Manuals / Digi / Computer Equipment / Network Router

Digi 90000566_H manual Set vpn phase1, Authmethod=sharedkeydssrsa, Sharedkey, Dss, Rsa

Models: 90000566_H

1 278

Download 278 pages 26.72 Kb

Page 238

set vpn

IKE/ISAKMP SA Phase 1 options

set vpn phase1

Specifies that the “set vpn” command is for configuring a VPN Phase 1 options.

index=1-2

The index number for an existing VPN tunnel.

state={enableddisabled}

Whether the VPN tunnel is enabled or disabled. You can use this option when creating several tunnels, where only one would be used initially. In that case, you would add a disabled tunnel for future use and enable it on a subsequent “set vpn” command.

auth_method={shared_keydssrsa}

The authentication method used by the VPN tunnel.

shared_key

Authentication is performed by using a key that secures the VPN tunnel, where the key is either an ASCII alphanumeric value or a hexadecimal value.

dss

Authentication is performed using Digital Signature Standard (DSS).

rsa

Authentication is performed using RSA, which uses a combination of sender’s and receiver’s public and private keys.

authentication={md5sha1}

The authentication algorithm used in IKE negotiations to authenticate the IKE peers and Security Associations (SAs).

md5

MD5 authentication algorithm, which uses 128-bit keys.

sha1

SHA1 authentication algorithm, which uses 160-bit keys.

encryption={des3desaes}

The encryption algorithm used in IKE negotiations for encrypting data.

des

DES encryption algorithm, which uses 64-bit keys.

3des

3DES encryption algorithm, which uses 192-bit keys.

aes

AES encryption algorithm, which uses 128-bit keys.

encryption_size={0128192256}

The encryption key length, in bits, used in IKE negotiations for encrypting data. The key length is based on the encryption algorithm and is used to calculate and create the shared key.

238	Chapter 2 Command Descriptions

Image 238

Digi 90000566_H manual Set vpn phase1, Authmethod=sharedkeydssrsa, Sharedkey, Dss, Rsa, Authentication=md5sha1

