Security associations SAs | Digi 90000566_H guide

	set vpn
	• Configure IKE/ISAKMP SA Phase 1 and Phase 2 options, which create
	an authenticated secure channel and specify how IKE negotiates
	security associations (SAs).
	• Display current VPN settings.
Required	For Digi Connect products with two or more users, to use this command,
permissions	permissions must be set to one of the following:
	• For a user to display VPN settings: “set permissions s-vpn=read”
	• For a user to display and set VPN settings: “set permissions s-vpn=rw”
	See "set permissions" on page 157 for details on setting user permissions
	for commands.
Syntax	Set global VPN options
	set vpn global
	[mode={mainaggressive}]
	[identity={fqdnuser fqdnip address}]
	[dh_group={125}]
	[pfs={onoff}]
	[antireplay={onoff}]
	Set VPN tunnel options
	syntax: set vpn tunnel [tunnel options]
	[manually-keyed options]
	[isakmp options]
	Where:
	[tunnel options]:
	[index={1-2 (for Connect WAN products)1-5 (for ConnectPort
	products)}]
	[name=tunnel name]
	[newname=tunnel name]
	[mode={disabledmanually-keyedisakmp}]
	[remote_vpn_endpoint=(fqdnip address}]
	[remote_tunnel_addr=ip address]
	[remote_tunnel_mask=subnet mask]
	[remote_tunnel_range=ip address-ip address]
	[local_tunnel_addr=ip address]
	[local_tunnel_mask=subnet mask]
	[local_tunnel_range=ip address-ip address]
	[manually-keyed options]:
	mode=manually-keyed
	[inbound_spi=256 - 2^32) (Please see option details below)
	[inbound_authentication={nonemd5sha1}]
	[inbound_auth_key={ascii keyhex key}]
	[inbound_encryption={nonedes3desaes}]
	[inbound_enc_key={ascii keyhex key}]
	[outbound_spi=256-2^32] (Please see option details below)
	[outbound_authentication={nonemd5sha1}]
	[outbound_auth_key={ascii keyhex key}]
	[outbound_encryption={nonedes3desaes}]
	[outbound_enc_key={ascii keyhex key}]

Chapter 2 Command Descriptions

229

Image 229

Digi 90000566_H manual Security associations SAs, Display current VPN settings

Contents

Digi Connect Family Page Chapter Introduction Chapter Command Descriptions Contents Who 258 Modem Emulation CommandsIndex 271 Contents Chapter T r o d u c t i o n Quick Reference for Configuring Features Quick Reference for Configuring FeaturesFeature/Task Commands Guide Feature/Task Commands Configure an IP Address Access the Command LineAccess the Command Line Basic Command Information Escape Processed as Sequence Entering Special Characters in String ValuesEscape Sequences for Special Characters Length Limitations on String Values Identifying the User Model for Your Digi Connect Product User Models and User Permissions in Digi Connect ProductsOne-user Model Two-user Model Increasing Security for Digi Device Users Login Suppression Feature User Models and User Permissions in Digi Connect Products Verifying Device Support for Commands Verifying Device Support for Commands From=serveripaddressfilename To=serveripaddressfilename Host ip address BootLoad file See also Examples Close Session Type Default Escape KeysConnection number Serial port Ip address Dhcpserver Display Dhcp server status Assigned expired Assigned activeReserved active Reserved inactive Released Offered pre-leaseUnavailable Address Set dhcpserver on Display Arp Options AccesscontrolBuffers Ddns DeviceGpio Memory Serial SwitchesSockets Spd Display Virtual Private Network VPN status information Display device information State OutputIp address Primary dns addr Reset status No service Last reset reasonAdministrative Non-administrative Session successes Lcp echo requestsSession failures Session consecutive failures Total bypasses Total link down requests Tail=number Display buffersTftp=serverfilename Server Display port buffering information on the screen Set buffer onOutput buffering information to a Tftp server Output multi-port buffering information to a Tftp server Exit Displaying Online Help on Help and ? help and ? Ethernet InfoIcmp Statistics, see Output on Displays statistics from the wireless Ethernet wlan tableDisplays statistics from the TCP table Displays statistics from the UDP table Ethernet statistics Statistic DescriptionIcmp statistics IP statistics Serial statistics UDP statistics TCP statistics Wireless Wlan statistics Display Icmp statistics Range KillConnection id Binary=onoff OptionsCrmod=onoff Id=number NewpassName=string Count=0n IpaddressInterval=milliseconds Size=bytes Provision Enter phone numbers as numbers only with no dashes Given youDisplay current provisioning parameters Manually provision the module for a SIP-only network Nai=network access id Spc=service programming code MSLMdn=mobile directory number Min=mobile ID number Priha=primary host agent IP address Ha=home addressSecha=secondary host agent IP address Hass=host agent shared secret Type=otasp Type=iotaOtaspnumber= Otasp number for example, *228 Program args Tftp server ipfilename Quit =serial port s=session Auth command. The revert auth command revert authentication Revert multiple settingsRevert Time Options all AlarmAuth Autoconnect port=range Ekahau LoginForwarding Host Pmodem port=range ServicePppoutbound port=range Profile port=range Phase1 Vpn allglobaltunnelphase1phase2Phase2 Wireless User=user name -luser name Options Esc Send Options Enabled=onoff Set accesscontrolOff Autoaddsubnets=onoff Netmask 255.255.255.0 to access this device server Subnets will be allowed to access this device serverSubnip1-32=ipaddress Subnmask1-32= mask Configure alarms with general options applies to all alarms Set alarmConfigure alarms for a range set multiple alarms Devices supported Purpose Required permissions Syntax Configure alarms based on mobile signal strength GSM Configure alarms based on data pattern matchingConfigure alarms based on signal strength Cdma Configure alarms based on mobile temperature Mailserverip=ipaddress State= onoffFrom=string Cwm=onoff Cc=string To=string Highpins=list of highpins Pins=list of pinsLowpins=list of lowpins Reminderinterval=seconds Reminder=onoffTriggerinterval=seconds Mode=match Time=max time Celldata=byte count threshold Mode=mobiletemp Mode=configchangeMode=1xevdounavail Mode=mobileunavail Set alarm #1 mode to Gpio mode Error conditions triggering alarmsSet alarm #1 to designate which pins trigger alarm Enable alarm #1 Gpio input, Gpio output, or standard serial Set alarm Turn alarm #10 onSet snmp on Set autoconnect Rlogin Service=rawrloginssltelnetState=onoff Trigger=alwaysdatadcddsrstring Description=string Nodelay=onoffIpaddress=ipaddress Ipport=ipport Set network on Network IP destination when data arrives on the serial portSet serial on Set tcpserial on Set bsc Serialmode=bisync3270bisync3275 State=disabledenabledBaudrate=baud rateexternalclock Baud rate Textconversion=onoff Codeset=asciiebcdicPollingaddress=0x followed by 2 hex digits Selectionaddress=0x followed by 2 hex digits Rxtimeout=milliseconds Noresponsemessage=0x followed by up to 64 hex digits Poweronmessage=0x followed by up to 64 hex digitsTxretries option Port Options ClearSize Data will not be buffered and all data will be cleared from On mode and the buffer size to 64 kilobytesBuffer Pause Registered with that service Update requests will be rejectedFor a user to display Dynamic DNS settings set permissions Ddnsupdater=read Disabled Service=disableddyndnsorgAction=updatenowclearstatus Updatenow Standardhttp Ddpassword=passwordAlternatehttp Securehttp Nochg Dynamic DNS serviceDisplay on Command. See dhcpserver on User interface’s Network Configuration settingsFor a user to display Dhcp server settings set permissions Set dhcpserver set dhcpserver Action=setrevert Item=scopeSet Revert Startip=ip address Offerdelay=0-5000Endip=ip address Leasetime=timeinfinite Range=1-16all Item=reservationIp=ip address Clientid=client MAC address Range=1-4all Item=exclusionFirst address in the exclusion block Disable all reservations that were previously added Using the web UIIP address, which is the purpose of a reservation Is, reservations override exclusions 102 Command Descriptions Dhcpserver on Web user interface, the online help for Network SettingsDhcp terminology and managing Dhcp server operation Set ekahau set ekahau Wireless deviceDigi Connect Wi-EM only Proprietary hardware components Server=hostnameip address Id=device idName=device name Set identifiers Enable Ekahau Client Options Duplex Set ethernetHalf Full 100 Speed Privileges Set forwarding Staticrouteindex=1-8 Options ipforwarding=onoffAction=addchangedelete Add Mask=subnet mask Net=destination ip addressGateway=ip address Metric=1-16 Routing information Settings under Network ConfigurationSet nat on Devices supported Purpose Set gpioOptions Range=1-n Mode=serialinputoutput Signals Pin Number Default Serial Signal Signal DirectionMessages or Snmp traps when Gpio pins change Default serial signal settings for Gpio pins Options Add Set groupRemove Id=range Defaultaccess=nonecommandlinemenu Commandline=onoffCommandline Name= string Permissions Examples Default Options Name=name Device support Set ia Configure network-based masters set ia master Configure serial-port connected devices set ia serial Serial settings, which include Instead of a set ia command with no optionsSerial= range Serial options Chartimeout=3-99999 ms applies to master or slave Slavetimeout=10-99999 ms applies to slave onlyIdletimeout=0=disabled1-99000 seconds Table=1..8 applies to master only Medium Priority=highmediumlow Modbus options Chartimeout=3-99000 ms Modbusrtu Modbusascii Modbustcp Messagetimeout=100-99000 msMaster=range Type=tcpudp 126 Command Descriptions Addroute=route index Table optionsMoveroute=fromrouteindex,torouteindex Route options Port=serial port Mapto=protocol address Configuration settings in the Web user interface Settings for the Digi Connect WAN IARevert on page 61. The revert ia command options revert any Existing IA configuration settings Options Suppress=onoff Set login Quitkey=key Previouskey=key Quitlabel=stringPreviouslabel=string Presskeylabel=string Sortby=nonekeylabel Title=string subtitle=stringKey Label Horizontal Direction=horizontalverticalVertical Item=1-32 Submenu=string Command=stringMenu displayed to the user upon selecting the menu item Contains spaces, enclose it in double quotes Set mgmtconnection Timedperiod=period Lkaupdateenabled=onoffTimedoffset=immediateoneperiodrandomtime Immediate Retry timeout interval feature Clntreconntimeout=nonetimeoutDisplay current connection settings Set values for the client connection Set mgmtglobal Settings set permissions s-mgmtglobal=rwSet permissions s-mgmtglobal=read Options Deviceid=hex string Tcpnodelayenabled=onoff Rcicompressionenabled=onoffTcpkeepalivesenabled=onoff Revertdeviceid Connidletimeout=nonetimeout value Options Networktype=modempppethernet802.11 Set mgmtnetworkModemppp 802.11 Proxypassword=string Proxylogin=stringConnectionmethod=autononemtmdhproxy Mdh Mdhrxkeepalive=time Mtwaitcount=countMdhtxkeepalive=time Mdhwaitcount=count Settings set permissions s-router=rw Protocol forwarding settingsSet nat set nat Supported are Poenabled1-64=onoff Prenabled1-4=onoffMaxentries=64-1024 Prnumber1-4=greesp Pocount=1-64=number of ports in range, minimum Poproto1-64=tcpudpPoexternal1-64=number of ports in range, minimum Pointernal1-64=number of ports in range, minimum Set network Setting user permissions for commandsNetwork level Where Ip=device ip address Ip address optionsGateway=gateway ip Submask=device submask TCP retransmit options TCP keepalive options Arpttl=1-20 minutes ARP optionsGarp=30-3600 seconds Set passthrough Remote Device Management and IP Pass-through Using Pinholes to Manage the Digi Cellular Family Device Http=passterminate Options State=enableddisabledHttps=passterminate Telnet=passterminate Surelink=passterminate Connectware=passterminatePing=passterminate On page 14 for more information Set permissionsHelp Permission