Sidewinder system | Secure Computing Sidewinder Version 5.1.0.02

Roadmap to deploying your VPNs

Figure 1-2. VPN deployment overview

1 — Satisfy Sidewinder, network, & system requirements

2 — Plan your VPN configuration

3 — Enable appropriate Sidewinder servers, ACL entries, & proxies

4 — Set up VPN authentication on Sidewinder

Admin tasks performed on

Sidewinder system

If using Sidewinder self-signed certificates:

4a1 — Create & export a firewall certificate

4a2 — Create & export remote certificates

4a3 — Convert key file/ certificate pair to pkcs12 format

If using CA-assigned certificates:

4b1 — Request/export the CA root certificate

4b2 — Request a firewall certificate

4b3 — Determine the identifying information (DN) your clients use

4b4 — Define remote certificate identities within Sidewinder

If using pre-shared keys (passwords):

4c1 — Define remote identities within Sidewinder

Important: Be sure specify Extended Authentication when configuring your VPN connection in Step 5

Admin tasks performed using

Soft-PK prior to deploying to end

users

5 — Configure the VPN connections on the Sidewinder

6 — Configure the certificates and security policy(ies) for your remote users

7 — Prepare and deploy your Soft-PK installation package to remote users

8 — Troubleshoot any connection problems

1-6

Getting Started

Image 16

Secure Computing Sidewinder Version 5.1.0.02, SafeNet Sidewinder system, 4c1 Define remote identities within Sidewinder

Contents

VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK About this Guide Who should read this guide? How this guide is Organized About Soft-PK About SidewinderAbout digital certificates Viewing and printing this document online Viii Getting Started About this chapter About Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirements Soft-PK requirements Roadmap to deploying your VPNs Sidewinder system 4c1 Define remote identities within Sidewinder Plan your VPN configuration Satisfy Sidewinder, network, & system requirements If using pre-shared keys passwords Create/Request the digital certificates Configure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Identifying authentication requirements Using digital certificate authenticationPrivate key file Certificate file with public key Closer look at self-signed certificates No CA neededFor a small number of VPN Clients Understanding pre-shared key authentication Closer look at CA-based certificates Extended authentication Determining where you will terminate your VPNs VPN tunnel terminating on trusted burb More about virtual burbs and VPNs Select Firewall Administration Burb ConfigurationDefining a virtual burb Understanding Sidewinder client address pools Sidewinder Understanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Enable the cmd, egd, and isakmp servers Click Apply Configure the Isakmp serverEnable Select VPN Configuration Isakmp Server Configuring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificate Click OK when done Specify the following Firewall Certificate settingsMail Address Creating & exporting remote certificates Select Services Configuration Certificate ManagementSelect the Remote Certificates tab. Click New Specify the following Remote Certificate settings Click Add to add the certificate to the Certificates listKey File Generated Return to for each remote client Managing CA- based certificates Defining a CA to use and obtaining the CA root cert Requesting a certificate for the firewall Click Add to send the enrollment request Specify the firewall certificate informationRetrieve the key, revoke, etc Determining identifying information for client certificates Defining remote client identities in Sidewinder Certificate Identities defined on the firewall Managing pre- shared keys passwords Configuring the VPN on the Sidewinder Field Setting Local Network/IP Enabled Select Yes BurbNew button to specify the IP Address / Hostname Example, if you specify 24 with an IP address Require Extended Enable this checkbox Authentication Certificate VPN from the list provided Firewall IdentityType Firewall to the remote client Value This field cannot be edited Client TypeEdited Click Close Save your settings!4. Click Add to save the settingsRemote Identity Page Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variations Activating/Deactivating Soft-PK Right-click the Soft-PK tray icon to access menuMeans Soft-PK security policy is currently active About the Soft-PK program options Certificate ManagerSecurity Policy Editor Log Viewer Setting up Sidewinder self-signed certificates Managing certificates on Soft-PK Setting up CA-based certificates Get your CA administrator to approve your request Click Advanced to select a certificate service providerSelect the Generate Exportable Key check box Importing certificate in Soft-PK Verification window Import Certificate Password Window Importing a personal certificate into Soft-PK Certificate file Configuring a security policy on the Soft-PK Select Options Secure Specified Connections If using digital certificates Enable the Connect using Secure Gateway Tunnel boxSpecify the interface information New connection Named SecureVPN Configuring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields SA Life Select Unspecified to default to Sidewinder settings Optional Click Save to save the policy on this systemPage Deploying Soft-PK to Your End Users Word OverviewFormat Security policy Soft-PK setup.exe file and supporting filesCannot modify Customizing the user worksheet Specifying installation instructionsSpecifying dial-up network instructions Specifying certificate import/request instructions Specifying security policy instructions Specifying basic connection information Soft-PK Log Viewer About this appendix Soft-PK Connection Monitor More about the Connection Monitor To view the details Sidewinder troubleshooting commands Page Part Number 86-0935037-A