Secure Computing Sidewinder Version 5.1.0.02 инструкция обслуживания

VPN Administration Guide Revision A SafeNet/Soft-PK V ersion 5.1.3 Build 4 Sidewind er V ersi on 5.1 .0.02[...]

[...]

i Copy ri ght No ti ce This document an d the so ftware de scribed in it are copy righted . Under the co pyrigh t laws, n eithe r this docume nt nor this software may be copi ed, reprod uced, translated , or reduced to any elect ronic medium or machine -readable fo rm witho ut prior written author ization of Secure Com puting Co rporation. Co pyrig[...]

ii SECURE COMPU TING’ S AND I TS LICENSORS ENTIRE LIABILITY UN DER, FOR BREACH OF , OR ARISING OUT OF THIS AG REEMENT, IS LIMITED T O A REFUN D OF TH E PURCH ASE PRICE OF THE PRODUCT OR SERVICE THA T GA VE R ISE TO THE CLAIM. IN NO EVENT SHA LL SECURE COMPUTING OR I TS LICENSORS BE LIABLE FOR YOUR COST OF PROCURING SU BSTITUTE GOODS. IN NO EVE NT[...]

Table of Contents iii T ABLE OF C ONTENTS Preface: Abou t this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . v Who s hould read this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v How this g uide is organi zed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Where to find additio nal informa tion . .[...]

iv Table o f Cont ents Defining re mote client i dentities i n Sidewinder . . . . . . . . . . . 3 -13 Managing pre-shared keys (pas swords) . . . . . . . . . . . . . . . . . . 3 -14 Configur ing the VPN on the Side winder . . . . . . . . . . . . . . . . . . 3-15 Chap te r 4: Ins t a ll ing and Wo r king w ith So ft -PK . . . . . . . . 4-1 Soft-PK i[...]

P Pre fac e: Abou t th i s Gui d e v P REFACE About this Guid e This guide p rovides t he informatio n needed to set up conne ctions between remot e system s runni ng SafeNe t/Soft-P K ™ VPN cl i e n t software and sys tems on a networ k protected by Secu re Comput ing ’ s Sidewinde r firewall . SafeNet/So ft-PK is a Wind ows-compatible progr a[...]

P How this guid e is organized vi Pre fac e: Abou t th i s Gui d e How this guide is organized This guide cont ai ns the foll owin g ch apters . F inding information This guide is i n Acro bat (softc opy) format on ly and do es not co ntain an index . Howeve r , you can use Acrobat ’ s Fi nd feature to search for every instance o f any word or ph[...]

Where to find additional information Pre fac e: Abou t th i s Gui d e vii Viewing and printing this document on line When yo u view t his docum ent onli ne in PDF format, you may find that the sc reen im age s are blurry . If you nee d to see the imag e more clear ly, yo u can either enla rge it ( which may not e limina te the blurr iness) or you c[...]

Where to find additional info rmation viii Preface: A bout this Guid e T o co ntact Se cure Comput ing di rectly or inquire about o btaining a supp o r t co ntrac t , ref e r to our W eb site at www .sec urecom puting .com , and select “ Co ntact Us ." Or if you prefer , sen d us email at supp or t@secu recompu ting.com (be sure to i nc lud [...]

1 Getting Sta rted 1-1 1 C HAPTER 1 Ge t ti n g S t a r t e d About this chap te r This chapter p rovides an overvi ew of the Soft -PK ™ and Si dewinder Vir tual Private Network (V PN) enviro nment and d escribes t he require ments. I t inclu des a c hecklist t o guide you th rough t he basic steps to setu p and deploy a VP N. This chapter addres[...]

1 About Soft-PK & Sidewinder VPNs 1-2 Get ting St arted About Soft-P K & Sidewinder VPNs Soft -PK is secur ity so ftwar e for r emote PC us ers. It is d esigne d to provi de dat a pr i vacy betwee n remote us er s and a corpor ate network. Indu stry-standar d encryp tion and us er verif ication rou tines prot ect the data sent ov er the c o[...]

