3Com 3CR990-FX-97 manual Offloading Encryption Processing, Configuring IPSec for Windows

Page 41

Configuring IPSec Offloads

Offloading Encryption Processing

You can configure any two (or more) computers running Windows 2000 or Windows XP to perform IPSec encryption by changing the Local Security Setting in the operating system. With most non-3CR990-FX-97 NICs, all the IPSec processing is done by the host central processing unit (CPU), which significantly diminishes CPU performance. The 3CR990-FX-97 NIC can offload all the encryption processing from the host CPU, thereby freeing the CPU to work on other tasks. The data-encryption offload capability of the 3CR990-FX-97 NIC is enabled at the factory.

For any two or more computers running operating systems other than Windows 2000 or Windows XP (that is, Windows 95/98/Me/NT), IPSec encryption is provided by third-party applications. The 3CR990-FX-97 NIC does not provide IPSec encryption offloading for those operating systems.

Auto-Selecting Basic or Strong Encryption Processing

The 3CR990-FX-97 NIC provides Data Encryption Standard (DES) 56-bit basic encryption processing and 3DES (3DES 168-bit) strong encryption processing. DES and 3DES are IPSec bulk encryption algorithms for coding data. DES encrypts 64-bit data blocks using a 56-bit key. DES can be applied in several modes. 3DES (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. 3DES is also known as 168-bit data encryption.

There is no need to configure the 3CR990-FX-97 NIC to establish a particular encryption setting: the NIC auto-selects the strongest encryption setting based on the data encryption setting of the partner (receiving or sending) node. If the partner node has a 3DES encryption setting, the NIC automatically processes data encryption using the 3DES standard; if the partner node has a DES encryption setting, the NIC automatically processes data encryption using the DES standard; if the partner node has no encryption setting, the NIC automatically processes data in unencrypted form.

Configuring IPSec for Windows 2000

The 3CR990-FX-97 NIC accelerates IP security (IPSec) data encryption from supported operating systems that provide this offload capability. This feature is currently available in the Windows 2000 and Windows XP operating systems.

IPSec primarily consists of two parts:

encryption/decryption

authentication

To send or receive encrypted data in a PC running Windows 2000 with a 3CR990-FX-97 NIC installed, you must first create a security policy, and then enable encryption on the NIC. The security policy establishes and defines how encrypted network traffic between your PC and a specified server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key fields to a packet without altering the packet data content.

