YMS-VPN1_User_Manual - PDF Free Download

YAMAHA VPN YMS-VPN1 2007 12 YAMAHA VPN YMS-VPN1 YMS-VPN1 RT Windows PC IPsec VPN

2000-2002 SSH Communications Security Corp 2004-2007 SafeNet Inc. 2004-2007 dit Co., Ltd. 2006-2007 YAMAHA CORPORATION MicrosoftWindows Microsoft YAMAHA VPN http://netvolante.jp 2006-2007 YAMAHA CORPORATION

i 1...1 1.1. YMS-VPN1...1 1.2....1 1.3. IP ( Internet Protocol: )...2 1.4. IPsec ( Internet Protocol Security: ) 3 2 YMS-VPN1...5 2.1....5 2.2. YMS-VPN1...6 2.2.1....6 2.2.2. IPsec...10 2.2.3.... 11 2.2.4....12 2.2.5....13 2.2.6....14 2.2.7....16 2.2.8....16 2.3. YMS-VPN1...17 2.4. YMS-VPN1...18 2.5....19 2.5.1....19 2.5.2....19 3...22 3.1. YMS-VPN1...22 3.2. YMS-VPN1 Agent...23 3.3....25 3.4....26 4...30 4.1. IKE...30 4.2....31 4.2.1....31 4.2.2. IPsec...33 5...36 2006-2007 YAMAHA CORPORATION

ii 2006-2007 YAMAHA CORPORATION

1 1 1.1. YMS-VPN1 YMS-VPN1 Windows IP ( Internet Protocol: ) IETF ( Internet Engineering Task Force: ) IPsec ( Internet Protocol Security: ) YMS-VPN1 IPsec ( SMTPPOP ) IP YMS-VPN1 YMS-VPN1 YMS-VPN1 PKI ( Public Key Infrastructure: ) YMS-VPN1 Microsoft Windows Windows 98Windows NT4Windows MeWindows 2000Windows XPWindows Server2003 Windows Vista YMS-VPN1 YMS-VPN1 YMS-VPN1 IPsec 1.2. 2006-2007 YAMAHA CORPORATION

2 YMS-VPN1 YMS-VPN1 ( Windows ) YMS-VPN1 1.3. IP ( Internet Protocol: ) IP IP IP 2006-2007 YAMAHA CORPORATION

3 1.4. IPsec ( Internet Protocol Security: ) IETF ( Internet Engineering Task Force: ) IP IPsec IETF IETF IP IPsec IP 4 IPsec IP IP 6 IPsec IPsec IPsec IP IPsec IPsec IPsec IPsec IPsec IPsec IPsec 2006-2007 YAMAHA CORPORATION

4 2006-2007 YAMAHA CORPORATION

5 2 YMS-VPN1 2.1. YMS-VPN1 Microsoft Windows 2000 Professional SP4 Microsoft Windows XP Home Edition/Professional SP2 Microsoft Windows Server 2003 SP1 Windows Vista Windows ( Windows XP Windows Vista ) YMS-VPN1 YMS-VPN1 IPsec NAT YMS-VPN1 Windows YMS-VPN1 Windows Vista Intel Pentium 500 MHz (RAM) 256 MB 30 MB TCP/IP Windows Vista Intel Pentium 1000MHz 2006-2007 YAMAHA CORPORATION

6 (RAM) 512MB 30 MB TCP/IP YMS-VPN1 YMS-VPN1 2.2. YMS-VPN1 YMS-VPN1 Administrator 2.2.1. CD 2006-2007 YAMAHA CORPORATION

7 2-1 CD YMS-VPN1 (setup.exe) YMS-VPN1 CD YMS-VPN1 2-2 YMS-VPN1 YMS-VPN1 2.3 YMS-VPN1 2006-2007 YAMAHA CORPORATION

8 2-3 2-4 2006-2007 YAMAHA CORPORATION

9 2-5 2-6 2006-2007 YAMAHA CORPORATION

10 2-7 2.2.2. IPsec IPsec IPsec 2-8 IPsec Windows Vista 2006-2007 YAMAHA CORPORATION

11 2-9 IPsec Windows XP 2.2.3. IP YMS-VPN1 2-10 IPsec Windows Vista 2006-2007 YAMAHA CORPORATION

