Secure Computing Soft-PK Version 5.1.3 Build 4, SafeNet manual How this guide is, Organized

Page 8

P

How this guide is organized

How this guide is

This guide contains the following chapters.

organized

 

 

Chapter Title

Description

 

 

 

 

 

Chapter 1:

Presents an overview of the Soft-PK and the

 

Getting Started

Sidewinder Virtual Private Network (VPN)

 

 

environment and describes the requirements. It

 

 

includes a checklist to guide you through the

 

 

basic steps to setup and deploy a VPN.

 

 

 

 

Chapter 2:

Provides information to help you understand key

 

Planning your VPN

concepts and options that are involved in a VPN

 

Configuration

connection.

 

 

 

 

Chapter 3:

Provides a summary of Sidewinder procedures

 

Configuring Sidewinder

associated with setting up and configuring Soft-

 

for Soft-PK Clients

PK connections in your network.

 

 

Note: Perform these procedures before you

 

 

configure your Soft-PK clients.

 

 

 

 

Chapter 4:

Includes Soft-PK installation notes and describes

 

Installing and Working

the basic Soft-PK procedures for managing

 

with Soft-PK

certificates and creating a customized Soft-PK

 

 

security policy for your remote clients.

 

 

 

 

Chapter 5:

Summarizes the steps for preparing and

 

Deploying Soft-PK to Your

deploying the Soft-PK software, digital certificate

 

End Users

files, and security policy to your end users. It is

 

 

based on a worksheet (in MS Word format) that

 

 

you edit and send to each remote end user.

 

 

 

 

Appendix A:

Provides a summary of troubleshooting

 

Troubleshooting

techniques available for resolving Soft-PK and

 

 

Sidewinder VPN connection problems.

 

 

 

Finding information

This guide is in Acrobat (softcopy) format only and does not contain

 

an index. However, you can use Acrobat’s Find feature to search for

 

every instance of any word or phrase that you want.

vi

Preface: About this Guide

Image 8
Contents VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK About this Guide Who should read this guide?How this guide is OrganizedAbout Soft-PK About SidewinderAbout digital certificates Viewing and printing this document onlineViii Getting Started About this chapterAbout Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirementsSoft-PK requirements Roadmap to deploying your VPNs Sidewinder system 4c1 Define remote identities within SidewinderPlan your VPN configuration Satisfy Sidewinder, network, & system requirementsIf using pre-shared keys passwords Create/Request the digital certificatesConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Identifying authentication requirements Using digital certificate authenticationPrivate key file Certificate file with public keyCloser look at self-signed certificates No CA neededFor a small number of VPN ClientsUnderstanding pre-shared key authentication Closer look at CA-based certificatesExtended authentication Determining where you will terminate your VPNs VPN tunnel terminating on trusted burbDefining a virtual burb Select Firewall Administration Burb ConfigurationMore about virtual burbs and VPNs Understanding Sidewinder client address pools SidewinderUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Enable the cmd, egd, and isakmp servers Click Apply Configure the Isakmp serverEnable Select VPN Configuration Isakmp ServerConfiguring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificateMail Address Specify the following Firewall Certificate settingsClick OK when done Select the Remote Certificates tab. Click New Select Services Configuration Certificate ManagementCreating & exporting remote certificates Specify the following Remote Certificate settings Click Add to add the certificate to the Certificates listKey File GeneratedReturn to for each remote client Managing CA- based certificates Defining a CA to use and obtaining the CA root certRequesting a certificate for the firewall Retrieve the key, revoke, etc Specify the firewall certificate informationClick Add to send the enrollment request Determining identifying information for client certificates Defining remote client identities in Sidewinder Certificate Identities defined on the firewallManaging pre- shared keys passwords Configuring the VPN on the Sidewinder Field Setting Local Network/IP Enabled Select Yes BurbNew button to specify the IP Address / Hostname Example, if you specify 24 with an IP addressRequire Extended Enable this checkbox Authentication Certificate VPN from the list provided Firewall IdentityType Firewall to the remote client Value This field cannot be editedEdited TypeClient Remote Identity Save your settings!4. Click Add to save the settingsClick Close Page Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variationsMeans Soft-PK security policy is currently active Right-click the Soft-PK tray icon to access menuActivating/Deactivating Soft-PK About the Soft-PK program options Certificate ManagerSecurity Policy Editor Log ViewerSetting up Sidewinder self-signed certificates Managing certificates on Soft-PKSetting up CA-based certificates Select the Generate Exportable Key check box Click Advanced to select a certificate service providerGet your CA administrator to approve your request Importing certificate in Soft-PK Verification window Import Certificate Password Window Importing a personal certificate into Soft-PKCertificate file Configuring a security policy on the Soft-PK Select Options Secure Specified ConnectionsIf using digital certificates Enable the Connect using Secure Gateway Tunnel boxSpecify the interface information New connection Named SecureVPNConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields SA Life Select Unspecified to default to Sidewinder settings Optional Click Save to save the policy on this systemPage Deploying Soft-PK to Your End Users Format OverviewWord Cannot modify Soft-PK setup.exe file and supporting filesSecurity policy Specifying dial-up network instructions Specifying installation instructionsCustomizing the user worksheet Specifying certificate import/request instructions Specifying security policy instructions Specifying basic connection informationSoft-PK Log Viewer About this appendixSoft-PK Connection Monitor More about the Connection Monitor To view the detailsSidewinder troubleshooting commands Page Part Number 86-0935037-A