Multi-Tech RF550VPN, RF650VPN, SSH Sentinel Quick Start Manual

SSH Sentinel

Quick Start Guide

Quick Start Guide

82013152 Revision C

SSH Sentinel

This publication may not be reproduced, in whole or in part, without prior expressed written
permission from Multi-Tech Systems, Inc. All rights reserved.

Copyright © 2002, by Multi-Tech Systems, Inc.

Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents
hereof and specifically disclaims any implied warranties of merchantability or fitness for any
particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this
publication and to make changes from time to time in the content hereof without obligation of Multi­Tech Systems, Inc. to notify any person or organization of such revisions or changes.

Record of Revisions

Revision Date Description

A 09/07/01 Manual released for SSH Sentinel v1.2.0.15.
B 04/30/02 Manual revised for SSH Sentinel v1.3, added license agreement,

removed the RouteFinder portion of Setup example 3 (it exists in
the RouteFinder Quick Start Guide).

C 10/15/02 Manual revised for SSH Sentinel V.1.4.

Patents

This product is covered by one or more of the following U.S. Patent Numbers: 5.301.274; 5.309.562;

5.355.365; 5.355.653; 5.452.289; 5.453.986. Other Patents Pending.

Trademarks

Trademarks of Multi-Tech Systems, Inc.: Multi-Tech, the Multi-Tech logo, and RouteFinder.
Windows is a registered trademark of Microsoft Corporation in the United States and other
countries. SSH, ssh, SSH Secure Shell, and SSH Sentinel are trademarks or registered
trademarks of SSH Communications Security Corp.
All products or technologies are the trademarks or registered trademarks of their respective
holders.

Multi-Tech Systems, Inc.

2205 Woodale Drive

Mounds View, Minnesota 55112

(763) 785-3500 or (800) 328-9717

Fax 763-785-9874

Tech Support (800) 972-2439

Internet Address: http://www.multitech.com

Contents

Chapter 1 – Introduction and Description...............................................................................1

Internet Protocol (IP) ..............................................................................................................2

Internet Protocol Security (IPSec)...........................................................................................2

About This Manual and Related Manuals.................................................................................3

Ship Kit Contents ...................................................................................................................3

Chapter 2 – SSH Sentinel Client Installation and Setup ..........................................................4

Introduction ...........................................................................................................................4

Pre-Installation Requirements .................................................................................................4

Starting the SSH Sentinel Installation ......................................................................................5

Authentication Key Generation.............................................................................................. 10

Certificate Information .......................................................................................................... 12

Choose the Enrollment Method............................................................................................. 13

Encryption Speed Diagnostics.............................................................................................. 16

Completing the Installation.................................................................................................... 17

Chapter 3 – Client Setup Examples ....................................................................................... 18

LAN to SSH Sentinel Client .................................................................................................. 18

Sentinel Configuration ....................................................................................................... 21

Chapter 4 – Updating and Removing SSH Sentinel ............................................................... 32

Updating SSH Sentinel ...................................................................................................... 32

Removing SSH Sentinel.................................................................................................... 32

Appendix A – Technical Support........................................................................................... 33

Contacting Technical Support ............................................................................................... 33

Recording RouteFinder Information ....................................................................................... 33

Appendix B – SSH Sentinel CD ............................................................................................. 34

Appendix C – Multi-User Software License Agreement......................................................... 35

Chapter 1 – Introduction and Description

Chapter 1 – Introduction and Description

Welcome to world of Internet security. SSH Sentinel is a software product that secures network
communications on a Windows workstation. Network traffic (IP traffic – Internet Protocol) is
protected using the IPSec (Internet Protocol Security) protocol as specified by the Internet
Engineering Task Force (IETF) standards.

SSH Sentinel is an easy-to-use product designed for end users. It allows you to encrypt and
authenticate important network connections, like remote access to corporate networks remote
administration, file transfer, sending and receiving email (SMTP, POP) and IP telephony.

SSH Sentinel is a companion software package for Multi-Tech’s RouteFinders RF650VPN and
RF550VPN.

The RF650VPN is an Internet security appliance that lets you use data encryption and the Internet
to securely connect to telecommuters, remote offices, customers, or suppliers while avoiding the
cost of expensive private leased lines.

The RF550VPN is an Internet security appliance designed for the small branch office or
telecommuter who needs secure access to the corporate LAN.