12 2-11 IPsec Windows XP 2.2.4. YMS-VPN1 1024 RSA 1024 RSA 2 2006-2007 YAMAHA CORPORATION

13 2-12 30 CPU 2-13 2.2.5. YMS-VPN1 2006-2007 YAMAHA CORPORATION

14 YMS-VPN1 IETF X.509v3 ( PKI ) YMS-VPN1 ID ID FQDN (Fully Qualified Domain Name: ) IP ID IP IPsec IP IPsec 2.2.6. YMS-VPN1 [ ] 2006-2007 YAMAHA CORPORATION

15 2-14 YMS-VPN1 AES Twofish Blowfish CAST 3DES DES DES DES AES YMS-VPN1 IPsec 2006-2007 YAMAHA CORPORATION

16 800 MHz Pentium 40 Mbit/s IPsec CPU 2.2.7. YMS-VPN1 YMS-VPN1 30 2.5 2-15 2.2.8. 2006-2007 YAMAHA CORPORATION

17 2-16 YMS-VPN1 YMS-VPN1 2-17 2.3. YMS-VPN1 YMS-VPN1 YMS-VPN1 2006-2007 YAMAHA CORPORATION

18 2.4. YMS-VPN1 YMS-VPN1 1. YMS-VPN1 YMS-VPN1 YMS-VPN1 2. YMS-VPN1 Windows [ ] [] [ VPN YMS-VPN1 ] 2-18 2006-2007 YAMAHA CORPORATION

19 2-19 2-20 YMS-VPN1 YMS-VPN1 2.5. 2.5.1. YMS-VPN1 30 RT 2.5.2. YMS-VPN1 2006-2007 YAMAHA CORPORATION

20 2-21 YMS-VPN1 2-22 2006-2007 YAMAHA CORPORATION

21 2-23 OK 2006-2007 YAMAHA CORPORATION

22 3 3.1. YMS-VPN1 YMS-VPN1 IPsec 3 IKE I/O YMS-VPN1 YMS-VPN1 YMS-VPN1 IKE YMS-VPN1 CMi YMS-VPN1 Agent IP YMS-VPN1 IPsec 3-1 YMS-VPN1 2006-2007 YAMAHA CORPORATION

23 IPsec IPsec 3.2. YMS-VPN1 Agent Windows YMS-VPN1 3-2 YMS-VPN1 2006-2007 YAMAHA CORPORATION

24 YMS-VPN1 4.2 IKE 4.1 IKE VPN YMS-VPN1 2006-2007 YAMAHA CORPORATION

25 YMS-VPN1 Web YMS-VPN1 YMS-VPN1 Agent YMS-VPN1 Windows [ ] [ ] [ YMS-VPN1 Agent ] YMS-VPN1 YMS-VPN1 Agent [ ] Windows 3.3. YMS-VPN1 [ ] Windows [ ] [ YMS-VPN1 ] [ ] Windows [ ] [ ] [ YMS-VPN1 ] [YMS-VPN1 ] 2006-2007 YAMAHA CORPORATION

26 3-3 3.4. RT 32 32 "ipsec ike pre-shared-key" 32 "ipsec ike remote name" 2006-2007 YAMAHA CORPORATION

27 IP IP IP FQDN IPsec/ESP "ipsec sa policy" IPsec/ESP "ipsec sa policy" IP IP IKE IP IKE IP DNS VPN DNS DNS 0.0.0.0 IP IKE DNS NAT NAT 2006-2007 YAMAHA CORPORATION

28 VPN VPN VPN VPN VPN VPN VPN 2006-2007 YAMAHA CORPORATION

29 2006-2007 YAMAHA CORPORATION

30 4 YMS-VPN1 ( IKE ) 4.1. IKE [ YMS-VPN1 IKE ] ( IKE ) YMS-VPN1 [ IKE ] [ ] [ IKE ] [ None ] [ Low ] [ Moderate ] [ Detailed ] [ ] [ ] 2006-2007 YAMAHA CORPORATION

