没有合适的资源?快使用搜索试试~ 我知道了~
ASA防火墙所有型号参数借鉴.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 198 浏览量
2021-12-25
17:37:49
上传
评论
收藏 398KB PDF 举报
温馨提示
试读
11页
ASA防火墙所有型号参数借鉴.pdf
资源推荐
资源详情
资源评论
Export Compliance Guide and Q&A
All contents are Copyright ? 1992 –2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 11
Export Compliance Guide for Cisco ASA 5500 Series
Adaptive Security Appliances
Cisco
?
ASA 5500 Series adaptive security appliances are purpose-built solutions that
combine best-in-class security and VPN services with an innovative, extensible services
architecture. Designed as a core component of the Cisco Self-Defending Network, the
Cisco ASA 5500 Series provides proactive threat defense that stops attacks before they
spread through the network, controls network activity and application traffic, and delivers
flexible VPN connectivity. The result is a powerful multifunction network security appliance
family that provides the security breadth and depth for protecting home office, branch
office, small and medium-sized business, and enterprise networks while reducing the
overall deployment and operations costs and complexities associated with providing this
new level of security.
This Cisco ASA 5500 Series export compliance guide outlines the export classifications
for products that belong to the Cisco ASA 5500 Series product family in accordance with
U.S. Department of Commerce Export Administration Regulations. This is accomplished
through the following series of questions and answers.
Figure 1. Cisco ASA 5500 Series Adaptive Security Appliances
Q.
What is an export?
A.
An export is the transfer of products, software, or technology to persons or territories via
verbal, physical, or electronic means.
Q.
How are end users and destinations categorized with respect to export control?
A.
End users fall into three categories: sanctioned entities, government and military, and others.
No sale is allowed to sanctioned entities listed on the U.S. Denied Party List (DPL).
Government and military may require a license for certain product categories in non-exempted
countries. A list of exempted countries is available on the Cisco Regulatory Affairs Website.
No license is required by entities in the “others ” category.
Q. What is a sanctioned entity?
Export Compliance Guide and Q&A
All contents are Copyright ? 1992 –2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 11
A.
A sanctioned entity is an individual and/or entity that has been denied export privileges
because they have willfully violated international treaties and local laws.
Q.
How do we find out if a customer is sanctioned?
A.
To find out if a customer is sanctioned, refer to the DPL at Cisco Regulatory Affairs:
http://www.cisco.com/wwl/export/compliance_provision.html . More information is also
available at the U.S. Department of Commerce: http://www.bis.doc.gov .
Q.
What is a government end user?
A.
A government end user is any foreign central, regional, or local government department,
agency, or other entity performing governmental functions. This includes governmental
research institutions; governmental corporations or their separate business units that are
engaged in the manufacture or distribution of items or services controlled on the Wassenaar
Munitions List; and international governmental organizations. Certain state-owned enterprises
qualify under license exception and as such are not subject to license requirements.
Q.
Which destinations are embargoed or prohibited to receive Cisco products, technology,
or services exported from the United States?
A.
For a list of embargoed or prohibited export destinations, refer to the Regulatory Affairs
Website at: http://www.cisco.com/wwl/export/compliance_provision.html .
Q.
How are Cisco ASA 5500 Series products categorized with respect to export control?
A.
Cisco ASA 5500 Series products fall into one of two encryption categories: unrestricted (retail)
or restricted (non-retail) encryption.
Q.
What is restricted encryption?
A.
Restricted encryption products have symmetric key lengths greater than 64 bits, such as
Advanced Encryption Standard (AES) or Triple Data Encryption Standard (3DES), and are
considered “network infrastructure ” commodities under the U.S. Export Administration
Regulations. Restricted encryption products are not eligible for export to government or
military end users in some countries without an export license. To determine what end users
require an export license for restricted encryption products, visit:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html .
Q.
What is unrestricted encryption?
A.
Unrestricted encryption products also have symmetric key lengths greater than 64 bits, but
they do not meet the network infrastructure criteria of restricted products under the U.S.
Export Regulations. Government and military end users that are not eligible for restricted
encryption without a license may be eligible for unrestricted Cisco ASA 5500 Series products.
To determine what end users are eligible for unrestricted encryption products, visit:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html . For more information, please refer to
the U.S. Export Administration Regulations: http://www.access.gpo.gov/bis/ear/ear_data.html .
Q.
What encryption levels does the Cisco ASA 5500 Series support?
A.
Cisco ASA 5500 Series supports two different levels of encryption. By default, all Cisco ASA
5500 Series appliances support 56-bit DES, 56-bit RC4, 512-bit RSA, and 512-bit Digital
Signature Algorithm (DSA) encryption algorithms included in the base encryption license.
Customers can optionally upgrade to a strong encryption license that adds support for 168-bit
3DES, up to 256-bit AES, up to 128-bit RC4, up to 4096-bit RSA, and up to 1024-bit DSA
encryption algorithms. A strong encryption license can be obtained through Cisco.com, if it
Export Compliance Guide and Q&A
All contents are Copyright ? 1992 –2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 11
was not ordered with the appliance originally. The product part numbers for the base and
strong encryption licenses are listed in Table 3.
Q.
Which Cisco ASA 5500 Series products are classified as unrestricted or restricted?
A.
The Cisco ASA 5500 Series product family does not include any products that are classified
as mass market. The product family, however, includes products that are classified as
unrestricted or restricted. These are listed in the following tables:
●
Table 4 lists encryption classifications for Cisco ASA 5500 Series Edition bundles
●
Table 5 lists encryption classifications for Cisco ASA 5500 Series Security Services
Modules
●
Table 6 lists encryption classifications for Cisco ASA 5500 Series software
●
Table 7 lists encryption classifications for Cisco ASA 5500 Series applications
Q.
What are the license, reporting, and distribution stocking requirements for products
with unrestricted and restricted encryption?
A.
Table 1 summarizes the license, reporting, and distribution stocking requirements for each of
the encryption categories:
Table 1. Export License Requirements for Encryption Classifications
End User Unrestricted Restricted
Sanctioned entities (DPL) No sale No sale
Government and military Export license not required License and written assurance/EPCI required for
restricted users except for those in exempted countries
Others (not sanctioned
entities, government
or military)
Export license not required License and written assurance/EPCI required for
restricted users except for those in exempted countries
Reporting Yes* —Done by Cisco Export team Yes* —Done by Cisco Export team
2-Tier stocking Yes Limited - For distributors not located in exempted
countries, stocking is limited to 5 units for emergency
replacement. End-user information is required at the
time of order entry.
* Report first tier of distribution and/or end-user details, including name, address, date, product description, and
quantity.
Q.
What are the exempted countries (also known as ENC Country Group)?
A.
The exempted countries or exempt government entities are listed here:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html .
Q.
How do I purchase an unrestricted Cisco ASA 5500 Series product?
A.
To purchase any unrestricted product, as long as you do not fall under Sanctioned Entities,
Embargoed Territories, Restricted End-Users or Enterprises under their Control/Ownership,
simply follow normal ordering procedure. No export license is required on a per-sales-order
basis for sales of unrestricted products. Contact Cisco Export Compliance & Regulatory
Affairs for additional guidance. Note: All orders are screened against several export
compliance lists and license determination at the time of order entry.
剩余10页未读,继续阅读
资源评论
gy51338424
- 粉丝: 0
- 资源: 11万+
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功