Chapter 6: About Support Tools Security

Using IPSecurity with Support Tools

If a non-Cisco policy already exists on the target machine and is not assigned, Support Tools will create and assign a Cisco policy.

Manual IPSec Implementation

On Windows 2000 and XP platforms, IPSec can be used but must be configured manually. This section provides guidelines on setting up IPSec for Support Tools.

When configuring Support Tools to use IPSec:

The policy for the Support Tools server should be configured to support shared keys.

A filter should be added complying with the above listed recommendations when securing a Support Tools component that resides on a system with a one-to-one IPSEC policy. The filter should be added to the filter list of the existing policy and listed second.

A configuration example follows:

Client Policy IP Filter

From any IP address / TCP port

To any IP address / specific TCP port (39100, Support Tools default)

Filter Action

Request Security on Support Tools Server Require Security on Node Agent

Negotiate security

ESP with SHA1 Integrity and no encryption Authentication Mode (Both should be listed on Support Tools server)

Preshared key

Cisco Support Tools User Guide for Cisco Unified Software Release 2.1(1)

45

Page 59
Image 59
Cisco Systems 2.1(1) manual Manual IPSec Implementation