3Com C36460T, 86-0621-000 software manual http//infodeli.3com.com/infodeli/tools/bridrout/index.htm

VPN Protocols and Services Notes 61

was unavailable. To determine the required version, refer to the online version of these release notes available on the 3Com website:

http://infodeli.3com.com/infodeli/tools/bridrout/index.htm

Microsoft MPPE Patches Microsoft has acknowledged performance problems with their original

and Updates implementation of MPPE. You should use MSDUN1.2c or later for Windows 95 and apply Hot Fixes in article Q162230 for Windows NT. Contact your Microsoft service provider for additional information and updates when they become available.

PKI: Entrust CA A Certificate Authority (CA) product can be purchased separately from Entrust. Installation Notes This packaged CA server must be installed and configured on a Windows NT 4.0

system. This package actually consists of two Entrust products:

■Entrust/PKI 4.0 Authority/Admin/Directory is installed on a Windows NT 4.0 server. This product provides the CA server, a facility to administer the CA, and an optional local LDAP-compliant directory that can serve as a repository for certificates and CRLs. This product should be installed first.

■Entrust/PKI 4.0 VPN Connector can be installed with Entrust PKI 4.0 Authority/Admin/Directory on a Windows NT 4.0 server, or installed separately on a Windows NT 4.0 workstation with network connectivity to the Entrust CA server. This product provides a front-end to the Entrust CA server for enrolling VPN devices such as routers with the Entrust CA in order to obtain certificates for those devices. This product must be installed after the Entrust/PKI 4.0 Authority/Admin/Directory product is installed.

The following are some guidelines for installing the Entrust/PKI 4.0

Authority/Admin/Directory product:

■The Entrust installation guide gives instructions for installing the Entrust/PKI 4.0 Authority/Admin/Directory product. It is recommended that the Entrust directory be installed with the CA server. The installation guide specifies the exact system requirements. It is strongly recommended that the installation guide be reviewed carefully before attempting the installation.

■The Entrust CA environment assumes a hierarchy of security personnel that manage various aspects of operation of the CA, although all of the various management roles can be assumed by a single person. It is recommended that the various passwords for the various personnel be carefully recorded, and the records placed in a secure location. The installation provides various worksheets, and the information requested in these must be determined prior to the installation.

■A Windows NT server administrator password must be set prior to the installation. Do not use an empty password consisting only of a carriage return.

■After installation, if the Entrust directory was installed with the Entrust CA software, by default, the directory records for certificates and CRLs will be stored internally in an ASCII format. The directory records should be stored in a binary format. To change the format, edit the Entrust ENTMGR.INI file and Bridge/Router PKI Configuration search for the line “serverType = Entrustslapd”. Change this line to read “serverType = External”. See Appendix D of the Entrust/PKI 4.0 Administration Guide for more information. After editing this file, run the Master Control application and invoke the Restore to