descriptions Set permissions Boot=noneexecute Backup=noneexecuteExecute Self Accesscontrol=nonereadrw Rlogin=noneexecuteConnect=noneexecute Dhcpserver=noneexecute Ddnsupdater=nonereadrw Alarm=nonereadrwLogin=nonereadrw Autoconnect=noner-selfreadrw-selfw-self-rrw Permissions=nonereadrw Service=nonereadrwPmodem=noner-selfreadrw-selfw-self-rrw Ppp=nonereadrw Vpn=nonereadrw User=nonereadrwWlan=nonereadrw Status=nonereadrw Disables modem emulation Enables modem emulationConfigure modem emulation Display modem-emulation settings Disables Telnet processing Enables Telnet processingModem Emulation Commands for descriptions of Digi Specific commands for modem-emulation configurations Set pppoutbound Pap Authmethod=nonePAPCHAPbothChap Both Addressmask=ip address mask Defaultgateway=yesnoProtocolcompression=onoff Addresscompression=onoff Lcpkaquiettime=10-86400 seconds Lcpkeepalive=onoffAsyncmap=hex string 000A0000 N1-4=phonenumber Ipcpdnsenabled=onoff Loginscript=chat scriptDisplay pppstats command displays the current status of PPP Dialscript=chat script Port as a console to access the command line interface Or displays the current port-profile settingsSet profile set profile Option’s description Options Port=port LocalconfigProfile=profile Consolemanagement Tunneling TcpsocketsUdpsockets Set putty Displays current terminal-emulation settingsFor it to process Height=10-60 Width=80132Hostport=/com/0/com/1/vcom/0 Keyboardport=/com/0/com/1No Keyboard Block Cursortype=noneblockunderlineverticalUnderline Blinkcursor=onoff Characterset=host charset Character Set name Description Set putty Complete list of allowed character sets is Key mapping terminal emulation options Keymaprange=1-32 Deletekeymaprange=1-32Inseq=00-FF Outseq=00-FF Would enter Emulation settingsNow, to delete the first 2 entries One enter Set python Command=filenameOptions Range=1 Options State Options Keepalive=onoff Set realportExclusive=onoff Probecount, probeinterval, garbagebyte, and overridedhcp Set service keepalive=onoff, or clients such as autoconnect Set rtstoggle Postdelay=delay Predelay=delay Altpin=onoff Set serial Csize=5678 Baudrate=bpsFlowcontrol=hardwaresoftwarenone Hardware Options Range= range Set serviceIpport=network port Delayedack=0-1000 Base network port number + serial port number Port Number Service Services Provided Network Command Descriptions 195 Index numbers and changing default port numbers Device is configured for IP passthrough Service tableSet surelink on Options Trapdestip=ipaddress Setsenabled=onoffPubliccommunity=string Privatecommunity=string Authfailtrap=onoff Logintrap=onoffColdstarttrap=onoff Linkuptrap=onoff Display current socket tunnel settings Configure a socket tunnelSet sockettunnel End initiated the tunnel Toport=port number Fromport=port number Set surelink set surelink Connection-failure settings can be disabled as wellPing Test TCP Connection Test Systemresetconnectfailures=1-2550=off Moduleresetconnectfailures=1-2550=offDisplay current SureLink settings Options for Hardware reset thresholds Ping Test=pingtcpdns Trigger=intervalidle DnsInterval Ipport=1-65535 Interval=10-65535Dnsfqdn1=dns fqdn Dnsfqdn2=dns fqdn Statistics on page 35 for descriptions of these statistics Display pppstats command displays connection and activity Configure MEI settings Set switches set switchesDisplay current MEI settings Used Options Range=range Wires=twofourMode=232485 232 Current switch settings Display on page 27. The display switches command displaysRevert on page 61. The revert switches command reverts Set switches configuration Options Description=string Set systemLocation=string Contact=string This command affects the following TCP serial connections Serial settingsConnections made using the autoconnect feature For a user to display the TCP serial settings for any line Sidstring=socketid string Endpattern=string Sendtime=01-65535msStrippattern=onoff Revert on Show on Configure terminal