3Com 3CR990 manual Ip Security, Overview Creating a Security Policy

Page 43
Overview

6

Overview

Creating a Security Policy

IP SECURITY

The 3CR990 NICs accelerate IP security (IPSec) data encryption from supported operating systems that provide this offload capability. This feature is currently available in the Microsoft Windows 2000 operating system.

IPSec consists of two parts: encryption/decryption and authentication. To send or receive encrypted data in a PC running Windows 2000 with a 3CR990 NIC installed, you must first create a security policy, and then enable encryption on the NIC. The security policy establishes and defines how encrypted network traffic between your PC and a specified server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key fields to a packet without altering the packet data content.

The following table shows the available levels of encryption:

Encryption

Encryption

 

Type

Level

Description

 

 

 

AH

medium

Authentication only

 

 

 

ESP

high

Authentication and encryption

 

 

 

Custom

varies

This provides encryption and an extra authentication that includes

 

 

the IP header.

 

 

Custom allows you to select options for both AH and ESP, such as

 

 

MD%/SHA-1 and DES/3DES. And you can select the rate at which

 

 

new keys are negotiated.

 

 

Microsoft uses IKE key exchange to renew keys every x seconds

 

 

or y bytes. However, this practice is computationally very high in

 

 

overhead. Some users may set these values low and have frequent

 

 

key updates. Users more concerned with performance will set

 

 

these values higher.

 

 

For more information, see the Microsoft documentation about

 

 

creating IPSec flows.

 

 

 

The process you use to create and enable a security policy will depend on your network environment requirements. The following is an example of one approach to creating a security policy.

NOTE: You must complete all of the sequences in this section to establish and enable a security policy for transmitting and receiving encrypted data over the network.

