IPSEC ConfigurationManual En

7/28/2019 IPSEC ConfigurationManual En

http://slidepdf.com/reader/full/ipsec-configurationmanual-en 1/30

SiPass Access Control

IPSEC SecureCommunications

Configuration Instruct ions



2

Siemens Building Technologies IPSEC_ConfigurationManual_en.docInstructions

Fire & Security Products 05.2004

Liefermöglichkeiten und technische Änderungen vorbehalten.Data and design subject to change without notice. / Supply subject to availability.Sous réserve de modifications techniques et de la disponibilité.©2005 Copyright bySiemens Building Technologies AG

Wir behalten uns alle Rechte an diesem Dokument und an dem in ihm dargestellten Gegenstand vor. Der Empfänger anerkennt dieseRechte und wird dieses Dokument nicht ohne unsere vorgängige schriftliche Ermächtigung ganz oder teilweise Dritten zugänglich machenoder außerhalb des Zweckes verwenden, zu dem es ihm übergeben worden ist.

We reserve all rights in this document and in the subject thereof. By acceptance of the document the recipient acknowledges these rightsand undertakes not to publish the document nor the subject thereof in full or in part, nor to make them available to any third party without ourprior express written authorization, nor to use it for any purpose other than for which it was delivered to him.

Nous nous réservons tous les droits sur ce document, ainsi que sur l'objet y figurant. La partie recevant ce document reconnaît ces droits etelle s'engage à ne pas le rendre accessible à des tiers, même partiellement, sans notre autorisation écrite préalable et à ne pas l'employerà des fins autres que celles pour lesquelles il lui a été remis.

DOCUMENT NUMBER: A24205-A335-B228



Table of Contents

3



1 Overv iew ..................................................................................................5 1.1 Introduction...............................................................................................5 1.1.1 SiPass Client-Server Security...................................................................5 1.1.2 Benefits of IPsec.......................................................................................5 1.1.3 Architecture...............................................................................................6 2 Conf iguring Secure Communications ..................................................7 2.1 Configuring IPsec......................................................................................7 2.2 Testing IPsec..........................................................................................20 2.3 Configuring the VPN Tunnel...................................................................21 2.4 Configuring the VPN Client.....................................................................25 3 Keyword index.......................................................................................29





Overview

5



1 Overview

This Configuration Guide explains the benefits and process of configuring IPsec ona network for secure communications between a SiPass Server and SiPass

Workstation Client. This Guide is aimed at system administrators who are familiar with configuringWindows TCP/IP networks and VPN tunnels. It consists of a single configurationchapter divided into three sections.

1.1 Introduction

1.1.1 SiPass Client-Server Securi ty

Windows 2000 can protect the files stored on its drives by encrypting them andplacing them behind a wall of permissions, but when a network user attempts to

access a file, the server accesses it with the user's credentials and decrypts itbefore sending it on its way over the network.

The data, as transmitted over the network, is left completely unprotected andvulnerable to a variety of attacks. On today's large enterprise networks, the Internetis not the only source of potential intruders. Internal users might attempt to accesssensitive data in many ways, including the following:

z Packet capturing

z Data modification

z Spoofing

z Password compromise.z Denial of service attacks

z Key compromise.

z Application layer attack

and many others.

1.1.2 Benefi ts of IPsec

Instead of securing the network itself, you can secure the data transmitted over aWindows 2000 network using IPsec. IPsec is a series of standards that provide amethod for encrypting IP datagrams before they are transmitted. Because IP isresponsible for carrying all application data on a TCP/IP network, this type of encryption can protect all types of sensitive data and eliminate vulnerability toattack. Intruders still might be able to capture packets as they travel over thenetwork, but since they cannot decrypt any of the data inside the packets, theycannot make use of the information.



Overview

6



1.1.3 Architecture

The following diagram illustrates a typical secure VPN link that uses IPsec topreserve data encryption in a SiPass security network.

Figure 1: Diagram showing VPN link with IPsec



Configuring Secure Communications

7



2 Configuring Secure Communications

2.1 Configur ing IPsec

To configure the local system to use IPsec, you can activate one of the defaultpolicies as it is, modify its properties, or create new policies for your own use. Tocreate a new policy on the local system, use the following procedure.

1. SelectStart >Run from the Windows taskbar.

2. Enter ”mmc” into the Open field and click OK.

The Console will appear.

3. Select Add/Remove Snap-in from the Console menu. The Add/Remove

Snap-in dialog will appear.




8



4. Click Add to add a new Snap-in. The Add Standalone Snap-in dialog willappear.

5. Select “IP Security Policy Management” and click Add. The Select Com-puter dialog will appear.




9



6. Select the Local Computer option and click Finish. You will be returned tothe Add Stand-alone Snap-in dialog.

7. Click Close at the Add Standalone Snap-in screen.

8. Click OK to close the Add/Remove Snap-in screen. You will be returned tothe Console, and the IP security policy will have been added to the righthand pane.

9. Double-click on IP Security Policies … in the right hand pane.




10



10. Right-click Secure Server in the right hand pane and select Properties from the menu that appears. The Secure Server dialog will appear.

