Atrust M320 Betriebsanweisung Seite 1

www.juniper.netCORPORATE HEADQUARTERSJuniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone 408 745 2000 or 888 JUNIPERFax 408 7

viii  Table of ContentsOdyssey Access Client User Guide

Odyssey Access Client Administration Guide86  Using the Advanced Method to Configure TrustRemoving NodesTo remove a node:1. Select the node in the tr

Using the Advanced Method to Configure Trust  87Chapter 9: Managing Trusted ServersTo trust a server permanently:1. Select Add this trusted server to

Odyssey Access Client Administration Guide88  Using the Advanced Method to Configure Trust

Accessing Log Files—UE Only  89Chapter 10Viewing Log Files and DiagnosticsThis chapter describes how to access and view log files and diagnostics inf

Odyssey Access Client User Guide90  Accessing DiagnosticsFigure 20: Odyssey Log Viewer DialogDepending on the size of the log file or the specific c

Accessing Diagnostics  91Chapter 10: Viewing Log Files and DiagnosticsFigure 21: Sample IPsec Diagnostics DialogIPsec Configuration—UE OnlyIPsec Con

Odyssey Access Client User Guide92  Accessing DiagnosticsSave All DiagnosticsSave All Diagnostics collates the output of all the diagnostic functions

Network Security  93Appendix A Network Security ConceptsThis appendix contains background information for anyone needing a better understanding of th

Odyssey Access Client User Guide94  Network Security IPsec is a set of protocols used to secure (encrypt) IP data packets being exchanged on a netwo

Network Security  95Network Security Concepts Preshared passphrases used to generate keys for WPA or WPA2 association. Preshared passphrases enable

Audience  vAbout This GuideThis guide describes how to install, use, and configure Odyssey Access Client (OAC) for wired or wireless network access.

Odyssey Access Client User Guide96  802.11 Wireless Networking802.11 Wireless NetworkingThere are many types of wireless communication. Odyssey Acces

802.11 Wireless Networking  97Network Security ConceptsThe 802.11 standard refers to peer-to-peer network connectivity as ad-hoc mode. See “Specify t

Odyssey Access Client User Guide98  802.11 Wireless NetworkingSee the following topics: “Specifying an Association Mode” on page 60 for directions f

802.1X Authentication  99Network Security ConceptsSee the following topics: “Specifying an Association Mode” on page 60 to use WPA2 or WPA associati

Odyssey Access Client User Guide100  802.1X AuthenticationWhen preconfigured WEP keys are used, it is the wireless client PC that is authenticated to

802.1X Authentication  101Network Security ConceptsMutual AuthenticationEAP-TTLS, EAP-PEAP, EAP-TLS, and EAP-FAST provide mutual authentication of th

Odyssey Access Client User Guide102  802.1X AuthenticationEach certificate is issued by a certificate authority. By issuing a certificate, the certif

802.1X Authentication  103Network Security ConceptsIf your enterprise has a user-based certificate infrastructure in place, you have the option to co

Odyssey Access Client User Guide104  802.1X AuthenticationEAP-LEAPEAP-LEAP (Lightweight EAP, also known as EAP-Cisco Wireless) is a protocol that ena

802.1X Authentication  105Network Security ConceptsRecommended practice is to enable session resumption. The necessity for some form of reauthenticat

Odyssey Access Client User Guidevi  DocumentationDocumentationThe following sections describe how to access copies of the product documentation and t

Odyssey Access Client User Guide106  802.1X Authentication

 107Appendix B GlossaryAAAA—Authentication, Authorization, and Accounting.Access Control List (ACL)—A listing of users and their associated access ri

Odyssey Access Client User Guide108 Asymmetric algorithm—A pair of key values, one public and one private, used to encrypt and decrypt data. Only the

 109GlossaryCertificate Authority (CA)—An online system that issues, distributes, and maintains currency information about digital certificates. Abbr

Odyssey Access Client User Guide110 DData Encryption Standard (DES)—A cryptographic algorithm designed for protection of unclassified data and publis

 111GlossaryEncryption hash—A method in which a selection of data is mixed into a section data based on an algorithm. The result is called a hashed v

Odyssey Access Client User Guide112 Firewall—A hardware device or software application designed to filter incoming or outgoing traffic based on prede

 113GlossaryIntegrity—A monitoring and management system that performs integrity checks and protects systems from unauthorized modifications to data,

Odyssey Access Client User Guide114 Key Pair—A public key and its corresponding private key as used in public key cryptography.Key recovery—A mechani

 115GlossaryNode—A point of concentrated communications; a central point of communications.Nonrepudiation—The condition when a receiver knows or has

Contacting Customer Support  viiAbout This GuideRelease Notes Release notes are included with the product software and are available on the product C

Odyssey Access Client User Guide116 Private key—A piece of data generated by an asymmetric algorithm that’s used by the host to encrypt data encrypte

 117GlossarySSecure channel—A means of conveying information from one entity to another such that an adversary does not have the ability to reorder,

Odyssey Access Client User Guide118 TTACACS+—An enhanced version of Terminal Access Controller Access Control System. TACACS+ is TCP based authentica

 119GlossaryWWired Equivalent Privacy (WEP)—A security protocol used in 802.11 wireless networking, WEP is designed to provide security equivalent to

Odyssey Access Client User Guide120 

Index  121IndexNumerics802.11ad-hoc mode ...96defined...