Requ irem ents Getting Sta rted 1-3 Requir ements T o configure VPN co mmunicat ion between Sidewin der and Soft-PK client s, your Si dewind er must be confi gured with the prop er VPN para meter se tting s and acces s rule s. In ad dition, dependi ng on your VPN con nection set up, you may also nee d to defi ne the proper digital c ertificates . T[...]

Requirements 1-4 Getti ng Start ed Soft-PK requiremen ts Each syst em on whic h Soft-PK wi ll be install ed must meet the require ments li sted in T able 1-2 . IMPORT ANT: A remote system must only run one VPN client . If a VPN client program such as S e c ur eClient was previo us ly installed on th e remote system, ens ure it is properly uninstal [...]

Roadmap t o deploying your VP Ns Getting Sta rted 1-5 Roadmap to deploying your VPNs Becaus e Se cu re Comp ut ing prod ucts prov i de network se curity, w e recommend that, as t he netwo rk adminis trator , you care fully ove rsee the in stallati on and c onfiguratio n of the Soft-PK clie nt(s). Se tting up VPN conn e ctions us i ng Soft-P K an d [...]

Roadmap to d eploying your V PNs 1-6 Getti ng Start ed Figur e 1- 2. VPN deployment over view Admin t asks per formed on Sidewinder system Admin t asks per forme d using Sof t-P K p rior to deplo ying t o en d users 1 — Satisfy Sidewinde r , network, & sys tem requ irements 6 — C onf igure the cer ti ficates and s ecurit y polic y(ies) f or[...]

Roadmap t o deploying your VP Ns Getting Sta rted 1-7 Soft-PK d eployment checklist Th e follo wing chec klist id entifi es each majo r step inv ol ved in th e setup an d deploym ent of yo ur Soft-PK s oftware (as s hown in Fig ure 1-2) . Y ou c an use th e checkl ist as a refer ence p oint an d mark of f each item as you com p let e it to ensure a[...]

Roadmap to d eploying your V PNs 1-8 Getti ng Start ed ❒ ISAKMP A CL en tr y : At a minimu m, you must define and enable an ACL entry that allows ISAKMP traffic from the Inter net to the Interne t burb on Si dewinder ( ex terna l IP addre ss of Si de winder ). ❒ Oth e r A CL ent ri es : Depending on where you terminate your VPN connections on S[...]

Roadmap t o deploying your VP Ns Getting Sta rted 1-9 5 — C onfigure the VPN c onnections on the Sidewinder ❒ Use Cobra to def ine the VPN secu rity association configurati on. See "Configu ring the VPN on the S idewinder" on page 3- 15 for details. ❒ Enable Extend ed Authentication. 6 — C onfigure the certificates an d security p[...]

Roadmap to d eploying your V PNs 1-10 Getting Started 8 — T roubleshoot any c onnection problems ❒ Use th e Soft-PK Log Viewer. See "Soft-PK Log Viewer" on page A-1. ❒ Use th e Soft-PK Connection Moni tor. See "Soft- PK Connection Moni tor" on page A-2 . ❒ Use Sidewin der comman ds . See "Sidewin der troub leshoot i[...]

2 Planning Your VPN Configurat ion 2- 1 2 C HAPTER 2 Planning Y our VPN Co n f i g u r a t i o n About this chap te r This chapter p rovides information t o help y ou unders tand key conce pts and opt ions t hat are invo lved i n a VPN c onnecti on. It addres ses the foll owing topi cs:  "Ident ifying basic VPN c onnecti on needs" on p[...]

2 Identifying basic VPN connection needs 2-2 Planning Your VPN Configuration Identifying b asic VPN connection needs Before you act ually begin confi guring yo ur Sidewinde r or wor k with Soft-PK, ensure you have an underst anding of the bas ic profile for your VP N co nnection s. Begin by doing t he follo wing:  List the r emote us er s that n[...]

Identifying authentication requirements Planning Your VPN Configurat ion 2- 3 Identifying authentica tion req uire me nts Determine h ow you will id entify and auth enticate t he partner s in your VPN. Sidewinder an d Soft-PK b oth su pport usin g digi tal cer tificates and pre -shared key VPN c onfiguratio ns. In a dditi on, when y ou use Sidewi n[...]

