Cisco Integrated Services Router Generation 2, Integrated Services Router 800 Series & Connected Grid Router 2010

Cisco Integrated Services Router Generation 2, Integrated Services Router 800 Series & Connected Grid Router 2010 Security Target Version 1.0 Decembe...
41 downloads 1 Views 2MB Size
Cisco Integrated Services Router Generation 2, Integrated Services Router 800 Series & Connected Grid Router 2010

Security Target Version 1.0 December 22, 2015

Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2015 Cisco Systems, Inc. All rights reserved.

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

Table of Contents 1

SECURITY TARGET INTRODUCTION ............................................................................. 7

1.1 ST and TOE Reference .................................................................................................... 7 1.2 TOE Overview ................................................................................................................. 8 1.2.1 TOE Product Type .................................................................................................... 9 1.2.2 Supported non-TOE Hardware/ Software/ Firmware ............................................... 9 1.3 TOE DESCRIPTION ..................................................................................................... 10 1.4 TOE Evaluated Configuration ........................................................................................ 13 1.5 Physical Scope of the TOE............................................................................................. 13 1.6 Logical Scope of the TOE .............................................................................................. 23 1.6.1 Security Audit ......................................................................................................... 23 1.6.2 Cryptographic Support ............................................................................................ 23 1.6.3 Full Residual Information Protection...................................................................... 24 1.6.4 Identification and authentication............................................................................. 24 1.6.5 Security Management ............................................................................................. 25 1.6.6 Packet Filtering ....................................................................................................... 26 1.6.7 Protection of the TSF .............................................................................................. 26 1.6.8 TOE Access ............................................................................................................ 26 1.6.9 Trusted path/Channels ............................................................................................ 26 1.7 Excluded Functionality .................................................................................................. 27 2

Conformance Claims ............................................................................................................. 28

2.1 Common Criteria Conformance Claim .......................................................................... 28 2.2 Protection Profile Conformance ..................................................................................... 28 2.3 Protection Profile Conformance Claim Rationale .......................................................... 28 2.3.1 TOE Appropriateness.............................................................................................. 28 2.3.2 TOE Security Problem Definition Consistency ...................................................... 28 2.3.3 Statement of Security Requirements Consistency .................................................. 29 3

SECURITY PROBLEM DEFINITION ................................................................................ 30

3.1 3.2 3.3 4

SECURITY OBJECTIVES ................................................................................................... 33

4.1 4.2 5

Assumptions ................................................................................................................... 30 Threats ............................................................................................................................ 30 Organizational Security Policies .................................................................................... 31 Security Objectives for the TOE .................................................................................... 33 Security Objectives for the Environment ....................................................................... 34

SECURITY REQUIREMENTS ........................................................................................... 35

5.1 Conventions.................................................................................................................... 35 5.2 TOE Security Functional Requirements ........................................................................ 35 5.3 SFRs from NDPP and VPN Gateway EP ...................................................................... 37 5.3.1 Security audit (FAU)............................................................................................... 37 5.3.2 Cryptographic Support (FCS) ................................................................................. 40 5.3.3 User data protection (FDP) ..................................................................................... 44 5.3.4 Identification and authentication (FIA) .................................................................. 44 5.3.5 Security management (FMT) .................................................................................. 46 5.3.6 Packet Filtering (FPF) ............................................................................................. 47

2

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

5.3.7 Protection of the TSF (FPT) ................................................................................... 48 5.3.8 TOE Access (FTA) ................................................................................................. 49 5.3.9 Trusted Path/Channels (FTP) .................................................................................. 50 5.4 TOE SFR Dependencies Rationale for SFRs ................................................................. 50 5.5 Security Assurance Requirements .................................................................................. 51 5.5.1 SAR Requirements.................................................................................................. 51 5.5.2 Security Assurance Requirements Rationale .......................................................... 51 5.6 Assurance Measures ....................................................................................................... 52 6

TOE Summary Specification ................................................................................................ 53

6.1 7

7.1 8

TOE Security Functional Requirement Measures .......................................................... 53

Annex A: Key Zeroization .................................................................................................... 67

Key Zeroization .............................................................................................................. 67

Annex B: References ............................................................................................................. 69

