test

SunScreen SKIP User's Guide, Release 1.1

Adding Authorized Systems with Encryption

  1. Click and hold on the Add button at the bottom of the authorized systems list on skiptool's Main Window.

  2. Select the type of connection being authorized: Host, Network, or Nomadic.

  3. Pull right on the type of connection and select the type of encryption that you want to use.

    • If the remote host system also uses SKIP and the traffic between your systems is to be encrypted, select SKIP.

    • For systems using Sun Microsystems' SunScreen SPF-100, select SKIP Version 1.

    • If ESP/AH (manual keying) is to be used, click on ESP/AH.

  4. On the Add properties window, enter the name or IP address of the host system to be added to your ACL.

  5. Determine whether Whole packet ("tunnel mode") or Data only ("transport mode") is secure by clicking on the appropriate selection for the Secure button.

  6. Each type of encryption requires that certain options be set.

    The parameters selected are determined by the type of system being authorized and your security policies. The options to be considered are based on the method of encryption selected. They are

    • For systems using SKIP: Tunnel address, Remote Key ID, Local Key ID. If you leave the tunnel address blank, it will default to the peer's address.

    • For SKIP Version 1: Key ID, Tunnel address.

    • For ESP/AH systems: Tunnel address, Local SPI, Remote SPI.

  7. Select the appropriate algorithms buttons for Key encryption, Traffic encryption, and Authentication.

    The options available for each system are based upon the method of encryption selected from the Security pop-up menu:

    • Key Encryption button: Selecting this button lists the available key encryption algorithms. The algorithm available is determined by the type of system and selected method of encryption.

    • Traffic Encryption button: Selecting this button lists the algorithms available for encryption between your system and the remote system. The algorithms that are available for key and traffic encryption depend on the packages that were installed on the system, such as core product and key upgrades. The algorithms available determine the type of system and the method of encryption selected.

    • Authentication button: Use this button to select the type of authentication for the packets.

    • Compression button: Compression is not currently supported.

  8. Click Apply to add the host to the authorized systems list.

    Refer to the previous section for descriptions of the fields and buttons.

    Repeat Steps 1 though 8 for all encrypted hosts. Remember that your policy options for each system entered on your ACL must be the same as those entered on the system entity with which you wish to communicate through encrypted channels. If the configuration on your system does not match that of the party with which you wish to communicate, the packets are silently dropped. It will simply appear as though that host no longer exists.

Default System Entry

The default system entry is used when no other more specific ACL entry matches a host. Often, this entry is set to clear to allow hosts that are not listed in the ACL to communicate in the clear. It may, however, be used to create a default encryption rule.

Note -

If the default ACL remains and is set to Off, it is unnecessary to add any entity with the Off security option. Further, if the default ACL remains and is set to Off, the option set by the Unauthorized Systems button never goes into effect because all systems are considered as authorized.