Manuals / Digi / Computer Equipment / Network Router

Digi 90000566_H manual Isakmp options, Mode=isakmp, Sharedkey=ascii keyhex key

Models: 90000566_H

1 278

Download 278 pages 26.72 Kb

Page 237

set vpn

[isakmp options]

To configure an ISAKMP tunnel, you must configure the settings to match those on the remote VPN server.

mode=isakmp

Indicates that the settings are for a VPN ISAKMP tunnel. ISAKMP tunnels specify a list of proposals, or security policies, in order to negotiate a set of security settings from the remote VPN endpoint.

shared_key={ascii keyhex key}

A key that secures the VPN tunnel. The key can be either an ASCII value using alphanumeric characters or a hexadecimal value prefixed by 0x.

To specify security proposals for VPN ISAKAMP tunnels, see "IKE/ISAKMP SA Phase 2 options" on page 239.

IKE/ISAKMP SA Phase 1 and Phase 2 options

Internet Key Exchange (IKE) negotiates the IPSec security associations (SA). This process requires that the IPSec systems first authenticate themselves to each other and establish ISAKMP (IKE) shared keys. The SAs are relationships between two or more entities or peers that describe how the entities or peers will use security services to communicate securely.

IKE negotiations are handled using two different phases.

•Phase 1 is responsible for creating an authenticated and secure channel between the two peers. Typically, phase one is completed using a Diffie-Hellman exchange using cryptography.

•Phase 2 is then responsible for negotiating the final SAs and generating the required keys and key material for IPSec. This is completed by negotiating one or more sets of security policies, or proposals, between the two peers until a given set is agreed upon by both peers.

Default Security Policies

The security policies that are negotiated and used in securing the SAs include the encryption algorithm, authentication algorithm, and the SA lifetime in seconds. By default, the Digi Cellular Family device includes the following set of defaults. If these settings do not match the VPN and IKE SA configuration of the remote peers or if further policies are required, select Use the following policies to negotiate Internet Key Exchange (IKE) security settings and add one or more security policies.

Encryption	Authentication	SA Lifetime

3-DES (192-bit)	SHA1	86400 seconds

Chapter 2 Command Descriptions

237

Image 237

Digi 90000566_H manual Isakmp options, Mode=isakmp, Sharedkey=ascii keyhex key, Encryption Authentication SA Lifetime

Contents

Digi Connect Family Page Chapter Introduction Chapter Command DescriptionsContents Modem Emulation Commands Who 258Index 271 Contents Chapter T r o d u c t i o nQuick Reference for Configuring Features Quick Reference for Configuring FeaturesFeature/Task Commands Guide Feature/Task Commands Access the Command Line Configure an IP AddressAccess the Command Line Basic Command Information Escape Processed as Sequence Entering Special Characters in String ValuesEscape Sequences for Special Characters Length Limitations on String ValuesIdentifying the User Model for Your Digi Connect Product User Models and User Permissions in Digi Connect ProductsOne-user Model Two-user ModelIncreasing Security for Digi Device Users Login Suppression FeatureUser Models and User Permissions in Digi Connect Products Verifying Device Support for Commands Verifying Device Support for CommandsFrom=serveripaddressfilename To=serveripaddressfilenameBoot Host ip addressLoad file See also ExamplesSession Type Default Escape Keys CloseConnection number Serial port Ip address DhcpserverDisplay Dhcp server status Assigned expired Assigned activeReserved active Reserved inactiveReleased Offered pre-leaseUnavailable Address Set dhcpserver onDisplay Options Accesscontrol ArpBuffers Ddns DeviceGpio MemorySerial SwitchesSockets SpdDisplay Virtual Private Network VPN status information Display device informationState OutputIp address Primary dns addrReset status No service Last reset reasonAdministrative Non-administrativeSession successes Lcp echo requestsSession failures Session consecutive failuresTotal bypasses Total link down requestsTail=number Display buffersTftp=serverfilename ServerDisplay port buffering information on the screen Set buffer onOutput buffering information to a Tftp server Output multi-port buffering information to a Tftp serverExit Displaying Online Help on Help and ? help and ?Info EthernetIcmp Statistics, see Output on Displays statistics from the wireless Ethernet wlan tableDisplays statistics from the TCP table Displays statistics from the UDP tableStatistic Description Ethernet statisticsIcmp statistics IP statistics Serial statistics UDP statistics TCP statisticsWireless Wlan statistics Display Icmp statistics Kill RangeConnection id Options Binary=onoffCrmod=onoff Newpass Id=numberName=string Count=0n IpaddressInterval=milliseconds Size=bytesProvision Enter phone numbers as numbers only with no dashes Given youDisplay current provisioning parameters Manually provision the module for a SIP-only networkNai=network access id Spc=service programming code MSLMdn=mobile directory number Min=mobile ID numberPriha=primary host agent IP address Ha=home addressSecha=secondary host agent IP address Hass=host agent shared secretType=iota Type=otaspOtaspnumber= Otasp number for example, *228 Program args Tftp server ipfilenameQuit =serial port s=session Auth command. The revert auth command revert authentication Revert multiple settingsRevert TimeOptions all AlarmAuth Autoconnect port=rangeEkahau LoginForwarding HostPmodem port=range ServicePppoutbound port=range Profile port=rangePhase1 Vpn allglobaltunnelphase1phase2Phase2 WirelessUser=user name -luser name Options EscSend Options Enabled=onoff Set accesscontrolOff Autoaddsubnets=onoffNetmask 255.255.255.0 to access this device server Subnets will be allowed to access this device serverSubnip1-32=ipaddress Subnmask1-32= maskConfigure alarms with general options applies to all alarms Set alarmConfigure alarms for a range set multiple alarms Devices supported Purpose Required permissions SyntaxConfigure alarms based on mobile signal strength GSM Configure alarms based on data pattern matchingConfigure alarms based on signal strength Cdma Configure alarms based on mobile temperatureMailserverip=ipaddress State= onoffFrom=string Cwm=onoffCc=string To=string Pins=list of pins Highpins=list of highpinsLowpins=list of lowpins Reminderinterval=seconds Reminder=onoffTriggerinterval=seconds Mode=matchTime=max time Celldata=byte count thresholdMode=mobiletemp Mode=configchangeMode=1xevdounavail Mode=mobileunavailSet alarm #1 mode to Gpio mode Error conditions triggering alarmsSet alarm #1 to designate which pins trigger alarm Enable alarm #1Set alarm Turn alarm #10 on Gpio input, Gpio output, or standard serialSet snmp on Set autoconnect Rlogin Service=rawrloginssltelnetState=onoff