Table of Contents
Advertisement
1.3. Configuring SSH Sentinel
1.3 Configuring SSH Sentinel
1.3.1 Prerequisites
It is assumed that a client certificate is already present in SSH Sentinel and that it contains an e-mail address
in the SubjectAltName field. In addition, you need to add the CA certificate under Trusted Certificates
- Certification Authorities on the Key Management page. For detailed instructions, see the SSH Sentinel
User Manual.
The CA certificate properties should be as shown in Figure 1.6 (Certificate properties of the CA certificate)
since CRLs are not used in this example configuration:
1.3.2 Creating the VPN Rule
1. On the Security Policy page of the Policy Editor, select VPN Connections and click Add to create a
new VPN connection rule. For detailed instructions, see the SSH Sentinel User Manual. Specify the
following values (see Figure 1.7 (The general properties of the VPN connection)):
Security gateway: the IP address of the gateway
Remote network: a network that matches the host group that is protcted by the CryptoCluster
gateway. For example, if the network behind the gateway is 192.168.1.0./255.255.255.0, create
VPN with SSH Sentinel and Nokia CryptoCluster
Figure 1.6: Certificate properties of the CA certificate
c 2002 SSH Communications Security Corp.
9
Hide quick links:
Advertisement
Table of Contents
