Manuals / 3Com / Computer Equipment / Network Card

3Com 3CR990SVR95, 3CR990-TX-97 manual Configuring IP Security, Encryption Description Type Level

Models: 3CR990SVR95 3CR990-TX-95 3CR990SVR97 3CR990-TX-97

1 190

Download 190 pages 9.47 Kb

Page 123

7	CONFIGURING IP SECURITY

Overview

The EtherLink PCI NIC accelerates IP security (IPSec) data encryption from supported operating systems that provide this ofﬂoad capability. This feature is currently available in the Microsoft Windows 2000 operating system.

Data encryption is available for Windows 95 and Windows 98 through DynamicAccess LAN Encryption software provided on the EtherCD. See Data Encryption on page 14 for more information.

IPSec consists of two parts:

■encryption/decryption

■authentication

To send or receive encrypted data in a PC running Windows 2000 with an EtherLink PCI NIC installed, you must ﬁrst create a security policy, and then enable encryption on the NIC. The security policy establishes and deﬁnes how encrypted network trafﬁc between your PC and a speciﬁed server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key ﬁelds to a packet without altering the packet data content.

The following table shows the available levels of encryption:

Encryption	Encryption	Description
Type	Level	Description

AH	medium	Authentication only

ESP	high	Authentication and encryption

Image 123

3Com 3CR990SVR95, 3CR990-TX-97, 3CR990-TX-95, 3CR990SVR97 manual Configuring IP Security, Encryption Description Type Level

