User guide

ManualsBrandsMultitech ManualsNetwork RouterROUTE FINDER RFIPSC-5

SSH Sentinel

Quick Start Guide

Summary of content (43 pages)

PAGE 1
SSH Sentinel Quick Start Guide
PAGE 2
PAGE 3
Quick Start Guide 82013152 Revision C SSH Sentinel This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserved. Copyright © 2002, by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc.
PAGE 4
Contents Chapter 1 – Introduction and Description ............................................................................... 1 Internet Protocol (IP).............................................................................................................. 2 Internet Protocol Security (IPSec) ........................................................................................... 2 About This Manual and Related Manuals...............................................................................
PAGE 5
Chapter 1 – Introduction and Description Chapter 1 – Introduction and Description Welcome to world of Internet security. SSH Sentinel is a software product that secures network communications on a Windows workstation. Network traffic (IP traffic – Internet Protocol) is protected using the IPSec (Internet Protocol Security) protocol as specified by the Internet Engineering Task Force (IETF) standards. SSH Sentinel is an easy-to-use product designed for end users.
PAGE 6
SSH Sentinel Quick Start Guide Internet Protocol (IP) The open architecture of the Internet Protocol (IP) makes it a highly efficient, cost-effective, and flexible communications protocol for local and global communications. IP is widely adopted, not only on the global Internet, but also in the internal networks of large corporations. The Internet Protocol was designed to be highly reliable against random network errors. However, it was not designed to be secure against a malicious attacker.
PAGE 7
Chapter 1 – Introduction and Description About This Manual and Related Manuals This Quick Start Guide is intended to provide the experienced client user or system administrator with the information needed to quickly get the SSH Sentinel software up and running. The full SSH Sentinel User Guide is provided on the SSH Sentinel CD-ROM included in the package. Please address comments about this manual to the Multi-Tech Publications Dept.
PAGE 8
SSH Sentinel Quick Start Guide Chapter 2 – SSH Sentinel Client Installation and Setup Introduction This section describes the SSH Sentinel software, an IPSec client product by SSH Communications Security Corp, providing secure communications over a TCP/IP connection. The Sentinel SSH software is used by client devices for secure connection to Multi-Tech‘s RouteFinders RF650VPN and RF550VPN. The SSH Sentinel client installation and setup procedures are described in the following sections.
PAGE 9
Chapter 2 – SSH Sentinel Client Installation and Setup Starting the SSH Sentinel Installation The SSH Sentinel installation requires that you have full access rights for the system files on your computer. On a Windows NT system, you must log in with administrator rights. 1. Insert the Client CD into the CD-ROM drive. The startup screen displays in your Web browser. 2. Click Install IPSec Client Software. The File Download screen displays. 3.
PAGE 10
SSH Sentinel Quick Start Guide 4. The SSH Sentinel Setup InstallShield Wizard screen displays. The self-extracting package automatically initiates InstallShield software to install and set up SSH Sentinel Client software. On the Installation screen, click Next. The installer will run the Installation Wizard, which creates the initial configuration and sets up the SSH Sentinel client software.
PAGE 11
Chapter 2 – SSH Sentinel Client Installation and Setup 5. When started, the Installation Wizard goes through a sequence of basic installation dialogs, displaying the licensing agreement and allowing you to select the installation directory and the program folder. The installation can only be performed on a local computer. Remote installation of SSH Sentinel is not possible, because the installation program updates kernel mode components related to networking and remote access.
PAGE 12
SSH Sentinel Quick Start Guide 6. The Choose Destination Path displays.
PAGE 13
Chapter 2 – SSH Sentinel Client Installation and Setup 7. Choose your Destination Path and click Next, then select a destination folder for the SSH Sentinel icon and click Next>. Next, the Setup Status screen displays to let you know that SSH Sentinel is performing the requested operations. Once the operations are complete, the Authentication Key Generation screen displays.
PAGE 14
SSH Sentinel Quick Start Guide Authentication Key Generation 8. On this screen, move your mouse or type some random text to generate a host authentication keypair. When complete, click Next. The SSH Sentinel Installation Wizard generates a primary authentication key for IPSec peer (host) authentication purposes. The primary authentication key is a 1024-bit RSA key pair that is used for digital signatures and strong authentication. Authentication key generation begins with random seed generation.
