Secure Computing Sidewinder Version 5.1.0.02 ユーザーズマニュアル
Roadmap to deploying your VPNs
1-8
Getting Started
❒
ISAKMP ACL entry: At a minimum, you must define and enable an ACL entry that
allows ISAKMP traffic from the Internet to the Internet burb on Sidewinder (external
IP address of Sidewinder).
allows ISAKMP traffic from the Internet to the Internet burb on Sidewinder (external
IP address of Sidewinder).
❒
Other ACL entries: Depending on where you terminate your VPN connections on
Sidewinder (e.g., in a virtual burb), you may need to create ACL entries to allow traffic
between burbs.
Sidewinder (e.g., in a virtual burb), you may need to create ACL entries to allow traffic
between burbs.
❒
Proxies: Depending on where you terminate your VPN connections on Sidewinder
(e.g., in a virtual burb), you may need to enable proxies to allow traffic between burbs.
(e.g., in a virtual burb), you may need to enable proxies to allow traffic between burbs.
4 — Create/Request the digital certificates
If using Sidewinder self-signed certificates:
❒
Use Cobra to create and export a firewall certificate. See "Creating & exporting a
firewall certificate" on page 3-4 for details.
firewall certificate" on page 3-4 for details.
❒
Use Cobra to create and export remote certificates for each end user. See "Creating &
exporting remote certificate(s)" on page 3-6 for details.
exporting remote certificate(s)" on page 3-6 for details.
❒
Use a command-line utility on Sidewinder to convert the key/file certificate pair to
pkcs12 format. See "Converting the certificate file/private key file pair to pkcs12
format" on page 3-8 for details.
pkcs12 format. See "Converting the certificate file/private key file pair to pkcs12
format" on page 3-8 for details.
If using a CA -assigned certificates:
❒
Use Cobra to define a CA and obtain the CA root certificate and export it for sending
to client(s). See "Defining a CA to use and obtaining the CA root cert" on page 3-9 for
details.
to client(s). See "Defining a CA to use and obtaining the CA root cert" on page 3-9 for
details.
❒
Use Cobra to request a certificate for the firewall from the CA. See "Requesting a
certificate for the firewall" on page 3-10 for details.
certificate for the firewall" on page 3-10 for details.
❒
Determine the identifying information (e.g., Distinguished Name settings) your
clients will use in their personal certificates. See "Determining identifying information
for client certificates" on page 3-12.
clients will use in their personal certificates. See "Determining identifying information
for client certificates" on page 3-12.
❒
Use Cobra to specify the client certificate identity information to within Sidewinder.
See "Defining remote client identities in Sidewinder" on page 3-13 for details.
See "Defining remote client identities in Sidewinder" on page 3-13 for details.
If using pre-shared keys (passwords):
❒
Use Cobra to specify the client identity information to within Sidewinder. See
"Managing pre-shared keys (passwords)" on page 3-14 for details.
"Managing pre-shared keys (passwords)" on page 3-14 for details.
More...