Odyssey Access Client User Guide122  Indexvalidate ...46validation ...

Index  123Indexcertificate requirement ...14compliance...

Odyssey Access Client User Guide124  Indexpeer-to-peer...60preemptive...

Index  125IndexFIPS...13Layer 2 protocol ...

Odyssey Access Client User Guideviii  Contacting Customer Support

Odyssey Access Client User Guide126  Indexdynamic ... 62open mode...

Juniper Networks Secure Access Administration Guide

www.juniper.netCORPORATE HEADQUARTERSJuniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone 408 745 2000 or 888 JUNIPERFax 408 7

Connecting to a Network  1Chapter 1Odyssey Access Client OverviewOdyssey Access Client (OAC) is networking software that runs on endpoints (PCs, lapt

Odyssey Access Client User Guide2  How OAC Operates in a NetworkHow OAC Operates in a NetworkWhen you attempt to connect to an 802.1X network, OAC re

OAC in an Enhanced Security Network with Unified Access Control  3Chapter 1: Odyssey Access Client Overview2. In the case of either a wired or a wire

Odyssey Access Client User Guide4  OAC in an Enhanced Security Network with Unified Access ControlIn a UAC network, OAC communicates with the Infrane

OAC in an Enhanced Security Network with Unified Access Control  5Chapter 1: Odyssey Access Client OverviewFigure 3: OAC Authentication in a Network

Odyssey Access Client User Guide6  Understanding Network SecurityIf an endpoint does not comply with an organization’s security policies, the Infrane

Before You Begin  7Chapter 2Installing OACBefore installing OAC, you should be familiar with networking concepts relating to your wireless or wired n

Odyssey Access Client User Guide8  RequirementsRequirementsThe following sections describe hardware and software requirements for OAC.Operating Syste

Installing OAC in a Traditional Network—EE and FE Only  9Chapter 2: Installing OACLicensesYou must have a valid license to run OAC. Each OAC edition

Odyssey Access Client User Guide10  Installing OAC in a UAC Network You can install OAC by opening a Web browser and navigating to the IP address or

Opening OAC Manager  11Chapter 3Using Odyssey Access Client ManagerThis chapter discusses how to use the OAC Manager to configure OAC. Depending on t

Odyssey Access Client User Guide12  Overview of the OAC Manager InterfaceOverview of the OAC Manager InterfaceThis section describes the OAC Manager

Menu Options  13Chapter 3: Using Odyssey Access Client ManagerFile Menu OptionsForget PasswordUse this option if you want OAC to discard the current

Odyssey Access Client User Guide14  Menu Options See the OAC User Web Page for more information about the appropriate adapter drivers for use with t

Menu Options  15Chapter 3: Using Odyssey Access Client ManagerTools Menu OptionsOAC Administrator (EE and FE Only)This is a set of special tools for

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089USA408-745-2000www.juniper.netPart Number: ODR-ZA-ODYCAUG, Revision A00Juniper Netw

Odyssey Access Client User Guide16  Menu OptionsTo run a script from a known location:1. Select Tools > Run Script. 2. In the Select Script File d

Menu Options  17Chapter 3: Using Odyssey Access Client ManagerOptionsIndividual tabs in this dialog enable you to configure the settings for security

Odyssey Access Client User Guide18  Menu Options Cache PIN (EE and FE Only)—With this option enabled, OAC caches the PIN that you enter and does not

Menu Options  19Chapter 3: Using Odyssey Access Client Manager3. Set Do not resume sessions older than to the maximum number of hours that a session

Odyssey Access Client User Guide20  Menu OptionsPeriodic reauthentication serves two purposes: As a general security measure, it verifies that you a

Sidebar  21Chapter 3: Using Odyssey Access Client ManagerPurchase InformationUse this option to access the Juniper Networks Web page to buy other pro

Odyssey Access Client User Guide22  Content DialogsAuto-Scan ListsUse this option to set up an ordered list of wireless networks that you have config

Content Dialogs  23Chapter 3: Using Odyssey Access Client ManagerInformational Graphics and Detailed StatusGraphical status icons appear in the lower

Odyssey Access Client User Guide24  Content Dialogs(black) – Connected, but authentication not in use(blue) – Connected and authenticatedThe status d

Exiting from OAC Manager  25Chapter 3: Using Odyssey Access Client ManagerTo move between the dialogs of the OAC, press the up and down arrows on you

Copyright© 2002-2006 Juniper Networks, Inc. All rights reserved. Printed in USA.Odyssey, Juniper Networks, and the Juniper Networks logo are registere

Odyssey Access Client User Guide26  Exiting from OAC Manager

Adding Network Adapters  27Chapter 4Managing Network Adapters This chapter describes how to add or remove a wired or wireless network adapter in an O

Odyssey Access Client User Guide28  Adding Network AdaptersRenaming an AdapterWhen you add a adapter to the OAC configuration, the adapter appears in

Connecting to a Network  29Chapter 4: Managing Network AdaptersConnecting to a NetworkThis section describes how to use OAC to connect to a specific

Odyssey Access Client User Guide30  Connecting to a NetworkConnecting to a NetworkWhen you connect to a network, OAC uses the adapter that you select

Connecting to a Network  31Chapter 4: Managing Network AdaptersConfiguring Multiple Simultaneous Network ConnectionsEach adapter on your computer can

Odyssey Access Client User Guide32  Connecting to a NetworkReconnecting to a Network Use the Reconnect button (located at the bottom of the Adapter d

Connecting to a Network  33Chapter 4: Managing Network AdaptersFigure 7: Disconnected Adapter Status You can check other adapter status, as describe

Odyssey Access Client User Guide34  Connecting to a NetworkConnection StatusConnection status shows summary information about the current adapter and

Interaction with Other Adapter Software  35Chapter 4: Managing Network AdaptersInteraction with Other Adapter SoftwareYour wireless adapter might com

Table of Contents  iiiTable of ContentsAbout This Guide vAudience...

Odyssey Access Client User Guide36  Interaction with Other Adapter Software

 37Chapter 5Managing ProfilesThis chapter describes how to set up an OAC profile for an authenticated network connection.A profile contains all of th

Odyssey Access Client User Guide38  Adding or Modifying a ProfileThe Profiles dialog lists the configured profiles. The list might include a default

Specifying User Info  39Chapter 5: Managing Profiles TTLS—The EAP-TTLS outer protocols and, where they apply, one or more inner protocols. See “TTLS

Odyssey Access Client User Guide40  Specifying User Info SIM Card—Configure this section when you use a mobile wireless device to authenticate to a

Specifying User Info  41Chapter 5: Managing Profiles Select Prompt for login name and password to have OAC prompt you when you connect to the networ

Odyssey Access Client User Guide42  Specifying User InfoUsing Certificates for AuthenticationTo use certificate credentials for authentication:1. Sel

Specifying User Info  43Chapter 5: Managing ProfilesEnabling Soft Token IdentificationTo enable soft token authentication:1. If you want to create a

Odyssey Access Client User Guide44  Setting Up AuthenticationManaging PIN SettingsYou might have already set a PIN on your SIM card hardware. You hav

Setting Up Authentication  45Chapter 5: Managing ProfilesThe authentication protocols specified on the Authentication tab are the outer authenticatio

iv  Table of ContentsOdyssey Access Client User GuideOAC Manager Display Layout ... 12

Odyssey Access Client User Guide46  Setting Up AuthenticationTo select more than one protocol at a time, hold down Ctrl on the keyboard as you select

Setting Up Authentication  47Chapter 5: Managing ProfilesIf you use EAP-GenericTokenCard as one of the inner authentication methods or if you use EAP

Odyssey Access Client User Guide48  TTLS Settings It is possible that anonymous EAP-PEAP authentication does not work with your network authenticati

TTLS Settings  49Chapter 5: Managing ProfilesTo select an inner authentication protocol:1. Select a profile and open the Profile Properties dialog.2.

Odyssey Access Client User Guide50  TTLS SettingsEAP as an Inner Authentication ProtocolIf you select EAP as your inner authentication protocol, you

PEAP Settings  51Chapter 5: Managing Profiles None—Configure EAP-TTLS authentication without a client-side certificate. This option specifies the mo

Odyssey Access Client User Guide52  EAP-POTP Run-Time DialogsUsing Certificates with EAP-PEAP AuthenticationTo select EAP-PEAP personal certificate o

Infranet Controller Profile Configuration—UAC Networks Only  53Chapter 5: Managing Profilesc. Re-type the PIN under Please confirm your PIN. d. Click

Odyssey Access Client User Guide54  Infranet Controller Profile Configuration—UAC Networks OnlyTo set a preferred order of inner EAP protocols:1. Sel

