Secure Computing Sidewinder Version 5.1.0.02 ユーザーズマニュアル
Roadmap to deploying your VPNs
Getting Started
1-7
Soft-PK deployment
checklist
checklist
The following checklist identifies each major step involved in the
setup and deployment of your Soft-PK software (as shown in Figure
1-2). You can use the checklist as a reference point and mark off each
item as you complete it to ensure a successful VPN rollout.
setup and deployment of your Soft-PK software (as shown in Figure
1-2). You can use the checklist as a reference point and mark off each
item as you complete it to ensure a successful VPN rollout.
TIP: Each step provides an overview of the task and points you to specific documentation
for more detailed information.
for more detailed information.
1 — Satisfy Sidewinder, network, & system requirements
❒
Sidewinder/network: Verify that your Sidewinder is at Version 5.1.0.02 or later,
licensed for VPN, and that your network is fully operational.
licensed for VPN, and that your network is fully operational.
❒
End-user systems: Verify that each system on which Soft-PK will be installed meets
the requirements as described on page 1-4.
the requirements as described on page 1-4.
2 — Plan your VPN configuration
❒
Review Chapter 2 to become familiar with key concepts and options that are
available when setting up VPNs.
available when setting up VPNs.
❒
Review Chapter 11 in the Sidewinder Administration Guide for additional background
on VPN configuration.
on VPN configuration.
❒
Review the readme.txt file located on the Soft-PK CD for additional information from
Secure Computing.
Secure Computing.
3 — Enable appropriate Sidewinder servers, ACL entries, & proxies
Note: For details, see"Enabling the VPN servers" on page 3-2 and "Configuring ACL & proxies
entries for VPN connections" on page 3-3.
entries for VPN connections" on page 3-3.
❒
CMD server: The Certificate Management Daemon (CMD) server must be enabled
before you can configure the certificate server.
before you can configure the certificate server.
❒
EGD server: The Entropy Generating Daemon (EGD) server is used by ISAKMP. This
server must be enabled before you can create VPN associations.
server must be enabled before you can create VPN associations.
❒
ISAKMP server: The ISAKMP server must be enabled and set to listen on the
appropriate burb (typically, this will be the Internet burb).
appropriate burb (typically, this will be the Internet burb).
More...