Manuals / 3Com / Computer Equipment / Network Card

3Com 3CR990-TX-97, 3CR990-TX-95, 3CR990SVR97 manual Creating a Security Policy, Deﬁning the Console

Models: 3CR990SVR95 3CR990-TX-95 3CR990SVR97 3CR990-TX-97

1 190

Download 190 pages 9.47 Kb

Page 124

124CHAPTER 7: CONFIGURING IP SECURITY

Encryption	Encryption	Description (continued)
Type	Level	Description (continued)

Custom	varies	This provides encryption and an extra
		authentication that includes the IP header.
		Custom allows you to select options for both AH
		and ESP, such as MD%/SHA-1 and DES/3DES. And
		you can select the rate at which new keys are
		negotiated.
		Microsoft uses IKE key exchange to renew keys
		every x seconds or y bytes. However, this practice
		is computationally very high in overhead. Some
		users may set these values low and have frequent
		key updates. Users more concerned with
		performance will set these values higher.
		For more information, see the Microsoft
		documentation about creating IPSec flows.

Creating a Security Policy

The process you use to create and enable a security policy will depend on your network environment requirements. The following is an example of one approach to creating a security policy.

You must complete all of the sequences in this section to establish and enable a security policy for transmitting and receiving encrypted data over the network.

Deﬁning the Console

This sequence establishes the Console and deﬁnes its parameters.

To deﬁne the Console:

1In the Windows taskbar, click Start, Programs, Accessories, and then Command Prompt.

2At the DOS prompt, type MMC and press Enter. The Console1 screen appears.

3In the menu click Console and then Add/Remove Snap-in.

The Add/Remove Snap-in screen appears.

Image 124

3Com 3CR990-TX-97, 3CR990-TX-95, 3CR990SVR97, 3CR990SVR95 manual Creating a Security Policy, Deﬁning the Console

Contents

Part No -1742-001 Published May 3Com Corporation 5400 Bayfront Plaza Santa Clara, California Contents Installing and Connecting the NIC Installing Dynamicaccess Software in Windows Installing Netware Client and Server Drivers Configuring the NIC Troubleshooting the NIC Ethercd Content and Navigation Technical Support About this Guide NIC/Description Model Number Icon Description ConventionsConvention Description Overview Product Name/Description Model Number Data Encryption Onboard 3XP ProcessorLAN Encryption Software for Windows 95/98 3CR990 NIC Features High Encryption Pack for Windows 3XP Processor Advanced Server Features Self-Healing Drivers Load BalancingFailover VLANs Primary failure Trafﬁc Prioritization Server Features Using Other NICs Remote Wake-UpWindows NT and Windows 2000-Planning the Conﬁguration on Remote Wake-Up Requirements Remote Wake-Up and Multiple NIC Installations Integrated Boot ROM with Managed PC Boot Agent MBARemote Wake-Up Cable Desktop Management Interface DMI Remote System Alerts Hot Plug NIC InstallationDhcp Server Prevention DynamicAccess LAN Agent Ofﬂine Diagnostics Windows 2000 Ofﬂoad Features Installation Overview Safety Precautions Installation Requirements RAM Installing From Diskette Installing Multiple NICsUpgrading Windows 95 to Windows Updating the Network Driver and NIC Software Making a DOS-Bootable Diskette Creating Installation Diskettes Product Registration Follow the prompts as they appear Preparing the NIC and the ComputerDecide whether you want to use Remote Wake-Up Make sure that cable requirements are met Network Envi Cable Required Maximum Ronment Cable Length Installing and Connecting the NIC Replace the computer cover and plug in the power cord Carefully insert the NIC in the empty PCI slot, as shown Connecting the Remote Wake-Up Cable Connecting the cable to the NIC backplate Replace the PC cover and plug in the power cord Installing Software Installing NIC Drivers Windows Software Installation Requirements Getting Help Installing the Network Driver Using the EtherCDWindows Click Next Windows NTClick Finish Click Add Click Close Turn the PC power on Click Yes to restart the PC You must restart your computer to complete the installation Click Yes to restart your computer New Hardware Found Do one of the following Update Device Driver WizardClick Yes Enter the path to the CD-ROM drive, and then click OK Verifying Successful Installation Right-click the My Computer icon, and then click Properties Windows 95 and Windows Select the Resources tab Installing the 3Com NIC Diagnostics Program Starting the 3Com NIC Diagnostics Program Double-click the 3Com NIC Diagnostics iconUpdating the Network Driver and NIC Software Restart Windows Installing Multiple NICs Windows 2000, Windows 98, and Windows Select the Adapters tab Click Add Repeat the process for each additional NIC to be installedInsert the EtherCD Close the Network screen Installing the DynamicAccess LAN Agent for a Client NIC Client PC Requirements Installing the LAN Agent Conﬁguring the DynamicAccess LAN Agent Verifying Successful InstallationRestart the PC Removing the DynamicAccess LAN Agent Installing DynamicAccess Software for a Server NICStart Windows Insert the EtherCD in the CD-ROM drive Installing DynamicAccess Software for a Server NIC Conﬁguring Groups and VLANs for a Server NIC Planning the Conﬁguration Conﬁguring Groups and VLANs for a Server NIC Number of VLANs Working With Server Features Windows Windows NT To disable all load balancing-Clear Double-click the DynamicAccess SW Server iconCreating a Group Adding NICs to a Group Specifying a Dedicated IP AddressClick the Load Balance/RSL tab Load Balance/RSL window Click Add NIC Changing an IP Address Creating a Vlan Saving the Conﬁguration Specifying Trafﬁc PrioritiesClick the appropriate tab Disabling Load Balancing for a Group Changing the Primary NICRemoving a NIC from a Group Click the Load Balance/RSL tab Deleting or Editing a Vlan Displaying NIC PropertiesDisplaying Group Properties Specifying Failover from Gigabit to 10/100 PCI Troubleshooting a Load Balancing Conﬁguration Disable load balancing for the groupSymptom Tip Add 3Com server NICs to the group Changing Windows 2000 Property Settings Identifying Windows 2000 Miniport and LAN Connections Using Windows 2000 Ofﬂoad Features Enabling Ofﬂoads Value Offload Function Enabled Click Conﬁgure Installing DynamicAccess LAN Encryption Software Conﬁguring Ofﬂoads for a Group of Different NICs Minimum Installation Requirements Installing LAN Encryption Software on WindowsHardware Requirements Software Requirements Click NIC Software Click Yes to continue Enter your network password when prompted With the Winsock2 Setup screen displayed, click OK Click OKClick Yes Click OK Insert the Windows 95 CD-ROM and click OK Installing LAN Encryption Software on Windows Click Yes to continue Installing Dynamicaccess Software in Windows Adding the Entrust File Starting DynamicAccess LAN Encryption Software Viewing the Administrator’s Guide Online Uninstalling LAN Encryption Software Page Using the Latest Support Packs Installing and Conﬁguring the NetWare Server DriverNetWare Version Required Support Pack Latest patch files NetWare Version Required Support Pack Obtaining NetWare Loadable ModulesNetWare Server NLM Name Server Software Installation Requirements Before installing NICs After installing two NICsNetware Packet Receive Buffers Slot Numbers for Multiple