User Guide
Page 1
VPN Connection to Nokia CryptoCluster 500 VPN Gateway 11 December 2002 This document explains how to configure a virtual private network connection over an open network from a remote host running SSH Sentinel to a private network protected by a Nokia CryptoCluster 500 VPN gateway.
VPN Connection to Nokia CryptoCluster 500 VPN Gateway 11 December 2002 This document explains how to configure a virtual private network connection over an open network from a remote host running SSH Sentinel to a private network protected by a Nokia CryptoCluster 500 VPN gateway.
User Guide
Page 3
CONTENTS 3 Contents 1 VPN Connection to Nokia CryptoCluster 500 VPN Gateway 5 1.1 Introduction 5 1.1.1 Further Information 5 1.1.2 Platform Requirements 5 1.2 Configuring Nokia CryptoCluster 500 6 1.2.1 Prerequisites 6 1.2.2 Enabling Client Access in CryptoCluster 6 1.3 Configuring SSH Sentinel 9 1.3.1 Prerequisites 9 1.3.2 Creating the VPN Rule 9 1.4 Troubleshooting 11 VPN with SSH Sentinel and Nokia CryptoCluster c 2002 SSH Communications Security Corp.
CONTENTS 3 Contents 1 VPN Connection to Nokia CryptoCluster 500 VPN Gateway 5 1.1 Introduction 5 1.1.1 Further Information 5 1.1.2 Platform Requirements 5 1.2 Configuring Nokia CryptoCluster 500 6 1.2.1 Prerequisites 6 1.2.2 Enabling Client Access in CryptoCluster 6 1.3 Configuring SSH Sentinel 9 1.3.1 Prerequisites 9 1.3.2 Creating the VPN Rule 9 1.4 Troubleshooting 11 VPN with SSH Sentinel and Nokia CryptoCluster c 2002 SSH Communications Security Corp.
User Guide
Page 5
... setting up a Nokia CryptoCluster 500 (CC500) VPN gateway to the Nokia CryptoCluster 500 (CC500) VPN Gateway documentation. 1.1.1 Further Information SSH Sentinel User Manual SSH Sentinel support: http://www.ipsec.com. 1.1.2 Platform Requirements The interoperability between SSH Sentinel and Nokia CryptoCluster 500 has been tested using the following components: SSH Sentinel VPN client v1.4 Nokia CryptoCluster 500 (CC500) VPN gateway, kernel version 4.0(102) Nokia VPN Policy Manager...
... setting up a Nokia CryptoCluster 500 (CC500) VPN gateway to the Nokia CryptoCluster 500 (CC500) VPN Gateway documentation. 1.1.1 Further Information SSH Sentinel User Manual SSH Sentinel support: http://www.ipsec.com. 1.1.2 Platform Requirements The interoperability between SSH Sentinel and Nokia CryptoCluster 500 has been tested using the following components: SSH Sentinel VPN client v1.4 Nokia CryptoCluster 500 (CC500) VPN gateway, kernel version 4.0(102) Nokia VPN Policy Manager...
User Guide
Page 6
... Certificates. You can be created under Gateway Properties - 6 Chapter 1. VPN with SSH Sentinel and Nokia CryptoCluster Note: The client certificate used by SSH Sentinel needs to Nokia CryptoCluster 500 VPN Gateway 1.2 Configuring Nokia CryptoCluster 500 1.2.1 Prerequisites It is assumed that the initial gateway installation has been performed and that an external certi...
... Certificates. You can be created under Gateway Properties - 6 Chapter 1. VPN with SSH Sentinel and Nokia CryptoCluster Note: The client certificate used by SSH Sentinel needs to Nokia CryptoCluster 500 VPN Gateway 1.2 Configuring Nokia CryptoCluster 500 1.2.1 Prerequisites It is assumed that the initial gateway installation has been performed and that an external certi...