Contents

Part No -1742-001 Published May 3Com Corporation 5400 Bayfront Plaza Santa Clara, California Contents Installing and Connecting the NIC Installing Dynamicaccess Software in Windows Installing Netware Client and Server Drivers Configuring the NIC Troubleshooting the NIC Ethercd Content and Navigation Technical Support NIC/Description Model Number About this GuideConventions Icon DescriptionConvention Description Product Name/Description Model Number OverviewOnboard 3XP Processor Data EncryptionLAN Encryption Software for Windows 95/98 High Encryption Pack for Windows 3CR990 NIC Features3XP Processor Advanced Server Features Load Balancing Self-Healing DriversFailover Primary failure VLANsTrafﬁc Prioritization Remote Wake-Up Requirements Server Features Using Other NICsRemote Wake-Up Windows NT and Windows 2000-Planning the Conﬁguration onIntegrated Boot ROM with Managed PC Boot Agent MBA Remote Wake-Up and Multiple NIC InstallationsRemote Wake-Up Cable Desktop Management Interface DMI Hot Plug NIC Installation Remote System AlertsDhcp Server Prevention Ofﬂine Diagnostics DynamicAccess LAN AgentWindows 2000 Ofﬂoad Features Safety Precautions Installation OverviewRAM Installation RequirementsUpdating the Network Driver and NIC Software Installing From DisketteInstalling Multiple NICs Upgrading Windows 95 to WindowsCreating Installation Diskettes Making a DOS-Bootable DisketteProduct Registration Preparing the NIC and the Computer Follow the prompts as they appearDecide whether you want to use Remote Wake-Up Network Envi Cable Required Maximum Ronment Cable Length Make sure that cable requirements are metInstalling and Connecting the NIC Carefully insert the NIC in the empty PCI slot, as shown Replace the computer cover and plug in the power cordConnecting the cable to the NIC backplate Connecting the Remote Wake-Up CableReplace the PC cover and plug in the power cord Installing Software Software Installation Requirements Installing NIC Drivers WindowsInstalling the Network Driver Using the EtherCD Getting HelpWindows Windows NT Click NextClick Finish Click Close Click AddClick Yes to restart the PC Turn the PC power onClick Yes to restart your computer You must restart your computer to complete the installationNew Hardware Found Update Device Driver Wizard Do one of the followingClick Yes Enter the path to the CD-ROM drive, and then click OK Right-click the My Computer icon, and then click Properties Verifying Successful InstallationSelect the Resources tab Windows 95 and WindowsInstalling the 3Com NIC Diagnostics Program Restart Windows Starting the 3Com NIC Diagnostics ProgramDouble-click the 3Com NIC Diagnostics icon Updating the Network Driver and NIC SoftwareWindows 2000, Windows 98, and Windows Installing Multiple NICsRepeat the process for each additional NIC to be installed Select the Adapters tab Click AddInsert the EtherCD Close the Network screen Client PC Requirements Installing the DynamicAccess LAN Agent for a Client NICInstalling the LAN Agent Verifying Successful Installation Conﬁguring the DynamicAccess LAN AgentRestart the PC Installing DynamicAccess Software for a Server NIC Removing the DynamicAccess LAN AgentStart Windows Insert the EtherCD in the CD-ROM drive Installing DynamicAccess Software for a Server NIC Planning the Conﬁguration Conﬁguring Groups and VLANs for a Server NICConﬁguring Groups and VLANs for a Server NIC Number of VLANs Windows Working With Server FeaturesWindows NT Double-click the DynamicAccess SW Server icon To disable all load balancing-ClearCreating a Group Click Add NIC Adding NICs to a GroupSpecifying a Dedicated IP Address Click the Load Balance/RSL tab Load Balance/RSL windowCreating a Vlan Changing an IP AddressSpecifying Trafﬁc Priorities Saving the ConﬁgurationClick the appropriate tab Click the Load Balance/RSL tab Disabling Load Balancing for a GroupChanging the Primary NIC Removing a NIC from a GroupSpecifying Failover from Gigabit to 10/100 PCI Deleting or Editing a VlanDisplaying NIC Properties Displaying Group PropertiesAdd 3Com server NICs to the group Troubleshooting a Load Balancing ConﬁgurationDisable load balancing for the group Symptom TipIdentifying Windows 2000 Miniport and LAN Connections Changing Windows 2000 Property SettingsUsing Windows 2000 Ofﬂoad Features Enabling Ofﬂoads Click Conﬁgure Value Offload Function EnabledConﬁguring Ofﬂoads for a Group of Different NICs Installing DynamicAccess LAN Encryption SoftwareSoftware Requirements Minimum Installation RequirementsInstalling LAN Encryption Software on Windows Hardware RequirementsClick NIC Software Click Yes to continue With the Winsock2 Setup screen displayed, click OK Click OK Enter your network password when promptedClick Yes Click OK Insert the Windows 95 CD-ROM and click OK Installing LAN Encryption Software on Windows Click Yes to continue Installing Dynamicaccess Software in Windows Adding the Entrust File Viewing the Administrator’s Guide Online Starting DynamicAccess LAN Encryption SoftwareUninstalling LAN Encryption Software Page Installing and Conﬁguring the NetWare Server Driver Using the Latest Support PacksNetWare Version Required Support Pack Latest patch files Obtaining NetWare Loadable Modules NetWare Version Required Support PackNetWare Server NLM Name Slot Numbers for Multiple NICs Server Software Installation RequirementsBefore installing NICs After installing two NICs Netware Packet Receive