11. Click Add to add a new rule. The Security Rule Wizard will appear.




11



12. Click Next at the Welcome New Rule Wizard page.

13. Select the This rule does not specify a tunnel option and click Next.




12



14. SelectLocal area network (LAN) and click Next.

15. If the Sipass Client and Server are not members of the same WindowsDomain, selectUse this string to protect key exchange. Otherwise se-lectWindows 2000 default (Kerberos V5 Protocol).

16. Click Next.




13



17. Click Add to add a new IP filter.

18. Enter a name for the IP filter.

Note: The next series of steps will depend on whether you are configuring theSiPass Server PC, or a client PC. If you are configuring the Server PC, you mustperform steps 19-28 for each SiPass Client PC in your network, entering the IPaddress of the a client each time.

If you are configuring a Client PC, steps 19-28 will only be performed once.

19. Click Add.




14



20. Click Next at the Wizard Welcome screen.

21. SelectMy IP Address from the Source address drop down list.

22. Click Next.

23. Select A specif ic IP address from the Destination Address drop downlist.

24. Enter the IP address of the destination computer.




15



If you are configuring the SiPass Server PC, the IP address entered will be the IPaddress of one of the clients. If you are configuring a Client PC, the IP address willbe the IP address of the SiPass Server.

25. Click Next.

Note: If the Sipass and computers are on a corporate domain, ensure that theyare assigned a specific IP address rather than via DHCP server.

26. Select Any from the protocol type drop down list.

27. Click Next.

28. Click Finish to close the IP Filter Wizard. You will be returned to the IP Fil-ter List dialog.

Note: If you are configuring the SiPass Server PC, you must repeat steps 19-28 foreach Client PC in your network.




16



29. Click Close to return to the IP filter list.

30. Select the IP filter that you just created and click Next.




17



31. SelectRequire Security from the filter actions.

32. Click Next.

33. Click OK and close the Edit Rules Properties dialog.




18



34. Click Finish to close the Security Rule Wizard.

35. Select your new IP security rule and deselect the other rules.

36. Click OK.




19



37. Right-click Secure Server from the right hand pane and select Assign

from the menu that appears.

38. Repeat the above procedure on all other Sipass Server and Client PCs inthe network.




20



2.2 Testing IPsec

1. Open the command window by selecting Start >Run from the taskbar.

2. Enter “cmd” into the Open field to open up a command prompt.

3. At the command prompt type “ping” followed by the IP address of the othercomputer.

If you receive “Negotiating IP Security” message repeat the ping command untilyou receive a reply from the other computer.

4. To verify that IPsec is working un-assign the policy on one computer and re-peat the ping command.

You should receive the “Negotiating IP Security” message. Re-assign the policyand verify using the ping command.




21



2.3 Configur ing the VPN Tunnel

To establish the VPN connection between the Sipass Server and Sipass Client, theSipass server must be configured to except incoming VPN connections.

1. SelectSettings >Control Panel >Network and Dial up connections fromthe Windows Start menu, and choose New Connection.

The Network Connection Wizard will appear.

2. Select Accept incoming connections.

3. Click Next.




22



4. Verify that all devices are unchecked in the Devices and Incoming

Connections dialog.

5. Click Next.

6. Select Al low Vi rtual Private Connections.

7. Click Next.




23



8. Click Add.

9. Add a username and password.

10. Click OK.




24



11. Select Internet Protocol (TCP/IP) and click Properties.

12. Select Assign TCP/IP addresses automatically using DHCP.

13. Click OK.

14. Choose Finish to close the Wizard.




25



2.4 Configur ing the VPN Client

1. Open Network and Dial up connections fromStart >Settings >Control Panel and click New Connection.

2. SelectConnect to a private network through the Internet.

3. Click Next.

4. SelectDo Not Dial The Initial Connection.5. Click Next.




26



6. Enter the IP address of the SiPass server.

7. Click Next.

8. SelectOnly for myself .

9. Click Next.




27



10. Click Finish.

You have now configured IPsec successfully for secure communications betweenthe SiPass Server and clients in your security network.





Keyword index

29



3 Keyword index

D Destination IP Address, 14DHCP, 14

I IP Address, SiPass Server, 25

IP Addresses, dynamic, 14

IP Filter, 13

IP Filter, actions, 16

IP Security Policy, 8, 9

IPsec Overview, 5

IPsec, Architecture, 6

IPsec, benefits, 5

IPsec, How to configure, 7

IPsec, user requirements, 5

K Kerberos V5 Protocol, 12

Key Exchange, 12

L LAN, 12

M MMC Console, 7

N Negotiating IP addressing, 19Network connection wizard, 21

P Ping command, 19

R Run dialog, 7

S Secure Server Policies, 10

Security Rule Wizard, 11

Security, risks, 5

Security, Server Comms, 5

Snap-in, add, 7

Subnet Mask, 14

T Testing IPsec, 19

V VPN Client, configuring, 24

VPN Tunnel, configuring, 20

VPN, automatic IP addressing, 23

VPN, enabling, 21

VPN, username and password, 22



Issued by

Siemens Building TechnologiesFire & Security Productst GmbH & Co. oHGD-76181 Karlsruhe

©2005 Copyright by

Siemens Building Technologies AGData and design subject to change without notice.

Supply subject to availability

Date post:	03-Apr-2018
Category:	Documents
Upload:	liliana-useche
View:	223 times
Download:	0 times

IPSEC ConfigurationManual En

Documents