User Guide
Page 7
... 1.2 (CryptoCluster Encryption and Integrity settings)): Figure 1.2: CryptoCluster Encryption and Integrity settings 4. On the left pane of the of the Gateway Properties window, select Client Access. Select Encryption and Integrity as the IPSec policy. 3. Select Edit to modify an existing IKE policy... network you define later in this example, root). 2. Please note that suits your needs. Click Advanced... VPN with SSH Sentinel and Nokia CryptoCluster c 2002 SSH Communications Security Corp. Click Edit to create a new one. 1.2. Select the certification ...
... 1.2 (CryptoCluster Encryption and Integrity settings)): Figure 1.2: CryptoCluster Encryption and Integrity settings 4. On the left pane of the of the Gateway Properties window, select Client Access. Select Encryption and Integrity as the IPSec policy. 3. Select Edit to modify an existing IKE policy... network you define later in this example, root). 2. Please note that suits your needs. Click Advanced... VPN with SSH Sentinel and Nokia CryptoCluster c 2002 SSH Communications Security Corp. Click Edit to create a new one. 1.2. Select the certification ...
User Guide
Page 8
Apply Changes in Figure 1.5 (CryptoCluster Client Access settings): Figure 1.5: CryptoCluster Client Access settings 10. VPN with SSH Sentinel and Nokia CryptoCluster Take the new settings into use by selecting Actions - 8 Chapter 1. Enable Allow clients to Nokia CryptoCluster 500 VPN Gateway Figure 1.4: CryptoCluster IKE Policy settings 9. c 2002 SSH Communications Security Corp. VPN Connection to connect using certificate based authentication, and add a new Certificate Clients entry as shown in the Policy Manager main menu.
Apply Changes in Figure 1.5 (CryptoCluster Client Access settings): Figure 1.5: CryptoCluster Client Access settings 10. VPN with SSH Sentinel and Nokia CryptoCluster Take the new settings into use by selecting Actions - 8 Chapter 1. Enable Allow clients to Nokia CryptoCluster 500 VPN Gateway Figure 1.4: CryptoCluster IKE Policy settings 9. c 2002 SSH Communications Security Corp. VPN Connection to connect using certificate based authentication, and add a new Certificate Clients entry as shown in the Policy Manager main menu.
User Guide
Page 9
... that a client certificate is already present in SSH Sentinel and that is 192.168.1.0./255.255.255.0, create VPN with SSH Sentinel and Nokia CryptoCluster c 2002 SSH Communications Security Corp. For detailed instructions, see the SSH Sentinel User Manual. The CA certifi... not used in the SubjectAltName field. In addition, you need to create a new VPN connection rule. For example, if the network behind the gateway is protcted by the CryptoCluster gateway. For detailed instructions, see the SSH Sentinel User Manual. Certification Authorities on the Key...
... that a client certificate is already present in SSH Sentinel and that is 192.168.1.0./255.255.255.0, create VPN with SSH Sentinel and Nokia CryptoCluster c 2002 SSH Communications Security Corp. For detailed instructions, see the SSH Sentinel User Manual. The CA certifi... not used in the SubjectAltName field. In addition, you need to create a new VPN connection rule. For example, if the network behind the gateway is protcted by the CryptoCluster gateway. For detailed instructions, see the SSH Sentinel User Manual. Certification Authorities on the Key...
User Guide
Page 10
... proposal - Integrity function: HMAC-SHA-1 - IKE group: MODP 1024 (group 2) IPSec proposal - IPSec mode: tunnel - VPN with SSH Sentinel and Nokia CryptoCluster IKE mode: main mode - Figure 1.7: The general properties of the VPN connection 2. button to Nokia CryptoCluster 500 VPN Gateway this network entry in the Network Editor (click the ... PFS group: MODP 1024 (group 2). 10...
... proposal - Integrity function: HMAC-SHA-1 - IKE group: MODP 1024 (group 2) IPSec proposal - IPSec mode: tunnel - VPN with SSH Sentinel and Nokia CryptoCluster IKE mode: main mode - Figure 1.7: The general properties of the VPN connection 2. button to Nokia CryptoCluster 500 VPN Gateway this network entry in the Network Editor (click the ... PFS group: MODP 1024 (group 2). 10...