31 4.2. 4-1 IKE YMS-VPN1 YMS-VPN1 [ ] [ ] [ IPsec ] 2 4.2.1. [ ] 2006-2007 YAMAHA CORPORATION

32 4-2 IP DNS ESP ESP+IPComp [ ] [ ] 2006-2007 YAMAHA CORPORATION

33 4.2.2. IPsec [ IPsec ] 4-3 IPsec IKE Phase-1 2006-2007 YAMAHA CORPORATION

34 IKE Phase-1 IKE Phase-2 IKE Phase-2 IP AHESP IPsec [ ] [ ] [ ] [ ] [ ] [ ] 2006-2007 YAMAHA CORPORATION

35 2006-2007 YAMAHA CORPORATION

36 5 RFC 2828 AES AES Rijndael NIST ( National Institute of Standards and Technology : ) FIPS 197 IP IP AH IP ICV ( integrity check value: ) AH IP IP AH RFC 2402 ARP ( ) STD 37 ( RFC 826) 64 ASCII 6 ( 0 63 ) Base 64 PEM ( Privacy Enhanced Mail ) PEM RFC 1771 Bruce Schneier Blowfish 64 32 448 64 128 2006-2007 YAMAHA CORPORATION

37 CAST-128 RFC 2144 CMP PKI CMP IETF PKIX RFC 2510 CMP CMPv2 (CA) CA CRL PKIX CRL X.509 2 CRL RFC 2459 DES DEA ( Data Encryption Algorithm: ) FIPS ( Federal Information Processing Standard: ) DES 64 64 ( 8 ) 1970 NSA (National Security Agency: ) IBM Horst Feistel IBM DES 3DES ( DES TDEA ) DES DEA TDEA FIPS 46-3 LAN ( ) IP IP DHCP LAN TCP/IP DHCP IP IP DHCP RFC 2131 2006-2007 YAMAHA CORPORATION

38 man-in-the-middle ( ) Diffie-Hellman IPsec VPN YMS-VPN1 IPSEC 1 DoS DSA DSA NSA ( National Security Agency: ) NIST FIPS 186-2 Bruce Schneiner Applied Cryptograp hy DSS NIST ( National Institute of Standards and Technology: ) DSA SHA-1 ( ) IP ESP IP ESP IP ESP ESP IP ESP SA ESP ESP RFC2406 GSM GPRS 56 114 kbit/s 2006-2007 YAMAHA CORPORATION

39 GPRS VPN ( Virtual Private Network: ) GSM GSM 900 MHz 1,800 MHz 800 MHz 1,900 MHz GSM 14.4 kbit/s GSM HSCSD GPRS HMAC HMAC HMAC 57.6 kbit/s GSM GSM HTTP Web WWW HTTP HTTP URI URL RFC 2068 MD5 SHA-1 HMAC DES-MAC HMAC-RIPEMD IP IETF Web http://www.ietf.org/ IPsec IKE ISAKMP/Oakley IKE 2006-2007 YAMAHA CORPORATION

40 RFC2409RFC 2408 RFC 2407 STD 5 TCP/IP IP IETF IP IPsec IP IPsec RFC 2401 IPsec RFC 2411 ) IP ( Internet Protocol: IP ( Internet Protocol: ) IP RFC 2460 5 IPv4 IP 32 IP STD 5 IP ( ) STD 5 IP 20 IP 60 STD 5 ( RFC 791 ) IP 2006-2007 YAMAHA CORPORATION

41 SA ISAKMP ISAKMP ISAKMP/Oakley ISAKMP Oakley Oakley PFS (perfect forward secrecy)id ISAKMP IKE L2TP PPP L2TP RFC 2661 ( ) LAN LDAP X.500 DAP ( Directory Access Protocol ) X.500 Directory RFC 2251 RFC1777 / X.500 DAP / TCP 128 128 448 MARS IBM AES ( Advanced Encryption Standard ) 5 1 RSA Security Ron Rivest 128 RFC 1321 SHA-1 160 MD5 2006-2007 YAMAHA CORPORATION

