Secure Computing ADMINGUIDEREVA Guida Utente

VPN Administration GuideRevision ASafeNet/Soft-PK Version 5.1.3 Build 4Sidewinder Version 5.1.0.02

Where to find additional informationviii Preface: About this Guide To contact Se

1Getting Started 1-11 C HAPTER 1Getting StartedAbout this chapter This chapter provides an overview of the Soft-PK™ and Sidewinder Virtual Private Net

1About Soft-PK & Sidewinder VPNs1-2 Getting Started About Soft-PK & Sidewinder VPNsSoft-PK is security software for remote PC users. It is des

RequirementsGetting Started 1-3Requirements To configure VPN communication between Sidewinder and Soft-PK clients, your Sidewinder must be configured

Requirements1-4 Getting Started Soft-PK requirementsEach system on which Soft-PK

Roadmap to deploying your VPNsGetting Started 1-5Roadmap to deploying your VPNsBecause Secure Computing products provide network security, we recommen

Roadmap to deploying your VPNs1-6 Getting Started Figure 1-2. VPNdeploymentoverv

Roadmap to deploying your VPNsGetting Started 1-7Soft-PK deployment checklistThe following checklist identifies each major step involved in the setup

Roadmap to deploying your VPNs1-8 Getting Started ❒ISAKMP ACL entry: At a minimu

Roadmap to deploying your VPNsGetting Started 1-95 —Configure the VPN connections on the Sidewinder❒Use Cobra to define the VPN security association c

Roadmap to deploying your VPNs1-10 Getting Started 8 —Troubleshoot any connectio

2Planning Your VPN Configuration 2-12 C HAPTER 2Planning Your VPN ConfigurationAbout this chapter This chapter provides information to help you unders

2Identifying basic VPN connection needs2-2 Planning Your VPN Configuration Identifying basic VPN connection needsBefore you actually begin configuring

Identifying authentication requirementsPlanning Your VPN Configuration 2-3Identifying authentication requirementsDetermine how you will identify and a

Identifying authentication requirements2-4 Planning Your VPN Configuration If no

Identifying authentication requirementsPlanning Your VPN Configuration 2-5A closer look at CA-based certificatesA VPN implemented using CA-based certi

Identifying authentication requirements2-6 Planning Your VPN Configuration Exten

Determining where you will terminate your VPNsPlanning Your VPN Configuration 2-7Determining where you will terminate your VPNsYou can configure a VPN

Determining where you will terminate your VPNs2-8 Planning Your VPN Configuration

Understanding Sidewinder client address poolsPlanning Your VPN Configuration 2-9Understanding Sidewinder client address poolsYou may choose to impleme

iCopyright NoticeThis document and the software described in it are copyrighted. Under the copyright laws, neither this document nor this software may

Understanding Sidewinder client address pools2-10 Planning Your VPN Configuration

3Configuring Sidewinder for Soft-PK Clients 3-13 C HAPTER 3Configuring Sidewinder for Soft-PK ClientsAbout this chapter This chapter provides a summar

3Enabling the VPN servers3-2 Configuring Sidewinder for Soft-PK Clients Enabling the VPN serversBefore you configure a VPN association on your Sidewin

Configuring ACL & proxies entries for VPN connectionsConfiguring Sidewinder for Soft-PK Clients 3-3Configuring ACL & proxies entries for VPN c

Managing Sidewinder self-signed certs3-4 Configuring Sidewinder for Soft-PK Clients

Managing Sidewinder self-signed certsConfiguring Sidewinder for Soft-PK Clients 3-53.Specify the following Firewall Certificate settings.4. Click Add

Managing Sidewinder self-signed certs3-6 Configuring Sidewinder for Soft-PK Clients

Managing Sidewinder self-signed certsConfiguring Sidewinder for Soft-PK Clients 3-73.Specify the following Remote Certificate settings.4. Click Add to

Managing Sidewinder self-signed certs3-8 Configuring Sidewinder for Soft-PK Clients

Managing CA-based certificatesConfiguring Sidewinder for Soft-PK Clients 3-9Managing CA-based certificatesIf you are using a CA to authorize certifica

ii SECURE COMPUTING’S AND ITS LICENSORS ENTIRE LIABILITY UNDER, FOR BREACH OF, OR ARISING OUT OF THIS AGREEMENT, IS LIMITED TO A REFUND OF THE PURCHAS

Managing CA-based certificates3-10 Configuring Sidewinder for Soft-PK Clients 6.