The SSH Sentinel IPSec VPN Client software is available in 1-, 5-, 10- and 50-user packages. The
RF650VPN provides SSH Sentinel version 1.4 client software (30-day trial version with Static IP
support). It allows client computer connection to the RouteFinders using PSK (Pre Shared Keys) in
a Host-to-Net connection.

Chapter 2 of this manual describes the SSH Sentinel client installation and setup process for the
1-, 5-, 10- or 50-user Sentinel packages with these Multi-Tech product package numbers:

Product Packages Description

RFIPSC-1 SSH Sentinel 1-User License
RFIPSC-5 SSH Sentinel 5-User License
RFIPSC-10 SSH Sentinel 10-User License
RFIPSC-50 SSH Sentinel 50-User License

SSH Sentinel software currently supports the following Microsoft Windows operating systems:
Windows 95, Windows 98, Windows NT4, Windows Me, Windows 2000, and Windows XP.

SSH Sentinel is designed to be a client type IPSec application. The features are designed for a
single user workstation using a single network adapter and the Internet Protocol (IP). SSH Sentinel
supports all network connection types, including dial-up. The product is designed to be secure and
robust, easy to use and quick to adapt to the environment at hand.

Key characteristics include intuitive installation and configuration, as well as an easy way to use
certificates for authentication.

1

SSH Sentinel Quick Start Guide

Internet Protocol (IP)

The open architecture of the Internet Protocol (IP) makes it a highly efficient, cost-effective, and
flexible communications protocol for local and global communications.

IP is widely adopted, not only on the global Internet, but also in the internal networks of large
corporations.

The Internet Protocol was designed to be highly reliable against random network errors. However,
it was not designed to be secure against a malicious attacker. In fact, it is vulnerable to a number of
well-known attacks. This is preventing it from being used to its fullest for business and other
purposes involving confidential or mission-critical data. The most common types of attacks include:

• Eavesdropping on a transmission, for example, looking for passwords, credit card numbers, or
business secrets.

• Taking over communications, or hijacking communications, in such a way that the attacker can
inspect and modify any data being transmitted between the communicating parties.

• Faking network addresses, also known as IP spoofing, in order to fool access control
mechanisms based on network addresses, or to redirect connections to a fake server.

To prevent this misuse and attacks on IP, the Internet Engineering Task Force (IETF) has
developed the Internet Protocol Security (IPSec) protocol suite.

Internet Protocol Security (IPSec)

The Internet Engineering Task Force (IETF) has developed the Internet Protocol Security (IPSec)
protocol suite to prevent misuse and attacks on IP. IETF is an international standards body with
representation from hundreds of leading companies, universities, and individuals developing
Internet-related technologies. Its track record includes the Internet Protocol itself and most of the
other protocols and technologies that form the backbone of the Internet.

The IPSec protocol suite adds security to the basic IP version 4 protocol and is supported by all
leading vendors of Internet products. IPSec is a mandatory part of the next generation of IP
protocol, IP version 6. The IPSec protocol works on the network level. It adds authentication and
encryption to each data packet transmitted. It protects each packet against eavesdropping and
modification and provides authentication of the origin of the packet.

IPSec works independently of any application protocol. Thus, all applications that use IP protocol
for data transfer are equally and transparently protected. IPSec makes it safe to use the Internet for
transmitting confidential data. By doing so, it solves the main obstacle that is slowing down the
adoption of the Internet for business use.

2

Chapter 1 – Introduction and Description

About This Manual and Related Manuals

This Quick Start Guide is intended to provide the experienced client user or system administrator
with the information needed to quickly get the SSH Sentinel software up and running.

The full SSH Sentinel User Guide is provided on the SSH Sentinel CD-ROM included in the
package.

Please address comments about this manual to the Multi-Tech Publications Dept.
Related manuals may include add-on product documentation for options such as the Windows

PPTP client, the E-mail Anti-Virus Upgrade, etc.
This document may contain links to sites on the Internet, which are owned and operated by third

parties. Multi-Tech Systems, Inc. is not responsible for the content of any such third-party site.

