Manuals / Brands / Computer Equipment / Network Router / Secure Computing / Computer Equipment / Network Router

Secure Computing SafeNet, Sidewinder Version 5.1.0.02, Soft-PK Version 5.1.3 Build 4 - page 18

1 80

Download 80 pages, 1001.45 Kb

Roadmap to deploying your VPNs

1-8 Getting Started

❒ISAKMP ACL entry: At a minimum, you must define and enable an ACL entry that

allows ISAKMP traffic from the Internet to the Internet burb on Sidewinder (external

IP address of Sidewinder).

❒Other ACL entries: Depending on where you terminate your VPN connections on

Sidewinder (e.g., in a virtual burb), you may need to create ACL entries to allow traffic

between burbs.

❒Proxies: Depending on where you terminate your VPN connections on Sidewinder

(e.g., in a virtual burb), you may need to enable proxies to allow traffic between burbs.

4 — Create/Request the digital certificates

If using Sidewinder self-signed certificates:

❒Use Cobra to create and export a firewall certificate. See "Creating & exporting a

firewall certificate" on page 3-4 for details.

❒Use Cobra to create and export remote certificates for each end user. See "Creating &

exporting remote certificate(s)" on page 3-6 for details.

❒Use a command-line utility on Sidewinder to convert the key/file certificate pair to

pkcs12 format. See "Converting the certificate file/private key file pair to pkcs12

format" on page 3-8 for details.

If using a CA -assigned certificates:

❒Use Cobra to define a CA and obtain the CA root certificate and export it for sending

to client(s). See "Defining a CA to use and obtaining the CA root cert" on page 3-9 for

details.

❒Use Cobra to request a certificate for the firewall from the CA. See "Requestin g a

certificate for the firewall" on page 3-10 for details.

❒Determine the identifying information (e.g., Disti n g u ished Name settings) your

clients will use in their personal certificates. See "Determining identify ing inf ormatio n

for client certificates" on page 3-12.

❒Use Cobra to specify the client certificate identity information to within Sidewinder.

See "Defining remote client identities in Sidewinder" on page 3-13 for details.

If using pre-shared keys (passwords):

❒Use Cobra to specify the client identity information to within Sidewinder. See

"Managing pre-shared keys (passwords)" on page 3-14 for details.

More...

Contents

Main Page i Copyright Notice Trademarks Secure Computing Corporation Software License Agreement ii Technical Support Information Comments? Printing History T ABLE OF C Preface: About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . .v Chapter 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Chapter 2: Planning Your VPN Config uration. . . . . . . . . . 2-1 Chapter 3: Configuring Sidewinder for Soft-PK Clients . 3-1 Chapter 4: Installing and Working with Soft-PK . . . . . . . .4-1 Chapter 5: Deploying Soft-PK to Your End Users . . . . . . 5-1 Appendix A: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . A-1 P P this guide? About this Guide Who should read P How this guide is organized Where to find additional information Page CHAPTER 1 Getting Started About Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirements Soft-PK requirements Roadmap to deploying your VPNs Page Page Page Page Page CHAPTER 2 Planning Your VPN Configuration Identifying basic VPN connection needs Identifying authentication requirements Using digital certificate authentication Understanding pre-shared key authentication Extended authentication Determining where you will terminate your VPNs More about virtual burbs and VPNs Defining a virtual burb Understanding Sidewinder client address pools CHAPTER 3 Configuring Sidewinder for Soft-PK Clients Enabling the VPN servers Configuring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificate Page Creating & exporting remote certificate(s) Page Page Managing CA- based certificates Defining a CA to use and obtaining the CA root cert Requesting a certificate for the firewall information must be entered into each Soft-PK client. Determining identifying information for client certificates Defining remote client identities in Sidewinder Page Configuring the VPN on the Sidewinder Page appropriate for your configuration. self-signed certificate options. specify the following CA certificate options. Page Page CHAPTER 4 Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variations Activating/Deactivating Soft-PK About the Soft-PK program options Managing certificates on Setting up Sidewinder self-signed certificates Setting up CA-based certifi cates Requesting a personal certificate from a CA on users behalf Importing certificate in Soft-PK Page Page Page Configuring a security policy on the Soft-PK Page Page Page CHAPTER 5 Deploying Soft-PK to Your End Users Overview Customizing the user worksheet Specifying dial-up network instructions Specifying installation instructions Specifying certificate import/request instruction s Specifying security policy instructions Specifying basic connection information A APPENDIX A Troubleshooting Soft-PK Log Viewer A Soft-PK Connectio n Monitor More about the Connection Monitor To view the details Sidewinder troubleshooting commands