Howto Install and Configure NSREMOTE8

8/2/2019 Howto Install and Configure NSREMOTE8

http://slidepdf.com/reader/full/howto-install-and-configure-nsremote8 1/16

How t o ins ta l l and c onf igure Net sc reen

Rem ot e 8.0 for Roadw arr ior VPN (x .509)

fo r secure connec t ion t o Trust i x™Ent erpr ise Fi rew al l 4

- 1 -



- 2 -

Table of contents

Chapter 1 - Installing NS Remote 8.0 VPN Client .................................................................... 31.2 System prerequisites......................................................................................................... 3

1.2 Installation........................................................................................................................ 4Chapter 2 – Configuring VPN Client for Trustix Firewall 3.0 .................................................. 8

2.1 Adding your VPN certificates.......................................................................................... 8

2.2 Creating the Connection Policy...................................................................................... 11A. Notices........................................................................................................................... 16

NOTE:Before using this information and the product it supports, be sure to read the general

information under ”Appendix A – Notices”, page 16.



- 3 -

Chapter 1 - Installing NS Remote 8.0 VPN ClientNetScreen Remote 8.0 is a virtual private network (VPN) client that you can use tocommunicate securely over the Internet. NetScreen Remote is certified by the International

Computer Security Association (ICSA) as an IPSec-compliant VPN solution.

NetScreen Remote starts automatically each time the computer starts and will runtransparently at all times, unless specifically configured otherwise.

This chapter describes following topics:

• System prerequisites

• Installation

1.2 System prerequisites

System Requirements:IBM compatible computer with a Pentium (or equivalent) processorMicrosoft Windows 95/98, ME, Windows NT 4.0, Windows 2000, Windows XP

35 MB hard disk space, 40 MB for NetScreen-Remote Security Client16 MB RAM for Windows 95/98

32 MB RAM for Windows 98/NT64 MB for Windows ME/2000/XPEthernet or Wireless Ethernet interface with

NDIS compliant driver and/or dial-up networkingusing an internal or external modem, ISDN

adapter or PPPOE adapter

Standards and RFCs Supported

L2TP: Layer 2 Tunneling Protocol (RFC2661)ESP and AH: Encapsulating Security Payload and Authentication Header (RFC2406, 2402)

IKE (ISAKMP/Oakley): Internet Key Exchange (RFC2407-2409)PPPoE: PPP over Ethernet (RFC2516)NAT traversal (draft-ietfipsec-nat-t- ike, draft-ietfipsec-udp-encaps-main)

X.509 v3 certificates: (RFC2459)CEP: Certificate Enrollment Protocol

PKCS #7: Cryptographic Message Syntax Standard (RFC2315)PKCS #10: Certification Request Syntax Standard (RFC2986)PKCS #12: Personal Information Exchange Syntax Standard

MSCAPI: Microsoft Certificate API

Certifications

ICSA IPSecICSA PC Firewall (NetScreen-Remote Security Client)

FIPS PUB 46-1: Data Encryption StandardFIPS PUB 180-1: Secure Hash StandardFIPS 140-1: Cryptographic Modules



- 4 -

1.2 Installation

Make sure that you have uninstalled any earlier versions of NetScreen Remote before

proceeding with this installation.

1. Insert the NetScreen Remote 8.0 CD-Rom into your laptop or home computer. AHTML cover page appears and it contains important information that you should read,as well as a link to the release notes. These notes describe, among other things,compatibility and known and addressed software issues.

2. Start “Windows Explorer” as seen in figure 1 and double-click on the “Setup.exe”.

Figure 1. Locating “Setup.exe” in order to begin installing the NS Remote 8.0.

3. The Install Shield Wizard starts, as shown in figure 2.

Figure 2. NS Remote 8.0 Welcome screen, click “Next” to continue.



- 5 -

4. The Software License Agreement appears, as shown in figure 3. After reading the

Agreements, click “Yes” to continue.

Figure 3. Software License Agreement, click “Yes” to continue.

5. The Setup Type appears, as shown in figure 4. Chose “Custom” and then “Next” tocontinue.

Figure 4. Chose “Custom” Setup Type and click “Next” to proceed.



- 6 -

6. The Select Components appears, as shown in figure 5. Chose components as seen in

figure 5.

Figure 5. Chose components and click “Next” to proceed.

7. The Setup Start Copying Files appears, as shown in figure 6.

Figure 6. Start Copying Files, click “Next” to proceed.



- 7 -

8. The NetScreen Remote 8.0 files will be installed onto your system. When the install

procedure has successfully completed, your computer needs to be restarted in order tosuccessfully start NetScreen Remote.

The NetScreen Remote icon will appear in the right corner of your Windows task bar,

as seen in figure 7, when the computer have been restarted.

Figure 7. NetScreen Remote icon.



- 8 -

Chapter 2 – Configuring VPN Client for Trustix Firewall 3.0To start using NetScreen Remote 8.0 for use with Trustix Firewall one must first importneeded x.509 certificates into NetScreen Remote and then create a Connection Policy.

