Académique Documents
Professionnel Documents
Culture Documents
-1-
Table of contents
Chapter 1 - Installing NS Remote 8.0 VPN Client .................................................................... 3 1.2 System prerequisites......................................................................................................... 3 1.2 Installation........................................................................................................................ 4 Chapter 2 Configuring VPN Client for Trustix Firewall 3.0 .................................................. 8 2.1 Adding your VPN certificates.......................................................................................... 8 2.2 Creating the Connection Policy...................................................................................... 11 A. Notices ........................................................................................................................... 16
NOTE: Before using this information and the product it supports, be sure to read the general information under Appendix A Notices, page 16.
-2-
-3-
1.2 Installation
Make sure that you have uninstalled any earlier versions of NetScreen Remote before proceeding with this installation. 1. Insert the NetScreen Remote 8.0 CD-Rom into your laptop or home computer. A HTML cover page appears and it contains important information that you should read, as well as a link to the release notes. These notes describe, among other things, compatibility and known and addressed software issues. 2. Start Windows Explorer as seen in figure 1 and double-click on the Setup.exe.
Figure 1. Locating Setup.exe in order to begin installing the NS Remote 8.0. 3. The Install Shield Wizard starts, as shown in figure 2.
4. The Software License Agreement appears, as shown in figure 3. After reading the Agreements, click Yes to continue.
5. The Setup Type appears, as shown in figure 4. Chose Custom and then Next to continue.
-5-
6. The Select Components appears, as shown in figure 5. Chose components as seen in figure 5.
-6-
8. The NetScreen Remote 8.0 files will be installed onto your system. When the install procedure has successfully completed, your computer needs to be restarted in order to successfully start NetScreen Remote. The NetScreen Remote icon will appear in the right corner of your Windows task bar, as seen in figure 7, when the computer have been restarted.
-7-
-8-
2. Start to import the (PKCS#12) user certificate using the Certificate Manager My Certificates, as shown in figure 9.
3. Locate the (PKCS#12) user certificate and enter the password, as shown in figure 10. Answer Yes to Add this certificate when asked.
Figure 10. Locating and filling in a valid password for user certificate.
-9-
4. Start to import the (CA) certificate using the Certificate Manager Root CA Certificates, as shown in figure 11.
Figure 11. Start importing the (CA) certificate by clicking on Import Certificate.
5. Locate the (CA) certificate and click import, as shown in figure 11. Answer Yes to Add this certificate when asked.
Now the needed certificates should have been imported successfully and the next step would be to create a Connection Policy using the NetScreen Remote, see chapter 2.2.
- 10 -
1. Double-click on the NetScreen Remote icon in the Windows task bar, as shown in figure 12 below.
Figure 13. Starting to create a new Connection using the Policy Editor.
- 11 -
3. A new window inside Policy Editor appears, as seen in figure 14. Give the new connection a proper name and continue filling in the proper values in Remote Party Identity and Addressing.
4. Important entries that needs to be configured: ID Type: Subnet: Mask: This has to be set to IP Subnet This is the local network address behind the remote Trustix Firewall. Subnet mask for the local network behind the remote Trustix Firewall.
Connect using: This has to be selected and set to Secure Gateway Tunnel. ID Type: This has to be set to Distinguished Name , and you can use Gateway Hostname or Gateway IP address depending on the info you have about the remote Trustix Firewall, and then fill in the IP or Hostname (fw.Trustix.com). When you click on this button, a new window appears, as shown in figure 15 on following page.
Edit name:
- 12 -
Figure 15. Edit Distinguished Name. Its very important that you fill in the Name field with connection. This is a reference to a certificate that should have been created on the Trustix Firewall by the administrator.
5. Now click on the My Identity in the Policy Editor, as shown in figure 16.
- 13 -
6. Then click on the Security Policy in the Policy Editor, as shown in figure 17.
Figure 17. Make sure that Security Policy is similar to this figure.
Figure 20. Make sure that your configuration is similar to this figure.
- 14 -
Figure 21. Make sure that your configuration is similar to this figure. 9. Now you should save your setting before making them active. This can be done by accessing the menu system of the Policy Editor; File Save Changes. 10. Now try to Reload Security Policy by right-clicking over the NetScreen Remote icon as shown in figure 22.
- 15 -
Try to access a host behind the remote Trustix Firewall over the VPN tunnel and youll see a green light over the NetScreen Remote icon when the VPN tunnel has been established.
A. Notices
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS HOWTO IS SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS HOWTO ARE BELIEVED TO BE ACCURATE, BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE COMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET SHIPPED WITH THE PRODUCT, AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT TRUSTIX OR A TRUSTIX REPRESENTATIVE FOR A COPY. Copyright 2003 by Trustix AS. All rights reserved. No part of the contents of this how-to may be reproduced or transmitted in any form or by any means without prior written permission of Trustix AS. Trustix and Trustix Firewall are trademarks of Trustix AS. All other brands and product names are trademarks or registered trademarks of their respective holders.
- 16 -