Contents

Digi Connect Family Page Chapter Command Descriptions Chapter IntroductionContents Who 258 Modem Emulation CommandsIndex 271 Contents T r o d u c t i o n ChapterQuick Reference for Configuring Features Quick Reference for Configuring FeaturesFeature/Task Commands Guide Feature/Task Commands Configure an IP Address Access the Command LineAccess the Command Line Basic Command Information Escape Sequences for Special Characters Entering Special Characters in String ValuesEscape Processed as Sequence Length Limitations on String ValuesOne-user Model User Models and User Permissions in Digi Connect ProductsIdentifying the User Model for Your Digi Connect Product Two-user ModelLogin Suppression Feature Increasing Security for Digi Device UsersUser Models and User Permissions in Digi Connect Products Verifying Device Support for Commands Verifying Device Support for CommandsTo=serveripaddressfilename From=serveripaddressfilenameHost ip address BootLoad file Examples See alsoClose Session Type Default Escape KeysConnection number Serial port Dhcpserver Ip addressDisplay Dhcp server status Reserved active Assigned activeAssigned expired Reserved inactiveUnavailable Address Offered pre-leaseReleased Set dhcpserver onDisplay Arp Options AccesscontrolBuffers Gpio DeviceDdns MemorySockets SwitchesSerial SpdDisplay device information Display Virtual Private Network VPN status informationIp address OutputState Primary dns addrReset status Administrative Last reset reasonNo service Non-administrativeSession failures Lcp echo requestsSession successes Session consecutive failuresTotal link down requests Total bypassesTftp=serverfilename Display buffersTail=number ServerOutput buffering information to a Tftp server Set buffer onDisplay port buffering information on the screen Output multi-port buffering information to a Tftp serverExit Help and ? help and ? Displaying Online Help onEthernet InfoIcmp Displays statistics from the TCP table Displays statistics from the wireless Ethernet wlan tableStatistics, see Output on Displays statistics from the UDP tableEthernet statistics Statistic DescriptionIcmp statistics IP statistics Serial statistics TCP statistics UDP statisticsWireless Wlan statistics Display Icmp statistics Range KillConnection id Binary=onoff OptionsCrmod=onoff Id=number NewpassName=string Interval=milliseconds IpaddressCount=0n Size=bytesProvision Display current provisioning parameters Given youEnter phone numbers as numbers only with no dashes Manually provision the module for a SIP-only networkMdn=mobile directory number Spc=service programming code MSLNai=network access id Min=mobile ID numberSecha=secondary host agent IP address Ha=home addressPriha=primary host agent IP address Hass=host agent shared secretType=otasp Type=iotaOtaspnumber= Otasp number for example, *228 Tftp server ipfilename Program argsQuit =serial port s=session Revert Revert multiple settingsAuth command. The revert auth command revert authentication TimeAuth AlarmOptions all Autoconnect port=rangeForwarding LoginEkahau HostPppoutbound port=range ServicePmodem port=range Profile port=rangePhase2 Vpn allglobaltunnelphase1phase2Phase1 WirelessOptions Esc User=user name -luser nameSend Off Set accesscontrolOptions Enabled=onoff Autoaddsubnets=onoffSubnip1-32=ipaddress Subnets will be allowed to access this device serverNetmask 255.255.255.0 to access this device server Subnmask1-32= maskConfigure alarms for a range set multiple alarms Set alarmConfigure alarms with general options applies to all alarms Devices supported Purpose Required permissions SyntaxConfigure alarms based on signal strength Cdma Configure alarms based on data pattern matchingConfigure alarms based on mobile signal strength GSM Configure alarms based on mobile temperatureFrom=string State= onoffMailserverip=ipaddress Cwm=onoffCc=string To=string Highpins=list of highpins Pins=list of pinsLowpins=list of lowpins Triggerinterval=seconds Reminder=onoffReminderinterval=seconds Mode=matchCelldata=byte count threshold Time=max timeMode=1xevdounavail Mode=configchangeMode=mobiletemp Mode=mobileunavailSet alarm #1 to designate which pins trigger alarm Error conditions triggering alarmsSet alarm #1 mode to Gpio mode Enable alarm #1Gpio input, Gpio output, or standard serial Set alarm Turn alarm #10 onSet snmp on Set autoconnect State=onoff Service=rawrloginssltelnetRlogin