PAGE 15
Chapter 2 – SSH Sentinel Client Installation and Setup 9. Once the authentication key generation is complete, click Next> to proceed with the installation.
PAGE 16
SSH Sentinel Quick Start Guide Certificate Information 10. Enter the information to identify the authentication key. SSH Sentinel uses certificates and digital signatures as its primary authentication method. SSH Sentinel processes certificates according to the IETF Public-Key Infrastructure X.509v3 standards, allowing you to take advantage of the public-key infrastructure (PKI).
PAGE 17
Chapter 2 – SSH Sentinel Client Installation and Setup Choose the Enrollment Method 11. Choose your Certificate Enrollment Protocol and click Next>. A certification request can be created as part of the installation process. You can either enroll online, in other words create and send the request immediately, or save the request in a file and deliver it later to the certification authority (CA).
PAGE 18
SSH Sentinel Quick Start Guide SSH Sentinel Online Enrollment Information To enroll online, you must locate the certification authority server and you must possess the certification authority certificate. Most often, you can download the certificate of the certification authority from its web site. You must specify the enrollment protocol. In addition, you may configure the Socks and proxy settings to get through the firewall if the local server is protected by one.
PAGE 19
Chapter 2 – SSH Sentinel Client Installation and Setup Key (F) This selection is used only in connection with the CMP protocol. The Key selected is a shared secret granted by the certification authority to be used in the certification request. This Key is used for verification of the user requesting a certificate. Off-line Certification Request An off-line certification request is simply a file, where the request is stored for later use.
PAGE 20
SSH Sentinel Quick Start Guide Encryption Speed Diagnostics 12. Let the algorithm diagnostics run or skip them. SSH Sentinel runs diagnostics on the encryption algorithms as the last step of the installation. You can bypass this step by clicking the Skip> button on the dialog box. These diagnostics reveal the speeds of the encryption algorithms compared to each other. SSH Sentinel supports the following ciphers: Rijndael, Twofish, Blowfish, Cast, 3DES and DES.
PAGE 21
Chapter 2 – SSH Sentinel Client Installation and Setup Completing the Installation 13. Click Finish and re-start your computer (recommended). The installation of the SSH Sentinel client software adds kernel-mode components to the operating system network management. For this reason, you must restart the computer before using the SSH software. The SSH Sentinel installation is complete. Proceed to the next section for SSH IPSec client setup.
PAGE 22
SSH Sentinel Quick Start Guide Chapter 3 – Client Setup Examples LAN to SSH Sentinel Client (Static IP) to connect to a RouteFinder using Pre Shared Keys (PSK) This section describes how to set up a Host to Net connection between an SSH Sentinel client and a RouteFinder. Before you can setup the SSH Sentinel client, you will have to configure your gateway.
PAGE 23
Chapter 3 – Client Setup Examples LAN-to-Client Setup Using: • Multi-Tech’s RouteFinder RF550VPN to connect the LAN at Site A to the external VPN gateway. • SSH Sentinel to connect a remote client to the VPN gateway to the LAN at Site A. The information to the left of the diagram is a list of Multi-Tech’s RF550VPN configuration for this example.
PAGE 24
SSH Sentinel Quick Start Guide LAN-to-Client Setup Using: • Multi-Tech’s RouteFinder RF650VPN to connect the LAN at Site A to the external VPN gateway. • SSH Sentinel to connect a remote client to the VPN gateway to the LAN at Site A. The information to the left of the diagram is a list of Multi-Tech’s RF650VPN configuration for this example.
PAGE 25
Chapter 3 – Client Setup Examples Sentinel Configuration 1. Select the Sentinel Policy Editor ( Then click ) icon located on your task bar. .
PAGE 26
SSH Sentinel Quick Start Guide 2. Click the Key Management tab at the top of the SSH Sentinel Policy Editor window. 3. Highlight My Keys and click the Add button to create a new Authentication Key.
PAGE 27
Chapter 3 – Client Setup Examples 4. The New Authentication Key screen displays. Click the Create a Preshared Key button. Click Next.
PAGE 28
SSH Sentinel Quick Start Guide 5. The Create a Preshared Key screen displays. • Enter a Name for the key, a shared secret (a secret code), and then confirm the secret code by retyping it. The shared secret needs to match what was entered for the RouteFinder. Example: Key Name = new preshared key Shared Secret = 1o2t3t4f • Click Finish.
PAGE 29
Chapter 3 – Client Setup Examples 6. 7. This step will start with the Key Management tab displayed. • First, click the Apply button at the bottom of the screen. • Then click the Security Policy tab. • On the Security Policy tab, double-click VPN Connection • Click Add. On the Add VPN Connection screen, enter the Security Gateway information. • Click the IP button at the end of the Gateway IP Address field, and enter the public (WAN) IP Address of the RouteFinder (Example: 204.26.122.
