Popular Brands
Popular manuals