08-19-2002 12:49 AM - edited 02-21-2020 12:00 PM
Hello,
I would like to install two Solaris directors for redundancy.
Then, one sensor sends its alerts to the two directors.
Also, I want to use IPsec communications between
sensors and directors.
Can we set up sysconfig-sensor so that one sensor can
communicate with two directors using IPsec?
If we can do it, how can we set up sysconfig-sensor?
Could you please show me some sample sysconfig-sensor
configurations, especailly about SPI values ?
Thank you.
Daiichiro Beppu
NTT DATA SECURITY CORPORATION
Japan
08-19-2002 07:08 AM
Hi,
There is no direct way of doing it (that is the User interface will not allow you to configure the IPSEC parameters for two directors). But however we could achieve the same result in an indirect way.
Please run the sysconfig-sensor and configure IPSEC parameters for the first director (and as you know, sysconfig-director needs to be run at the first director also).
Now at the sensor, Open the following files
/etc/serial/ipsecconfstore.txt
/etc/serial/ipseckeystore.txt
Under these files you will find entries for the director1 and sensor. You need to add similar configuration lines for the other director (director2). Just add similar lines and change the ip address to reflect the second director.
For example,
1) if the file /etc/serial/ipsecconfstore.txt consists of
{ saddr 10.10.10.5 daddr 4.3.4.4 } apply { encr_auth_algs md5 encr_algs des dir
out sa shared }
{ saddr 4.3.4.4 daddr 10.10.10.5 } permit { encr_auth_algs md5 encr_algs des dir in sa shared }
(Where Sensor IP : 10.10.10.5 and director1 address : 4.3.4.4)
Create two more lines as below ( if the ip add director2 is 4.3.4.5).
{ saddr 10.10.10.5 daddr 4.3.4.5 } apply { encr_auth_algs md5 encr_algs des dir out sa shared }
{ saddr 4.3.4.4 daddr 10.10.10.5 } permit { encr_auth_algs md5 encr_algs des dir in sa shared }
2) And if the file /etc/serial/ipseckeystore.txt consists of
add esp spi 0x200 srcaddr 10.10.10.5 dstaddr 4.3.4.4 authalg md5 authkey 2301ac46defab6327498545108a537bc encralg des encrkey 90890d4671b6afe6
add esp spi 0x100 srcaddr 4.3.4.4 dstaddr 10.10.10.5 authalg md5 authkey 749ac75ef398bc289dfeec436a5b8d1e encralg des encrkey f39061ac38c3e26b
Create two more lines as below (if the ip add director2 is 4.3.4.5):
add esp spi 0x200 srcaddr 10.10.10.5 dstaddr 4.3.4.5 authalg md5 authkey 2301ac46defab6327498545108a537bc encralg des encrkey 90890d4671b6afe6
add esp spi 0x100 srcaddr 4.3.4.5 dstaddr 10.10.10.5 authalg md5 authkey 749ac75ef398bc289dfeec436a5b8d1e encralg des encrkey f39061ac38c3e26b
You can create the SPI values at the sysconfig-sensor itself. Or you could modify the fourth field under /etc/serial/ipseckeystore.txt file as you want.
Please let me know how that goes.
Thanks
Deva
08-19-2002 04:00 PM
Hi,
Thank you very much for your detail instructions.
I will try this way.
Regards,
Daiichiro Beppu
NTT DATA SECURITY CORPORATION
Japan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide