Casio ACS V6000 manual Payload or AH Authentication Header

Page 31

26ACS v6000 Installation/Administration/User Guide

Use the Add button to add a VPN connection or click on an existing connection name to edit one already in the list. Click the Delete button to delete an existing connection. If NAT settings need to be changed, click the Configure NAT button.

When you click the Add button, the IPSec(VPN) - Add screen is displayed.

NOTE: To run IPSec (VPN), you must enable IPSec under the custom Security Profile.

The remote gateway is referred to as the remote or right host and the virtual console server is referred to as the local or left host. If left and right are not directly connected, then you must also specify a NextHop IP address.

The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host. The next hop for the left host is the IP address of the router to which the virtual console server sends packets to for delivery to the right host.

A Fully Qualified Domain Name should be indicated in the ID fields for both the Local (Left) host and the Remote (Right) host where the IPSec negotiation takes place.

The following table describes the fields and options on the IPSec(VPN) - Add screen. The information must match exactly on both ends for local and remote.

Table 3.4: Field and Menu Options for Configuring IPSec(VPN)

	Field Name	Definition
	Connection Name	Any descriptive name you wish to use to identify this connection.
	Authentication Protocol	The authentication protocol used, either ESP (Encapsulating Security
	Authentication Protocol	Payload) or AH (Authentication Header).
		Payload) or AH (Authentication Header).
	Boot Action	The boot action configured for the host, either Ignore, Add or Start.
	Authentication Method	Authentication method used, either RSA Public Keys or Shared Secret.

Image 31

Contents ACS Page ACS B L E of C on TE N TS Iii ACS v6000 Installation/Administration/User Guide Access options Features and BenefitsIPv4 and IPv6 support Web ManagerFlexible users and groups Packet filtering AuthenticationSecurity VPN based on IPSec with NAT traversalAuto discovery Data logging, notifications, alarms and data bufferingACS v6000 virtual console server requirements To create the virtual machine using the vSphere clientPage Using Telnet or SSH To use SSH to connect to a device through a serial port To use Telnet to connect to a device through a serial port# telnet hostname IPaddress To close a Telnet sessionTo close an SSH session ACS v6000 Installation/Administration/User Guide To log into the web manager Web Manager Overview for AdministratorsWizard Mode Wizard Screen To configure licenses To configure network parametersTo configure Ports To view and connect to devices using the web manager Expert ModeAccess To configure users and change the default user passwordsSystem System ToolsSecurity profiles To configure DSView 3 software security settings To configure the Security ProfileSelect System Security Security Profile Help and Language Date and TimeInformation VM SettingsUsage To add an association by Datacenter To configure a vCenterVCenter Network To power control targets using the web managerLicense IPv4 and IPv6 static routes SettingsTo configure a network device DevicesTo add a host Configuring the firewallHosts FirewallTo add a chain Protocol optionsTo edit a rule To change the policy for a default chainIPSecVPN To add a rulePayload or AH Authentication Header To configure Snmp Snmp ConfigurationClick Network Snmp Select Ports Serial Ports To enable or disable one or more serial portsPorts Serial portsCAS Ctrl-X Parameter Description CAS Profile To copy/clone the configuration of one port to other portsAuto discovery Select Probe Strings or Match Strings To configure the input/output strings used by auto answerSelect Ports CAS Profile Auto Answer Pool of CAS ports To configure a pool of CAS portsClick Ports Pool of CAS Ports Pool of CAS Ports Parameters Parameter Description AuthenticationTo configure a Radius authentication server Appliance authenticationAuthentication servers To set authentication for the console serverSelect Authentication Authentication Servers Ldapsad To configure a TACACS+ authentication serverSelect Authentication Authentication Servers TACACS+ To configure an Ldapsad authentication serverUsers Accounts and User Groups To configure a Kerberos authentication serverTo configure an NIS authentication server To configure a DSView authentication serverTo add new users Local accountsUser groups To configure password rulesClick Users Local Accounts Password Rules Admin groupTo view admin Appliance Access Rights Managing user groups Appliance-admin groupShell-login-profile User groupCheck the Enable Log-In Profile box To configure a login profile for a user groupTo remove members from a user group To assign appliance access rights for custom user groups To add access to serial ports for a user groupTo configure a group in a Radius authentication server To configure a group in a TACACS+ authentication serverEvent List Event NotificationsEvent Destinations Data Buffering To configure Data BufferingSelect Events and Logs Data Buffering Appliance Logging To configure Appliance LoggingActive Sessions MonitoringWeb Manager Overview for Regular Users Change PasswordTo change your own password Select Change PasswordACS v6000 Installation/Administration/User Guide Configuration Appendix a BootP Configuration RetrievalAppendix B Technical Support To resolve an issueFor Technical Support