BuffersObtaining Slot Numbers Installing the NetWare 3.12 Server DriverSave and exit the ﬁle, and then reboot the server Type the name of the NIC and press Enter Press EnterPress Insert again Select 3C99x, and then press EnterPress Enter to save the changes Press Esc to ExitSelect Reinitialize System Press Enter to select the driver Loading the 3Com EtherCDLoading the Driver Specifying the Slot NumberLoad 3C99X.LAN slot=slot1 NAME=name1 FRAME=frametype1 Installing Multiple Server NICsFrom the Conﬁguration Options screen select Product options Installing Server FeaturesBoot the NetWare server with the -na option Verifying the PCI Slot NumberEnter this command Conﬁguring GroupsMake the following changes to the AUTOEXEC.NCF ﬁle Save the AUTOEXEC.NCF ﬁle and return to the server prompt Verifying the Installation and Conﬁguration At the system prompt, enter load monitorSelect a driver to view its associated statistics Changing NetWare Driver Conﬁguration Parameters Log in or map to the serverParameter Range of Values Description Maintaining Groups Install the new secondary NIC Reboot the serverAdding a Secondary NIC to a Group Adding a Group Install the NICs107 Server Feature Commands GroupDisplay status Link timeout HelpProbe interval Receive timeout Send timeoutRetry count Ungroup Wait timeoutTroubleshooting a Group Conﬁguration Option Description Settings Default NIC SettingsAuto Select ALL Method Description Requirements Conﬁguration MethodsChanging General NIC Conﬁguration Settings Using the 3Com NIC Diagnostics ProgramMethod Description Click OK to save the changes and exit the program Using the 3Com DOS Conﬁguration ProgramEnter the following at the DOS prompt d\3c99xcfg.exe Conﬁguring the Managed PC Boot Agent MBA Enabling or Disabling the Boot ROM SettingBooting From the Network Reboot the PC BBS BIOS-Compatible PCsMake sure that the NIC boot ROM setting is Enabled Set the MBA manually as the ﬁrst boot deviceNon-BBS BIOS-Compatible PCs Change the MBA default boot setting from Local to NetworkDisabling the 3Com Logo Encryption Description Type Level Configuring IP SecurityDeﬁning the Console Creating a Security PolicyCreating the Policy Select IP Security Policy Management, and then click AddClick Next and then Finish Creating a Filter Select a Speciﬁc IP Address in the pull-down listEnter destination IP address, and then click Next Binding the Filter Action Accept the default, and then click NextBinding the Filter Creating the Filter ActionDisabling Encryption Enabling EncryptionState Meaning Interpreting the LEDsLNK Viewing the NIC LEDs in the Diagnostics ProgramAccessing Release Notes and Frequently Asked Questions Accessing 3Com Support DatabasesAccessing the 3Com Knowledgebase Accessing the 3Com NIC Help SystemTroubleshooting the NIC Installation Problems/Error MessagesCleaning Up a Failed Installation Click Proceed Click OK Troubleshooting the Network ConnectionTip Description Check the Remote Wake-Up cable connection Troubleshooting Remote Wake-UpMake sure that you are using the latest driver for the NIC Check the computer BiosConnect a straight-through cable from the PC to the hub Troubleshooting a Network ConnectionCabling Pinouts Troubleshooting HubsExit the Device Manager and shut down Windows Removing the Network DriverClick the Device Manager tab From the Start menu, select Settings/Control Panel Removing DynamicAccess Server FeaturesNetWare Enter this command at the promptPage Running NIC Diagnostics Running the 3Com DOS Diagnostics Program Running the NIC Diagnostics TestsReboot the computer using a DOS-bootablediskette Tab Description Running the Network TestRunning the NIC Test Viewing the NIC LEDs in the Diagnostics ProgramClick the Statistics tab. The Statistics screen appears Viewing Network StatisticsUsing the 3Com Icon in the Windows System Tray Enabling the IconDisplaying Network Statistics Click Proceed, and then follow the prompts on the screen Removing the 3Com NIC Diagnostics ProgramPage Obtaining Drivers Page 3CR990 NIC Speciﬁcations SpecificationsTwisted-Pair Cable Cabling RequirementsCategory Use 10BASE-T Operation100BASE-TX Operation RJ-45 Connector Pin AssignmentsFlow Control Pause FramesLink Negotiation Page About the 3Com DMI Agent 3C OM DMI a GentSystem Requirements Installing the 3Com DMI Agent Network Management RequirementsFollow the prompts on the screen Restart the PC when prompted LinksDescription EtherCD NavigationSubdirectory Description Root SubdirectoriesAuto Insert Text FilesFile Name File Description 165Page Windows Fresh Installation NetWare Fresh InstallationRequirements Driver Summary screen, select 3C990.LAN and press Enter Installation InstructionsWhen the installation is ﬁnished, edit the STARTUP.NCF ﬁle Page World Wide Web Site Online Technical Services3Com FTP Site 3Com Knowledgebase Web Services3Com Bulletin Board Service Access by Analog Modem847 262 3Com Facts Automated Fax ServiceAccess by Digital Modem Support from Your Network SupplierSupport from 3Com Country Region Telephone Number Asia Paciﬁc RimEurope Latin America Returning Products for RepairCountry Region Europe, South Africa, and Middle EastCountry Region Telephone Number Fax Number To obtain an authorization number, call or faxNumbers IndexMBA PCI NIC 131 NLMs Displaying, Windows Self-healing drivers SHDs OSR2 Index Page FCC Class B Statement Industry Canada Class B Emission Compliance Statement Page Product Registration