Managing CA-based certificatesConfiguring Sidewinder for Soft-PK Clients 3-112.Specify the firewall certificate information.3. Click Add to send the e

Managing CA-based certificates3-12 Configuring Sidewinder for Soft-PK Clients De

Managing CA-based certificatesConfiguring Sidewinder for Soft-PK Clients 3-13Defining remote client identities in SidewinderWhen using CA-based certif

Managing pre-shared keys (passwords)3-14 Configuring Sidewinder for Soft-PK Clients

Configuring the VPN on the SidewinderConfiguring Sidewinder for Soft-PK Clients 3-15Configuring the VPN on the SidewinderCreate a VPN security associa

Configuring the VPN on the Sidewinder3-16 Configuring Sidewinder for Soft-PK Clients

Configuring the VPN on the SidewinderConfiguring Sidewinder for Soft-PK Clients 3-173.Select the Authentication tab. Choose the authentication method

Configuring the VPN on the Sidewinder3-18 Configuring Sidewinder for Soft-PK Clients

Configuring the VPN on the SidewinderConfiguring Sidewinder for Soft-PK Clients 3-19 If you selected Password (Figure 3-12), specify the following pa

Table of Contents iiiT ABLE OF CONTENTSPreface: About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . .vWho should read this guide? .

Configuring the VPN on the Sidewinder3-20 Configuring Sidewinder for Soft-PK Clients

4Installing and Working with Soft-PK 4-14 C HAPTER 4Installing and Working with Soft-PK About this chapter This chapter includes Soft-PK installation

4Soft-PK installation notes4-2 Installing and Working with Soft-PK Soft-PK installation notesNote the following about installing, removing, or upgradi

Starting Soft-PKInstalling and Working with Soft-PK 4-3Starting Soft-PK Soft-PK starts automatically each time the computer on which it resides is sta

Starting Soft-PK4-4 Installing and Working with Soft-PK Activating/Deactivating

Starting Soft-PKInstalling and Working with Soft-PK 4-5About the Soft-PK program optionsThis section provides a brief description of the Soft-PK main

Managing certificates on Soft-PK4-6 Installing and Working with Soft-PK Managing

Managing certificates on Soft-PKInstalling and Working with Soft-PK 4-7Setting up CA-based certificatesIf you are using CA-based digital certificates,

Managing certificates on Soft-PK4-8 Installing and Working with Soft-PK Requesti

Managing certificates on Soft-PKInstalling and Working with Soft-PK 4-9TIP: You should select the new certificate and click Verify to validate it.Exp

iv Table of ContentsDefining remote client identities in Sidewinder . . . . . . . . . . . 3-13Managing pre-shared keys (passwords) . . . . . . . . .

Managing certificates on Soft-PK4-10 Installing and Working with Soft-PK Figure

Managing certificates on Soft-PKInstalling and Working with Soft-PK 4-11Importing a personal certificate into Soft-PKUse the following procedure to im

Managing certificates on Soft-PK4-12 Installing and Working with Soft-PK Note:

Configuring a security policy on the Soft-PKInstalling and Working with Soft-PK 4-13Configuring a security policy on the Soft-PKAs an administrator, y

Configuring a security policy on the Soft-PK4-14 Installing and Working with Soft-PK

Configuring a security policy on the Soft-PKInstalling and Working with Soft-PK 4-15— Click on the Edit Name button, in the window that appears (Figur

Configuring a security policy on the Soft-PK4-16 Installing and Working with Soft-PK

Configuring a security policy on the Soft-PKInstalling and Working with Soft-PK 4-1712.Specify the Key Exchange settings. Select Key Exchange (Phase 2

Configuring a security policy on the Soft-PK4-18 Installing and Working with Soft-PK

5Deploying Soft-PK to Your End Users 5-15 7C HAPTER 5Deploying Soft-PK to Your End UsersAbout this chapter This chapter summarizes the final preparati

PPreface: About this Guide vP REFACEAbout this GuideThis guide provides the information needed to set up connections between remote systems running Sa

5Overview5-2 Deploying Soft-PK to Your End Users Overview You should deploy the Soft-PK installation program with a customized security policy and the

OverviewDeploying Soft-PK to Your End Users 5-3Prior to customizing the worksheet, take a few minutes to organize the files and information you need t

Customizing the user worksheet5-4 Deploying Soft-PK to Your End Users Customizin

Customizing the user worksheetDeploying Soft-PK to Your End Users 5-5Specifying certificate import/request instructionsFigure 5-4 shows the text in th

Customizing the user worksheet5-6 Deploying Soft-PK to Your End Users Specifying

ATroubleshooting A-1A A PPENDIX ATroubleshootingAbout this appendix This appendix provides a summary of troubleshooting techniques available for resol

ASoft-PK Connection MonitorA-2 Troubleshooting The following summarizes the tasks you can perform.Soft-PK Connection MonitorThe Connection Monitor dis

Soft-PK Connection MonitorTroubleshooting A-3You will see an icon to the left of the connection name: A key indicates that the connection has a Phase

Sidewinder troubleshooting commandsA-4 Troubleshooting that the selected connect

PHow this guide is organizedvi Preface: About this Guide How this guide is organizedThis guide contains the following chapters.Finding information Thi

Part Number: 86-0935037-ASoftware Version : Soft-PK 5.1.3 Build 4 and Sideiwnder 5.1.0.02Product names used within are trademarks of their respective

Where to find additional informationPreface: About this Guide viiViewing and printing this document onlineWhen you view this document online in PDF fo