PAGE 30
SSH Sentinel Quick Start Guide • Then click the … button at the end of the Remote Network field to enter the Remote Network IP address and the Subnet Mask for the LAN side of the RouteFinder (example: 192.168.2.0 and 255.255.255.0). IP Button … Button 8. After clicking the button in the above dialog box, the Network Editor displays. • Enter the Remote Network IP address and the Subnet mask for the LAN side of the RouteFinder (example: 192.168.2.0 and 255.255.255.0). • Click OK .
PAGE 31
Chapter 3 – Client Setup Examples 9. Now back at the Add VPN Connection screen: Click OK . 10. Now back at the Security Policy tab under the Policy Editor screen: • Highlight the connection you just created (example: 204.26.122.103). • Click the Properties button.
PAGE 32
SSH Sentinel Quick Start Guide 11. The Connection Properties | General screen displays. • Click the Settings button under IPSec / IKE proposal. • Verify that the PFS Group is set to Group 2.
PAGE 33
Chapter 3 – Client Setup Examples 12. Click the Advanced tab. • Check the box for Open on start-up. • Click OK . • Then click OK to close the Rule Properties screen. 13. Now back at the Policy Editor screen: • Click the Apply button. • Double click VPN Connection. • Highlight the connection you just created (example: 204.26.122.103). • Click the Diagnosis button.
PAGE 34
SSH Sentinel Quick Start Guide 14. Sentinel will probe for a connection to the RouteFinder and should be successful. 15. Click the Details button. Details of the newly-created connection display. Verify the connection details information. Click Close.
PAGE 35
Chapter 3 – Client Setup Examples 16. On the Policy Editor screen, click OK to close the SSH Sentinel window. 17. Open a DOS command prompt window and attempt to PING the LAN located behind the RouteFinder. If the PING is successful, the configuration process to connect SSH Sentinel client to a RouteFinder is complete. If PING fails, stop and restart the Sentinel Policy Manager. If it still fails, check cabling and software configuration at both locations.
PAGE 36
SSH Sentinel Quick Start Guide Chapter 4 – Updating and Removing SSH Sentinel Updating SSH Sentinel If you launch the installation package with a previous version of SSH Sentinel software on your computer, the existing version is automatically updated. The contents (i.e., the policies, the rules, the authentication keys, etc.) are preserved. Only the software version is updated. Removing SSH Sentinel Before removing the software, you are advised to do the following: 1.
PAGE 37
Appendix A – Technical Support Appendix A – Technical Support When contacting Multi-Tech, be sure to have your RouteFinder information and details about the functioning of the software. Contacting Technical Support Country Using email By phone France Support@multitech.fr +(33) 1-64 61 09 81 India Support@multitechindia.com +(91) 124-340778 U.K. Support@multitech.co.uk +(44) 118 959 7774 Rest of World Support@multitech.com 800-972-2439 (U.S.
PAGE 38
SSH Sentinel Quick Start Guide Appendix B – SSH Sentinel CD A CD is provided with your purchase of the SSH Sentinel software. The CD contains the SSH Sentinel software, a complete User Guide, a copy of this Quick Start Guide, and the software license agreement. When you insert the CD in your computer's CD-ROM drive, the SSH Sentinel software Install screen displays. If the Program Not Found message displays or if the Auto run feature does not function, click the file Autorun.
PAGE 39
Appendix C – Multi-User Software License Agreement Appendix C – Multi-User Software License Agreement Multi-Tech Systems, Inc. IMPORTANT – READ BEFORE OPENING OR ACCESSING SOFTWARE This is a basic multi-user software license granted by Multi-Tech Systems, Inc., a Minnesota corporation, with its mailing address at 2205 Woodale Drive, Mounds View, MN 55112. This is a legal agreement between you (either an individual or a single entity) and Multi-Tech Systems, Inc.
PAGE 40
Appendix C – Multi-User Software License Agreement accident, abuse, or misapplication. A Software Registration Card must be on file at MTS for this warranty to be in effect. In all other respects, the MTS software is provided AS IS. Likewise, any other software provided with MTS software is provided AS IS. THE FOREGOING WARRANTY IS IN LIEU ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
PAGE 41
Appendix C – Multi-User Software License Agreement The software is furnished to the Licensee as the single site representative for execution and use on as many workstations as that single site contains, for up to 250 users inclusively. Software and manuals may be copied, with the inclusion of the Multi-Tech Systems, Inc., copyright notice, for use within that single site. Additional manuals may be ordered from Multi-Tech Systems, Inc., for a nominal charge.
PAGE 42
PAGE 43
82013152 (C)