Ip Security, Overview Creating a Security Policy | 3Com 3CR990

Overview

6

Overview

Creating a Security Policy

IP SECURITY

The 3CR990 NICs accelerate IP security (IPSec) data encryption from supported operating systems that provide this ofﬂoad capability. This feature is currently available in the Microsoft Windows 2000 operating system.

IPSec consists of two parts: encryption/decryption and authentication. To send or receive encrypted data in a PC running Windows 2000 with a 3CR990 NIC installed, you must ﬁrst create a security policy, and then enable encryption on the NIC. The security policy establishes and deﬁnes how encrypted network trafﬁc between your PC and a speciﬁed server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key ﬁelds to a packet without altering the packet data content.

The following table shows the available levels of encryption:

Encryption	Encryption
Type	Level	Description

AH	medium	Authentication only

ESP	high	Authentication and encryption

Custom	varies	This provides encryption and an extra authentication that includes
		the IP header.
		Custom allows you to select options for both AH and ESP, such as
		MD%/SHA-1 and DES/3DES. And you can select the rate at which
		new keys are negotiated.
		Microsoft uses IKE key exchange to renew keys every x seconds
		or y bytes. However, this practice is computationally very high in
		overhead. Some users may set these values low and have frequent
		key updates. Users more concerned with performance will set
		these values higher.
		For more information, see the Microsoft documentation about
		creating IPSec flows.

The process you use to create and enable a security policy will depend on your network environment requirements. The following is an example of one approach to creating a security policy.

NOTE: You must complete all of the sequences in this section to establish and enable a security policy for transmitting and receiving encrypted data over the network.

