Manuals / Secure Computing / Computer Equipment / Network Router

Secure Computing Soft-PK Version 5.1.3 Build 4 Understanding Sidewinder client address pools

Models: Soft-PK Version 5.1.3 Build 4 Sidewinder Version 5.1.0.02 SafeNet

1 80

Download 80 pages 41.45 Kb

Page 29

Understanding Sidewinder client address pools

Understanding Sidewinder client address pools

Figure 2-6. VPN association implemented using client address pool

You may choose to implement your VPN using Sidewinder client address pools. Client address pools are reserved virtual IP addresses, recognized as internal addresses of the trusted network. Addresses in this pool are configured on Sidewinder and assigned (or "pushed") to a VPN client (per VPN configuration) when the VPN connection is started. Client traffic within the protected network appears to come from the virtual IP address pool. Only Sidewinder knows the client’s real IP address.

Client address pool

10.1.1.1

10.1.1.2(reserved for Client Y)

	10.1.1.254				VPN
	Sidewinder				VPN
	Sidewinder				Client A
	Trusted	Internet	V	N
	burb	burb	P
	burb	burb
	Internal		Internet		VPN
	network		Internet
	network		VPN
	Proxies		VPN		Client Y
	Proxies				Client Y
	Virtual		VPN
	burb		VPN		VPN
	burb				VPN
					Client Z

Virtual IP address mappings using this client address pool.

VPN Client	Virtual IP Address
A	Next available within the pool

Y10.1.1.2

ZNext available within the pool

One of the reasons for using client address pools is that they simplify the management of VPN clients. They allow the firewall to manage certain configuration details on behalf of the client. This enables a remote client to initiate a VPN connection even if the client has not preconfigured itself for the connection.

When using client address pool, all the Soft-PK client needs to initiate a VPN connection is:

Authentication information (e.g. a password or certificate)

Planning Your VPN Configuration	2-9

Image 29

Secure Computing Soft-PK Version 5.1.3 Build 4, SafeNet manual Understanding Sidewinder client address pools

Contents

VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK Who should read this guide? About this GuideOrganized How this guide isAbout Sidewinder About Soft-PKAbout digital certificates Viewing and printing this document onlineViii About this chapter Getting StartedAbout Soft-PK & Sidewinder VPNs Sidewinder and other network requirements RequirementsSoft-PK requirements Roadmap to deploying your VPNs 4c1 Define remote identities within Sidewinder Sidewinder systemSatisfy Sidewinder, network, & system requirements Plan your VPN configurationCreate/Request the digital certificates If using pre-shared keys passwordsConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Using digital certificate authentication Identifying authentication requirementsPrivate key file Certificate file with public keyNo CA needed Closer look at self-signed certificatesFor a small number of VPN ClientsCloser look at CA-based certificates Understanding pre-shared key authenticationExtended authentication VPN tunnel terminating on trusted burb Determining where you will terminate your VPNsDefining a virtual burb Select Firewall Administration Burb ConfigurationMore about virtual burbs and VPNs Sidewinder Understanding Sidewinder client address poolsUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Click Apply Configure the Isakmp server Enable the cmd, egd, and isakmp serversEnable Select VPN Configuration Isakmp ServerConfiguring ACL & proxies entries for VPN connections Creating & exporting a firewall certificate Managing Sidewinder self- signed certsMail Address Specify the following Firewall Certificate settingsClick OK when done Select the Remote Certificates tab. Click New Select Services Configuration Certificate ManagementCreating & exporting remote certificates Click Add to add the certificate to the Certificates list Specify the following Remote Certificate settingsKey File GeneratedReturn to for each remote client Defining a CA to use and obtaining the CA root cert Managing CA- based certificatesRequesting a certificate for the firewall Retrieve the key, revoke, etc Specify the firewall certificate informationClick Add to send the enrollment request Determining identifying information for client certificates Certificate Identities defined on the firewall Defining remote client identities in SidewinderManaging pre- shared keys passwords Configuring the VPN on the Sidewinder Enabled Select Yes Burb Field Setting Local Network/IPNew button to specify the IP Address / Hostname Example, if you specify 24 with an IP addressCertificate VPN from the list provided Firewall Identity Require Extended Enable this checkbox AuthenticationType Firewall to the remote client Value This field cannot be editedEdited TypeClient Remote Identity Save your settings!4. Click Add to save the settingsClick Close Page Installing and Working with Soft-PK Soft-PK installation notes Determining Soft-PK status from icon variations Starting Soft-PKMeans Soft-PK security policy is currently active Right-click the Soft-PK tray icon to access menuActivating/Deactivating Soft-PK Certificate Manager About the Soft-PK program optionsSecurity Policy Editor Log ViewerManaging certificates on Soft-PK Setting up Sidewinder self-signed certificatesSetting up CA-based certificates Select the Generate Exportable Key check box Click Advanced to select a certificate service providerGet your CA administrator to approve your request Importing certificate in Soft-PK Verification window Importing a personal certificate into Soft-PK Import Certificate Password WindowCertificate file Select Options Secure Specified Connections Configuring a security policy on the Soft-PKEnable the Connect using Secure Gateway Tunnel box If using digital certificatesSpecify the interface information New connection Named SecureVPNConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields Optional Click Save to save the policy on this system SA Life Select Unspecified to default to Sidewinder settingsPage Deploying Soft-PK to Your End Users Format OverviewWord Cannot modify Soft-PK setup.exe file and supporting filesSecurity policy Specifying dial-up network instructions Specifying installation instructionsCustomizing the user worksheet Specifying certificate import/request instructions Specifying basic connection information Specifying security policy instructionsAbout this appendix Soft-PK Log ViewerSoft-PK Connection Monitor To view the details More about the Connection MonitorSidewinder troubleshooting commands Page Part Number 86-0935037-A