Secure Computing Sidewinder Version 5.1.0.02 Configure the VPN connections on the Sidewinder

Page 19

Roadmap to deploying your VPNs

5 —Configure the VPN connections on the Sidewinder

Use Cobra to define the VPN security association configuration. See "Configuring the VPN on the Sidewinder" on page 3-15 for details.

Enable Extended Authentication.

6 — Configure the certificates and security policy(ies) for your remote users

Install your copy of Soft-PK. See "Soft-PK installation notes" on page 4-2 for details.

Use Soft-PK to set up the certificates needed by each end users. See

TIP: Use the UserWorksheet.doc file on the Soft-PK CD

as a starting point to define the information each end user will need to install and quickly set up Soft-PK for your network.

Use Soft-PK to create and save security policies that are customized for your end users. See "Configuring a security policy on the Soft-PK" on page 4-13 for details.

7 — Prepare and deploy your Soft-PK installation package to remote users

Prepare the files you will distribute to your end users. For details, see "Overview" on page 5-2.

Create Soft-PK installation and configuration instructions for your end users. For details, see "Customizing the user worksheet" on page 5-4.

If necessary, define configuration steps for the Windows Dial-Up Networking feature on each machine on which you are installing and using Soft-PK. For details, see "Specifying dial-up network instructions" on page 5-4.

Specify the Soft-PK installation instructions. For details, see "Specifying installation instructions" on page 5-4.

Specify the instructions for importing/requesting/setting up client certificates. For details, see "Specifying certificate import/request instructions" on page 5-5.

Specify the instructions for establishing a security association. For details, see "Specifying security policy instructions" on page 5-6.

Send the Soft-PK deployment software and files to your end users.

More...

Getting Started

1-9

 

 

Image 19
Contents VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK Who should read this guide? About this GuideOrganized How this guide isViewing and printing this document online About Soft-PKAbout Sidewinder About digital certificatesViii About this chapter Getting StartedAbout Soft-PK & Sidewinder VPNs Sidewinder and other network requirements RequirementsSoft-PK requirements Roadmap to deploying your VPNs 4c1 Define remote identities within Sidewinder Sidewinder systemSatisfy Sidewinder, network, & system requirements Plan your VPN configurationCreate/Request the digital certificates If using pre-shared keys passwordsConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Certificate file with public key Identifying authentication requirementsUsing digital certificate authentication Private key fileClients Closer look at self-signed certificatesNo CA needed For a small number of VPNCloser look at CA-based certificates Understanding pre-shared key authenticationExtended authentication VPN tunnel terminating on trusted burb Determining where you will terminate your VPNsMore about virtual burbs and VPNs Select Firewall Administration Burb ConfigurationDefining a virtual burb Sidewinder Understanding Sidewinder client address poolsUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Select VPN Configuration Isakmp Server Enable the cmd, egd, and isakmp serversClick Apply Configure the Isakmp server EnableConfiguring ACL & proxies entries for VPN connections Creating & exporting a firewall certificate Managing Sidewinder self- signed certsClick OK when done Specify the following Firewall Certificate settingsMail Address Creating & exporting remote certificates Select Services Configuration Certificate ManagementSelect the Remote Certificates tab. Click New Generated Specify the following Remote Certificate settingsClick Add to add the certificate to the Certificates list Key FileReturn to for each remote client Defining a CA to use and obtaining the CA root cert Managing CA- based certificatesRequesting a certificate for the firewall Click Add to send the enrollment request Specify the firewall certificate informationRetrieve the key, revoke, etc Determining identifying information for client certificates Certificate Identities defined on the firewall Defining remote client identities in SidewinderManaging pre- shared keys passwords Configuring the VPN on the Sidewinder Example, if you specify 24 with an IP address Field Setting Local Network/IPEnabled Select Yes Burb New button to specify the IP Address / HostnameThis field cannot be edited Require Extended Enable this checkbox AuthenticationCertificate VPN from the list provided Firewall Identity Type Firewall to the remote client ValueClient TypeEdited Click Close Save your settings!4. Click Add to save the settingsRemote Identity Page Installing and Working with Soft-PK Soft-PK installation notes Determining Soft-PK status from icon variations Starting Soft-PKActivating/Deactivating Soft-PK Right-click the Soft-PK tray icon to access menuMeans Soft-PK security policy is currently active Log Viewer About the Soft-PK program optionsCertificate Manager Security Policy EditorManaging certificates on Soft-PK Setting up Sidewinder self-signed certificatesSetting up CA-based certificates Get your CA administrator to approve your request Click Advanced to select a certificate service providerSelect the Generate Exportable Key check box Importing certificate in Soft-PK Verification window Importing a personal certificate into Soft-PK Import Certificate Password WindowCertificate file Select Options Secure Specified Connections Configuring a security policy on the Soft-PKNew connection Named SecureVPN If using digital certificatesEnable the Connect using Secure Gateway Tunnel box Specify the interface informationConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields Optional Click Save to save the policy on this system SA Life Select Unspecified to default to Sidewinder settingsPage Deploying Soft-PK to Your End Users Word OverviewFormat Security policy Soft-PK setup.exe file and supporting filesCannot modify Customizing the user worksheet Specifying installation instructionsSpecifying dial-up network instructions Specifying certificate import/request instructions Specifying basic connection information Specifying security policy instructionsAbout this appendix Soft-PK Log ViewerSoft-PK Connection Monitor To view the details More about the Connection MonitorSidewinder troubleshooting commands Page Part Number 86-0935037-A