Identifyin g authent ication requiremen ts 2-4 Planni ng Your VPN Con figur ation If no t already done, de cide if you wil l use self -signed certif icates gener ated by Si dewinder or a pu blic/pr ivate CA s erver . T able 2-1. Sidewinder self-signed cert ificates v ersus CA-based cer tificates A closer look at self-signed certificates A VPN imple[...]

Identifying authentication requirements Planning Your VPN Configurat ion 2- 5 A closer look at CA-based certificates A VPN imple mented usin g CA-bas ed certific ates requ ires acces s to a private or public CA . Each end-p oint (c lient , firewall, etc.) in the V PN retains a private ke y file that is associated with a public certificate. In addit[...]

Identifyin g authent ication requiremen ts 2-6 Planni ng Your VPN Con figur ation Extended au th entica tio n In addit ion to the normal authent ication checks i nherent during t he negoti a t i o n proces s at the star t of every VPN associ a ti on, Exten de d Authe ntica tion go es one step fu rther by requi ring t he person request ing the VPN c[...]

Determining where you wil l terminate your VPNs Planning Your VPN Configurat ion 2- 7 Determining where you will termi nate you r VPNs Y ou c a n co nfigu r e a VPN s ec urity a s s ociati on on Si dewind er to terminat e in any bur b. For example, Figure 2-4 sh ows a VPN secu rity associat ion terminating i n the trus ted burb. It allows all n etw[...]

Determining where you wi ll terminate your VPNs 2-8 Planni ng Your VPN Con figur ation More about virtual burbs and VPNs Consid er a VPN a ssociatio n that is implemen ted with out th e use of a virtu al burb. No t only will VPN traffic m ix with no n-VPN tr affic, but there is n o wa y to enforce a diff e rent set of rul es for the VPN tr affi c. [...]

Understanding Sidewinder client ad dress pools Planning Your VPN Configurat ion 2- 9 Understanding Sidewinder client addre ss pools Y ou may choose to impl ement you r VP N us ing Sidewind er client address pools. Client ad dress pools are r eserved v irtual IP addres ses, recogniz ed as i nternal address es of th e trust ed netwo rk. Address es in[...]

Understanding Sidewinder client address pools 2-10 Planning Your V PN Confi gurati on  Addre ss of t he firewal l  Pro tec ted net work s The c lient do es not ne ed to de fine a virtual IP for use in the VPN connec tion , nor do th ey need to co ncern the mse lve s with DNS iss ues on the tr usted n etwork. In addit ion to simpli fying the c[...]

3 Configuring Sidewinder for Soft-PK Clients 3-1 3 C HAPTER 3 C onfiguring Side winder for Soft-PK Clients About this chap te r This chap ter provides a summary of Sidewinde r procedures associated with s etting up and co nfigurin g Soft-P K connecti ons in your netw ork. IMPORT ANT: Perform these pro cedures before you con figure your Soft-PK clie[...]

3 Enabling the VPN servers 3-2 Configuring Sid ewinder for Soft-PK Clients Enabling the VPN ser vers Before you confi gure a VPN ass ociation o n your Sidewi nder , you m ust first enable the Sidewinder ’ s EGD an d CMD server s. In a dditio n, you must en able the ISAKMP s erver and set it to liste n on th e Internet burb. Do the f o llow in g f[...]

Configuring ACL & proxies entries for VPN connections Configuring Sidewinder for Soft-PK Clients 3-3 C onfiguring ACL & pro xies entries for VPN connections Depend ing on wher e you dec ide to terminate your VPN tu nnel, you must ens ure that you have the approp riate ACL entrie s set up to allow ISAKMP traffic and allow/deny the appropriat[...]

Managing Sidewinder self-signed certs 3-4 Config uring Sidewinder for Sof t-PK Clien ts Mana ging Sidewinder self- sign ed cer ts If yo u are us ing Si dewind er to gen erate c ertific ates, use the f ollowi ng procedu re to create and expor t self-signed cer tificates that ide ntify the firew a ll and each re mote clie nt. TIP: T ypically , a VPN [...]