Trigger=alwaysdatadcddsrstringDescription=string Nodelay=onoffIpaddress=ipaddress Ipport=ipportSet network on Network IP destination when data arrives on the serial portSet serial on Set tcpserial onSet bsc Serialmode=bisync3270bisync3275 State=disabledenabledBaudrate=baud rateexternalclock Baud rateTextconversion=onoff Codeset=asciiebcdicPollingaddress=0x followed by 2 hex digits Selectionaddress=0x followed by 2 hex digitsRxtimeout=milliseconds Poweronmessage=0x followed by up to 64 hex digits Noresponsemessage=0x followed by up to 64 hex digitsTxretries option Options Clear PortSize Data will not be buffered and all data will be cleared from On mode and the buffer size to 64 kilobytesBuffer PauseRegistered with that service Update requests will be rejectedFor a user to display Dynamic DNS settings set permissions Ddnsupdater=readDisabled Service=disableddyndnsorgAction=updatenowclearstatus UpdatenowStandardhttp Ddpassword=passwordAlternatehttp SecurehttpDynamic DNS service NochgDisplay on Command. See dhcpserver on User interface’s Network Configuration settingsFor a user to display Dhcp server settings set permissions Set dhcpserver set dhcpserverAction=setrevert Item=scopeSet RevertStartip=ip address Offerdelay=0-5000Endip=ip address Leasetime=timeinfiniteRange=1-16all Item=reservationIp=ip address Clientid=client MAC addressItem=exclusion Range=1-4allFirst address in the exclusion block Disable all reservations that were previously added Using the web UIIP address, which is the purpose of a reservation Is, reservations override exclusions102 Command Descriptions Web user interface, the online help for Network Settings Dhcpserver onDhcp terminology and managing Dhcp server operation Set ekahau set ekahau Wireless deviceDigi Connect Wi-EM only Proprietary hardware componentsId=device id Server=hostnameip addressName=device name Set identifiers Enable Ekahau ClientOptions Duplex Set ethernetHalf Full100 SpeedPrivileges Set forwardingStaticrouteindex=1-8 Options ipforwarding=onoffAction=addchangedelete AddMask=subnet mask Net=destination ip addressGateway=ip address Metric=1-16Settings under Network Configuration Routing informationSet nat on Devices supported Purpose Set gpioOptions Range=1-n Mode=serialinputoutputSignals Pin Number Default Serial Signal Signal DirectionMessages or Snmp traps when Gpio pins change Default serial signal settings for Gpio pinsOptions Add Set groupRemove Id=rangeDefaultaccess=nonecommandlinemenu Commandline=onoffCommandline Name= stringPermissions Examples DefaultOptions Name=name Device supportSet ia Configure network-based masters set ia master Configure serial-port connected devices set ia serialSerial settings, which include Instead of a set ia command with no optionsSerial= range Serial optionsChartimeout=3-99999 ms applies to master or slave Slavetimeout=10-99999 ms applies to slave onlyIdletimeout=0=disabled1-99000 seconds Table=1..8 applies to master onlyMedium Priority=highmediumlowModbus options Chartimeout=3-99000 ms Modbusrtu Modbusascii Modbustcp Messagetimeout=100-99000 msMaster=range Type=tcpudp126 Command Descriptions Addroute=route index Table optionsMoveroute=fromrouteindex,torouteindex Route optionsPort=serial port Mapto=protocol address Configuration settings in the Web user interface Settings for the Digi Connect WAN IARevert on page 61. The revert ia command options revert any Existing IA configuration settingsOptions Suppress=onoff Set loginQuitkey=key Previouskey=key Quitlabel=stringPreviouslabel=string Presskeylabel=stringSortby=nonekeylabel Title=string subtitle=stringKey LabelHorizontal Direction=horizontalverticalVertical Item=1-32Submenu=string Command=stringMenu displayed to the user upon selecting the menu item Contains spaces, enclose it in double quotesSet mgmtconnection Timedperiod=period Lkaupdateenabled=onoffTimedoffset=immediateoneperiodrandomtime ImmediateRetry timeout interval feature Clntreconntimeout=nonetimeoutDisplay current connection settings Set values for the client connectionSet mgmtglobal Settings set permissions s-mgmtglobal=rwSet permissions s-mgmtglobal=read Options Deviceid=hex stringRcicompressionenabled=onoff Tcpnodelayenabled=onoffTcpkeepalivesenabled=onoff Revertdeviceid Connidletimeout=nonetimeout valueOptions Networktype=modempppethernet802.11 Set mgmtnetworkModemppp 802.11Proxypassword=string Proxylogin=stringConnectionmethod=autononemtmdhproxy