Removing a Profile  55Chapter 5: Managing ProfilesSetting the Preferred Realm and RoleThis section describes the JUAC tab in the Profile Properties d

Table of ContentsTable of Contents  vRenaming an Adapter... 28Removing an

Odyssey Access Client User Guide56  Sample Profile ConfigurationSample Profile ConfigurationThis section shows a sample authentication profile for a

Configuring Network Settings  57Chapter 6Managing Network AccessThis chapter describes how to define and configure the networks to which you intend t

Odyssey Access Client User Guide58  Adding or Modifying Network PropertiesAdding or Modifying Network PropertiesWhether you add a network by clicking

Adding or Modifying Network Properties  59Chapter 6: Managing Network AccessNetwork SettingsThe following sections describe each of the Network confi

Odyssey Access Client User Guide60  Adding or Modifying Network PropertiesSpecifying a Network TypeIf you do not click Scan to select a network, spec

Adding or Modifying Network Properties  61Chapter 6: Managing Network AccessEncryption Methods for an Association ModeYour choice of encryption metho

Odyssey Access Client User Guide62  Adding or Modifying Network PropertiesAuthentication SettingsUse the Authentication fields to specify whether or

Adding or Modifying Network Properties  63Chapter 6: Managing Network AccessPreshared Keys (WPA or WPA2)If you associate using WPA or WPA2 and if you

Odyssey Access Client User Guide64  Removing a NetworkWEP keys are either 40 or 104 bits long. This corresponds to either 5 or 13 characters when you

Sample Network Configuration Setups  65Chapter 6: Managing Network AccessSample Network Configuration SetupsThis section shows three examples of sett

vi  Table of ContentsOdyssey Access Client User GuideChapter 6 Managing Network Access 57Configuring Network Settings...

Odyssey Access Client User Guide66  Sample Network Configuration SetupsSample Configuration for a Home Wireless NetworkTable 9: Sample Configuration

 67Chapter 7Managing Auto-Scan ListsAn auto-scan list is an ordered list of networks that you have configured. You can create one or more auto-scan l

Odyssey Access Client User Guide68  Using the Auto-Scan List DialogUsing the Auto-Scan List DialogTo set up or modify an auto-scan list, open the Con

Using the Auto-Scan List Dialog  69Chapter 7: Managing Auto-Scan Lists5. Order the selected networks based on the frequency with which you expect to

Odyssey Access Client User Guide70  Using the Auto-Scan List DialogViewing the Names in an Auto-Scan ListTo view the names in an auto-scan list:Doubl

Adding an Infranet Controller to the OAC Configuration  71Chapter 8Managing Infranet Controller ConnectionsThis chapter describes how to add an Infra

Odyssey Access Client User Guide72  Connecting and Signing on to an Infranet Controller4. In the Server URL field, enter the DNS name or the IP addre

Connecting and Signing on to an Infranet Controller  73Chapter 8: Managing Infranet Controller Connections3. An Infranet Controller dialog opens (Fig

Odyssey Access Client User Guide74  Connecting and Signing on to an Infranet ControllerUse the Reconnect button at the bottom of the dialog to reinit

Connecting and Signing on to an Infranet Controller  75Chapter 8: Managing Infranet Controller ConnectionsChecking Infranet Controller StatusOne way

Table of ContentsTable of Contents  viiEditing a Trusted Server Entry ...83Using the Ad

Odyssey Access Client User Guide76  Connecting and Signing on to an Infranet ControllerFigure 17: Compliance Failure DialogWhen you click the How do

Disconnecting from an Infranet Controller  77Chapter 8: Managing Infranet Controller ConnectionsDisconnecting from an Infranet ControllerTo disconnec

Odyssey Access Client User Guide78  Disconnecting from an Infranet Controller

Overview of Trust Configuration  79Chapter 9Managing Trusted ServersThis chapter describes trusted servers and the configuration tasks that pertain t

Odyssey Access Client Administration Guide80  Configuring Trust in OAC Add or remove certificate nodes. Add authentication servers or intermediate

Using the Simple Method to Configure Trust  81Chapter 9: Managing Trusted ServersFigure 19: Trusted Servers DialogWhen you configure OAC to trust a

Odyssey Access Client Administration Guide82  Using the Simple Method to Configure Trust Use an intermediate CA or authentication server domain name

Using the Advanced Method to Configure Trust  83Chapter 9: Managing Trusted Servers2. Click Remove.Editing a Trusted Server EntryYou might need to ch

Odyssey Access Client Administration Guide84  Using the Advanced Method to Configure TrustAdding Certificate NodesTo add a new certificate to the top

Using the Advanced Method to Configure Trust  85Chapter 9: Managing Trusted Servers2. For Server or intermediate CA name, enter the name (or final el