Manuals / Secure Computing / Computer Equipment / Network Router

Secure Computing Soft-PK Version 5.1.3 Build 4 Satisfy Sidewinder, network, & system requirements

Models: Soft-PK Version 5.1.3 Build 4 Sidewinder Version 5.1.0.02 SafeNet

1 80

Download 80 pages 41.45 Kb

Page 17

Image 17

Roadmap to deploying your VPNs

Soft-PK deployment checklist

The following checklist identifies each major step involved in the setup and deployment of your Soft-PK software (as shown in Figure 1-2). You can use the checklist as a reference point and mark off each item as you complete it to ensure a successful VPN rollout.

TIP: Each step provides an overview of the task and points you to specific documentation

for more detailed information.

1 — Satisfy Sidewinder, network, & system requirements

❒Sidewinder/network: Verify that your Sidewinder is at Version 5.1.0.02 or later, licensed for VPN, and that your network is fully operational.

❒End-user systems: Verify that each system on which Soft-PK will be installed meets the requirements as described on page 1-4.

2 — Plan your VPN configuration

❒Review Chapter 2 to become familiar with key concepts and options that are available when setting up VPNs.

❒Review Chapter 11 in the Sidewinder Administration Guide for additional background on VPN configuration.

❒Review the readme.txt file located on the Soft-PK CD for additional information from Secure Computing.

3 — Enable appropriate Sidewinder servers, ACL entries, & proxies

Note: For details, see"Enabling the VPN servers" on page 3-2 and "Configuring ACL & proxies entries for VPN connections" on page 3-3.

❒CMD server: The Certificate Management Daemon (CMD) server must be enabled before you can configure the certificate server.

❒EGD server: The Entropy Generating Daemon (EGD) server is used by ISAKMP. This server must be enabled before you can create VPN associations.

❒ISAKMP server: The ISAKMP server must be enabled and set to listen on the appropriate burb (typically, this will be the Internet burb).

More...

Getting Started	1-7

Image 17

Secure Computing Soft-PK Version 5.1.3 Build 4, SafeNet manual Satisfy Sidewinder, network, & system requirements

Contents

VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK Who should read this guide? About this Guide Organized How this guide is About Sidewinder About Soft-PKAbout digital certificates Viewing and printing this document online Viii About this chapter Getting Started About Soft-PK & Sidewinder VPNs Sidewinder and other network requirements Requirements Soft-PK requirements Roadmap to deploying your VPNs 4c1 Define remote identities within Sidewinder Sidewinder system Satisfy Sidewinder, network, & system requirements Plan your VPN configuration Create/Request the digital certificates If using pre-shared keys passwords Configure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Using digital certificate authentication Identifying authentication requirementsPrivate key file Certificate file with public key No CA needed Closer look at self-signed certificatesFor a small number of VPN Clients Closer look at CA-based certificates Understanding pre-shared key authentication Extended authentication VPN tunnel terminating on trusted burb Determining where you will terminate your VPNs Defining a virtual burb Select Firewall Administration Burb ConfigurationMore about virtual burbs and VPNs Sidewinder Understanding Sidewinder client address pools Understanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Click Apply Configure the Isakmp server Enable the cmd, egd, and isakmp serversEnable Select VPN Configuration Isakmp Server Configuring ACL & proxies entries for VPN connections Creating & exporting a firewall certificate Managing Sidewinder self- signed certs Mail Address Specify the following Firewall Certificate settingsClick OK when done Select the Remote Certificates tab. Click New Select Services Configuration Certificate ManagementCreating & exporting remote certificates Click Add to add the certificate to the Certificates list Specify the following Remote Certificate settingsKey File Generated Return to for each remote client Defining a CA to use and obtaining the CA root cert Managing CA- based certificates Requesting a certificate for the firewall Retrieve the key, revoke, etc Specify the firewall certificate informationClick Add to send the enrollment request Determining identifying information for client certificates Certificate Identities defined on the firewall Defining remote client identities in Sidewinder Managing pre- shared keys passwords Configuring the VPN on the Sidewinder Enabled Select Yes Burb Field Setting Local Network/IPNew button to specify the IP Address / Hostname Example, if you specify 24 with an IP address Certificate VPN from the list provided Firewall Identity Require Extended Enable this checkbox AuthenticationType Firewall to the remote client Value This field cannot be edited Edited TypeClient Remote Identity Save your settings!4. Click Add to save the settingsClick Close Page Installing and Working with Soft-PK Soft-PK installation notes Determining Soft-PK status from icon variations Starting Soft-PK Means Soft-PK security policy is currently active Right-click the Soft-PK tray icon to access menuActivating/Deactivating Soft-PK Certificate Manager About the Soft-PK program optionsSecurity Policy Editor Log Viewer Managing certificates on Soft-PK Setting up Sidewinder self-signed certificates Setting up CA-based certificates Select the Generate Exportable Key check box Click Advanced to select a certificate service providerGet your CA administrator to approve your request Importing certificate in Soft-PK Verification window Importing a personal certificate into Soft-PK Import Certificate Password Window Certificate file Select Options Secure Specified Connections Configuring a security policy on the Soft-PK Enable the Connect using Secure Gateway Tunnel box If using digital certificatesSpecify the interface information New connection Named SecureVPN Configuring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields Optional Click Save to save the policy on this system SA Life Select Unspecified to default to Sidewinder settingsPage Deploying Soft-PK to Your End Users Format OverviewWord Cannot modify Soft-PK setup.exe file and supporting filesSecurity policy Specifying dial-up network instructions Specifying installation instructionsCustomizing the user worksheet Specifying certificate import/request instructions Specifying basic connection information Specifying security policy instructions About this appendix Soft-PK Log Viewer Soft-PK Connection Monitor To view the details More about the Connection Monitor Sidewinder troubleshooting commands Page Part Number 86-0935037-A