MdhMdhrxkeepalive=time Mtwaitcount=countMdhtxkeepalive=time Mdhwaitcount=countSettings set permissions s-router=rw Protocol forwarding settingsSet nat set nat Supported arePoenabled1-64=onoff Prenabled1-4=onoffMaxentries=64-1024 Prnumber1-4=greespPocount=1-64=number of ports in range, minimum Poproto1-64=tcpudpPoexternal1-64=number of ports in range, minimum Pointernal1-64=number of ports in range, minimumSet network Setting user permissions for commandsNetwork level WhereIp=device ip address Ip address optionsGateway=gateway ip Submask=device submaskTCP retransmit options TCP keepalive optionsARP options Arpttl=1-20 minutesGarp=30-3600 seconds Set passthrough Remote Device Management and IP Pass-through Using Pinholes to Manage the Digi Cellular Family DeviceHttp=passterminate Options State=enableddisabledHttps=passterminate Telnet=passterminateConnectware=passterminate Surelink=passterminatePing=passterminate On page 14 for more information Set permissionsHelp Permission descriptionsSet permissions Boot=noneexecute Backup=noneexecuteExecute SelfAccesscontrol=nonereadrw Rlogin=noneexecuteConnect=noneexecute Dhcpserver=noneexecuteDdnsupdater=nonereadrw Alarm=nonereadrwLogin=nonereadrw Autoconnect=noner-selfreadrw-selfw-self-rrwPermissions=nonereadrw Service=nonereadrwPmodem=noner-selfreadrw-selfw-self-rrw Ppp=nonereadrwVpn=nonereadrw User=nonereadrwWlan=nonereadrw Status=nonereadrwDisables modem emulation Enables modem emulationConfigure modem emulation Display modem-emulation settingsDisables Telnet processing Enables Telnet processingModem Emulation Commands for descriptions of Digi Specific commands for modem-emulation configurationsSet pppoutbound Pap Authmethod=nonePAPCHAPbothChap BothAddressmask=ip address mask Defaultgateway=yesnoProtocolcompression=onoff Addresscompression=onoffLcpkaquiettime=10-86400 seconds Lcpkeepalive=onoffAsyncmap=hex string 000A0000N1-4=phonenumber Ipcpdnsenabled=onoff Loginscript=chat scriptDisplay pppstats command displays the current status of PPP Dialscript=chat scriptPort as a console to access the command line interface Or displays the current port-profile settingsSet profile set profile Option’s descriptionOptions Port=port LocalconfigProfile=profile ConsolemanagementTcpsockets TunnelingUdpsockets Displays current terminal-emulation settings Set puttyFor it to process Height=10-60 Width=80132Hostport=/com/0/com/1/vcom/0 Keyboardport=/com/0/com/1No KeyboardBlock Cursortype=noneblockunderlineverticalUnderline Blinkcursor=onoffCharacterset=host charset Character Set name Description Set putty Complete list of allowed character sets isKey mapping terminal emulation options Keymaprange=1-32 Deletekeymaprange=1-32Inseq=00-FF Outseq=00-FFWould enter Emulation settingsNow, to delete the first 2 entries One enterCommand=filename Set pythonOptions Range=1 Options State Set realport Options Keepalive=onoffExclusive=onoff Probecount, probeinterval, garbagebyte, and overridedhcp Set service keepalive=onoff, or clients such as autoconnectSet rtstoggle Postdelay=delay Predelay=delayAltpin=onoff Set serialCsize=5678 Baudrate=bpsFlowcontrol=hardwaresoftwarenone HardwareSet service Options Range= rangeIpport=network port Delayedack=0-1000 Base network port number + serial port number Port Number Service Services Provided NetworkCommand Descriptions 195 Index numbers and changing default port numbers Service table Device is configured for IP passthroughSet surelink on Options Trapdestip=ipaddress Setsenabled=onoffPubliccommunity=string Privatecommunity=stringAuthfailtrap=onoff Logintrap=onoffColdstarttrap=onoff Linkuptrap=onoffDisplay current socket tunnel settings Configure a socket tunnelSet sockettunnel End initiated the tunnelToport=port number Fromport=port numberSet surelink set surelink Connection-failure settings can be disabled as wellPing Test TCP Connection TestSystemresetconnectfailures=1-2550=off Moduleresetconnectfailures=1-2550=offDisplay current SureLink settings Options for Hardware reset thresholdsPing Test=pingtcpdnsDns Trigger=intervalidleInterval Ipport=1-65535 Interval=10-65535Dnsfqdn1=dns fqdn Dnsfqdn2=dns fqdnStatistics on page 35 for descriptions of these statistics Display pppstats command displays connection and activityConfigure MEI settings Set switches set switchesDisplay current MEI settings UsedOptions Range=range Wires=twofourMode=232485 232Current switch settings Display on page 27. The display switches command displaysRevert on page 61. The revert switches command reverts Set switches configurationOptions Description=string Set systemLocation=string Contact=stringThis command affects the following TCP serial connections Serial settingsConnections made using the autoconnect feature For a user to display the TCP serial settings for any lineSidstring=socketid string Endpattern=string Sendtime=01-65535msStrippattern=onoff Revert on Show onConfigure terminal settings Command line of the deviceDisplay current terminal settings Set termFor a user to display the UDP serial settings for any line Another service, the data will be sent to the serial portConnect WAN and ConnectPort Display Are logged in set permissions s-udpserial=r-selfPort= range Sendcount= bytesSendtime=0 time Sidstring=string Clostime=timeRange=1-64 UDP port of the destination to which data is sent UDP serial settingsIdentifies the range of UDP destinations to be displayed Data to be sent on to the network destinationDisplay user configuration attributes Change user configuration attributesFor a user to display user configuration attributes For a user to display and set user configuration attributesAssociate Maximum of 32 users can be definedTwo groups DisassociateUser cannot use group access rights Default is off Groupaccess=onoffUser is not allowed to access the custom menu interface Gid=numberDefaultgroup=nonegidgname Defaultaccess=nonecommandlinemenugroupGroup GidPublickey=tftphostfilenameclear TftphostfilenameTftphost Splashtime=0-30 seconds Set videoPassword=vnc server password Server=vnc server ipaddrdns namePort=vnc server network port Configured globally Server services are enabled and disabled by the set serviceRemote Access VNC Client Settings VPN Settings and VPN Tunnel Settings Security associations SAs Display current VPN settingsSet IKE/ISAKMP SA Phase 1 Options Set IKE/ISAKMP SA Phase 2 OptionsDisplay current VPN settings Identity=fqdnuser fqdnip address Identity=ip-address Dhgroup=125Pfs=onoff Tunnel options Name=tunnel nameNewname=tunnel name Manually-keyed options Remotevpnendpoint=fqdnip addressMode=manually-keyed Inboundspi=256Md5 Inboundauthentication=nonemd5sha1Sha1 Inboundauthkey=ascii keyhex keyInboundenckey=ascii keyhex key Outboundauthentication=nonemd5sha1Outboundspi=256 Outboundauthkey=ascii keyhex keyIsakmp options Encryption Authentication SA LifetimeMode=isakmp Sharedkey=ascii keyhex keyAuthentication=md5sha1 Set vpn phase1Authmethod=sharedkeydssrsa SharedkeySalifetime=10-232 Set vpn phase2Salifetimedata=0-232 Tunnel=1-2Encryption=nonedes3desaes Authentication=nonemd5sha1Salifetime=60-232 Salifetimedata=0 232 kilobytesConfiguring SettingsSet wlan PSK Authentication methods and associated data fieldsInner and outer protocols Configure wireless settingsSsid=string Open Authentication=Wepauth WpapskWep Encryption=open,wep,tkip,ccmp,anyTkip CcmpGtc Password=stringMschapv2 OtpWepkeyN=hex string Psk=stringUser permissions for commands Issued to the deviceSettings... column to go to the command descriptions ShowShow Command Descriptions 251 Configuration table entry or range of entries Display network configuration settingsDisplay settings for a particular user Command Descriptions 253 Session number Telnet Ip addrTcp port Options Statusconnectdisconnect ConnectDisconnect Set vpn on page 228. The set vpn command configures VPN This command enables the tunnel at index 1 to be usedThis command Connections Management page in the Web user interface fromWho who To set permissions who=execute to use this command. SeeDisplays active connections to and from the device None at this timeModem Emulation Cable Signals What Is Modem Emulation?What Is Modem Emulation? Modes of OperationCommon User Scenarios for Modem Emulation User Scenario Diagram aUser Scenario Diagram B Outgoing Modem Emulation Connection Connection Scenarios for Modem EmulationIncoming Modem Emulation Connection Modem Emulation PoolingAccepted But Ignored AT Commands About the Commands in this ChapterModem Emulation AT Command Set Emulation configuration scenarioFunction Result Command Code Modem Emulation Commands 265 Function Result CommandRegister Definitions Register Function Range Units DefaultRegister Function Range Units Default Emulation commands Result CodesShort Long Form 270 Modem Emulation Commands D e ESP GRE PSK Self user permission 198 Snmp