Managing Sidewinder self-signed certs Configuring Sidewinder for Soft-PK Clients 3-5 3. Specif y the fol lowing Firewall Cer t ificate settin gs. 4. Click Ad d t o add t he cer tificate to the Cert ificates li st. 5. Click Cl os e to return to th e F irewall Ce r tifica te window . Expo r t the fire wall certificate (fo r lat er transfer to each c [...]

Managing Sidewinder self-signed certs 3-6 Config uring Sidewinder for Sof t-PK Clien ts Cr eating & exporting r emote certifica te(s ) Use the f o llowin g proced ure on Si de winde r to crea te a self-s igned certific ate file (wit h its em bedded pub lic key) and a private key fi le for each of yo ur Soft- PK c lie nts. Once a pair of cert if[...]

Managing Sidewinder self-signed certs Configuring Sidewinder for Soft-PK Clients 3-7 3. Specif y the fol lowing Re mote Cer tificate settings. 4. Click Ad d t o add t he cer tificate to the Cert ificates li st. Fie ld Setting Certificate Name Specify a name for the remote certific ate. Distinguished Name Spec ify a set of data that identifies the c[...]

Managing Sidewinder self-signed certs 3-8 Config uring Sidewinder for Sof t-PK Clien ts 5. Click Cl os e to return to th e previous window . Conv er ting the cer tificate file/private key file pair to pkcs12 format 6. T o star t the PK CS1 2 utility on the Sidewin der , from the command line, enter the fol lowing command: pkcs12_util The util ity w[...]

Managing CA-based certificates Configuring Sidewinder for Soft-PK Clients 3-9 Mana ging CA- based cer tificates If yo u are using a CA to au thorize certifi cates, use the follo wing proced ures to de fin e the CA, re qu est the fir ew a l l an d C A certific ates, and de f i ne the re m o te ide nt ities of e ach clie nt with in Sidew in der (need[...]

Managing CA-based certificates 3-10 Configur ing Sidewi nder for Soft-PK Client s 6. Click Ex por t to save the CA ce r tificate to a file fo r later impor tat ion into client system(s). Each user must then use Soft-PK to import the CA cer t if ica te you obt ain ed fo r them . Note: Y ou can have the user request the CA certificate from the CA usi[...]

Managing CA-based certificates Configuring Sidewinder for Soft-PK Clients 3-11 2. Spec ify the firewall cer tific ate infor mati on. 3. Click Ad d to send the enrollment request. IMPORT AN T: After you send the enrollment request, the CA administrator must issue the cer t ificate before you can continue. 4. On the Firewall Cer tif icates tab, click[...]

Managing CA-based certificates 3-12 Configur ing Sidewi nder for Soft-PK Client s Deter minin g ident ifyin g i nfor m ation f or clie nt cer ti fic ates Define t he identif ying info rmation that wil l be us ed for each remote client certific ate. Typica lly, th ese are th e values entered in the Disti nguished Nam e (DN) fie lds when de fining a [...]

Managing CA-based certificates Configuring Sidewinder for Soft-PK Clients 3-13 Definin g remote clie nt identitie s in Sidewinde r When us ing CA-b ased cert ificates, y ou must defi ne an ide ntity "templat e" in Sidewi nd er that matc he s all possib le cl ient iden ti ties used by the remote entiti e s in your VPN. T o defi ne re mote [...]

Managing pre-shared keys (passwords) 3-14 Configur ing Sidewi nder for Soft-PK Client s Mana ging p re - shared keys (pass words) When usi ng pre-shared keys (pass words), you must define an identit y "templat e" in Sidewi nd er that matc he s all possib le cl ient iden ti ties used by the remote entiti e s in your VPN. T o defi ne re mot[...]

Conf i g uring the VPN on the Si dewin d e r Configuring Sidewinder for Soft-PK Clients 3-15 C onfiguring the VPN on the Sidewinder Create a VPN se curity as sociation for a Tu n n e l VPN usi ng the newl y create d cert ificates. Do th e following from th e Sidewi nder Cobra inter fac e: 1. Select VPN Configura tion -> Security Associations . C[...]

