beautypg.com

Private/public keys for ipsec authentication, Problem notification – Enterasys Networks Network Card User Manual

Page 90

background image

78

RiverMaster Administrator’s Guide

Before You Begin

Chapter 4

Setting Up Aurorean Services

Private/Public Keys for IPSec Authentication

Aurorean users who tunnel into your network using the IPSec protocol also
require an El Gamal public key for authentication. The key is an embedded
piece of data used to encrypt and decrypt packets exchanged between
Aurorean Client and the Aurorean Network Gateway. A pair of keys, one
private and one public, are generated and saved on the APS.

The public key is included in the Aurorean Client installation kit you build
and distribute for your remote users (as described in Chapter 6). The
exchange of keys is handled entirely by the Aurorean Client application; the
user does not need to know or type the public key.

However, if the private key on the APS becomes compromised, you may need
to regenerate the private/public key pair and distribute files with the new
public key to your remote users. Without the current public key, IPSec users
will be unable to tunnel into the network. For instructions on generating a
new private/public key pair, refer to “Generating Private/Public Keys” on
page 91.

Problem Notification

The Notification service that runs on both the Management and Tunnel
servers generate messages when the server experiences operational difficulty.
The events that trigger these messages fall into three categories:

H Alarms notify you when a significant error occurs with a service

running on a Aurorean Virtual Network system or a general system
problem that is preventing the server from operating normally.

H Alerts occur when an error count threshold has been crossed and an

alarm condition is imminent.

H A Problem Notification typically indicates a remote client connection

problem which Aurorean Client’s Prescriber feature diagnosed.

These messages appear in the View System Activity pullout and advanced
message viewer (as described in Chapter 7) and can also be retrieved from
system reports (as described in Chapter 8). For immediate notification when
one of these events occurs, the APS can send E-mail to one or more persons

See also other documents in the category Enterasys Networks Hardware: