Secure Computing Sidewinder Version 5.1.0.02 User Manual
Configuring a security policy on the Soft-PK
4-16
Installing and Working with Soft-PK
a.
Select the authentication method for this connection.
If using shared password: Click
Pre-Shared Key
and enter the
shared password.
If using digital certificates: Select the personal certificate
previously imported from the drop-down list. Notice the ID Type
automatically changes to Distinguished Name.
previously imported from the drop-down list. Notice the ID Type
automatically changes to Distinguished Name.
b.
In the
Internet Interface
selection drop-down box, specify which
interface to use when creating the VPN. For our example, the default
“Any” is adequate.
“Any” is adequate.
11.
Specify the Authentication settings. Select
Authentication (Phase 1) ->
Proposal 1
.
Figure 4-15.
Soft-PK: Authentication
(Phase 1) -> Proposal 1
fields
a.
In
Authentication Method
field, specify the method appropriate for
your configuration. (For example, use RSA Signatures if using only
digital certificate authentication, use RSA Signatures: Extended
Authentication if using digital certificate authentication and
extended authentication.)
digital certificate authentication, use RSA Signatures: Extended
Authentication if using digital certificate authentication and
extended authentication.)
b.
In
Encryption and Data Integrity/Algorithms
fields:
Encrypt Alg
: Select DES or
Triple-DES
(highest).
Hash Alg
: Select MD5 or
SHA-1
(highest).
SA Life
: Set this to
3500 seconds
.The Phase 1 Lifetime on the Soft-
PK should NOT be left as Unspecified. It should be set to some
period of time slightly shorter than is configured on the
Sidewinder SA definition (Advanced tab on the Sidewinder COBRA
GUI).
period of time slightly shorter than is configured on the
Sidewinder SA definition (Advanced tab on the Sidewinder COBRA
GUI).
c.
In
Key Group
field, select at least
Group 2
. Group 5 (highest).