3

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

List of Tables TABLE 1 ACRONYMS............................................................................................................................................................................................ 5 TABLE 2 ST AND TOE IDENTIFICATION .......................................................................................................................................................... 7 TABLE 3 IT ENVIRONMENT COMPONENTS ...................................................................................................................................................... 9 TABLE 4 ISR G2 HARDWARE MODELS AND SPECIFICATIONS ...................................................................................................................14 TABLE 5 ALGORITHM CERTIFICATE REFERENCES .......................................................................................................................................23 TABLE 6 TOE PROVIDED CRYPTOGRAPHY ...................................................................................................................................................24 TABLE 7 EXCLUDED FUNCTIONALITY ............................................................................................................................................................27 TABLE 8 PROTECTION PROFILES .....................................................................................................................................................................28 TABLE 9 TOE ASSUMPTIONS ...........................................................................................................................................................................30 TABLE 10 THREATS ..........................................................................................................................................................................................30 TABLE 11 ORGANIZATIONAL SECURITY POLICIES .......................................................................................................................................31 TABLE 12 SECURITY OBJECTIVES FOR THE TOE ..........................................................................................................................................33 TABLE 13 SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................................................................................34 TABLE 14 SECURITY FUNCTIONAL REQUIREMENTS....................................................................................................................................35 TABLE 15 AUDITABLE EVENTS .......................................................................................................................................................................38 TABLE 16: ASSURANCE MEASURES.................................................................................................................................................................51 TABLE 17 ASSURANCE MEASURES ..................................................................................................................................................................52 TABLE 18 HOW TOE SFRS ARE MET .............................................................................................................................................................53 TABLE 19: TOE KEY ZEROIZATION ................................................................................................................................................................67 TABLE 20 REFERENCES....................................................................................................................................................................................69

List of Figures FIGURE 1 TOE EXAMPLE DEPLOYMENT .......................................................................................................................................................12

4

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

List of Acronyms The following acronyms and abbreviations are common and may be used in this Security Target: Table 1 Acronyms Acronyms / Abbreviations AAA ACL AES BRI CA CC CEM CM CSU DHCP DSU EAL EHWIC ESP GE HTTP HTTPS ICMP ISDN ISR IT NDPP OS PBKDF2 PoE POP3 PP SA SFP SHS SIP SSHv2 ST TCP TOE TSC TSF TSP UDP WAN WIC

Definition Administration, Authorization, and Accounting Access Control Lists Advanced Encryption Standard Basic Rate Interface Certificate Authority Common Criteria for Information Technology Security Evaluation Common Evaluation Methodology for Information Technology Security Configuration Management Channel Service Unit Dynamic Host Configuration Protocol Data Service Unit Evaluation Assurance Level Ethernet High-Speed WIC Encapsulating Security Payload Gigabit Ethernet port Hyper-Text Transport Protocol Hyper-Text Transport Protocol Secure Internet Control Message Protocol Integrated Services Digital Network Integrated Service Router Information Technology Network Device Protection Profile Operating System Password-Based Key Derivation Function version 2 Power over Ethernet Post Office Protocol Protection Profile Security Association Small–form-factor pluggable port Secure Hash Standard Session Initiation Protocol Secure Shell (version 2) Security Target Transport Control Protocol Target of Evaluation TSF Scope of Control TOE Security Function TOE Security Policy User datagram protocol Wide Area Network WAN Interface Card

5

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

DOCUMENT INTRODUCTION Prepared By: Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), Cisco Integrated Services Router Generation 2 (ISR G2), Integrated Services Router 800 Series (ISR-800) and Connected Grid Router 2010 (CGR 2010). This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security requirements, and the IT security functions provided by the TOE which meet the set of requirements. Administrators of the TOE will be referred to as administrators, Authorized Administrators, TOE administrators, semi-privileged, privileged administrators, and security administrators in this document.

6

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

1 SECURITY TARGET INTRODUCTION The Security Target contains the following sections:      

Security Target Introduction [Section 1] Conformance Claims [Section 2] Security Problem Definition [Section 3] Security Objectives [Section 4] IT Security Requirements [Section 5] TOE Summary Specification [Section 6]

The structure and content of this ST comply with the requirements specified in the Common Criteria (CC), Part 1, Annex A, and Part 2.