Configuring the V PN on the Sidewinder 3-16 Configur ing Sidewi nder for Soft-PK Client s Local Netw ork/IP Specify the network names or IP addresses to use as the destination for the client(s) in the VPN. Click the New button to specify the IP Address / H ostname and Number of bit s in Netm ask . The value specified identifies the ne twork portion[...]

Conf i g uring the VPN on the Si dewin d e r Configuring Sidewinder for Soft-PK Clients 3-17 3. Select the A uth enti catio n tab . Choose the authenticati on method appropria te for y our config uration . Figure 3- 9. Sidewinder Secur ity Associations Proper ties, Authentication tab  If you s elected Single C er tificate (F igure 3-10), specify[...]

Configuring the V PN on the Sidewinder 3-18 Configur ing Sidewi nder for Soft-PK Client s  If you selected Ce rtif ica te & C ertif ica t e Au thor ity ( F igure 3- 11), specif y the f ollowing CA cer tificate opt ions. Figure 3-11. "Cer tificate & Certificat e Authority" opt ions T able 3-3. Cer tificate + C ert ificate Author[...]

Conf i g uring the VPN on the Si dewin d e r Configuring Sidewinder for Soft-PK Clients 3-19  If you selected Password (F igu r e 3-12) , spec i fy the f ollow ing password options. Figure 3-12. "Password" opt ions T abl e 3-4. Password options Save your setting s! 4. Click Ad d to save the settings . 5. Click Cl os e . TIP: For typica[...]

Configuring the V PN on the Sidewinder 3-20 Configur ing Sidewi nder for Soft-PK Client s[...]

4 Installing and Working with Soft-PK 4-1 4 C HAPTER 4 Installing and W ork ing with Soft-PK About this chapter This chapter in cludes Soft-PK inst allation notes. It also d escribes t he basic So ft-PK procedu res for m anaging ce rtificat es and cr eating a custo mized S oft-P K secu rity policy for your remo te clie nts. IMPORT ANT: A s network [...]

4 Soft-PK ins tall ation notes 4-2 Installing and Working with Soft-PK Soft-PK installation notes Note the followin g about installi ng, removing , or upgr ading Soft-PK softwar e. Y ou can customize the User W ork sheet .doc file locate d on th e produc t CD to sp e cify deta i led inst allati on instru ctions to yo ur end users. (See Chapter 5 fo[...]

Starting Soft-PK Installing and Working with Soft-PK 4-3 Sta rt ing Sof t-P K Soft-P K star ts automati cally each time the co mputer on whi ch it reside s is sta rted. I t runs t ransparent ly at all t imes behi nd all ot her software ap plications including the Win dows login . The Soft-PK i con in the taskbar chan ges color and image to indi cat[...]

Starting Soft-PK 4-4 Install ing and Workin g with Soft-PK Activ a ting/Deactiv ating So f t-PK The Soft -PK user interface d efines the securit y mode and the act ion Soft- PK takes when it det ects packet s of various protocol s and various desti nation s. Onc e confi gu red, user s nee d to access th e user int erfac e only to vi e w or modify t[...]

Starting Soft-PK Installing and Working with Soft-PK 4-5 About t he Soft-PK progr am options This sec t io n provid es a br ie f descr ip ti on of the Sof t -PK main prog ram option s. Use Sof t -PK ’ s compreh ensive onli ne help for deta iled info rm ation .  Certifica te Manager The Cert ificat e Ma n ager allo ws you to req ues t , import [...]

Managing certificates on Soft-PK 4-6 Install ing and Workin g with Soft-PK Mana ging certificates on Soft-PK If yo u are using digita l certificat e authen ticatio n in you r VPN, you shoul d provi de your en d u sers wi th the inf orma t ion an d f i les nee d ed to set up the ne cessar y certi ficates o n their So ft-PK clie nt. This secti on pro[...]

Managing certificates on Soft-PK Installing and Working with Soft-PK 4-7 Set tin g up C A-b ased ce r tifi cates If you a r e using CA -base d digital ce rtific a t es, as a dm inistr ator , do the following . 1. If not already d one, request and export the CA root certificate . See "Defin ing a CA to use and obtai ning the CA root cer t"[...]

