Multitech ROUTE FINDER RFIPSC-1 Quick Start Manual Download

Page: 1 / 54

SSH IPSec Client

Models RFIPSC-1/5/10/50

Quick Start Guide

Summary of Contents for ROUTE FINDER RFIPSC-1

Page 1: ...SSH IPSec Client Models RFIPSC 1 5 10 50 Quick Start Guide ...

Page 2: ......

Page 3: ...hanges Record of Revisions Revision Date Description A 9 7 01 Manual released for SSH Sentinel v1 2 0 15 B 11 21 01 Manual revised to add RFIPSC 1 license agreement text and editorial changes Patents This Product is covered by one or more of the following U S Patent Numbers 5 301 274 5 309 562 5 355 365 5 355 653 5 452 289 5 453 986 Other Patents Pending TRADEMARKS Trademarks of Multi Tech Systems...

Page 4: ...iv ...

Page 5: ...on Speed Diagnostics 18 Completing the Installation 19 SSH IPSec Client Setup 20 Host to Net Setup 20 Host to Net using SSH Sentinel 1 1 1 21 RouteFinder Configuration 23 Sentinel Configuration 24 SSH Sentinel Installation Notes 35 SSH Sentinel Release Notes 35 Updating SSH Sentinel 36 Removing SSH Sentinel 36 Chapter 3 Service Warranty and Tech Support Introduction 39 Limited Warranty 39 On line ...

Page 6: ...n 24 Figure 15 Sentinel Key Management select Authentication Keys 24 Figure 16 Sentinel Add a new Authentication Key 25 Figure 17 Sentinel Select Primary Identifier and Host IP Address 25 Figure 18 Sentinel Preshared Key Information screen 26 Figure 19 Sentinel Select VPN Connection screen 27 Figure 20 Sentinel Select Security Gateway and Intranet IP Address 29 Figure 21 Sentinel Probing IPSec con...

Page 7: ... RFIPSC 10 SSH IPSec VPN Client 10 User License RFIPSC 50 SSH IPSec VPN Client 50 User License Product Description SSH Sentinel is a software product for securing Internet Protocol IP based traffic using the IPSec protocol as specified by Internet Engineering Task Force IETF standards SSH Sentinel is an easy to use product designed for end users It allows you to encrypt and authenticate important ...

Page 8: ...o redirect connections to a fake server Internet Protocol Security IPSec Internet Engineering Task Force IETF has developed the Internet Protocol Security IPSec protocol suite to prevent misuse and attacks on IP IETF is an international standards body with representation from hundreds of leading companies universities and individuals developing Internet related technologies Its track record includ...

Page 9: ...cumentation for options such as the Windows PPTP client the E Mail Anti Virus Upgrade etc This document may contain links to sites on the Internet which are owned and operated by third parties Multi Tech Systems Inc is not responsible for the content of any such third party site Ship Kit Contents The SSH IPSec Client License Pak is shipped with the following one SSH IPSec CD ROM one SSH IPSec Clie...

Page 10: ...PN 82013151 10 ...

Page 11: ...en launching the installation only updates the existing software to the new version The security policy rules and the authentication keys that you have configured with the previous version of the software are preserved You can always remove the software completely and then reinstall it Pre Installation Requirements SSH Sentinel client software works on the following Microsoft Windows platforms and...

Page 12: ... you have full access rights for the system files on your computer On a Windows NT system you must log in with administrator rights 1 In Windows Explorer double click the SSH Sentinel installation package icon Sentinel exe The Sentinel exe file is included on the RFIPSC 5 10 50 SSH Sentinel IPSec Client CD refer to Appendix A of this manual for more information on the CD Figure 1 The SSH Sentinel ...

Page 13: ...ed 3 When started the Installation Wizard goes through a sequence of basic installation dialogs displaying the licensing agreement and allowing you to select the installation directory and the program folder The installation can only be performed on a local computer Remote installation of SSH Sentinel is not possible because the installation program updates kernel mode components related to networ...

Page 14: ... text The data is then used as a seed to ensure that all authentication keys will be unique With this method the likelihood of generating two identical authentication keys is infinitesimal The general level of security that can be provided with 1024 bit RSA authentication keys is considered military strength The Internet Key Exchange IKE protocol used in key negotiation is better by design and sec...

Page 15: ...RFIPSC Quick Start Guide 15 Figure 5 Generating the Authentication Key Figure 6 Authentication Key Generation Done ...

Page 16: ...formation that is to be associated with the authentication key pair and its certificate A commonly preferred identity is the host DNS name also referred to as the Fully Qualified Domain Name FQDN The DNS name should be used as the identity whenever the host has a static DNS name and whenever it is safe to assume that name service will be available If the host does not have a static DNS name its st...