1.1 ST and TOE Reference This section provides information needed to identify and control this ST and its TOE. Table 2 ST and TOE Identification Name ST Title ST Version Publication Date Vendor and ST Author TOE Reference

Description Cisco Integrated Services Router Generation 2 (ISR G2), Integrated Services Router 800 Series (ISR-800) and Connected Grid Router 2010 (CGR 2010) Series Security Target 1.0 December 22, 2015 Cisco Systems, Inc. Cisco Integrated Services Router Generation 2 (ISR G2), Integrated Services Router 800 Series (ISR-800) and Connected Grid Router 2010

7

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

TOE Hardware Models

ISR G2 (ISM-VPN-19, ISM-VPN-29, ISM-VPN-39)  Cisco 1905 ISR  Cisco 1921 ISR  Cisco 1941 ISR  Cisco 1941W ISR  Cisco 2901 ISR  Cisco 2911 ISR  Cisco 2921 ISR  Cisco 2951 ISR  Cisco 3925 ISR  Cisco 3925E ISR  Cisco 3945 ISR  Cisco 3945E ISR ISR-800  C819G-4G-GA-K9  C819G-4G-NA-K9  C819G-4G-ST-K9  C819G-4G-VZ-K9  C819HG-4G-A-K9  C819HG-4G-G-K9  C819HG-4G-V-K9  C881-K9  C881G-4G-GA-K9  C891F-K9  C891FW-A-K9  C891FW-E-K9 CGR –  Cisco 2010 CGR

TOE Software Version Keywords

IOS 15.5(3)M Router, Network Appliance, Data Protection, Authentication, Cryptography, Secure Administration, Network Device, Virtual Private Network(VPN), VPN Gateway

1.2 TOE Overview The Cisco ISR G2 TOE is a purpose-built, routing platform that includes routing, firewall, and VPN functionality. The TOE includes twelve (12) hardware models and three optional VPN accelerator cards as defined in Table 2. The Cisco ISR-800 is a purpose-built, routing platform that combines data, security, unified communications and wireless services on a single device. The TOE includes the hardware models as defined in Table 2. The Cisco Connected Grid Router 2010 is a purpose-built, routing platform that is designed for harsh, rugged environments often found in the energy and utility industries. The CGR 2010 offers integrated services, including advanced data routing, firewall, traffic shaping, quality of service, and network segmentation.

8

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

1.2.1 TOE Product Type The Cisco ISR G2 are router platforms that provide connectivity and security services onto a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch, and teleworkers. The Cisco ISR G2 are single-device security and routing solutions for protecting the network. The Cisco ISR-800s are fixed configuration routers that provide business solutions for secure voice and data communications to enterprise small branch offices. They are designed to deliver secure broadband, Metro Ethernet (MAN Ethernet) and wireless LAN (WLAN) connectivity. The Cisco CGR 2010 is a highly modular routing platform that provides integrated security to protect energy-related communication networks using embedded hardware encryption acceleration, optional firewall, and intrusion prevention. In addition, the platform supports T1/E1 WAN interfaces with integrated CSU/DSU interfaces, synchronous and asynchronous serial RS232 interfaces, and copper and fiber Gigabit Ethernet.

1.2.2 Supported non-TOE Hardware/ Software/ Firmware The TOE supports (in some cases optionally) the following hardware, software, and firmware in its environment when the TOE is configured in its evaluated configuration: Table 3 IT Environment Components Component RADIUS or TACACS+ AAA Server

Required No

Usage/Purpose Description for TOE performance This includes any IT environment RADIUS or TACACS+ AAA server that provides single-use authentication mechanisms. This can be any RADIUS AAA server that provides single-use authentication. The TOE correctly leverages the services provided by this RADIUS or TACACS+ AAA server to provide singleuse authentication to administrators.

Management Workstation with SSH Client

Yes

This includes any IT Environment Management workstation with a SSH client installed that is used by the TOE administrator to support TOE administration through SSH protected channels. Any SSH client that supports SSHv2 may be used.

Local Console

Yes

This includes any IT Environment Console that is directly connected to the TOE via the Serial Console Port and is used by the TOE administrator to support TOE administration.

Certification Authority (CA)

Yes

This includes any IT Environment Certification Authority on the TOE network. This can be used to provide the TOE with a valid certificate during certificate enrollment.

Remote VPN Gateway/Peer

Yes

This includes any VPN peer with which the TOE participates in VPN communications. Remote VPN Endpoints may be any device that supports IPsec VPN communications.

NTP Server

No

The TOE supports communications with an NTP server in order to synchronize the date and time on the TOE with the NTP server’s date and time. A solution must be used that supports secure communications with up to a 32 character key.