This chapter describes following topics:

• Importing the needed certificates into NetScreen Remote

• Creating a Connection Policy with NetScreen Remote

2.1 Adding your VPN certificates

The first thing you need to do is to export the certificates from the Trustix Firewall, using theTrustix Firewall management client. You will need the root certificate (CA) exported as *.cserfile, and you will need the user certificate (PKCS#12) exported as *.p12 along with a

password.

When you have these certificates copied onto your client computer, where NetScreen Remote8.0 is installed, you should start the Certificate Manager as seen in figure 8 below.

1. Right-click over the NetScreen Remote icon and start Certificate Manager as seen infigure 8.

Figure 8. Starting the Certificate Manager.



- 9 -

2. Start to import the (PKCS#12) user certificate using the Certificate Manager “My

Certificates”, as shown in figure 9.

Figure 9 Start importing the user certificate by clicking on “Import Certificate”.

3. Locate the (PKCS#12) user certificate and enter the password, as shown in figure 10.Answer “Yes” to “Add” this certificate when asked.

Figure 10. Locating and filling in a valid password for user certificate.



- 10 -

4. Start to import the (CA) certificate using the Certificate Manager “Root CA

Certificates”, as shown in figure 11.

Figure 11. Start importing the (CA) certificate by clicking on “Import Certificate”.

5. Locate the (CA) certificate and click import, as shown in figure 11.Answer “Yes” to “Add” this certificate when asked.

Figure 11. Locating and importing the (CA) certificate.

Now the needed certificates should have been imported successfully and the next step wouldbe to create a Connection Policy using the NetScreen Remote, see chapter 2.2.



- 11 -

2.2 Creating the Connection Policy

Assuming that you have imported the needed certificates into NetScreen Remote, as describedin chapter 2.1, one can proceed by starting the Policy Editor in order to create a Connection

Policy, as seen in figure 12 below.

1. Double-click on the NetScreen Remote icon in the Windows task bar, as shown infigure 12 below.

Figure 12. Double-click on NetScreen Remote icon to start Policy Editor.

2. Right-click over “My Connection” to “Add” a new “Connection”, as shown in figure

13 below.

Figure 13. Starting to create a new Connection using the Policy Editor.



- 12 -

3. A new window inside “Policy Editor” appears, as seen in figure 14. Give the new

connection a proper name and continue filling in the proper values in “Remote PartyIdentity and Addressing”.

Figure 14. Configuring the new “Corporate LAN” connection.

4. Important entries that needs to be configured:

ID Type: This has to be set to IP Subnet

Subnet: This is the local network address behind the remote Trustix Firewall.

Mask: Subnet mask for the local network behind the remote Trustix Firewall.

Connect using: This has to be selected and set to Secure Gateway Tunnel.

ID Type: This has to be set to Distinguished Name , and you can use Gateway

Hostname or Gateway IP address depending on the info you have aboutthe remote Trustix Firewall, and then fill in the IP or Hostname

(fw.Trustix.com).

Edit name: When you click on this button, a new window appears, as shown in

figure 15 on following page.



- 13 -

Figure 15. Edit Distinguished Name.

It’s very important that you fill in the “Name” field with “connection”.This is a reference to a certificate that should have been created on theTrustix Firewall by the administrator.

5. Now click on the “My Identity” in the Policy Editor, as shown in figure 16.

Figure 16. Select proper (PKCS#12) user certificate under “My Identity”.



- 14 -

6. Then click on the “Security Policy” in the Policy Editor, as shown in figure 17.

Figure 17. Make sure that “Security Policy” is similar to this figure.

7. Configure “Authentication (Phase 1) – Proposal 1” as shown in figure 20.

Figure 20. Make sure that your configuration is similar to this figure.



- 15 -

8. Configure “Key Exchange (Phase 2) – Proposal 1” as shown in figure 21.

Figure 21. Make sure that your configuration is similar to this figure.

9. Now you should save your setting before making them active. This can be done byaccessing the menu system of the Policy Editor; “File – Save Changes”.

10. Now try to “Reload Security Policy” by right-clicking over the NetScreen Remote

icon as shown in figure 22.

Figure 22. Reloading the newly saved Security Policy.



- 16 -

Try to access a host behind the remote Trustix Firewall over the VPN tunnel and you’ll

see a green “light” over the NetScreen Remote icon when the VPN tunnel has beenestablished.

A. Notices

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THISHOWTO IS SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS HOWTO ARE BELIEVED TOBE ACCURATE, BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED, USERS MUST TAKE FULL RESPONSIBILITY FOR THEIRAPPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED

WARRANTY FOR THE COMPANYING PRODUCT ARE SET FORTH IN THEINFORMATION PACKET SHIPPED WITH THE PRODUCT, AND AREINCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO

LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACTTRUSTIX OR A TRUSTIX REPRESENTATIVE FOR A COPY.

Copyright © 2003 by Trustix AS.

All rights reserved. No part of the contents of this how-to may be reproduced or transmittedin any form or by any means without prior written permission of Trustix AS.

Trustix and Trustix Firewall are trademarks of Trustix AS. All other brands and productnames are trademarks or registered trademarks of their respective holders.

Documents

Howto Install and Configure NSREMOTE8