Nortel Networks NN46120-104 User Manual

Page 61

Advertising
background image

Installing an ASA 310-FIPS in a New Cluster

61

(

new

setup, continued)

Verify that HSM-SO iKey (purple) is inserted in card 1

(with flashing LED).

Hit enter when done.

Enter a new HSM-SO password for card 1: <define a new

HSM-SO password, or use the same HSM-SO password as for

card 0>

Re-enter to confirm:

The HSM-SO iKey has been updated.

Verify that HSM-USER iKey (blue) is inserted in card 1

(with flashing LED).

Hit enter when done.

Enter a new HSM-USER password for card 1: <define a new

HSM-USER password, or use the same HSM-USER password as

for card 0>

Re-enter to confirm:

The HSM-USER iKey has been updated.

Card 1 successfully initialized.

6

Split the wrap key from HSM card 0 onto the CODE-SO and
CODE-USER iKeys.

This step is related to splitting the software wrap key used
internally in the cluster, and then loading the split wrap key onto
the two black CODE-SO and CODE-USER iKeys. These iKeys
will then be used to transfer the cluster wrap key onto another
HSM card either within the same ASA 310-FIPS device (as in

Step 7

), or to HSM cards in an ASA 310-FIPS device that is

added to the current cluster.

Each ASA 310-FIPS device is shipped with four black CODE
iKeys. However, you will only need to use two of these in one
given cluster. The extra two black iKeys can be used to create a
pair of backup CODE iKeys. For more information about how to
create a pair of backup CODE iKeys, see the splitkey command
on the HSM menu (described under Maintenance Menu in the
Command Reference).

To successfully split and load the cluster wrap key onto the
correct iKeys, you need the following:

Two black CODE iKeys, supposedly labeled "CODE-SO" and
"CODE-USER" respectively.

If the black iKeys are not already labeled CODE-SO and
CODE-USER respectively, you are recommended to do so
before inserting them. Whenever the cluster wrap key needs to
be transferred onto an initialized HSM card, you will be prompted
for the specific CODE iKey, in turns. Having each iKey properly

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.

Advertising
Popular Brands
Popular manuals