Manuals / Brands / Computer Equipment / Network Router / Secure Computing / Computer Equipment / Network Router

Secure Computing SafeNet, Sidewinder Version 5.1.0.02, Soft-PK Version 5.1.3 Build 4 - page 17

1 80

Download 80 pages, 1001.45 Kb

Roadmap to deploying your VPNs

Getting Started 1-7

Soft-PK deployment

checklist The following checklist identifies each major step i nvolved in the

setup and deployment of your Soft-PK software (as shown in Figure

1-2). You can use the checklist as a reference point and mark of f each

item as you complete it to ensure a successful VPN rollout.

TIP: Each step provides an overview of the task and points you to specific documentation

for more detailed information.

1 — Satisfy Sidewinder, network, & system requirements

❒Sidewinder/network: Verify that your Sidewinder is at Version 5.1.0.02 or later,

licensed for VPN, and that your network is fully operational.

❒End-user systems: Verify that each system on which Soft-PK will be installed meets

the requirements as described on page 1-4.

2 — Plan your VPN configuration

❒Review Chapter 2 to become familiar with key concepts and options that are

available when setting up VPNs.

❒Review Chapter 11 in the Sidewinder Administration Guide for additional background

on VPN configuration.

❒Review the readme.txt file located on the Soft-PK CD for addition al information from

Secure Computing.

3 — Enable appropriate Sidewinder servers, ACL entries, & proxies

Note: For details, see"Enabling the VPN servers" on page 3-2 and "Configuring ACL & proxies

entries for VPN connections" on page 3-3.

❒CMD server: The Certificate Management Daemon (CMD) server must be enabled

before you can configure the certificate server.

❒EGD server: The Entropy Generating Daemon (EGD) server is used by ISAKMP. This

server must be enabled before you can create VPN associations.

❒ISAKMP server: The ISAKMP server must be enabled and set to listen on the

appropriate burb (typically, this will be the Internet burb).

More...

Contents

Main Page i Copyright Notice Trademarks Secure Computing Corporation Software License Agreement ii Technical Support Information Comments? Printing History T ABLE OF C Preface: About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . .v Chapter 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Chapter 2: Planning Your VPN Config uration. . . . . . . . . . 2-1 Chapter 3: Configuring Sidewinder for Soft-PK Clients . 3-1 Chapter 4: Installing and Working with Soft-PK . . . . . . . .4-1 Chapter 5: Deploying Soft-PK to Your End Users . . . . . . 5-1 Appendix A: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . A-1 P P this guide? About this Guide Who should read P How this guide is organized Where to find additional information Page CHAPTER 1 Getting Started About Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirements Soft-PK requirements Roadmap to deploying your VPNs Page Page Page Page Page CHAPTER 2 Planning Your VPN Configuration Identifying basic VPN connection needs Identifying authentication requirements Using digital certificate authentication Understanding pre-shared key authentication Extended authentication Determining where you will terminate your VPNs More about virtual burbs and VPNs Defining a virtual burb Understanding Sidewinder client address pools CHAPTER 3 Configuring Sidewinder for Soft-PK Clients Enabling the VPN servers Configuring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificate Page Creating & exporting remote certificate(s) Page Page Managing CA- based certificates Defining a CA to use and obtaining the CA root cert Requesting a certificate for the firewall information must be entered into each Soft-PK client. Determining identifying information for client certificates Defining remote client identities in Sidewinder Page Configuring the VPN on the Sidewinder Page appropriate for your configuration. self-signed certificate options. specify the following CA certificate options. Page Page CHAPTER 4 Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variations Activating/Deactivating Soft-PK About the Soft-PK program options Managing certificates on Setting up Sidewinder self-signed certificates Setting up CA-based certifi cates Requesting a personal certificate from a CA on users behalf Importing certificate in Soft-PK Page Page Page Configuring a security policy on the Soft-PK Page Page Page CHAPTER 5 Deploying Soft-PK to Your End Users Overview Customizing the user worksheet Specifying dial-up network instructions Specifying installation instructions Specifying certificate import/request instruction s Specifying security policy instructions Specifying basic connection information A APPENDIX A Troubleshooting Soft-PK Log Viewer A Soft-PK Connectio n Monitor More about the Connection Monitor To view the details Sidewinder troubleshooting commands