3Com 3CRFW102 Скачать руководство пользователя страница 33 | Manualshive

Страница: 33 / 38

background image

29

B

Configuring IPSec

Configuring IPSec in Windows 2000 and Windows XP

IPSec primarily consists of two parts:

encryption/decryption

authentication

To send or receive encrypted data in a PC running Windows 2000 or Windows XP with a
3Com Firewall PC Card with 10/100 LAN installed, you must first create a security policy,
and then enable encryption on the network card.

The security policy establishes and defines how encrypted network traffic between your
PC and a specified server occurs.

Authentication enables the receiver to verify the sender of a packet by adding key fields to
a packet without altering the packet data content.

The following table shows the available levels of encryption:

Encryption Type

Encryption Level

Description

AH

Medium

Authentication only

ESP

High

Authentication and encryption

Custom

Varies

Provides encryption and an extra authentication that
includes the IPheader.

Custom allows you to select options for both AH and
ESP, such as MD/SHA-1 and DES/3DES, and you can
select the rate at which new keys are negotiated.

Microsoft uses IKE key exchange to renew keys every
x seconds or y bytes. You may want to set these values
low and have frequent key updates, or higher for
better performance.

For more information, see the Microsoft
documentation about creating IPSec flows.

Example: Creating a Security Policy

The process you use to create and enable a security policy depends on your network
environment requirements. The following is an example of one approach to creating a
security policy.

NOTE

:

You must complete all of the sequences in this example to establish and

enable a security policy for transmitting and receiving encrypted data over the
network.

«
...
31
32
33
34
35
...
»

Содержание 3CRFW102

Страница 1: ...3Com Firewall PC Card with 10 100 LAN Models 3CRFW102 and 3CRFW103 User Guide http www 3com com http www 3com com productreg Published August 2002 User guide version 2 0 ...

Страница 2: ...cumentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are pro...

Страница 3: ...erating Systems 8 INSTALLING THE FIREWALL CLIENT Architecture of Embedded Firewalls 11 Firewall PC Card 12 ADDITIONAL PC CARD FEATURES Firewall Filtering 15 Advanced Security Processor 15 Data Encryption 15 Windows 2000 and Windows XP Offload Features 15 Hot Swapping 16 Offline Diagnostics 16 ADDITIONAL 3COM SOFTWARE 3Com Mobile Connection Manager 17 3Com Diagnostics 17 3Com Connection Assistant 2...

Страница 4: ... Services 25 Support from Your Network Supplier 26 Support from 3Com 27 Returning Products for Repair 27 CONFIGURING IPSEC Configuring IPSec in Windows 2000 and Windows XP 29 Example Creating a Security Policy 29 REGULATORY INFORMATION ...

Страница 5: ...l protection This unique solution consists of the 3Com Embedded Firewall Policy Server and Management Console and a Firewall Client which resides on the 3Com Firewall PC Card In addition to providing firewall protection the 3Com Firewall PC Card with 10 100 LAN connects a notebook computer securely to an Ethernet or Fast Ethernet network The 3Com Firewall PC Card models are shown below The 3CRFW10...

Страница 6: ... it is firmly seated 2 Connect the network cable to the 3CRFW103 PC Card 1 3 Connect the network cable to the network port 2 3CRFW102 Type II PC Card Follow these steps to connect your 3CRFW102 Firewall PC Card 1 Insert the PC Card into the PC Card slot Slide it in until it is firmly seated 2 Connect the PC Card cable to the 3CRFW102 PC Card 1 3 Connect the PC Card cable to the network cable 2 NOT...

Страница 7: ...nstallation CD If so use D where D is your CD ROM drive 5 During the installation process you may receive prompts for your Windows operating system installation CD Insert the operating system installation CD and indicate the correct path 6 Your computer goes through a brief installation process during which it displays several windows indicating what is currently installing This takes several minu...

Страница 8: ... speed Use My Computer Control Panel System Hardware Device Manager Network Adapters to inspect the status of your PC Card If you see a red X enable the PC Card by checking the appropriate box under Properties If you see a yellow exclamation mark click the icon to see what the conflict is Verify there are adequate system resources Free system resources for example disable the infrared port remove ...

Страница 9: ...e Network Setup Wizard If this message does not appear go to Windows NT With Networking Installed and follow the instructions 6 Check Wired to the network and click Next 7 When the system prompts to have setup start searching for a network adapter click Select from List 8 Click Have Disk 9 Insert the 3Com Firewall PC Card with 10 100 LAN Installation CD in the CD ROM drive Type the path to drivers...