33

Page 40 Page 42
Image 41
Page 40 Page 42
Contents 3CR990-FX-97 User GuideUnited States Government Legend Contents Contents Configuring the NIC Installing NetWare DriversTroubleshooting the NIC Installing the 3Com DMI Agent Running NIC DiagnosticsEtherCD Content and Navigation Installing a 3Com NIC While Installing the NOSIndex Regulatory Compliance Information Page Icon Information That About This GuideConventions Convention Description About This GuideOnboard 3XP Processor IntroductionData Encryption Product Name/Description Model NumberIntroduction 3CR990-FX-97 NIC FeaturesSupported NIC Feature Description 3CR990-FX-97 NIC Features Offload FeaturesRemote Wake-Up and Multiple NIC Installations Remote Wake-UpDesktop Management Interface DMI Integrated Boot ROM with Managed PC Boot Agent MBAHot Plug NIC Installation Remote ControlFlow Control Features Keep-AliveLink Negotiation Offline DiagnosticsSafety Precautions Installation OverviewInstalling Multiple NICs Installation RequirementsInstalling and Connecting the NIC Upgrading Windows 95 to WindowsMaking a DOS-Bootable Diskette Installing From DisketteCreating Installation Diskettes Upgrading Windows 98 to Windows MeClick Register Product, and then Register Online Product RegistrationPreparing the NIC and the Computer Connector Cable Maximum Network SegmentPreparing the NIC and the Computer Installing and Connecting the NIC Description Flashing Steady Off Understanding the LEDsInstalling Software Click Downloads Software Installation RequirementsGetting Help Before Installing the Network Driver Installing the Network Driver Using the EtherCDInstalling NIC Drivers and Diagnostics For Windows Installing the DriverVerifying the Driver Installation Installing the Network Driver Using the EtherCDWindows Click Device ManagerClick Have Disk Windows NTInstalling the Network Driver Using the EtherCD Windows Me Windows Windows Installing the Network Driver Using the EtherCD Installing the 3Com NIC Diagnostics Program Starting the 3Com NIC Diagnostics Program Starting the 3Com NIC Diagnostics ProgramWindows XP, Windows 2000, Windows Me, Windows 98 Installing Multiple NICsUpdating the Network Driver and NIC Software Installing Multiple NICs Installing NIC Drivers and Diagnostics For Windows Click Configure Using Windows Offload FeaturesEnabling Offloads Value Offload Function Enabled Using Windows Offload FeaturesConfiguring IPSec Offloads Configuring Offloads for a Group of Different NICsAuto-Selecting Basic or Strong Encryption Processing Offloading Encryption ProcessingConfiguring IPSec for Windows Configuring IPSec OffloadsEncryption Type Level Description Creating a Security PolicySelect IP Security Policy Management, and then click Add Left pane, click IP Security Policies on Local Machine Clear the Activate the default response rule check boxUsing Windows Offload Features Select Un-assign Downloading the High Encryption Pack for WindowsPage Installing and Configuring the NetWare Driver Installing NetWare DriversUsing the Latest Support Packs NetWare Version Required Support PackInstalling NetWare Drivers NetWare Driver Installation RequirementsObtaining NetWare Loadable Modules Netware Packet Receive BuffersInstalling and Configuring the NetWare Driver Installing the NetWare DriverSlot Numbers for Multiple NICs Obtaining Slot NumbersFor NetWare 5.x or Installing the NetWare Driver Using InetcfgVerifying the PCI Slot Number From the Available Options menu, select LAN/WAN Drivers Verifying the Installation and ConfigurationChanging NetWare Driver Configuration Parameters Changing NetWare Driver Configuration ParametersPage Option Description Settings Default NIC SettingsConfiguring the NIC MbpsConfiguring the NIC Configuration MethodsOption Description Method Description RequirementsChanging General NIC Configuration Settings Changing General NIC Configuration SettingsUsing the 3Com NIC Diagnostics Program Using the 3Com DOS Configuration Program Enabling or Disabling the Boot ROM Setting Configuring the Managed PC Boot Agent MBABooting From the Network Configuring the Managed PC Boot Agent MBANon-BBS BIOS-Compatible PCs BBS BIOS-Compatible PCsDisabling the 3Com Logo Disabling the 3Com LogoPage Interpreting the NIC LEDs Troubleshooting the NICViewing the NIC LEDs in the Diagnostics Program Troubleshooting Problems with the LEDs Accessing 3Com Support DatabasesAccessing the 3Com Knowledgebase Accessing the 3Com NIC Help SystemProblems/Error Messages Troubleshooting the NIC InstallationCleaning Up a Broken Installation Troubleshooting the NIC InstallationTip Description Troubleshooting the Network ConnectionTroubleshooting Remote Wake-Up Troubleshooting Remote Wake-UpRemoving the Network Driver Double-clickNetwork AdaptersWindows 95, 98, and Me Running NIC Diagnostics Running NIC Diagnostics Running the 3Com DOS Diagnostics ProgramRunning the NIC Diagnostics Tests Tab Description Running the NIC Diagnostics TestsRunning the Network Test Viewing Network Statistics Viewing the NIC LEDs in the 3Com Diagnostics ProgramRunning the NIC Test Click Perform NIC TestRemoving the 3Com NIC Diagnostics Program Using the 3Com Icon in the Windows System TrayUsing the 3Com Icon in the Windows System Tray Enabling the IconPage Hardware 3CR990-FX-97 NIC SpecificationsNetwork Interface EnvironmentCabling Requirements Network cable connector TransceiverSpecifications and Cabling Requirements SpeedAbout the 3Com DMI Agent Installing the 3Com DMI AgentInstalling the 3Com DMI Agent Installing the 3Com DMI AgentSystem Requirements Client PC RequirementsClick Install 3Com DMI Agent Now Page Links Description EtherCD Content and NavigationRoot Subdirectories List EtherCD Content and NavigationEnabling Auto Insert Subdirectory ContainsFile Name File Description Text Files ListText Files List Page NetWare Fresh Installation Windows Fresh InstallationInstallation Instructions Requirements\nwserver Installing a 3Com NIC While Installing the NOS3Com Knowledgebase Web Services Online Technical ServicesTechnical Support World Wide Web SiteSupport from 3Com Support from Your Network SupplierReturning Products for Repair Technical SupportNumerics IndexMediaselect IndexVerbose Index FCC Class B Statement Regulatory Compliance InformationModelDescription Regulatory Compliance Information
Top Page Image Contents