Private/public keys for ipsec authentication, Problem notification – Enterasys Networks Network Card User Manual
Page 90
78
RiverMaster Administrator’s Guide
Before You Begin
Chapter 4
Setting Up Aurorean Services
Private/Public Keys for IPSec Authentication
Aurorean users who tunnel into your network using the IPSec protocol also
require an El Gamal public key for authentication. The key is an embedded
piece of data used to encrypt and decrypt packets exchanged between
Aurorean Client and the Aurorean Network Gateway. A pair of keys, one
private and one public, are generated and saved on the APS.
The public key is included in the Aurorean Client installation kit you build
and distribute for your remote users (as described in Chapter 6). The
exchange of keys is handled entirely by the Aurorean Client application; the
user does not need to know or type the public key.
However, if the private key on the APS becomes compromised, you may need
to regenerate the private/public key pair and distribute files with the new
public key to your remote users. Without the current public key, IPSec users
will be unable to tunnel into the network. For instructions on generating a
new private/public key pair, refer to “Generating Private/Public Keys” on
page 91.
Problem Notification
The Notification service that runs on both the Management and Tunnel
servers generate messages when the server experiences operational difficulty.
The events that trigger these messages fall into three categories:
H Alarms notify you when a significant error occurs with a service
running on a Aurorean Virtual Network system or a general system
problem that is preventing the server from operating normally.
H Alerts occur when an error count threshold has been crossed and an
alarm condition is imminent.
H A Problem Notification typically indicates a remote client connection
problem which Aurorean Client’s Prescriber feature diagnosed.
These messages appear in the View System Activity pullout and advanced
message viewer (as described in Chapter 7) and can also be retrieved from
system reports (as described in Chapter 8). For immediate notification when
one of these events occurs, the APS can send E-mail to one or more persons