Syslog Server

Yes

This includes any syslog server to which the TOE would transmit syslog messages. Also referred to as audit server in the ST

9

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

Component Another instance of the TOE

Required No

Usage/Purpose Description for TOE performance Includes “another instance of the TOE” that would be installed in the evaluated configuration, and likely administered by the same personnel. Used as a VPN peer.

1.3 TOE DESCRIPTION This section provides an overview of the Cisco ISR G2, ISR-800 and CGR 2010 Target of Evaluation (TOE).  ISR G2 – The TOE is comprised of both software and hardware. The hardware is comprised of the following: Cisco 1905 ISR, Cisco 1921 ISR, Cisco 1941 ISR, Cisco 1941W ISR, Cisco 2901 ISR, Cisco 2911 ISR, Cisco 2921 ISR, Cisco 2951 ISR, Cisco 3925 ISR, Cisco 3925E ISR, Cisco 3945 ISR, Cisco 3945E ISR, ISM-VPN-19, ISM-VPN-29, ISM-VPN-39. The software is comprised of the Universal Cisco Internet Operating System (IOS) software image Release 15.5(3)M. The Cisco Integrated Service Routers Generation 2 primary features include the following: • Central processor that supports all system operations; • Dynamic memory, used by the central processor for all system operation. • Flash memory (EEPROM), used to store the Cisco IOS image (binary program). • USB port (v2.0) o Type A for Storage, all Cisco supported USB flash drives. o Type mini-B as console port in the front. • Non-volatile read-only memory (ROM) is used to store the bootstrap program and poweron diagnostic programs. • Non-volatile random-access memory (NVRAM) is used to store router configuration parameters that are used to initialize the system at start-up. • Physical network interfaces (minimally two) (e.g. RJ45 serial and standard 10/100/1000 Ethernet ports). Some models have a fixed number and/or type of interfaces; some models have slots that accept additional network interfaces. • Support a variety of power supply configurations including PoE. The power supplies for the Cisco 2900 series ISR G2s are field replaceable and externally accessible with the exception of the Cisco 2901 ISR G2. The Cisco 2901 ISR G2 has an internal power supply, which requires removing the cover for replacement. If configured with dual power supplies or a Redundant power supplies (RPS), the power supplies are hot swappable. • Real-Time Clock with battery. This battery lasts the life of the router under the operating environmental conditions specified for the router, and is not field-replaceable. • IPsec communication channels. • The 1900 series only supports the GE ports. The 2900 and 3900 series support the GE and SFP ports as described below. o GE Ports - The GE RJ-45 copper interface ports support 10BASE-T, 100BASETX, and 1000BASE-T.

10

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

o SFP Ports - The small-form-factor pluggable (SFP) ports support 1000BASELX/LH, 1000BASE-SX, 1000BASE-ZX, and Coarse Wavelength-Division Multiplexing (CWDM-8) modules, as well as 100Mbs SFP modules.  ISR-800 The TOE is comprised of both software and hardware. The hardware is comprised of the following models: C819G-4G-GA-K9, C819G-4G-NA-K9, C819G-4G-ST-K9, C819G-4G-VZK9, C819HG-4G-A-K9, C819HG-4G-G-K9, C819HG-4G-V-K9, C881-K9, C881G-4G-GA-K9, C891F-K9, C891FW-A-K9, C891FW-E-K9. The software is comprised of the Universal Cisco Internet Operating System (IOS) software image Release 15.5(3)M. The important features of the Cisco ISR-800 include the following –  Secure broadband and Metro Ethernet access with concurrent services for enterprise small branch offices.  Redundant WAN links: Fast Ethernet (FE), V.92, ISDN Basic, Rate Interface (BRI), Gigabit Ethernet (GE), ADSL2+/VDSL (Annex A/B/M), Multimode G.SHDSL, and Small Form-Factor Pluggable (SFP)  Site-to-site remote-access and VPN services: IP Security (IPsec) VPNs  1000BASE-T Gigabit Ethernet WAN port  10/100BASE-T Fast Ethernet WAN port on the Cisco 891 or 1-port Gigabit Ethernet WAN port  1-port Gigabit Ethernet SFP socket for WAN connectivity  Dedicated console and auxiliary ports for configuration and management  CGR 2010 The TOE is comprised of both software and hardware. The hardware is comprised of the CGR 2010 model. The software is comprised of the Universal Cisco Internet Operating System (IOS) software image Release 15.5(3)M. Some of the most important features of the CGR include –  Hardened design ruggedized for substation compliance featuring no fans or moving parts.  Supports front or reverse cabling for maximum installation flexibility.  Powered by a high-performance multicore processor that can support high-speed WAN connections while also running multiple concurrent services.  Dual Gigabit Ethernet WAN interfaces, supporting two GE Fiber, or two GE Copper, or one of each interface  All onboard WAN ports are Gigabit Ethernet WAN routed ports.  Both Ethernet WAN ports on the CGR 2010 support the Small Form-Factor Pluggable (SFP)-based connectivity in lieu of a RJ-45 port.  Two high-speed USB 2.0 ports are supported.  Duplicated LEDs on both ends of the CGR 2010 to provide ease of use in either mounting option.  Two external Compact Flash slots available that can support rugged, high-speed storage compact flash cards upgradeable to 4 GB in density. o First compact Flash slot supports the Cisco IOS Software and configuration. o Second compact flash is available for additional memory storage. 11

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

Cisco IOS is a Cisco-developed highly configurable proprietary operating system that provides for efficient and effective routing and switching. Although IOS performs many networking functions, this TOE only addresses the functions that provide for the security of the TOE itself as described in Section 1.6 Logical Scope of the TOE. All of the routers included in the TOE implement the security functions the same way and implement the same set of security functions and SFRs; the difference between the different models is related to performance and/or other non-security relevant factors. The following figure provides a visual depiction of an example TOE deployment. Figure 1 TOE Example Deployment

VPN Peer (Mandatory)

Local Console (Mandatory)

VPN Peer (Mandatory)

TOE [ISR G2, ISR-800 and CGR 2010]

Syslog Server (Mandatory)

AAA Server (Optional)

CA (Mandatory)

12

NTP Server(Optional)

Management Workstation (Mandatory)

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

= TOE Boundary

The previous figure includes the following:  TOE (any of the ISR G2, ISR-800 and CGR 2010 models listed in Table 2  The following are considered to be in the IT Environment: o (2) VPN Peers o Management Workstation o Authentication Server o NTP Server o Syslog Server o Local Console o CA The ISR G2, ISR-800 and CGR 2010 routers will henceforth be referred to as TOE in the rest of the document.

1.4 TOE Evaluated Configuration The TOE consists of one or more physical devices as specified in section 1.5 below and includes the Cisco IOS software. The TOE has two or more network interfaces and is connected to at least one internal and one external network. The Cisco IOS configuration determines how packets are handled to and from the TOE’s network interfaces. The router configuration will determine how traffic flows received on an interface will be handled. Typically, packet flows are passed through the internetworking device and forwarded to their configured destination. BGP, EIGRP, EIGRPv6 for IPv6 OSPF, OSPFv3 for IPv6, PIM, and RIPv2 routing protocols are used on all of the ISR models. The TOE can optionally connect to an NTP server on its internal network for time services. Also, if the ISR is to be remotely administered, then the management station must be connected to an internal network, SSHv2 must be used to connect to the switch. A syslog server is also used to store audit records. The TOE can leverage the services provided by this RADIUS AAA server to provide single-use authentication to administrators. A CA server is used to provide the TOE with a valid certificate during certificate enrollment. If these servers are used, they must be attached to the internal (trusted) network. The internal (trusted) network is meant to be separated effectively from unauthorized individuals and user traffic; one that is in a controlled environment where implementation of security policies can be enforced.

1.5 Physical Scope of the TOE The TOE is a hardware and software solution that makes up the router models as follows:  Cisco 1905 ISR  Cisco 1921 ISR  Cisco 1941 ISR  Cisco 1941W ISR 13

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

                    

Cisco 2901 ISR Cisco 2911 ISR Cisco 2921 ISR Cisco 2951 ISR Cisco 3925 ISR Cisco 3925E ISR Cisco 3945 ISR Cisco 3945E ISR C819G-4G-GA-K9 C819G-4G-NA-K9 C819G-4G-ST-K9 C819G-4G-VZ-K9 C819HG-4G-A-K9 C819HG-4G-G-K9 C819HG-4G-V-K9 C881-K9 C881G-4G-GA-K9 C891F-K9 C891FW-A-K9 C891FW-E-K9 Cisco CGR 2010

The network, on which they reside, is considered part of the environment. The TOE guidance documentation that is considered to be part of the TOE can be found listed in the Cisco ISR G2, ISR-800 and CGR 2010 Series Common Criteria Operational User Guidance and Preparative Procedures document and are downloadable from the http://cisco.com web site. The TOE is comprised of the following physical specifications as described in Table 4 below: Table 4 ISR G2 Hardware Models and Specifications Hardware Cisco 1905 ISR G2

Cisco 1921 ISR G2

Picture

Size 1.75 x 13.5 x 11.5 in.

Power 100-240V

Interfaces (1) slot for IT environment provided EHWICs (2) Integrated 10/100/1000 Gigabit Ethernet WAN Ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port

1.75 x 13.5 x 11.5 in.

100-240V

(2) slots for IT environment provided EHWICs (2) Integrated WAN Ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (2) 10/100/1000 Ethernet Ports

14

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

Hardware Cisco 1941 ISR G2

Picture

Size 3.5 in x 13.5 in x 11.5 in

Power 100-240 V

Interfaces (2) slots for IT environment provided EHWICs (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (2) 10/100/1000 Ethernet Ports

Cisco 1941W ISR G2

3.5 in x 13.5 in x 11.5 in

100-240 V

(2) slots for IT environment provided EHWICs (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (2) 10/100/1000 Ethernet Ports Dual Radios for 802.11b/g/n and 802.11a/n modes 2 x 3 multiple input, multiple output (MIMO) radio operation

Cisco 2901 ISR G2

1.75 x 17.25 x 17.3 in.

100 to 240 VAC auto ranging

(4) slots for IT environment provided EHWICs (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (2) 10/100/1000 Ethernet Ports

Cisco 2911 ISR G2

3.5 x 17.25 x 12 in.

100 to 240 VAC auto ranging

4) slots for IT environment provided EHWICs (1) Service module port (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (3) 10/100/1000 Ethernet Ports

Cisco 2921 ISR G2

3.5 x 17.25 x 18.5 in.

100 to 240 VAC auto ranging

(4) slots for IT environment provided EHWICs (1) SFP-based ports (2) Service module ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (3) 10/100/1000 Ethernet Ports

Cisco 2951 ISR G2

3.5 x 17.25 x 18.5 in.

100 to 240 VAC auto ranging

(4) slots for IT environment provided EHWICs (1) SFP-based ports (2) Service module ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (3) 10/100/1000 Ethernet Ports

15

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

Hardware Cisco 3925 ISR G2

Picture

Size 5.25 x 17.25 x 18.75 in.

Power 100 to 240 VAC autoranging

Interfaces (4) slots for IT environment provided EHWICs (2) SFP-based ports (2) Service module ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (3) 10/100/1000 Ethernet Ports

Cisco 3925E ISR G2

5.25 x 17.25 x 18.75 in.

100 to 240 VAC autoranging

(3) slots for IT environment provided EHWICs (2) SFP-based ports (2) Service module ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (4) GigE Ports (4) 10/100/1000 Ethernet Ports

Cisco 3945 ISR G2

5.25 x 17.25 x 18.75 in.

100 to 240 VAC autoranging

(4) slots for IT environment provided EHWICs (2) SFP-based ports (4) Service module ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (3) 10/100/1000 Ethernet Ports

Cisco 3945E ISR G2

5.25 x 17.25 x 18.75 in.

100 to 240 VAC autoranging

(3) slots for IT environment provided EHWICs (2) SFP-based ports (4) Service module ports (1) USB Console Port (1) Serial Console Port (1) Auxiliary Port (4) GigE Ports (4) 10/100/1000 Ethernet Ports

ISM-VPN-19

0.85 x 4 x 6.1 in.

20W

N/A

ISM-VPN-29 ISM-VPN-39

ISR 800 Hardware Models and Specifications Hardware

Picture

Size

Power Specifications

16

Interfaces

Cisco ISR G2, ISR-800 and CGR 2010 Security Target

Hardware Cisco ISRC819G-4G-GAK9

Picture

Size

1.67 x 7.7 x 7.2 in. (42 x 196 x 183 mm)

Default and Maximum DRAM – 1 GB Default and Maximum Flash memory – 1 GB

Cisco ISRC819G-4G-NAK9

Default and Maximum DRAM – 1 GB Default and Maximum Flash memory – 1 GB

Power Specifications

AC Power Adapter: • Maximum power consumption: 25W • Input voltage and currents supported: 100-264 VAC