42 TCP TCP MSS ( Maximum Segment Size ) MTU TCP MTU 2 IP 2 NAT IP NA T NAT 2 1 IP Network Address Translation ( Basic NAT ) 1 NAPT Network Address Port Translation ) ( ) IP ( ) IP IP NAPT TCP UDP NAT RFC 3022 NAT IPv4 IPv6 NAT-PT ( Network Address Translation -Protocol Translation ) NAT-PT RFC 2766 IPsec NAT IPsec NAT IPsec NAT-Traversal NAT-Traversal IPsec UDP IPsec UDP IKE NAT-Traversal / 2006-2007 YAMAHA CORPORATION

43 STD 12 ( RFC 1119 ) CRL OCSP CRL OCSP RFC 2560 RFC 1421 PEM 64 (Base 64 ) PFS PFS ( Public-key Forward Secrecy: ) PKCS RSA Laboratories PKCS RSA PKCS # 1 PKCS #7 PKCS #10 PKCS #11 RSA 2006-2007 YAMAHA CORPORATION

44 ( ) CryptoKi PKCS #12 Web ISO/IEC 7816 PKI ( ) Public-Key Infrastructure ( X.509 ) IETF X.509 PPP PPP STD 51 ( RFC 1661 ) PKI CA RA 1994 RSA Security Ronald Rivest RC5 32 128 0 2,040 2006-2007 YAMAHA CORPORATION

45 0 255 RSA Security Rivest Sidney Yin RC5 2,040 R C6 AES ( Advanced Encryption Standard ) 5 1 http://www.ietf.org/rfc.html Internet Society RFC Joan Daemen Vincent Rijmen 128192256 128192256 Rijndael AES ( Advanced Encryption Standard ) Ron Rivest Adi Shamir Leonard Adleman Bruce Schneier Applied Cryptography RSA RSA Security 2000 9 SA IPsec SA AH ESP IP SA SA RFC 24 01 SCEP Cisco Systems VeriSign Cisco 2 2006-2007 YAMAHA CORPORATION

46 IPsec AH ESP IPsec ( ) RFC 2401 NSA ( National Security Agency: ) NIST ( National Institute of Standards and Technology: ) MD5 SHA ( Secure Hash Algorithm ) 160 DSS Digital Signature Standard ) FIPS 180-1 STD 15 ( RFC 1157) SOCKS RFC 1928 SA SPI AH ESP IP SA SPI SA ( SPI IP ) SPI SA SPI RFC 2401 RFC ( Request For Comments ) 2006-2007 YAMAHA CORPORATION

47 STD RFC ( ) TCP STD 7 ( RFC 793) TLS HTTP IETF Bruce Schneier Twofish AES(Advanced Encryption Standard) 5 1 Twofish 128 256 IP UDP STD 6 ( RFC 768) URI URI RFC 2396 URI URL URL Web URL http://www.dit.co.jp/index.html URL RFC 1738 RFC 1808 URL URI VPN ( ) VPN LAN IEEE 802.11 2006-2007 YAMAHA CORPORATION

48 X.500 Directory ITU-T/ISO X.500 Directory LDAP ITU-T X.509 X.509 X.509 CRL X.509 IETF PKIX X.509 3 X.509 2 CRL IPsec IPsec AH ESP ( ) ( ) LAN ( ) 48 IP ARP IP STD 41 ( RFC 894 ) 2006-2007 YAMAHA CORPORATION

49 IPsec ESP () IKE 2 A B A B B 1 ( ) 2 1 1 X.509 (CA) CA 2006-2007 YAMAHA CORPORATION

50 CA CA RA CA CA LAN CAN 1 ( ) IC ( ) 2 / ( ) 2006-2007 YAMAHA CORPORATION

51 IP ( www.dit.co.jp ) IP DNS ( Domain Name System: ) STD 13 ( X.509 ) PKI ( ) CA TCP/IP IP IPsec IP IP MTU MTU MTU RFC 1191 MD5 SHA-1 2006-2007 YAMAHA CORPORATION

52 (64 ) ( ) IP ESP AH SA IPSEC RFC 2401RFC 240 2RFC 2403RFC 2404RFC 2406 RFC 2405 IP IKE (SA) SA SA RFC 1812 2006-2007 YAMAHA CORPORATION

53 2006-2007 YAMAHA CORPORATION

2007 12 2006-2007 YAMAHA CORPORATION

2006-2007 YAMAHA CORPORATION