Image 43

3Com 3CR990 manual Ip Security, Overview Creating a Security Policy

Contents

Published August 3CR990 Family of EtherLink NICsEtherLink 10/100 PCI Network Interface Card with 3XP processor User Guide UNITED STATES GOVERNMENT LEGEND 3Com Corporation5400 Bayfront Plaza Santa Clara, California 1 BEFORE YOU BEGIN CONTENTS3 NIC INSTALLATION 2 3CR990 NICS Multiple NICs 4 WINDOWS DRIVERS5 NETWARE DRIVERS 6 IP SECURITY Accessing the 3Com KnowledgeBase 8 CONFIGURATION9 TROUBLESHOOTING 7 UPGRADING DRIVERS B TECHNICAL SUPPORT E MBA BOOT ROMA SPECIFICATIONS D UNINSTALLING NIC SOFTWARE Conﬁguring DynamicAccess Technology F DYNAMICACCESS TECHNOLOGYINDEX WARRANTY AND REGULATORY COMPLIANCE INFORMATION DynamicAccess FeaturesPage 2 Click Register Product, and then Register Online BEFORE YOU BEGIN Go to Auto Insert Go to Root Subdirectories 1 Right-click the My Computer icon, and then select Properties Minimum System click NIC Software, Drivers and Diagnostics, NIC PreinstallationNIC Installation with Windows 2000, and then Done Go to NIC Installation about installation diskettes DOS-BootableDiskette Installation to install these drivers Installations \ Diskette.pdf To make installation diskettes NIC Overview 3CR990 NICS 168-bit 3DES encryption NIC FeaturesEncryption chip Remote Wake-Up RWU connector 3XP processor 3CR990 NICs support up to NOTE The 3CR990 NICs provide a network connection with or without the Remote Wake-Up cable installedUpgrading software Scanning for viruses Windows Ofﬂoad FeaturesDynamicAccess Technology, and Install 3Com DMI Agent now Ofﬂine Diagnostics 2 Click the Local Area Connection icon NOTE The default hex value is F all ofﬂoads enabled3 Click Conﬁgure 20 CHAPTER 2 3CR990 NICS For more information NIC INSTALLATIONInstalling the NIC your system 22 CHAPTER 3 NIC INSTALLATION Remote Wake-Up Cable Installing the NIC L N K 24 CHAPTER 3 NIC INSTALLATIONDATA TX ACT Go to Multiple NICs What do you want to do?Go to Windows Go to Windows Go to Windows NT Go to Windows NT Go to NetWare DriversPage 5 Click NIC Installation with Windows 2000, and then click Done Windows 2000 and installed the NIC, go to step 7 in this procedure3 Click Drivers and Diagnostics 4 Click NIC Preinstallation Go to 3Com DOS Conﬁguration Program Go to New Hardware Found Go to Update Device Driver Wizard NOTE You must restart your computer to complete the installationTo verify that the installation was successful Go to Verifying Successful Installation Go to Verifying Successful Installation Update Device Driver Wizard Windows NT Windows NTPC or server running Windows NT 4 Click Add Adapter a Select the Enable Automatic DHCP Conﬁguration check box6 Click Continue Verifying Successful Installation34 CHAPTER 4 WINDOWS DRIVERS Multiple NICs 5 Click NIC Installation with Windows 2000, and then Doneoperating system 36 CHAPTER 4 WINDOWS DRIVERS Windows 95 and 5 Click Have Disk Page NOTE 3CR990 NICs do not support NetWare 3.11 and 4.0x servers NETWARE DRIVERS Go to Verifying the PCI Slot Number 4.11, and a Select Reinitialize System For NetWare load c\nwserver\3c99x.lan Verifying the PCI Slot Number Overview Creating a Security Policy IP SECURITY 5 Select IP Security Policy Management, and then click Add 7 Clear the Activate the default response rule check box1 In the left pane, click IP Security Policies on Local Machine Creating a Security Policy Filter Action 46 CHAPTER 6 IP SECURITY 2 Select Un-assign 8 Click Have Disk UPGRADING DRIVERS Go to Windows 98 and Windows Go to Windows 95 Version A Build 6 Click Close 7 Click Have DiskWindows NT 4.0 50 CHAPTER 7 UPGRADING DRIVERS 6 Click Restart Now Provides the ability to boot a PC CONFIGURATION100BASE-TX 100 Mb/s Conﬁguration If you do not have a DOS-bootable disketteGo to Making a DOS-Bootable Diskette 3Com DOS Go to To Run the Network Test Diagnostics ProgramDiagnostics Program 3Com NIC 5 Repeat the process for each setting that you want to change the Installation TROUBLESHOOTINGAccessing the Troubleshooting Go to Technical Support Running DiagnosticsPrograms Go to 10BASE-T Description Go to 100BASE-TX Description Conﬁguration Tab For more information about how to make a DOS-bootable diskette4 Click 3Com NIC Doctor General Tab Accessing the 3Com Diagnostics TestsDiagnostics Tab Flash Update Tab To run the NIC test, Network test, or Remote Wake-Up test 2 Click Perform NIC Test Go to 3Com NIC Diagnostics Program Accessing 3ComSupport Services Go to Troubleshooting Remote Wake-Up Remote Wake-Up 3Com Tray Iconconnection between the NIC and the network Network Connection Troubleshooting aNOTE For more information on PCI speciﬁcations and Remote Wake-Up 2 Connect a straight-through cable from the PC to the hub Hardware SPECIFICATIONSNIC Speciﬁcations PCI Local Bus Specification, Revision Connection Criteria NetworkNetwork Cable 1 TD+ 2 TD 3 RD+ 6 RD Assignments1 2 3 4 5 6 7 Pause Frames Flow ControlLink Negotiation Online Technical ServicesTECHNICAL SUPPORT Register this Product 1 408 727 1 847day, 7 days a week Country Support from 3ComTelephone Number To obtain an RMA number, call or fax NOTE DOS drivers are not supported for 3CR990 NICs. However, they are over-the-network installationsSUPPORTED DRIVERS Additional DriversPage Windows 98 and UNINSTALLING NIC SOFTWAREor Windows 76 APPENDIX D UNINSTALLING NIC SOFTWARE MBA Boot ROM MBA BOOT ROMthe Boot ROM Setting Booting with the Non-BBS MBA boot ROM, see the documentation that came with MBA on the EtherCD Failure to install the patch will result in system failure DYNAMICACCESS TECHNOLOGYDynamicAccess Features To install DynamicAccess technology InstallingTechnology you install the NIC software Conﬁguring NOTE You must restart your PC to complete the installationmanagement tools for an Ethernet network 1 Double-click the Add/Remove Programs icon in the Control Panel Removing 2 Select the DAPassThru Driver Transport protocol Page Numbers INDEX uninstalling NIC software 76 unshielded twisted pair UTP OBTAINING WARRANTY SERVICE 3Com Corporation Limited WarrantyWARRANTY AND REGULATORY COMPLIANCE INFORMATION YEAR 2000 WARRANTY GOVERNING LAW Regulatory Compliance InformationLIMITATION OF LIABILITY DISCLAIMER STATEMENT 3COM END USER SOFTWARE IMPORTANT Read Before Using This ProductINDUSTRY CANADA CLASS B EMISSION COMPLIANCE Santa Clara, CA 95052-8145 408 3Com Corporation 5400 Bayfront Plaza P.O. Box