Page 17: ... Choosing a Certificate Enrollment Protocol 7 Choose a Certificate EnrollmentProtocol A To create a self signed certificate select the option CA is unavailable SSH Sentinel uses option A in Figure 8 above The keys created in the previous step are used when the system creates the certificate B To issue an online certification request select the option Request certificate online Generate an online o...

Page 18: ...ty The following protocols are available Simple Certificate Enrollment Protocol SCEP and Certificate Management Protocol CMP CA Server Address B Specify the address URL of the certification authority web site CA Certificate C The certificate of the certification authority is needed to encrypt the certification request before sending it to the certification authority You can usually fetch it from t...

Page 19: ...sting a certificate Key F This selection is used only in connection with the CMP protocol The Key selected is a shared secret granted by the certification authority to be used in the certification request This Key is used for verification of the user requesting a certificate Off line Certification Request An off line certification request is simply a file where the request is stored for later use ...

Page 20: ...r SSH Sentinel supports the following ciphers Rijndael Twofish Blowfish Cast 3DES and DES Figure 11 Encryption Speed Diagnostics screen With the exception of DES all of these ciphers can be considered secure for commercial use The DES encryption algorithm is supported as a fallback option for interoperability reasons Rijndael an encryption algorithm widely considered fast secure and reliable is us...

Page 21: ...oot An Intel P3 personal computer with processor speed of 800 MHz should be able to provide a maximum IPSec throughput of over 40 Mbit s on the preferred cipher However other variables such as the operating system network bandwidth and CPU load naturally set limitations to the throughput Completing the Installation 9 The installation of the SSH Sentinel client software adds kernel mode components ...

Page 22: ...s a sales representative that dials into the Internet and establishes a VPN connection to the company RouteFinder and gains with that an encrypted and authenticated connection to the corporate LAN or DMZ or E mail server HOST Router Internet Router VPN Gateway NET encrypted Note Make sure that all routers between both SSH IPSec ends can route IP protocol 50 IPSec Sometimes routers are configured t...

Page 23: ...g Packet Filter rules Sentinel ssh Client Any DMZ Network Allow DMZ Network Any Sentinel ssh Client Allow The first rule allows the Sentinel SSH Client to initiate connections to the DMZ Network The second rule allows the DMZ Network to initiate connections to the Sentinel SSH client 3 At VPN IPSec Configurations add a New connection for the Sentinel SSH IPSec client Figure 13 RouteFinder Add a Ne...

Page 24: ...PN 82013151 24 SentinelConfiguration 4 From the Control panel select the Sentinel Policy Editor 5 At Key Management select Authentication Keys 6 Click OK ...

Page 25: ...RFIPSC Quick Start Guide 25 7 Click Add to create a new Authentication Key 8 Check the Create new preshared key checkbox and click OK ...

Page 26: ...PN 82013151 26 9 Select a Primary Identifier from the Select Primary Identifier drop down list Select a Host IP Address and click OK 10 Enter the Preshared Key Information and click OK ...

Page 27: ...RFIPSC Quick Start Guide 27 11 Select VPN Connection and click OK ...

Page 28: ...Address information and click OK Note that the System routing Subnet Mask is set automatically The RouteFinder looks for the Intra IP Address that you entered If the Intra IP Address that you entered is not found the Probe Results unsuccessful screen is displayed ...

Page 29: ...SC Quick Start Guide 29 13 Click Details The Connection Properties General screen is displayed 14 Edit the IP Address Settings and the Proposal Parameters then change the Rule Comment if necessary Click OK ...

Page 30: ...15 Click on the Advanced tab 16 As necessary edit the Advanced Options NAT Traversal Virtual IP Address Settings and or check the Enable Extended Authentication check box and click OK The Probe Results screen displays ...

Page 31: ...RFIPSC Quick Start Guide 31 17 Click Details ...

Page 32: ...PN 82013151 32 18 Verify the connection details information and click Close ...

Page 33: ...RFIPSC Quick Start Guide 33 The Security Policy begins updating 19 When the Security Policy is done updating click Diagnostics to Ping the new connection ...

Page 34: ...PN 82013151 34 If the ping is successful the Host to NET using SSH Sentinel 1 1 1 static IP to connect to a RouteFinder using Pre Shared Keys PSK process is complete ...

Page 35: ...signed certificate is a valid authentication document in many circumstances If you later discover a need for a certificate granted by a certification authority you can enroll for it with no extra trouble For basic installation a network or Internet connection is not necessary However to enroll for a certificate online as part of the installation you naturally need the Internet connection But you c...

Page 36: ...certificates for later use Since removing the software will delete all files related to the software save the data in a separate folder 2 Save all unsaved data in other applications and close all open applications To remove the software use the standard Windows Remove Programs procedure 1 Open Add Remove Programs under Settings in the Start menu 2 Select SSH Sentinel from the listing 3 Complete th...