Страница 10: ...ard with 10 100 LAN Installation CD from the CD ROM drive and click Yes If you had a Windows service pack installed prior to setting up the PC Card reinstall it now Confirming Installation To confirm installation 1 Double click My Computer double click Control Panel and then double click Network 2 Select the Adapters tab 3Com Firewall PC Card with 10 100 LAN appears on the list Windows NT with Net...

Страница 11: ...opied to your notebook 12 In the Network Settings window accept the default settings and click Continue The default settings work in most instances However you may specify network link settings auto polarity and IRQ and I O values 13 Click OK to save 14 If prompted enter IP information and click OK 15 When prompted whether you are using DHCP click Yes if you are using DHCP or No if you are not usi...

Страница 12: ... in the BIOS Make sure you have the latest BIOS for your notebook or upgrade your software from Microsoft Card not functioning Open Windows NT Diagnostics From the Start menu select Programs Admin Tools Windows NT Diagnostics Check for resource conflicts and make sure the settings for the PC Card are valid Need to force speed and duplex settings In most cases the automatic settings work fine To fo...

Страница 13: ...ible problems may be indicated if The PC Card is not working Windows NT is not detecting the PC Card The system issues a warning tone at startup If you are having any of these problems 1 From the Control Panel Network Adapters select 3Com Firewall PC Card with 10 100 LAN and click Remove 2 Remove the PC Card from the PC Card slot 3 Restart the computer and reinstall the PC Card This procedure remo...

Страница 14: ...10 CHAPTER 1 INSTALLING THE PC CARD AND DRIVERS ...

Страница 15: ...programs Manageable enforcement that allows you to define security through user policies Software based security such as personal firewalls interact with and protect a PC s operating system This dependency on the host makes them inherently susceptible to malicious code and security holes found in many well known operating systems Once the OS has been compromised it is easy to disable the host base...

Страница 16: ...sktop or server The Firewall Client Device provides transparent packet filtering in accordance with the rules that are setup by a security administrator The rules are defined through a centralized management console and are communicated to the firewall client devices via the policy server Like traditional perimeter firewalls the 3Com Embedded Firewall solution is capable of classifying and acting ...

Страница 17: ...med 1 When the Policy Server is installed it generates an RSA 1024 Public Private keypair The public key is written to the Firewall Client Device flash memory 2 When the Firewall Client Device boots up it generates a random 3DES session key encrypts that key with the policy server s public key and then sends that information to the policy server 3 The policy server decrypts the message using its p...

Страница 18: ...k interface card installation install them first from the 3Com EtherCD before installing the 3Com Firewall Client Installing them over the Firewall Client may make the card inoperable Procedure 3 Do not attempt installation of non firewall firmware over an Firewall PC Card Instruct users and administrators that after installation of the Firewall Client on a card installing any non firewall firmwar...

Страница 19: ...ficing performance Until encryption is enabled the 3Com Firewall PC Card with 10 100 LAN functions as a standard 10 100 CardBus LAN card Windows 2000 and Windows XP Offload Features The 3Com Firewall PC Card with 10 100 LAN supports Windows 2000 and Windows XP IPSec offload features in an IP environment The offload features are designed to enhance the operating system capabilities by offloading ke...

Страница 20: ...ng the computer out of service It makes troubleshooting faster and easier because you do not need to wait for the computer to restart Offline Diagnostics The 3Com Firewall PC Card includes offline diagnostics programs for configuring testing and troubleshooting PC Cards The configuration program within the DOS diagnostics program is used for a notebook running DOS or NetWare The LAN diagnostics pr...

Страница 21: ...vate or Connect to start the connection process If no mobile configuration has been created MCM lets you create a new one by importing configurations developed by your system administrator or creating a new configuration 3Com Diagnostics The 3Com Firewall PC Card with 10 100 LAN uses two types of network card diagnostics programs a Windows based diagnostics program and a DOS based diagnostics prog...

Страница 22: ...s client running on the same network This client must have a successfully installed Windows diagnostics program that is currently not running A NetWare server running on the same network A DHCP server running on the same network NOTE Click Help to obtain general information about the function of a screen To obtain specific information about any topic on a screen click the question mark in the uppe...

Страница 23: ...rd Test to check the physical components connectors and circuitry on the network card 1 On the Diagnostics screen click Run NIC Test The NIC Test screen appears 2 Click Perform NIC Test While the test is running a progress bar indicates test progress If the test passes the network card is functioning correctly If the test fails a message indicates the error type Click Help in the error message scr...

Страница 24: ...nu 3 Select Programs and then 3Com NIC Utilities 4 Click 3Com NIC Doctor The 3Com network card Diagnostics General screen appears 5 Click the Statistics tab The Statistics screen appears The information is updated by the card driver every 5 seconds For a description of each statistic click the question mark in the upper right corner of the screen drag it over a statistic and click once A pop up bo...

