Secure Computing SafeNet, Sidewinder Version 5.1.0.02 instruction

Configuring a security policy on the Soft-PK

a.Select the authentication method for this connection.

If using shared password: Click Pre-Shared Key and enter the shared password.

If using digital certificates: Select the personal certificate previously imported from the drop-down list. Notice the ID Type automatically changes to Distinguished Name.

b.In the Internet Interface selection drop-down box, specify which interface to use when creating the VPN. For our example, the default “Any” is adequate.

11.Specify the Authentication settings. Select Authentication (Phase 1) -> Proposal 1.

Figure 4-15.

Soft-PK: Authentication

(Phase 1) -> Proposal 1

fields

a.In Authentication Method field, specify the method appropriate for your configuration. (For example, use RSA Signatures if using only digital certificate authentication, use RSA Signatures: Extended Authentication if using digital certificate authentication and extended authentication.)

b.In Encryption and Data Integrity/Algorithms fields:

Encrypt Alg: Select DES or Triple-DES(highest).

Hash Alg: Select MD5 or SHA-1(highest).

SA Life: Set this to 3500 seconds.The Phase 1 Lifetime on the Soft- PK should NOT be left as Unspecified. It should be set to some period of time slightly shorter than is configured on the Sidewinder SA definition (Advanced tab on the Sidewinder COBRA GUI).

c.In Key Group field, select at least Group 2. Group 5 (highest).

4-16

Installing and Working with Soft-PK

Image 66

Secure Computing SafeNet, Sidewinder Version 5.1.0.02 manual Encryption and Data Integrity/Algorithms fields

Contents

VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK About this Guide Who should read this guide? How this guide is Organized About digital certificates About Soft-PKAbout Sidewinder Viewing and printing this document online Viii Getting Started About this chapter About Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirements Soft-PK requirements Roadmap to deploying your VPNs Sidewinder system 4c1 Define remote identities within Sidewinder Plan your VPN configuration Satisfy Sidewinder, network, & system requirements If using pre-shared keys passwords Create/Request the digital certificates Configure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Private key file Identifying authentication requirementsUsing digital certificate authentication Certificate file with public key For a small number of VPN Closer look at self-signed certificatesNo CA needed Clients Understanding pre-shared key authentication Closer look at CA-based certificates Extended authentication Determining where you will terminate your VPNs VPN tunnel terminating on trusted burb Select Firewall Administration Burb Configuration More about virtual burbs and VPNsDefining a virtual burb Understanding Sidewinder client address pools Sidewinder Understanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Enable Enable the cmd, egd, and isakmp serversClick Apply Configure the Isakmp server Select VPN Configuration Isakmp Server Configuring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificate Specify the following Firewall Certificate settings Click OK when doneMail Address Select Services Configuration Certificate Management Creating & exporting remote certificatesSelect the Remote Certificates tab. Click New Key File Specify the following Remote Certificate settingsClick Add to add the certificate to the Certificates list Generated Return to for each remote client Managing CA- based certificates Defining a CA to use and obtaining the CA root cert Requesting a certificate for the firewall Specify the firewall certificate information Click Add to send the enrollment requestRetrieve the key, revoke, etc Determining identifying information for client certificates Defining remote client identities in Sidewinder Certificate Identities defined on the firewall Managing pre- shared keys passwords Configuring the VPN on the Sidewinder New button to specify the IP Address / Hostname Field Setting Local Network/IPEnabled Select Yes Burb Example, if you specify 24 with an IP address Type Firewall to the remote client Value Require Extended Enable this checkbox AuthenticationCertificate VPN from the list provided Firewall Identity This field cannot be edited Type ClientEdited Save your settings!4. Click Add to save the settings Click CloseRemote Identity Page Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variations Right-click the Soft-PK tray icon to access menu Activating/Deactivating Soft-PKMeans Soft-PK security policy is currently active Security Policy Editor About the Soft-PK program optionsCertificate Manager Log Viewer Setting up Sidewinder self-signed certificates Managing certificates on Soft-PK Setting up CA-based certificates Click Advanced to select a certificate service provider Get your CA administrator to approve your requestSelect the Generate Exportable Key check box Importing certificate in Soft-PK Verification window Import Certificate Password Window Importing a personal certificate into Soft-PK Certificate file Configuring a security policy on the Soft-PK Select Options Secure Specified Connections Specify the interface information If using digital certificatesEnable the Connect using Secure Gateway Tunnel box New connection Named SecureVPN Configuring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields SA Life Select Unspecified to default to Sidewinder settings Optional Click Save to save the policy on this systemPage Deploying Soft-PK to Your End Users Overview WordFormat Soft-PK setup.exe file and supporting files Security policyCannot modify Specifying installation instructions Customizing the user worksheetSpecifying dial-up network instructions Specifying certificate import/request instructions Specifying security policy instructions Specifying basic connection information Soft-PK Log Viewer About this appendix Soft-PK Connection Monitor More about the Connection Monitor To view the details Sidewinder troubleshooting commands Page Part Number 86-0935037-A