settings Command line of the deviceDisplay current terminal settings Set term For a user to display the UDP serial settings for any line Another service, the data will be sent to the serial portConnect WAN and ConnectPort Display Are logged in set permissions s-udpserial=r-self Sendcount= bytes Port= rangeSendtime=0 time Clostime=time Sidstring=stringRange=1-64 UDP port of the destination to which data is sent UDP serial settingsIdentifies the range of UDP destinations to be displayed Data to be sent on to the network destination Display user configuration attributes Change user configuration attributesFor a user to display user configuration attributes For a user to display and set user configuration attributes Associate Maximum of 32 users can be definedTwo groups Disassociate User cannot use group access rights Default is off Groupaccess=onoffUser is not allowed to access the custom menu interface Gid=number Defaultgroup=nonegidgname Defaultaccess=nonecommandlinemenugroupGroup Gid Tftphostfilename Publickey=tftphostfilenameclearTftphost Splashtime=0-30 seconds Set video Server=vnc server ipaddrdns name Password=vnc server passwordPort=vnc server network port Server services are enabled and disabled by the set service Configured globallyRemote Access VNC Client Settings VPN Settings and VPN Tunnel Settings Security associations SAs Display current VPN settings Set IKE/ISAKMP SA Phase 2 Options Set IKE/ISAKMP SA Phase 1 OptionsDisplay current VPN settings Identity=fqdnuser fqdnip address Dhgroup=125 Identity=ip-addressPfs=onoff Name=tunnel name Tunnel optionsNewname=tunnel name Manually-keyed options Remotevpnendpoint=fqdnip addressMode=manually-keyed Inboundspi=256 Md5 Inboundauthentication=nonemd5sha1Sha1 Inboundauthkey=ascii keyhex key Inboundenckey=ascii keyhex key Outboundauthentication=nonemd5sha1Outboundspi=256 Outboundauthkey=ascii keyhex key Isakmp options Encryption Authentication SA LifetimeMode=isakmp Sharedkey=ascii keyhex key Authentication=md5sha1 Set vpn phase1Authmethod=sharedkeydssrsa Sharedkey Salifetime=10-232 Set vpn phase2Salifetimedata=0-232 Tunnel=1-2 Encryption=nonedes3desaes Authentication=nonemd5sha1Salifetime=60-232 Salifetimedata=0 232 kilobytes Settings ConfiguringSet wlan PSK Authentication methods and associated data fields Inner and outer protocols Configure wireless settings Ssid=string Open Authentication=Wepauth Wpapsk Wep Encryption=open,wep,tkip,ccmp,anyTkip Ccmp Gtc Password=stringMschapv2 Otp WepkeyN=hex string Psk=string User permissions for commands Issued to the deviceSettings... column to go to the command descriptions Show Show Command Descriptions 251 Display network configuration settings Configuration table entry or range of entriesDisplay settings for a particular user Command Descriptions 253 Session number Ip addr TelnetTcp port Connect Options StatusconnectdisconnectDisconnect Set vpn on page 228. The set vpn command configures VPN This command enables the tunnel at index 1 to be usedThis command Connections Management page in the Web user interface from Who who To set permissions who=execute to use this command. SeeDisplays active connections to and from the device None at this time Modem Emulation Cable Signals What Is Modem Emulation?What Is Modem Emulation? Modes of Operation Common User Scenarios for Modem Emulation User Scenario Diagram a User Scenario Diagram B Outgoing Modem Emulation Connection Connection Scenarios for Modem EmulationIncoming Modem Emulation Connection Modem Emulation Pooling Accepted But Ignored AT Commands About the Commands in this Chapter Emulation configuration scenario Modem Emulation AT Command SetFunction Result Command Code Modem Emulation Commands 265 Function Result Command Register Definitions Register Function Range Units Default Register Function Range Units Default Result Codes Emulation commandsShort Long Form 270 Modem Emulation Commands D e ESP GRE PSK Self user permission 198 Snmp