Страница 25: ...Add Remove Programs Wizard in Windows For instructions on using the Add Remove Programs Wizard in Windows see your Windows documentation 3Com Connection Assistant The 3Com Connection Assistant is interactive software that gives you an easy to use diagnostic and repair tool Using this tool makes troubleshooting easier and helps you quickly resolve problems Go to Start Programs 3Com NIC Utilities 3C...

Страница 26: ...lso supplies solutions if a problem is detected with your 3Com network interface card List Solutions Contains a list of relevant topics for you reference Network Settings Provides detailed information about your network Search Locate topics and solutions 3Com Launcher The 3Com Launcher is a utility that allows you to start 3Com applications from a single source on your screen When the 3Com Launche...

Страница 27: ...ncryption which is a framework of open standards for ensuring secure private communications over IP networks IPSec ensures confidentiality integrity access control and authenticity of data communications across a public IP network Offloading Encryption Processing You can configure two or more computers running Windows 2000 and Windows XP to perform IPSec encryption by changing the local security s...

Страница 28: ...24 CHAPTER 5 DATA ENCRYPTION OFFLOAD ...

Страница 29: ...vice provides access to online support information such as technical documentation and a software library as well as support options that range from technical education to maintenance and professional services 3Com Knowledgebase Web Services The 3Com Knowledgebase is a database of technical information to help you install upgrade configure or support 3Com products The Knowledgebase is updated dail...

Страница 30: ...ch as Netscape Navigator and Internet Explorer you do not need a user name and password 3Com Connection Assistant The 3Com Connection Assistant is interactive software that gives you an easy to use diagnostic and repair tool Using this tool makes troubleshooting easier and helps you quickly resolve problems Go to Start Programs 3Com NIC Utilities 3Com Connection Assistant to find the utility By us...

Страница 31: ...ision levels Diagnostic error messages Details about recent configuration changes if applicable Returning Products for Repair Before you send a product directly to 3Com for repair you must first obtain an authorization number Products sent to 3Com without authorization numbers will be returned to the sender unopened at the sender s expense To obtain an authorization number go to the Web site liste...

Страница 32: ...A Technical Support 28 ...

Страница 33: ...H Medium Authentication only ESP High Authentication and encryption Custom Varies Provides encryption and an extra authentication that includes the IPheader Custom allows you to select options for both AH and ESP such as MD SHA 1 and DES 3DES and you can select the rate at which new keys are negotiated Microsoft uses IKE key exchange to renew keys every x seconds or y bytes You may want to set the...

Страница 34: ...IP Security Policies on Local Machine 2 Right click inside the right pane below the list items 3 From the pop up menu select Create IP Security Policy The IP Security Policy Wizard starts 4 Click Next The IP Security Policy Name screen appears 5 Enter a name for the new security policy that you are creating and if you wish a description that identifies the policy 6 Click Next The Requests for Secu...

Страница 35: ...sequence attaches the new filter to the policy The IP Filter List screen appears 1 Enable the option for the new filter name and make sure the new filter name is selected 2 Click Next Creating the Filter Action This sequence defines how the filter acts on the policy The Filter Action screen appears 1 Click Add The Filter Action Wizard starts 2 Click Next The Filter Action Name screen appears 3 Ent...

Страница 36: ...reated when you save the policy in the previous step Enabling Encryption An encryption policy must exist in the Console Root IP Security Policies on the Local Machine screen before you can enable encryption on the 3Com FIrewall PC Card with 10 100 LAN To enable encryption 1 Right click the desired policy icon in the right pane of the screen 2 Select Assign 3 A green plus symbol appears on the poli...

Страница 37: ...ceived including interference that may cause undesired operation INDUSTRY CANADA ICES 003 This Class B digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulations AVIS DE CONFORMITÉ À LA RÉGLEMENTATION D INDUSTRIE CANADA Cet appareil numérique de la classe B est conform à la norme NMB 003 du Canada SAFETY This equipment has been tested and certified accordin...

Страница 38: ... product based on the standard of the Voluntary Control Council for Interference from information Technology Equipment VCCI If this is used near a radio or television receiver in a domestic environment it may cause radio interference Install and use the equipment according to the instruction manual Manual version 2 0 August 15 2002 ...

Отзывы:

Нет отзывов

Похожие инструкции для 3CRFW102

Бренд: Watchguard Страницы: 27

Бренд: ZyXEL Communications Страницы: 1101

Бренд: Nexcom Страницы: 71

ENTERPRISE NETWORK CENTER

Бренд: ZyXEL Communications Страницы: 302

Бренд: McAfee Страницы: 32

QRadar XGS 5200

Бренд: IBM Страницы: 2

Бренд: Genetec Страницы: 22

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды