Table of Contents
iii
T
A B L E
O F
C
O N T E N T S
Preface: About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . .v
Who should read this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v
How this guide is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
Where to find additional information . . . . . . . . . . . . . . . . . . . . . . . vii
Chapter 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
About Soft-PK & Sidewinder VPNs . . . . . . . . . . . . . . . . . . . . . . . 1-2
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Sidewinder and other network requirements . . . . . . . . . . . . . . 1-3
Soft-PK requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Roadmap to deploying your VPNs . . . . . . . . . . . . . . . . . . . . . . . 1-5
Chapter 2: Planning Your VPN Configuration. . . . . . . . . . 2-1
Identifying basic VPN connection needs . . . . . . . . . . . . . . . . . . . 2-2
Identifying authentication requirements . . . . . . . . . . . . . . . . . . . 2-3
Using digital certificate authentication . . . . . . . . . . . . . . . . . . . 2-3
Understanding pre-shared key authentication . . . . . . . . . . . . 2-5
Extended authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Determining where you will terminate your VPNs . . . . . . . . . . . . 2-7
More about virtual burbs and VPNs . . . . . . . . . . . . . . . . . . . . 2-8
Defining a virtual burb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Understanding Sidewinder client address pools . . . . . . . . . . . . . 2-9
Chapter 3: Configuring Sidewinder for Soft-PK Clients . 3-1
Enabling the VPN servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Configuring ACL & proxies entries for VPN connections . . . . . . 3-3
Managing Sidewinder self-signed certs . . . . . . . . . . . . . . . . . . . 3-4
Creating & exporting a firewall certificate . . . . . . . . . . . . . . . . 3-4
Creating & exporting remote certificate(s) . . . . . . . . . . . . . . . . 3-6
Managing CA-based certificates . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Defining a CA to use and obtaining the CA root cert . . . . . . . 3-9
Requesting a certificate for the firewall . . . . . . . . . . . . . . . . . 3-10
Determining identifying information for client certificates . . . 3-12