Roadmap to deploying your VPNs

ISAKMP ACL entry: At a minimum, you must define and enable an ACL entry that allows ISAKMP traffic from the Internet to the Internet burb on Sidewinder (external IP address of Sidewinder).

Other ACL entries: Depending on where you terminate your VPN connections on Sidewinder (e.g., in a virtual burb), you may need to create ACL entries to allow traffic between burbs.

Proxies: Depending on where you terminate your VPN connections on Sidewinder (e.g., in a virtual burb), you may need to enable proxies to allow traffic between burbs.

4 — Create/Request the digital certificates

If using Sidewinder self-signed certificates:

Use Cobra to create and export a firewall certificate. See "Creating & exporting a firewall certificate" on page 3-4 for details.

Use Cobra to create and export remote certificates for each end user. See "Creating & exporting remote certificate(s)" on page 3-6 for details.

Use a command-line utility on Sidewinder to convert the key/file certificate pair to pkcs12 format. See "Converting the certificate file/private key file pair to pkcs12 format" on page 3-8 for details.

If using a CA -assigned certificates:

Use Cobra to define a CA and obtain the CA root certificate and export it for sending to client(s). See "Defining a CA to use and obtaining the CA root cert" on page 3-9 for details.

Use Cobra to request a certificate for the firewall from the CA. See "Requesting a certificate for the firewall" on page 3-10 for details.

Determine the identifying information (e.g., Distinguished Name settings) your clients will use in their personal certificates. See "Determining identifying information for client certificates" on page 3-12.

Use Cobra to specify the client certificate identity information to within Sidewinder. See "Defining remote client identities in Sidewinder" on page 3-13 for details.

If using pre-shared keys (passwords):

Use Cobra to specify the client identity information to within Sidewinder. See "Managing pre-shared keys (passwords)" on page 3-14 for details.

More...

1-8

Getting Started

Page 18
Image 18
Secure Computing SafeNet manual Create/Request the digital certificates, If using pre-shared keys passwords