Page 42 Page 44
Image 43
Page 42 Page 44
Contents Published August 3CR990 Family of EtherLink NICsEtherLink 10/100 PCI Network Interface Card with 3XP processor User GuideUNITED STATES GOVERNMENT LEGEND 3Com Corporation5400 Bayfront Plaza Santa Clara, California1 BEFORE YOU BEGIN CONTENTS3 NIC INSTALLATION 2 3CR990 NICSMultiple NICs 4 WINDOWS DRIVERS5 NETWARE DRIVERS 6 IP SECURITYAccessing the 3Com KnowledgeBase 8 CONFIGURATION9 TROUBLESHOOTING 7 UPGRADING DRIVERSB TECHNICAL SUPPORT E MBA BOOT ROMA SPECIFICATIONS D UNINSTALLING NIC SOFTWAREConfiguring DynamicAccess Technology F DYNAMICACCESS TECHNOLOGYINDEX WARRANTY AND REGULATORY COMPLIANCE INFORMATION DynamicAccess FeaturesPage 2 Click Register Product, and then Register Online BEFORE YOU BEGINGo to Auto Insert Go to Root Subdirectories 1 Right-click the My Computer icon, and then select Properties Minimum System click NIC Software, Drivers and Diagnostics, NIC PreinstallationNIC Installation with Windows 2000, and then Done Go to NIC Installationabout installation diskettes DOS-BootableDiskette Installation to install these driversInstallations \ Diskette.pdf To make installation diskettes NIC Overview 3CR990 NICS168-bit 3DES encryption NIC FeaturesEncryption chip Remote Wake-Up RWU connector 3XP processor 3CR990 NICs support up toNOTE The 3CR990 NICs provide a network connection with or without the Remote Wake-Up cable installedUpgrading software Scanning for viruses Windows Offload FeaturesDynamicAccess Technology, and Install 3Com DMI Agent now Offline Diagnostics2 Click the Local Area Connection icon NOTE The default hex value is F all offloads enabled3 Click Configure 20 CHAPTER 2 3CR990 NICS For more information NIC INSTALLATIONInstalling the NIC your system22 CHAPTER 3 NIC INSTALLATION Remote Wake-Up Cable Installing the NICL N K 24 CHAPTER 3 NIC INSTALLATIONDATA TX ACTGo to Multiple NICs What do you want to do?Go to Windows Go to Windows Go to Windows NT Go to Windows NT Go to NetWare DriversPage 5 Click NIC Installation with Windows 2000, and then click Done Windows 2000 and installed the NIC, go to step 7 in this procedure3 Click Drivers and Diagnostics 4 Click NIC PreinstallationGo to 3Com DOS Configuration Program Go to New Hardware Found Go to Update Device Driver Wizard NOTE You must restart your computer to complete the installationTo verify that the installation was successful Go to Verifying Successful InstallationGo to Verifying Successful Installation Update Device Driver WizardWindows NT Windows NTPC or server running Windows NT 4 Click Add Adapter a Select the Enable Automatic DHCP Configuration check box6 Click Continue Verifying Successful Installation34 CHAPTER 4 WINDOWS DRIVERS Multiple NICs 5 Click NIC Installation with Windows 2000, and then Doneoperating system 36 CHAPTER 4 WINDOWS DRIVERS Windows 95 and5 Click Have Disk Page NOTE 3CR990 NICs do not support NetWare 3.11 and 4.0x servers NETWARE DRIVERSGo to Verifying the PCI Slot Number 4.11, anda Select Reinitialize System For NetWareload c\nwserver\3c99x.lan Verifying the PCI Slot NumberOverview Creating a Security Policy IP SECURITY5 Select IP Security Policy Management, and then click Add 7 Clear the Activate the default response rule check box1 In the left pane, click IP Security Policies on Local Machine Creating a Security Policy Filter Action46 CHAPTER 6 IP SECURITY 2 Select Un-assign8 Click Have Disk UPGRADING DRIVERSGo to Windows 98 and Windows Go to Windows 95 Version A Build6 Click Close 7 Click Have DiskWindows NT 4.0 50 CHAPTER 7 UPGRADING DRIVERS 6 Click Restart NowProvides the ability to boot a PC CONFIGURATION100BASE-TX 100 Mb/s Configuration If you do not have a DOS-bootable disketteGo to Making a DOS-Bootable Diskette 3Com DOSGo to To Run the Network Test Diagnostics ProgramDiagnostics Program 3Com NIC5 Repeat the process for each setting that you want to change the Installation TROUBLESHOOTINGAccessing the TroubleshootingGo to Technical Support Running DiagnosticsPrograms Go to 10BASE-T Description Go to 100BASE-TX DescriptionConfiguration Tab For more information about how to make a DOS-bootable diskette4 Click 3Com NIC Doctor General TabAccessing the 3Com Diagnostics TestsDiagnostics Tab Flash Update TabTo run the NIC test, Network test, or Remote Wake-Up test 2 Click Perform NIC Test Go to 3Com NIC Diagnostics Program Accessing 3ComSupport Services Go to Troubleshooting Remote Wake-UpRemote Wake-Up 3Com Tray Iconconnection between the NIC and the network Network Connection Troubleshooting aNOTE For more information on PCI specifications and Remote Wake-Up 2 Connect a straight-through cable from the PC to the hub Hardware SPECIFICATIONSNIC Specifications PCI Local Bus Specification, RevisionConnection Criteria NetworkNetwork Cable 1 TD+ 2 TD 3 RD+ 6 RD Assignments1 2 3 4 5 6 7 Pause Frames Flow ControlLink Negotiation Online Technical ServicesTECHNICAL SUPPORT Register this Product1 408 727 1 847day, 7 days a week Country Support from 3ComTelephone Number To obtain an RMA number, call or fax NOTE DOS drivers are not supported for 3CR990 NICs. However, they are over-the-network installationsSUPPORTED DRIVERS Additional DriversPage Windows 98 and UNINSTALLING NIC SOFTWAREor Windows 76 APPENDIX D UNINSTALLING NIC SOFTWARE MBA Boot ROM MBA BOOT ROMthe Boot ROM Setting Booting with theNon-BBS MBA boot ROM, see the documentation that came with MBA on the EtherCDFailure to install the patch will result in system failure DYNAMICACCESS TECHNOLOGYDynamicAccess FeaturesTo install DynamicAccess technology InstallingTechnology you install the NIC softwareConfiguring NOTE You must restart your PC to complete the installationmanagement tools for an Ethernet network 1 Double-click the Add/Remove Programs icon in the Control Panel Removing2 Select the DAPassThru Driver Transport protocol Page Numbers INDEXuninstalling NIC software 76 unshielded twisted pair UTP OBTAINING WARRANTY SERVICE 3Com Corporation Limited WarrantyWARRANTY AND REGULATORY COMPLIANCE INFORMATION YEAR 2000 WARRANTYGOVERNING LAW Regulatory Compliance InformationLIMITATION OF LIABILITY DISCLAIMERSTATEMENT 3COM END USER SOFTWARE IMPORTANT Read Before Using This ProductINDUSTRY CANADA CLASS B EMISSION COMPLIANCESanta Clara, CA 95052-8145 408 3Com Corporation 5400 Bayfront Plaza P.O. Box
Top Page Image Contents