NICs Installing the NetWare 3.12 Server Driver Obtaining Slot Numbers Save and exit the ﬁle, and then reboot the server Press Enter Press Insert againSelect 3C99x, and then press Enter Type the name of the NIC and press Enter Press Esc to Exit Press Enter to save the changesSelect Reinitialize System Loading the 3Com EtherCD Press Enter to select the driver Specifying the Slot Number Loading the Driver Installing Multiple Server NICs Load 3C99X.LAN slot=slot1 NAME=name1 FRAME=frametype1 Installing Server Features Boot the NetWare server with the -na optionVerifying the PCI Slot Number From the Conﬁguration Options screen select Product options Conﬁguring Groups Enter this commandMake the following changes to the AUTOEXEC.NCF ﬁle Save the AUTOEXEC.NCF ﬁle and return to the server prompt At the system prompt, enter load monitor Verifying the Installation and ConﬁgurationSelect a driver to view its associated statistics Log in or map to the server Changing NetWare Driver Conﬁguration ParametersParameter Range of Values Description Maintaining Groups Reboot the server Install the new secondary NICAdding a Secondary NIC to a Group Install the NICs Adding a Group 107 Group Server Feature CommandsDisplay status Help Link timeoutProbe interval Send timeout Receive timeoutRetry count Wait timeout Ungroup Troubleshooting a Group Conﬁguration Default NIC Settings Option Description Settings Auto Select ALL Conﬁguration Methods Method Description Requirements Using the 3Com NIC Diagnostics Program Changing General NIC Conﬁguration SettingsMethod Description Using the 3Com DOS Conﬁguration Program Click OK to save the changes and exit the program Enter the following at the DOS prompt d\3c99xcfg.exe Enabling or Disabling the Boot ROM Setting Conﬁguring the Managed PC Boot Agent MBABooting From the Network BBS BIOS-Compatible PCs Make sure that the NIC boot ROM setting is EnabledSet the MBA manually as the ﬁrst boot device Reboot the PC Change the MBA default boot setting from Local to Network Non-BBS BIOS-Compatible PCsDisabling the 3Com Logo Configuring IP Security Encryption Description Type Level Creating a Security Policy Deﬁning the Console Select IP Security Policy Management, and then click Add Creating the PolicyClick Next and then Finish Select a Speciﬁc IP Address in the pull-down list Creating a FilterEnter destination IP address, and then click Next Accept the default, and then click Next Binding the FilterCreating the Filter Action Binding the Filter Action Enabling Encryption Disabling Encryption Interpreting the LEDs State Meaning Viewing the NIC LEDs in the Diagnostics Program LNK Accessing 3Com Support Databases Accessing the 3Com KnowledgebaseAccessing the 3Com NIC Help System Accessing Release Notes and Frequently Asked Questions Problems/Error Messages Troubleshooting the NIC InstallationCleaning Up a Failed Installation Troubleshooting the Network Connection Click Proceed Click OK Tip Description Troubleshooting Remote Wake-Up Make sure that you are using the latest driver for the NICCheck the computer Bios Check the Remote Wake-Up cable connection Troubleshooting a Network Connection Connect a straight-through cable from the PC to the hub Troubleshooting Hubs Cabling Pinouts Removing the Network Driver Exit the Device Manager and shut down Windows Click the Device Manager tab Removing DynamicAccess Server Features From the Start menu, select Settings/Control Panel Enter this command at the prompt NetWarePage Running NIC Diagnostics Running the NIC Diagnostics Tests Running the 3Com DOS Diagnostics ProgramReboot the computer using a DOS-bootablediskette Running the Network Test Tab Description Viewing the NIC LEDs in the Diagnostics Program Running the NIC Test Viewing Network Statistics Click the Statistics tab. The Statistics screen appears Enabling the Icon Using the 3Com Icon in the Windows System TrayDisplaying Network Statistics Removing the 3Com NIC Diagnostics Program Click Proceed, and then follow the prompts on the screenPage Obtaining Drivers Page Specifications 3CR990 NIC Speciﬁcations Cabling Requirements Twisted-Pair Cable 10BASE-T Operation Category Use RJ-45 Connector Pin Assignments 100BASE-TX Operation Pause Frames Flow ControlLink Negotiation Page 3C OM DMI a Gent About the 3Com DMI Agent System Requirements Network Management Requirements Installing the 3Com DMI AgentFollow the prompts on the screen Restart the PC when prompted EtherCD Navigation LinksDescription Root Subdirectories Auto InsertText Files Subdirectory Description 165 File Name File DescriptionPage NetWare Fresh Installation Windows Fresh InstallationRequirements Installation Instructions Driver Summary screen, select 3C990.LAN and press Enter When the installation is ﬁnished, edit the STARTUP.NCF ﬁle Page Online Technical Services World Wide Web Site 3Com Knowledgebase Web Services 3Com Bulletin Board ServiceAccess by Analog Modem 3Com FTP Site 3Com Facts Automated Fax Service Access by Digital ModemSupport from Your Network Supplier 847 262 Country Region Telephone Number Asia Paciﬁc Rim Support from 3ComEurope Returning Products for Repair Country RegionEurope, South Africa, and Middle East Latin America To obtain an authorization number, call or fax Country Region Telephone Number Fax Number Index Numbers MBA PCI NIC 131 NLMs Displaying, Windows Self-healing drivers SHDs OSR2 Index Page FCC Class B Statement Industry Canada Class B Emission Compliance Statement Page Product Registration