Managing certificates on Soft-PK 4-8 Install ing and Workin g with Soft-PK Requesting a person al certificate from a CA on user ’ s behalf 1. Select Start -> P rog rams - > SafeNet /Soft- PK -> C ertifica te Mana ger (or right cl ick the SafeNet ico n and selec t Cer tificate M anager). 2. Click the My Cer tificates tab. 3. Click Re qu e[...]

Managing certificates on Soft-PK Installing and Working with Soft-PK 4-9 TIP: Y ou should selec t th e ne w certificate and cli c k Verify to validate it. Exporting a personal certificate 14 . In the My Certificates tab , select a personal cer tificat e. 15. Click Expor t . The Export Cer tificate and P rivate Key dialog box appears. 16. In t he Fi[...]

Managing certificates on Soft-PK 4-10 Installin g and W orking with So ft-PK Figure 4- 4. Soft-PK Certificat e Mana ge r: C A Cer tificate s tab, Import CA Certific ate 4. Inser t th e disk ette contain ing th e self-si gned fi rewall or cer tificate f ile. 5. Fro m t h e Fi l es o f t yp e : field , select All F iles (*. *) an d then navi gate to [...]

Managing certificates on Soft-PK Installing and Working with Soft-PK 4-11 Importing a personal certificate into Soft-PK Use th e f o llowin g proce d ure to i m po rt a perso n al certif i cate into the Soft-PK s ystem. T his pro cedure is done at the client system and assumes Soft- PK is already installe d . Note: This procedure is summarized on t[...]

Managing certificates on Soft-PK 4-12 Installin g and W orking with So ft-PK Note: Y ou mu st pr ovide this password to th e end user so the y can la ter imp ort this certif icate file. 8. Click Im por t . A prompt appears to confirm you want to import the sele ct ed P erso nal Certific at e . Figure 4- 9. Ve r i f i c a t i o n w i n d o w 9. Clic[...]

Co nfig uri ng a sec uri ty p olic y o n th e So ft- PK Installing and Working with Soft-PK 4-13 C onfiguring a security policy on the Soft-PK As an administr ator , you ca n configur e end us er secur ity po licies on your So ft-PK syst em, save t hem to a diskett e, and dist ribute them to your u sers. Y our en d users then simply im port t he se[...]

Configuring a security policy on the Soft-PK 4-14 Installin g and W orking with So ft-PK 4. Star t defi ning a new p oli c y . Sele c t Ed it -> A dd -> C o nne ction to c reate a new p oli c y . Fig ure 4-1 1. Soft- PK: Secu rity P oli cy Editor 5. Speci fy a descript ive name fo r th e conn ection. ( The name "SecureVP N" is used [...]

Co nfig uri ng a sec uri ty p olic y o n th e So ft- PK Installing and Working with Soft-PK 4-15 — Click on the Edit Name button, in the windo w that appears (F igur e 4-12, enter the Distinguished Name infor matio n. Inpu t all fiel ds from the F irewa ll Cer tificat e and click OK . Figure 4- 12. S of t-PK: Ed it Distinguished Name window to sp[...]

Configuring a security policy on the Soft-PK 4-16 Installin g and W orking with So ft-PK a. Select the authen tication method for thi s connection.  If usin g share d passw ord: Click Pre-Shar ed Key and enter the shared password.  If usi ng digita l cer tificates : Sele ct the personal cer tificate previously imported from the dro p-down lis[...]

Co nfig uri ng a sec uri ty p olic y o n th e So ft- PK Installing and Working with Soft-PK 4-17 12. Specify the Key Exch ange settings. Select Key Exchan g e (Phase 2) -> Proposal 1 . Fig ure 4-1 6. Soft -PK: K ey E xch ange (Pha se 2) -> Pr oposa l 1 fiel ds  SA Life : Se lect Unspecified to default t o Sidewinder settings.  Compressi[...]

Configuring a security policy on the Soft-PK 4-18 Installin g and W orking with So ft-PK[...]

