Communicating Using SKIP

Complete the following steps to set these fields for encrypted traffic between your server and the system to be authorized.

1. After selecting the type of system and setting the security to SKIP, enter the Hostname.

2. Set the Secure button to either Whole packet (`tunnel mode") or Data only ("transport mode").

   Whole packet is recommended because it offers a greater degree of security.

3. Set the Tunnel address, if you are using topology hiding.

   Tunnel addressing is generally used for clients of encrypted gateways where the IP address of the host entered here serves as the intermediary for any or all hosts on a network whose topography is to remain unknown or hidden from the rest of the world.

4. Use the Remote Key ID button to select whether you would like the remote system's keyID included in SKIP packets.

   If so, what namespace does that key occupy. By selecting Not Present, the receiver key ID is not sent.

   Not Present is the default. It uses the IP address of the remote system to identify its certificate. If a remote system has a key ID other than identified by its IP address, set the namespaces and indicate the remote system's key ID in the ID Field. The namespace indicated in the Remote Key ID field is determined by the type of certificate that is used or obtained for this system. The type of certificate and the Remote Key ID field for that certificate is shown below

   Certificate Type	Remote Key ID Field
   CA (Sun or other)	IPv4
   Self-generated unsigned key	MD5 (DH Public Value)

5. The following namespaces are used in this menu:

   Not present

   IPv4 Address

   MD5 (DH public Value)

6. If the Remote Key ID field has been set to something other than Not Present, enter the key ID in hexadecimal format in the ID field (0x0a000000).

   It must contain the appropriate key ID for the system that is being authorized based upon the selection made in the Remote Key ID field. Depending on the type of certificate, this information may be obtained from the master keyID on the diskette or from the Local key ID field of the other host.

7. Select the appropriate key and traffic algorithms for the Key and Traffic encryption buttons.

   Available Key encryption is None, DES_CBC, and RC2-40. Available Traffic encryption is None, RC4-40, and RC2-40.

8. Authentication button.

   Use the authentication button to select the type of authentication for the packets. Currently, SunScreen SKIP supports only one type of authentication--MD5. You can also select None for no authentication.

9. Compression button.

   Compression is not available at this time.