Secure Computing Sidewinder Version 5.1.0.02, SafeNet manual Soft-PK installation notes

Page 52

Soft-PK installation notes

4

Soft-PK installation notes

Note the following about installing, removing, or upgrading Soft-PK software. You can customize the UserWorksheet.doc file located on the product CD to specify detailed installation instructions to your end users. (See Chapter 5 for details.)

Table 4-1. Soft-PK install/uninstall task summary

Task

Notes

 

 

 

 

 

Uninstall any

Prior to installing Soft-PK on any system, uninstall/remove

existing VPN

any other VPN client programs that reside on the system.

client programs

Uninstall using the Control Panel’s Add/Remove program

 

 

and reboot your computer before beginning the Soft-PK

 

installation or upgrade.

 

 

 

 

IMPORTANT: This applies to any previous copies of

 

 

 

 

 

 

 

SecureClient software.

 

 

 

 

 

Installing

To install Soft-PK, run the Autorun program from the Soft-PK

Soft-PK

CD. (If Autorun is disabled, you can also run the setup.exe

 

program in the SoftPK directory.)

 

For Windows NT or 2000, be sure to log in as Administrator

 

or equivalent.

 

 

 

 

TIP: When setting up remote installations, you may

 

 

 

 

 

 

 

 

elect to provide the installation Autorun/setup.exe

 

 

 

 

program to your end users via other means (for

 

example, provide a zip distribution or network-based

 

installation).

 

Note: Soft-PK may warn of an error on install when PPTP is

 

already installed on the client system. This is not a concern

 

when establishing Soft-PK to Sidewinder VPNs. Bypass the

 

warning (press OK) and continue the installation normally

 

(press next).

 

 

 

 

 

Uninstalling

To remove Soft-PK, follow the standard Windows Uninstall

Soft-PK

program.

 

 

 

 

IMPORTANT: When you remove this software and

 

 

 

 

 

 

 

 

its components, you have the option to keep your

 

 

 

 

security policy, digital certificates, and private keys.

 

This is recommended if you are uninstalling before an

 

upgrade.

 

 

 

 

 

Upgrading

Before upgrading or reinstalling Soft-PK, uninstall any

Soft-PK

previous versions as noted above.

 

 

 

 

 

4-2

Installing and Working with Soft-PK

Page 51 Page 53
Image 52
Page 51 Page 53
Contents VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK About this Guide Who should read this guide?How this guide is OrganizedAbout Soft-PK About SidewinderAbout digital certificates Viewing and printing this document onlineViii Getting Started About this chapterAbout Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirementsSoft-PK requirements Roadmap to deploying your VPNs Sidewinder system 4c1 Define remote identities within SidewinderPlan your VPN configuration Satisfy Sidewinder, network, & system requirementsIf using pre-shared keys passwords Create/Request the digital certificatesConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Identifying authentication requirements Using digital certificate authenticationPrivate key file Certificate file with public keyCloser look at self-signed certificates No CA neededFor a small number of VPN ClientsUnderstanding pre-shared key authentication Closer look at CA-based certificatesExtended authentication Determining where you will terminate your VPNs VPN tunnel terminating on trusted burbMore about virtual burbs and VPNs Select Firewall Administration Burb ConfigurationDefining a virtual burb Understanding Sidewinder client address pools SidewinderUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Enable the cmd, egd, and isakmp servers Click Apply Configure the Isakmp serverEnable Select VPN Configuration Isakmp ServerConfiguring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificateClick OK when done Specify the following Firewall Certificate settingsMail Address Creating & exporting remote certificates Select Services Configuration Certificate ManagementSelect the Remote Certificates tab. Click New Specify the following Remote Certificate settings Click Add to add the certificate to the Certificates listKey File GeneratedReturn to for each remote client Managing CA- based certificates Defining a CA to use and obtaining the CA root certRequesting a certificate for the firewall Click Add to send the enrollment request Specify the firewall certificate informationRetrieve the key, revoke, etc Determining identifying information for client certificates Defining remote client identities in Sidewinder Certificate Identities defined on the firewallManaging pre- shared keys passwords Configuring the VPN on the Sidewinder Field Setting Local Network/IP Enabled Select Yes BurbNew button to specify the IP Address / Hostname Example, if you specify 24 with an IP addressRequire Extended Enable this checkbox Authentication Certificate VPN from the list provided Firewall IdentityType Firewall to the remote client Value This field cannot be editedClient TypeEdited Click Close Save your settings!4. Click Add to save the settingsRemote Identity Page Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variationsActivating/Deactivating Soft-PK Right-click the Soft-PK tray icon to access menuMeans Soft-PK security policy is currently active About the Soft-PK program options Certificate ManagerSecurity Policy Editor Log ViewerSetting up Sidewinder self-signed certificates Managing certificates on Soft-PKSetting up CA-based certificates Get your CA administrator to approve your request Click Advanced to select a certificate service providerSelect the Generate Exportable Key check box Importing certificate in Soft-PK Verification window Import Certificate Password Window Importing a personal certificate into Soft-PKCertificate file Configuring a security policy on the Soft-PK Select Options Secure Specified ConnectionsIf using digital certificates Enable the Connect using Secure Gateway Tunnel boxSpecify the interface information New connection Named SecureVPNConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields SA Life Select Unspecified to default to Sidewinder settings Optional Click Save to save the policy on this systemPage Deploying Soft-PK to Your End Users Word OverviewFormat Security policy Soft-PK setup.exe file and supporting filesCannot modify Customizing the user worksheet Specifying installation instructionsSpecifying dial-up network instructions Specifying certificate import/request instructions Specifying security policy instructions Specifying basic connection informationSoft-PK Log Viewer About this appendixSoft-PK Connection Monitor More about the Connection Monitor To view the detailsSidewinder troubleshooting commands Page Part Number 86-0935037-A
Top Page Image Contents