5 Deployi n g S oft -PK to Your End Us e rs 5- 1 5 7 C HAPTER 5 Deplo ying Soft- PK to Y our End U sers About this chapter This chapt er su mmariz es the final p reparati on steps for deploy ing th e Soft-PK s oftware, digit al certifi cate files, and secur ity policy to your end use rs. It is based on a workshe et that yo u edit an d send to each [...]

5 Overview 5-2 Deploying Soft-PK to Your End Users Ove r vie w Y ou should de ploy the Soft-PK ins tallation prog ram with a customized securit y policy and the necessary digital c ertificat es. Custom instal lations are designed to make it easy to manage co rp orate secur ity po licies for ten s, hundr eds, or thousa nds of e nd user s. Along wi t[...]

Overview Deployi n g S oft -PK to Your End Us e rs 5- 3 Pri or to cus tomiz ing th e works heet, take a f ew minu tes t o or ganiz e the f iles and information y ou need to depl oy to y our end users. T able 5-1. Organize the files/software fo r each client (end u ser) Copy th e Soft-PK software, c ertificate file, pers onal certi ficate file , and[...]

Customizing the user worksheet 5-4 Deploy ing Soft-P K to Yo ur End Users C ustomizing the user w ork sheet This sectio n provi des summ ary inform ation abou t each se ction i n the defa ult UserW ork sheet.doc file . Specifyi ng dial-up network inst ruction s Figure 5-2 s hows th e text in the initial UserWorksheet .doc file that pertains to sett[...]

Customizing the user workshee t Deployi n g S oft -PK to Your End Us e rs 5- 5 Specifyi ng cer tificate impor t/request instruc tions Figure 5-4 s hows th e text in the initial UserWorksheet .doc file that pertains to digit al cer tificates. The de fault text covers a basic instruc t ion s for importing cert ificate files fro m a disk you provide. [...]

Customizing the user worksheet 5-6 Deploy ing Soft-P K to Yo ur End Users Specifyi ng securit y polic y instruc tions Figure 5-5 s hows th e text in the initial UserWorksheet .doc file that pertains to the Soft- PK se cu ri ty policy. The defaul t te xt covers a basic instruc tions for import ing a secu rity p olicy from a disk y ou provid e. Chang[...]

A Troubleshooting A- 1 A A PPENDIX A T roubleshooting About this append ix This app en dix provide s a summar y of tr oub leshoot ing tech niques available for resolv ing Soft-PK and Sidewind er VPN con nection problems . This append i x add resses the fol lowing topic s:  "Soft-PK Lo g Viewe r" o n page A-1  "Soft - P K Connec[...]

A Soft-PK Connection Monitor A-2 Troubleshooting The f ollowi ng summ arize s the t asks you can perform. Soft-PK Co nn e c t io n Moni tor The Connec tion Monitor dis plays statis tical and diag nostic informatio n for eac h active c onnection in the se curity p olicy. Th is utilit y is design e d to display the actual securi ty po licy setti n gs[...]

Soft-PK Connection Monitor Troubleshooting A- 3 Y ou will see an icon to the le ft of the connect ion name:  A key indi cates th at the co nnectio n has a P hase 2 IP Sec SA, or both a Phase 1 an d Phase 2 SA. When there is a single Phase 1 SA to a gateway that is protecti ng multip le Phase 2 SAs, t here will be a singl e Phase 1 conn ection wi[...]

Sidewinder troubleshooting commands A-4 Troub leshootin g that the se l ec ted conne cti on has es tabl i shed SAs.  T o view Aut he nticati on (Phase 1) secu rity asso ci ations neg ot iat ed by IK E, click t he Phase 1 tab.  T o view K e y Excha ng e (Phas e 2) se curity a sso ciation s n egotiat ed by IPS e c, click th e Phas e 2 tab. Side[...]

[...]

Part Numbe r: 86-09350 37-A Software V ersion : Soft-PK 5.1. 3 Build 4 and Sideiwnder 5 .1.0.02 Product n ames used within are tra demarks of their respe ctive own ers. Copyri ght © 2001 Secure Co mputing Co rporation. All rights reserved.[...]