HP Embedded Firewall manual Configuring IPSec in Windows 2003, Windows XP, and Windows

Page 30

9Installing and Configuring Data Encryption Offloads

Configuring IPSec in Windows 2003, Windows XP, and Windows 2000

The 3CR990B NIC accelerates IP security (IPSec) data encryption from supported operating systems that provide this offload capability. This feature is currently available in the Windows 2003, Windows XP, and Windows 2000 operating systems.

IPSec primarily consists of two parts:

encryption/decryption

authentication

To send or receive encrypted data with a 3CR990B NIC installed, you must first create a security policy, and then enable encryption on the NIC. The security policy establishes and defines how encrypted network traffic between your computer and a specified server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key fields to a packet without altering the packet data content.

The following table shows the available levels of encryption:

Encryption

Encryption

 

Type

Level

Description

 

 

 

AH

Medium

Authentication only

ESP

High

Authentication and encryption

Custom

Varies

Provides encryption and an extra authentication that includes

 

 

the IP header.

 

 

Custom allows you to select options for both AH and ESP, such

 

 

as MD%/SHA-1 and DES/3DES. And you can select the rate at

 

 

which new keys are negotiated.

 

 

Microsoft uses IKE key exchange to renew keys every x seconds

 

 

or y bytes. However, this practice is computationally very high

 

 

in overhead. Some users may set these values low and have

 

 

frequent key updates. Users more concerned with

 

 

performance will set these values higher.

 

 

For more information, refer to the Microsoft documentation

 

 

about creating IPSec flows.

 

 

 

Creating a Security Policy

The process you use to create and enable a security policy depends on your network environment requirements. The following is an example of one approach to creating a security policy.

NOTE: You must complete all of the sequences in this section to establish and enable a security policy for transmitting and receiving encrypted data over the network.

24

Page 29 Page 31
Image 30
Page 29 Page 31
Contents User Guide 10/100 Secure Network Interface CardUnited States Government Legend Contents Installing and Configuring Data Encryption Offloads Configuring the NIC Running NIC Diagnostics Installing and Connecting the NIC Minimum Installation RequirementsInstallation Overview Safety Precautions Preparing the NIC and the ComputerNetwork Environment Cable Required Maximum Cable Length Installing and Connecting the NIC 3CR990B-97 NIC Install without Diagnostic Program-installs the driver only Installing the Network DriverVerifying the Network Driver Installation Double click Network ConnectionsWindows 2003 Server Driver Installation Windows XP Driver Installation Windows XP Driver Installation Windows 2000 Driver Installation Windows 2000 Driver Installation Windows NT 4.0 Driver Installation Click Have DiskVerifying the Network Driver Installation Windows 98 SE Driver Installation Windows 98 SE Driver Installation Novell NetWare Driver Installation Installing the Driver in Novell NetWare Server 5.1Installation During Novell OS Installation Choose Select a driver Installation with Novell Already InstalledIdentifying the Slot Number Select Save parameters and load driverVerifying or Modifying NIC Parameters Load ODINEB.NLMRemoving Drivers from Autoexec.ncf Installing the Driver in Novell NetWare Server Page Linux 2.4 Driver Installation Cd /tmp/3c990/3c990 makeLinux 2.4 Driver Installation Overview Offloading Encryption ProcessingSelecting Basic or Strong Encryption Processing Configuring IPSec in Windows 2003, Windows XP, and Windows Creating a Security PolicyEncryption Type Level Description Creating the Policy Clear the Activate the default response rule check boxDefining the Console Select IP Security Policy Management, and then click AddCreating a Filter Binding the FilterCreating the Filter Action Disabling Encryption Binding the Filter ActionEnabling Encryption Select Un-assignInstalling and Configuring Data Encryption Offloads Installing 3Com Advanced Server Features for Windows About the Advanced Server Features3Com DynamicAccess Advanced Server Features Load Balancing FailoverServer Features Using Other NICs VLANsInstalling 3Com Advanced Server Software Verifying the InstallationConfiguring Groups and VLANs Planning the ConfigurationWorking With Server Features Number of VLANsCreating a Group Windows 2003, Windows XP, and WindowsWindows NT Adding NICs to a Group Specifying a Dedicated IP AddressChanging an IP Address Click ConfigureCreating a Vlan Specifying Traffic PrioritiesChanging the Primary NIC Saving the ConfigurationDisabling Load Balancing for a Group Removing a NIC from a GroupDisplaying NIC Properties Troubleshooting a Load Balancing ConfigurationSymptomTip Displaying Group PropertiesDouble-clickNetwork Adapters Value Offload Function Enables Enabling OffloadsConfiguring Offloads for a Group of Different NICs Option Description Settings Configuring the NICDefault NIC Settings DisabledConfiguring the NIC AllConfiguration Methods Method Description RequirementsChanging General NIC Configuration Settings Installing the 3Com NIC Diagnostics ProgramStarting the 3Com NIC Diagnostics Program Using the 3Com NIC Diagnostics ProgramUsing the 3Com DOS Configuration Program Booting From the Network Configuring the Managed PC Boot Agent MBAEnabling or Disabling the Boot ROM Setting BBS BIOS-Compatible PCsNon-BBS BIOS-Compatible PCs Disabling the 3Com Logo3CR990B-97 NIC Troubleshooting the NICInterpreting the NIC LEDs State MeaningViewing the NIC LEDs in the Diagnostics Program Troubleshooting Problems with the LEDs3CR990B-FX-97 NIC Accessing the 3Com NIC Help System Accessing 3Com Support DatabasesAccessing the 3Com Knowledgebase Accessing Release Notes and Frequently Asked QuestionsTroubleshooting the NIC Installation Problems or Error MessagesCleaning Up a Failed Installation Troubleshooting the Network Connection Tip DescriptionTroubleshooting Remote Wake-Up Troubleshooting a Network ConnectionTroubleshooting Hubs RJ-45 Cabling Pinouts Copper NIC OnlyRemoving the Network Driver Windows 2003, Windows XP, and WindowsWindows NT Windows 98 SE Removing 3Com DynamicAccess Advanced Server Features From the Start menu, select Settings/Control PanelNetWare Running NIC Diagnostics Running the 3Com DOS Diagnostics ProgramRunning the NIC Diagnostics Tests Tab DescriptionRunning the Network Test Running the NIC TestClick Perform NIC Test Viewing the NIC LEDs in the 3Com Diagnostics Program Using the 3Com Icon in the Windows System TrayViewing Network Statistics Removing the 3Com NIC Diagnostics Program Enabling the IconDisplaying Network Statistics Running NIC Diagnostics Network Interface 3CR990B-97 NIC SpecificationsHardware Standards Conformance3CR990B-FX-97 NIC Specifications Cabling Requirements RJ-45 Connector Pin Assignments Installing the 3Com DMI Agent About the 3Com DMI AgentSystem Requirements Installing the 3Com DMI AgentClick NIC Software Click Install 3Com DMI Agent Now Network Management RequirementsPage Installing the 3Com DMI Agent Obtaining Support for your Product Contact Us Telephone Technical Support and RepairCountry Telephone Number Asia, Pacific Rim Country Telephone Number Europe, Middle East, and AfricaLatin America Country North America Telephone Support and Repair 1FCC Class B Statement Interference HandbookMIC Class B Compliance Korea Safety Compliance Statement FCC Declaration of Conformity
Top Page Image Contents