Trigger=alwaysdatadcddsrstringIpaddress=ipaddress Nodelay=onoffDescription=string Ipport=ipportSet serial on Network IP destination when data arrives on the serial portSet network on Set tcpserial onSet bsc Baudrate=baud rateexternalclock State=disabledenabledSerialmode=bisync3270bisync3275 Baud ratePollingaddress=0x followed by 2 hex digits Codeset=asciiebcdicTextconversion=onoff Selectionaddress=0x followed by 2 hex digitsRxtimeout=milliseconds Noresponsemessage=0x followed by up to 64 hex digits Poweronmessage=0x followed by up to 64 hex digitsTxretries option Port Options ClearSize Buffer On mode and the buffer size to 64 kilobytesData will not be buffered and all data will be cleared from PauseFor a user to display Dynamic DNS settings set permissions Update requests will be rejectedRegistered with that service Ddnsupdater=readAction=updatenowclearstatus Service=disableddyndnsorgDisabled UpdatenowAlternatehttp Ddpassword=passwordStandardhttp SecurehttpNochg Dynamic DNS serviceDisplay on For a user to display Dhcp server settings set permissions User interface’s Network Configuration settingsCommand. See dhcpserver on Set dhcpserver set dhcpserverSet Item=scopeAction=setrevert RevertEndip=ip address Offerdelay=0-5000Startip=ip address Leasetime=timeinfiniteIp=ip address Item=reservationRange=1-16all Clientid=client MAC addressRange=1-4all Item=exclusionFirst address in the exclusion block IP address, which is the purpose of a reservation Using the web UIDisable all reservations that were previously added Is, reservations override exclusions102 Command Descriptions Dhcpserver on Web user interface, the online help for Network SettingsDhcp terminology and managing Dhcp server operation Digi Connect Wi-EM only Wireless deviceSet ekahau set ekahau Proprietary hardware componentsServer=hostnameip address Id=device idName=device name Enable Ekahau Client Set identifiersHalf Set ethernetOptions Duplex FullSpeed 100Set forwarding PrivilegesAction=addchangedelete Options ipforwarding=onoffStaticrouteindex=1-8 AddGateway=ip address Net=destination ip addressMask=subnet mask Metric=1-16Routing information Settings under Network ConfigurationSet nat on Options Range=1-n Set gpioDevices supported Purpose Mode=serialinputoutputMessages or Snmp traps when Gpio pins change Pin Number Default Serial Signal Signal DirectionSignals Default serial signal settings for Gpio pinsRemove Set groupOptions Add Id=rangeCommandline Commandline=onoffDefaultaccess=nonecommandlinemenu Name= stringDefault Permissions ExamplesDevice support Options Name=nameSet ia Configure serial-port connected devices set ia serial Configure network-based masters set ia masterSerial= range Instead of a set ia command with no optionsSerial settings, which include Serial optionsIdletimeout=0=disabled1-99000 seconds Slavetimeout=10-99999 ms applies to slave onlyChartimeout=3-99999 ms applies to master or slave Table=1..8 applies to master onlyPriority=highmediumlow MediumModbus options Master=range Modbusrtu Modbusascii Modbustcp Messagetimeout=100-99000 msChartimeout=3-99000 ms Type=tcpudp126 Command Descriptions Moveroute=fromrouteindex,torouteindex Table optionsAddroute=route index Route optionsPort=serial port Mapto=protocol address Revert on page 61. The revert ia command options revert any Settings for the Digi Connect WAN IAConfiguration settings in the Web user interface Existing IA configuration settingsSet login Options Suppress=onoffQuitkey=key Previouslabel=string Quitlabel=stringPreviouskey=key Presskeylabel=stringKey Title=string subtitle=stringSortby=nonekeylabel LabelVertical Direction=horizontalverticalHorizontal Item=1-32Menu displayed to the user upon selecting the menu item Command=stringSubmenu=string Contains spaces, enclose it in double quotesSet mgmtconnection Timedoffset=immediateoneperiodrandomtime Lkaupdateenabled=onoffTimedperiod=period ImmediateDisplay current connection settings Clntreconntimeout=nonetimeoutRetry timeout interval feature Set values for the client connectionSet permissions s-mgmtglobal=read Settings set permissions s-mgmtglobal=rwSet mgmtglobal Options Deviceid=hex stringTcpnodelayenabled=onoff Rcicompressionenabled=onoffTcpkeepalivesenabled=onoff Connidletimeout=nonetimeout value RevertdeviceidModemppp Set mgmtnetworkOptions Networktype=modempppethernet802.11 802.11Connectionmethod=autononemtmdhproxy Proxylogin=stringProxypassword=string