Ship Kit Contents

The SSH IPSec Client License Pak is shipped with the following:

• one SSH IPSec Client CD-ROM

• one SSH IPSec Client License

• one printed Quick Start Guide manual

• one Multi-User Software License Agreement

• one Registration Card

If any of these items are missing, contact Multi-Tech Systems or your dealer or distributor. Inspect
the contents for signs of any shipping damage. If damage is observed, do not install the software;
contact Multi-Tech’s Tech Support for advice.

3

SSH Sentinel Quick Start Guide

Chapter 2 – SSH Sentinel Client Installation and
Setup

Introduction

This section describes the SSH Sentinel software, an IPSec client product by SSH
Communications Security Corp, providing secure communications over a TCP/IP connection. The
Sentinel SSH software is used by client devices for secure connection to Multi- Tech‘s
RouteFinders RF650VPN and RF550VPN. The SSH Sentinel client installation and setup
procedures are described in the following sections.

The installation of the SSH Sentinel software is a straightforward process guided by an installation
wizard, and you should be able to complete it without studying this manual. The beginning of this
section describes the first installation of the SSH Sentinel software. During the installation, you
create an authentication key pair and a matching certificate to be used for authentication. However,
if a previous version of the software is already installed on your computer, then launching the
installation only updates the existing software to the new version. The security policy rules and the
authentication keys that you have configured with the previous version of the software are
preserved. You can always remove the software completely and then reinstall it.

Pre-Installation Requirements

SSH Sentinel client software works on the following Microsoft Windows platforms and versions:
Platform Version Build Notes

Windows 95 OSR1, OSR2 Winsock2 required
Windows 98 SE ­Windows NT 4.0 SP3 to SP6 ­Windows Me ­Windows 2000 SP1 ­Windows XP

SSH Sentinel is a client-type implementation of IPSec; it is not IPSec gateway software, even
though some of the Windows platforms are capable of functioning as routers. Before starting SSH
Sentinel client installation, make sure that there are no other IPSec implementations, network
sniffers, NAT applications, firewalls, or third party intermediate network drivers installed. SSH
Sentinel may affect the functionality of such software.

The SSH Sentinel installation requires that you have full access rights for the system files on your
computer. On a Windows NT system, you must log in with administrator rights.

To run the SSH Sentinel client software, you need a personal computer with at least the following
configuration:

• Processor: Pentium 100 MHz

• Memory (RAM): 32 MB for Windows 9x, or 64 MB for Windows NT4/2000

• Hard disk space: 10 megabytes of free disk space

• Network connection: TCP/IP network protocol

• A CD-ROM drive

4

Chapter 2 – SSH Sentinel Client Installation and Setup

Starting the SSH Sentinel Installation

The SSH Sentinel installation requires that you have full access rights for the system files on your
computer. On a Windows NT system, you must log in with administrator rights.

1. Insert the Client CD into the CD-ROM drive. The startup screen displays in your Web browser.

2. Click Install IPSec Client Software.
The File Download screen displays.

• Select Run this program from its current location

• Click OK.

3. The Do you want to install and run screen displays.

• Click Yes.

5

SSH Sentinel Quick Start Guide

4. The SSH Sentinel Setup InstallShield Wizard screen displays.

The self-extracting package automatically initiates InstallShield software to install and set up
SSH Sentinel Client software. On the Installation screen, click Next.

The installer will run the Installation Wizard, which creates the initial configuration and sets up
the SSH Sentinel client software.

Note: If a previous version of the SSH Sentinel software is installed on your computer and you
try to install a new version, the wizard updates the software and the steps described here are
skipped.

6

Chapter 2 – SSH Sentinel Client Installation and Setup

5. When started, the Installation Wizard goes through a sequence of basic installation dialogs,
displaying the licensing agreement and allowing you to select the installation directory and the
program folder. The installation can only be performed on a local computer. Remote
installation of SSH Sentinel is not possible, because the installation program updates kernel
mode components related to networking and remote access.

Click Yes to accept the terms of the agreement.

Note that the installation will terminate immediately if you do not click Yes to accept the
licensing agreement.

7

SSH Sentinel Quick Start Guide

6. The Choose Destination Path displays.

8

Chapter 2 – SSH Sentinel Client Installation and Setup

7. Choose your Destination Path and click Next, then select a destination folder for the SSH
Sentinel icon and click Next>.

Next, the Setup Status screen displays to let you know that SSH Sentinel is performing the
requested operations. Once the operations are complete, the Authentication Key Generation
screen displays.

9