Secure Computing SafeNet, Sidewinder Version 5.1.0.02 manual Copyright Notice

Page 3

Copyright Notice

This document and the software described in it are copyrighted. Under the copyright laws, neither this document nor this software may be copied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior written authorization of Secure Computing Corporation. Copyright © 2001, Secure Computing Corporation. All rights reserved. Made in the U.S.A.

Trademarks

Secure Computing, Sidewinder, Type Enforcement, and Strikeback are either registered trademarks or trademarks of Secure Computing Corporation. All other trademarks, tradenames, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners.

Secure Computing Corporation Software License Agreement

CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE LOADING THE SOFTWARE. BY LOADING THE SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

Secure Computing Corporation ("Secure Computing") provides its software and licenses its use either directly or through authorized dealers. You assume responsibility for the selection of the programs to achieve your intended results, and for the installation (unless installation is purchased from Secure Computing or an authorized dealer), use, and results obtained from the programs.

1. Grant of License

Secure Computing grants to you, and you accept, a non-exclusive, and non-transferable license (without right to sub- license) to use the Software Products as defined herein on a single machine.

2. Software Products

"Software Products" mean (i) the machine-readable object-code versions of the Software of Secure Computing contained in the media (the "Software"), (ii) the published user manuals and documentation that are made available for the Software (the "Documentation"), and (iii) any updates or revisions of the Software or Documentation that you may receive (the "Update"). Under no circumstances will you receive any source code of the Software. Software Products provided for use as "backup" in the event of failure of a primary unit may be used only to replace the primary unit after a failure in fact occurs. They may not be used to provide any capability in addition to the functioning primary system that they backup.

3. Use

You may not transfer any Software Products to any third party. You may not copy, translate, modify, sub-license, adapt, decompile, disassemble, or reverse engineer any Software Product in whole or in part except to make one copy of the Software solely for back-up or archival purposes.

4. Limited Warranty and Remedies

Secure Computing warrants that the disk(s) or tape(s) on which its Software is recorded is/are free from defects in material and workmanship under normal use and service for a period of ninety (90) days from the date of shipment to you.

Secure Computing does not warrant that the functions contained in the Software will meet your requirements or that operation of the program will be uninterrupted or error-free. The Software is furnished "AS IS" and without warranty as to the performance or results Licensee may obtain by using the Software. The entire risk as to the results and performance of the Software is assumed by Licensee. If Licensee does not receive media which is free from defects in materials and workmanship during the 90-day warranty period, Licensee will receive a refund for the amount Licensee paid for the Software Product returned.

5. Limitation of Warranty and Remedies

THE WARRANTIES STATED HEREIN ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES AND COUNTRIES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS WHICH VARY BY STATE OR COUNTRY.

i

Image 3
Contents VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK Who should read this guide? About this GuideOrganized How this guide isViewing and printing this document online About Soft-PKAbout Sidewinder About digital certificatesViii About this chapter Getting StartedAbout Soft-PK & Sidewinder VPNs Sidewinder and other network requirements RequirementsSoft-PK requirements Roadmap to deploying your VPNs 4c1 Define remote identities within Sidewinder Sidewinder systemSatisfy Sidewinder, network, & system requirements Plan your VPN configurationCreate/Request the digital certificates If using pre-shared keys passwordsConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Certificate file with public key Identifying authentication requirementsUsing digital certificate authentication Private key fileClients Closer look at self-signed certificatesNo CA needed For a small number of VPNCloser look at CA-based certificates Understanding pre-shared key authenticationExtended authentication VPN tunnel terminating on trusted burb Determining where you will terminate your VPNsSelect Firewall Administration Burb Configuration More about virtual burbs and VPNsDefining a virtual burb Sidewinder Understanding Sidewinder client address poolsUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Select VPN Configuration Isakmp Server Enable the cmd, egd, and isakmp serversClick Apply Configure the Isakmp server EnableConfiguring ACL & proxies entries for VPN connections Creating & exporting a firewall certificate Managing Sidewinder self- signed certsSpecify the following Firewall Certificate settings Click OK when doneMail Address Select Services Configuration Certificate Management Creating & exporting remote certificatesSelect the Remote Certificates tab. Click New Generated Specify the following Remote Certificate settingsClick Add to add the certificate to the Certificates list Key FileReturn to for each remote client Defining a CA to use and obtaining the CA root cert Managing CA- based certificatesRequesting a certificate for the firewall Specify the firewall certificate information Click Add to send the enrollment requestRetrieve the key, revoke, etc Determining identifying information for client certificates Certificate Identities defined on the firewall Defining remote client identities in SidewinderManaging pre- shared keys passwords Configuring the VPN on the Sidewinder Example, if you specify 24 with an IP address Field Setting Local Network/IPEnabled Select Yes Burb New button to specify the IP Address / HostnameThis field cannot be edited Require Extended Enable this checkbox AuthenticationCertificate VPN from the list provided Firewall Identity Type Firewall to the remote client ValueType ClientEdited Save your settings!4. Click Add to save the settings Click CloseRemote Identity Page Installing and Working with Soft-PK Soft-PK installation notes Determining Soft-PK status from icon variations Starting Soft-PKRight-click the Soft-PK tray icon to access menu Activating/Deactivating Soft-PKMeans Soft-PK security policy is currently active Log Viewer About the Soft-PK program optionsCertificate Manager Security Policy EditorManaging certificates on Soft-PK Setting up Sidewinder self-signed certificatesSetting up CA-based certificates Click Advanced to select a certificate service provider Get your CA administrator to approve your requestSelect the Generate Exportable Key check box Importing certificate in Soft-PK Verification window Importing a personal certificate into Soft-PK Import Certificate Password WindowCertificate file Select Options Secure Specified Connections Configuring a security policy on the Soft-PKNew connection Named SecureVPN If using digital certificatesEnable the Connect using Secure Gateway Tunnel box Specify the interface informationConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields Optional Click Save to save the policy on this system SA Life Select Unspecified to default to Sidewinder settingsPage Deploying Soft-PK to Your End Users Overview WordFormat Soft-PK setup.exe file and supporting files Security policyCannot modify Specifying installation instructions Customizing the user worksheetSpecifying dial-up network instructions Specifying certificate import/request instructions Specifying basic connection information Specifying security policy instructionsAbout this appendix Soft-PK Log ViewerSoft-PK Connection Monitor To view the details More about the Connection MonitorSidewinder troubleshooting commands Page Part Number 86-0935037-A