MdhMdhtxkeepalive=time Mtwaitcount=countMdhrxkeepalive=time Mdhwaitcount=countSet nat set nat Protocol forwarding settingsSettings set permissions s-router=rw Supported areMaxentries=64-1024 Prenabled1-4=onoffPoenabled1-64=onoff Prnumber1-4=greespPoexternal1-64=number of ports in range, minimum Poproto1-64=tcpudpPocount=1-64=number of ports in range, minimum Pointernal1-64=number of ports in range, minimumNetwork level Setting user permissions for commandsSet network WhereGateway=gateway ip Ip address optionsIp=device ip address Submask=device submaskTCP keepalive options TCP retransmit optionsArpttl=1-20 minutes ARP optionsGarp=30-3600 seconds Set passthrough Using Pinholes to Manage the Digi Cellular Family Device Remote Device Management and IP Pass-throughHttps=passterminate Options State=enableddisabledHttp=passterminate Telnet=passterminateSurelink=passterminate Connectware=passterminatePing=passterminate Help Set permissionsOn page 14 for more information Permission descriptionsSet permissions Execute Backup=noneexecuteBoot=noneexecute SelfConnect=noneexecute Rlogin=noneexecuteAccesscontrol=nonereadrw Dhcpserver=noneexecuteLogin=nonereadrw Alarm=nonereadrwDdnsupdater=nonereadrw Autoconnect=noner-selfreadrw-selfw-self-rrwPmodem=noner-selfreadrw-selfw-self-rrw Service=nonereadrwPermissions=nonereadrw Ppp=nonereadrwWlan=nonereadrw User=nonereadrwVpn=nonereadrw Status=nonereadrwConfigure modem emulation Enables modem emulationDisables modem emulation Display modem-emulation settingsModem Emulation Commands for descriptions of Digi Enables Telnet processingDisables Telnet processing Specific commands for modem-emulation configurationsSet pppoutbound Chap Authmethod=nonePAPCHAPbothPap BothProtocolcompression=onoff Defaultgateway=yesnoAddressmask=ip address mask Addresscompression=onoffAsyncmap=hex string Lcpkeepalive=onoffLcpkaquiettime=10-86400 seconds 000A0000N1-4=phonenumber Display pppstats command displays the current status of PPP Loginscript=chat scriptIpcpdnsenabled=onoff Dialscript=chat scriptSet profile set profile Or displays the current port-profile settingsPort as a console to access the command line interface Option’s descriptionProfile=profile LocalconfigOptions Port=port ConsolemanagementTunneling TcpsocketsUdpsockets Set putty Displays current terminal-emulation settingsFor it to process Hostport=/com/0/com/1/vcom/0 Width=80132Height=10-60 Keyboardport=/com/0/com/1No KeyboardUnderline Cursortype=noneblockunderlineverticalBlock Blinkcursor=onoffCharacterset=host charset Set putty Complete list of allowed character sets is Character Set name DescriptionKey mapping terminal emulation options Inseq=00-FF Deletekeymaprange=1-32Keymaprange=1-32 Outseq=00-FFNow, to delete the first 2 entries Emulation settingsWould enter One enterSet python Command=filenameOptions Range=1 Options State Options Keepalive=onoff Set realportExclusive=onoff Set service keepalive=onoff, or clients such as autoconnect Probecount, probeinterval, garbagebyte, and overridedhcpSet rtstoggle Predelay=delay Postdelay=delaySet serial Altpin=onoffFlowcontrol=hardwaresoftwarenone Baudrate=bpsCsize=5678 HardwareOptions Range= range Set serviceIpport=network port Delayedack=0-1000 Base network port number + serial port number Service Services Provided Network Port NumberCommand Descriptions 195 Index numbers and changing default port numbers Device is configured for IP passthrough Service tableSet surelink on Publiccommunity=string Setsenabled=onoffOptions Trapdestip=ipaddress Privatecommunity=stringColdstarttrap=onoff Logintrap=onoffAuthfailtrap=onoff Linkuptrap=onoffSet sockettunnel Configure a socket tunnelDisplay current socket tunnel settings End initiated the tunnelFromport=port number Toport=port numberPing Test Connection-failure settings can be disabled as wellSet surelink set surelink TCP Connection TestDisplay current SureLink settings Moduleresetconnectfailures=1-2550=offSystemresetconnectfailures=1-2550=off Options for Hardware reset thresholdsTest=pingtcpdns PingTrigger=intervalidle DnsInterval Dnsfqdn1=dns fqdn Interval=10-65535Ipport=1-65535 Dnsfqdn2=dns fqdnDisplay pppstats command displays connection and activity Statistics on page 35 for descriptions of these statisticsDisplay current MEI settings Set switches set switchesConfigure MEI settings UsedMode=232485 Wires=twofourOptions Range=range 232Revert on page 61. The revert switches