HP Embedded Firewall Creating a Security Policy

9Installing and Configuring Data Encryption Offloads

Configuring IPSec in Windows 2003, Windows XP, and Windows 2000

The 3CR990B NIC accelerates IP security (IPSec) data encryption from supported operating systems that provide this offload capability. This feature is currently available in the Windows 2003, Windows XP, and Windows 2000 operating systems.

IPSec primarily consists of two parts:

•encryption/decryption

•authentication

To send or receive encrypted data with a 3CR990B NIC installed, you must first create a security policy, and then enable encryption on the NIC. The security policy establishes and defines how encrypted network traffic between your computer and a specified server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key fields to a packet without altering the packet data content.

The following table shows the available levels of encryption:

Encryption	Encryption
Type	Level	Description

AH	Medium	Authentication only
ESP	High	Authentication and encryption
Custom	Varies	Provides encryption and an extra authentication that includes
		the IP header.
		Custom allows you to select options for both AH and ESP, such
		as MD%/SHA-1 and DES/3DES. And you can select the rate at
		which new keys are negotiated.
		Microsoft uses IKE key exchange to renew keys every x seconds
		or y bytes. However, this practice is computationally very high
		in overhead. Some users may set these values low and have
		frequent key updates. Users more concerned with
		performance will set these values higher.
		For more information, refer to the Microsoft documentation
		about creating IPSec flows.

Creating a Security Policy

The process you use to create and enable a security policy depends on your network environment requirements. The following is an example of one approach to creating a security policy.

NOTE: You must complete all of the sequences in this section to establish and enable a security policy for transmitting and receiving encrypted data over the network.

24

Contents

10/100 Secure Network Interface Card 350 Campus Drive Contents Installing and Configuring Data Encryption Offloads Installing 3Com Advanced Server Features for Windows Configuring the NIC Troubleshooting the NIC Running NIC Diagnostics Specifications and Cabling Requirements Installing the 3Com DMI Agent Obtaining Support for your Product Regulatory Compliance Information 1 Installing and Connecting the NIC WARNING: CAUTION: 3CR990B-97NIC 3CR990B-FX-97NIC Page NOTE: 2 Windows 2003 Server Driver Installation Page 3 Windows XP Driver Installation Page 4 Windows 2000 Driver Installation Page 5 Windows NT 4.0 Driver Installation NOTE: 6 Windows 98 SE Driver Installation Page 7 Novell NetWare Driver Installation Identifying the Slot Number Verifying or Modifying NIC Parameters Removing Drivers from Autoexec.ncf Page Page 8 Linux 2.4 Driver Installation Page 9 Installing and Configuring Data Encryption Offloads Offloading Encryption Processing Selecting Basic or Strong Encryption Processing Creating a Security Policy Defining the Console Creating the Policy Creating a Filter Binding the Filter Creating the Filter Action Binding the Filter Action Enabling Encryption Disabling Encryption Page 10 Installing 3Com Advanced Server Features for Windows Load Balancing Failover VLANs Verifying the Installation Planning the Configuration 802.1p Support Property Microsoft Task Offload Support Working With Server Features Windows 2003, Windows XP, and Windows Windows NT Adding NICs to a Group Specifying a Dedicated IP Address Changing an IP Address Specifying Traffic Priorities Saving the Configuration Disabling Load Balancing for a Group Changing the Primary NIC Removing a NIC from a Group Deleting or Editing a VLAN Displaying NIC Properties Displaying Group Properties Troubleshooting a Load Balancing Configuration http://knowledgebase.3com.com Page Enabling Offloads Configuring Offloads for a Group of Different NICs 11 Configuring the NIC Page Page Installing the 3Com NIC Diagnostics Program Starting the 3Com NIC Diagnostics Program Using the 3Com NIC Diagnostics Program a:\3c99xcfg.exe BBS BIOS-CompatiblePCs Non-BBS BIOS-CompatiblePCs 12 Troubleshooting the NIC Viewing the NIC LEDs in the Diagnostics Program Link Transmit Receive — Troubleshooting Problems with the LEDs Accessing the 3Com Knowledgebase Accessing the 3Com NIC Help System Accessing Release Notes and Frequently Asked Questions Release notes — Frequently asked questions — Problems or Error Messages Cleaning Up A Failed Installation \options\cabs Page RJ-45Cabling Pinouts (Copper NIC Only) Page Windows 98 SE NetWare load nwconfig 13 Running NIC Diagnostics Page Running the Network Test Running the NIC Test Receive Enabling the Icon Displaying Network Statistics Frames Sent and Received Speed Page A Specifications and Cabling Requirements Page Page RJ-45Connector Pin Assignments B Installing the 3Com DMI Agent Client PC Requirements Page Page C Obtaining Support for your Product http://csoweb4.3com.com/contactus Page Page D Regulatory Compliance Information FCC Declaration of Conformity MIC Class B Compliance (Korea) Safety Compliance Statement ATTENTION: