Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
2
Replies

IPsec between one sensor and two directors

d.beppu
Level 1
Level 1

‎08-19-2002 12:49 AM - edited ‎02-21-2020 12:00 PM

Hello,

I would like to install two Solaris directors for redundancy.

Then, one sensor sends its alerts to the two directors.

Also, I want to use IPsec communications between

sensors and directors.

Can we set up sysconfig-sensor so that one sensor can

communicate with two directors using IPsec?

If we can do it, how can we set up sysconfig-sensor?

Could you please show me some sample sysconfig-sensor

configurations, especailly about SPI values ?

Thank you.

Daiichiro Beppu

NTT DATA SECURITY CORPORATION

Japan

Labels:
0 Helpful
2 Replies 2

deva
Level 1
Level 1

‎08-19-2002 07:08 AM

Hi,

There is no direct way of doing it (that is the User interface will not allow you to configure the IPSEC parameters for two directors). But however we could achieve the same result in an indirect way.

Please run the sysconfig-sensor and configure IPSEC parameters for the first director (and as you know, sysconfig-director needs to be run at the first director also).

Now at the sensor, Open the following files

/etc/serial/ipsecconfstore.txt

/etc/serial/ipseckeystore.txt

Under these files you will find entries for the director1 and sensor. You need to add similar configuration lines for the other director (director2). Just add similar lines and change the ip address to reflect the second director.

For example,

1) if the file /etc/serial/ipsecconfstore.txt consists of

{ saddr 10.10.10.5 daddr 4.3.4.4 } apply { encr_auth_algs md5 encr_algs des dir

out sa shared }

{ saddr 4.3.4.4 daddr 10.10.10.5 } permit { encr_auth_algs md5 encr_algs des dir in sa shared }

(Where Sensor IP : 10.10.10.5 and director1 address : 4.3.4.4)

Create two more lines as below ( if the ip add director2 is 4.3.4.5).

{ saddr 10.10.10.5 daddr 4.3.4.5 } apply { encr_auth_algs md5 encr_algs des dir out sa shared }

{ saddr 4.3.4.4 daddr 10.10.10.5 } permit { encr_auth_algs md5 encr_algs des dir in sa shared }

2) And if the file /etc/serial/ipseckeystore.txt consists of

add esp spi 0x200 srcaddr 10.10.10.5 dstaddr 4.3.4.4 authalg md5 authkey 2301ac46defab6327498545108a537bc encralg des encrkey 90890d4671b6afe6

add esp spi 0x100 srcaddr 4.3.4.4 dstaddr 10.10.10.5 authalg md5 authkey 749ac75ef398bc289dfeec436a5b8d1e encralg des encrkey f39061ac38c3e26b

Create two more lines as below (if the ip add director2 is 4.3.4.5):

add esp spi 0x200 srcaddr 10.10.10.5 dstaddr 4.3.4.5 authalg md5 authkey 2301ac46defab6327498545108a537bc encralg des encrkey 90890d4671b6afe6

add esp spi 0x100 srcaddr 4.3.4.5 dstaddr 10.10.10.5 authalg md5 authkey 749ac75ef398bc289dfeec436a5b8d1e encralg des encrkey f39061ac38c3e26b

You can create the SPI values at the sysconfig-sensor itself. Or you could modify the fourth field under /etc/serial/ipseckeystore.txt file as you want.

Please let me know how that goes.

Thanks

Deva

0 Helpful

d.beppu
Level 1
Level 1
In response to deva

‎08-19-2002 04:00 PM

Hi,

Thank you very much for your detail instructions.

I will try this way.

Regards,

Daiichiro Beppu

NTT DATA SECURITY CORPORATION

Japan

0 Helpful
Customers Also Viewed These Support Documents