command reverts Display on page 27. The display switches command displaysCurrent switch settings Set switches configurationLocation=string Set systemOptions Description=string Contact=stringConnections made using the autoconnect feature Serial settingsThis command affects the following TCP serial connections For a user to display the TCP serial settings for any lineSidstring=socketid string Strippattern=onoff Sendtime=01-65535msEndpattern=string Revert on Show onDisplay current terminal settings Command line of the deviceConfigure terminal settings Set termConnect WAN and ConnectPort Display Another service, the data will be sent to the serial portFor a user to display the UDP serial settings for any line Are logged in set permissions s-udpserial=r-selfSendcount= bytes Port= rangeSendtime=0 time Clostime=time Sidstring=stringRange=1-64 Identifies the range of UDP destinations to be displayed UDP serial settingsUDP port of the destination to which data is sent Data to be sent on to the network destinationFor a user to display user configuration attributes Change user configuration attributesDisplay user configuration attributes For a user to display and set user configuration attributesTwo groups Maximum of 32 users can be definedAssociate DisassociateUser is not allowed to access the custom menu interface Groupaccess=onoffUser cannot use group access rights Default is off Gid=numberGroup Defaultaccess=nonecommandlinemenugroupDefaultgroup=nonegidgname GidTftphostfilename Publickey=tftphostfilenameclearTftphost Set video Splashtime=0-30 secondsServer=vnc server ipaddrdns name Password=vnc server passwordPort=vnc server network port Server services are enabled and disabled by the set service Configured globallyRemote Access VNC Client Settings VPN Settings and VPN Tunnel Settings Display current VPN settings Security associations SAsSet IKE/ISAKMP SA Phase 2 Options Set IKE/ISAKMP SA Phase 1 OptionsDisplay current VPN settings Identity=fqdnuser fqdnip address Dhgroup=125 Identity=ip-addressPfs=onoff Name=tunnel name Tunnel optionsNewname=tunnel name Mode=manually-keyed Remotevpnendpoint=fqdnip addressManually-keyed options Inboundspi=256Sha1 Inboundauthentication=nonemd5sha1Md5 Inboundauthkey=ascii keyhex keyOutboundspi=256 Outboundauthentication=nonemd5sha1Inboundenckey=ascii keyhex key Outboundauthkey=ascii keyhex keyMode=isakmp Encryption Authentication SA LifetimeIsakmp options Sharedkey=ascii keyhex keyAuthmethod=sharedkeydssrsa Set vpn phase1Authentication=md5sha1 SharedkeySalifetimedata=0-232 Set vpn phase2Salifetime=10-232 Tunnel=1-2Salifetime=60-232 Authentication=nonemd5sha1Encryption=nonedes3desaes Salifetimedata=0 232 kilobytesSettings ConfiguringSet wlan Authentication methods and associated data fields PSKConfigure wireless settings Inner and outer protocolsSsid=string Wepauth Authentication=Open WpapskTkip Encryption=open,wep,tkip,ccmp,anyWep CcmpMschapv2 Password=stringGtc OtpPsk=string WepkeyN=hex stringSettings... column to go to the command descriptions Issued to the deviceUser permissions for commands ShowShow Command Descriptions 251 Display network configuration settings Configuration table entry or range of entriesDisplay settings for a particular user Command Descriptions 253 Session number Ip addr TelnetTcp port Connect Options StatusconnectdisconnectDisconnect This command This command enables the tunnel at index 1 to be usedSet vpn on page 228. The set vpn command configures VPN Connections Management page in the Web user interface fromDisplays active connections to and from the device To set permissions who=execute to use this command. SeeWho who None at this timeWhat Is Modem Emulation? What Is Modem Emulation?Modem Emulation Cable Signals Modes of OperationUser Scenario Diagram a Common User Scenarios for Modem EmulationUser Scenario Diagram B Incoming Modem Emulation Connection Connection Scenarios for Modem EmulationOutgoing Modem Emulation Connection Modem Emulation PoolingAbout the Commands in this Chapter Accepted But Ignored AT CommandsEmulation configuration scenario Modem Emulation AT Command SetFunction Result Command Code Modem Emulation Commands 265 Command Function ResultRegister Function Range Units Default Register DefinitionsRegister Function Range Units Default Result Codes Emulation commandsShort Long Form 270 Modem Emulation Commands D e ESP GRE PSK Self user permission 198 Snmp