Page 37: ... for which they were manufactured repaired by the customer or any party without MTS s written authorization or used in any manner inconsistent with MTS s instructions MTS s entire obligation under this warranty shall be limited at MTS s option to repair or replacement of any products which prove to be defective within the warranty period or at MTS s option issuance of a refund of the purchase pric...

Page 38: ..._________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ ______________________________...

Page 39: ...out the status of the returned product be prepared to provide the serial number of the product sent Send your RouteFinder to this address MULTI TECH SYSTEMS INC 2205 WOODALE DRIVE MOUNDS VIEW MINNESOTA 55112 ATTN SERVICE OR REPAIRS You should also check with the supplier of your RouteFinder on the availability of loaner units and or local service in your area Multi Tech on the Internet Multi Tech ...

Page 40: ...down list select Multi Tech and click GO 2 To order type in the quantity and click Add to Order 3 Click Review Order to change your order 4 After you have selected all of your items click Checkout to finalize the order The SupplyNet site uses Verisign s Secure Socket Layer SSL technology to ensure your complete shopping security ...

Page 41: ...iles as shown below When you insert the CD in your computer s CD ROM drive the SSH Sentinel IPSec Client software Install screen displays If the Program Not Found message displays or if the Auto run feature does not function click on the file Autorun bat in the CDs root directory Each of the initial CD Install screen selections is described below ...

Page 42: ...gram from the CD or save it to your computer s hard disk drive the initial screen is shown below Click Read the End User Licensing Agreement to view the Multi Tech Multi User Software License Agreement the initial screen is shown below Note that the Software License Agreement is also provided in Appendix B of this manual ...

Page 43: ...lick Read the Installation Quick Start Guide to view and or print the online Quick Start Guide manual the printed manual You can also find it directly on the System CD in Acrobat format InstallationGuide pdf as well as on the Multi Tech web site http www multitech com This is an Adobe Acrobat file if you don t have the Acrobat Reader download it from http www adobe com The electronic version of th...

Page 44: ...PN 82013151 44 ...

Page 45: ... on Multi Tech Systems web site at www multitech com register Opening the packaged program constitutes agreement to be bound by the terms and conditions of this Software License Agreement Your right to use the software terminates automatically if you violate any part of this software license agreement Multi Tech Software License Agreement Multi Tech Systems Inc MTS agrees to grant and Customer agr...

Page 46: ... SEPARATE END USER LICENSED SOFTWARE PRODUCT INCLUDED WITH MTS SOFTWARE INDEMNIFICATION MTS will indemnify and defend Customer from any claim that the software infringes on any copyright trademark or patent Customer will indemnify and defend MTS against all other proceedings arising out of Customers use of the software GENERAL If any of the provisions or portions thereof of this Agreement are inva...

Page 47: ...conditions The software is furnished to the Licensee as the single site representative for execution and use on as many workstations as that single site contains for up to 250 users inclusively Software and manuals may be copied with the inclusion of the Multi Tech Systems Inc copyright notice for use within that single site Additional manuals may be ordered from Multi Tech Systems Inc for a nomin...

Page 48: ...cumentation may be modified or translated without the written permission of Multi Tech Systems Inc This agreement shall be governed by the laws of the State of Minnesota The terms and conditions of this agreement shall prevail regardless of the terms of any other submitted by the Licensee This agreement supersedes any proposal or prior agreement Licensee further agrees that this License Agreement ...

Page 49: ...________________ Version _________________ First Name _____________________ Last Name ___________________________ Company ________________________________________________________ Address ________________________________________________________ City _____________________ State ______________ Zip _________________ Daytime Phone with area code ______________________________________ Fax ______________...

Page 50: ...PN 82013151 50 ...

Page 51: ...ber ___________________ Version _________________ First Name ____________________ Last Name _____________________________ Company ___________________________________________________________ Address ____________________________________________________________ City _______________State Providence ___________ Zip Postal Code _________ Country _________________ Daytime Phone with area code ___________...

Page 52: ...PN 82013151 52 ...

Page 53: ...RFIPSC Quick Start Guide 53 ...

Page 54: ...PN 82013151 54 82013151 B ...

Search results

Summary of Contents for ROUTE FINDER RFIPSC-1

Reviews:

Related manuals for ROUTE FINDER RFIPSC-1

Brands by name

Popular brands

Multitech ROUTE FINDER RFIPSC-1, Quick Start Manual

Search results

Summary of Contents for ROUTE FINDER RFIPSC-1

Reviews:

Related manuals for ROUTE FINDER RFIPSC-1

Brands by name

Popular brands