Manuals / Digi / Computer Equipment / Network Router

Digi 90000566_H Salifetime=10-232, Salifetimedata=0-232, Set vpn phase2, Tunnel=1-2, Proposal=1

Models: 90000566_H

1 278

Download 278 pages 26.72 Kb

Page 239

set vpn

sa_lifetime=10-2^32

Determines how long an Security Association (SA) policy is active, in seconds. After the IKE SA has been negotiated, the SA lifetime begins. Once the lifetime has completed, a new set of SA policies are negotiated using IKE phase 2 negotiation.

sa_lifetime_data=0-2^32

The amount of data, in bytes or kilobytes, that is sent and received until the SA is renegotiated. This value is analogous to the SA lifetime. Also known as SA life size.

IKE/ISAKMP SA Phase 2 options

Security policies define the set of security settings for incoming and outgoing traffic used to encrypt and authorize data. One or more sets of settings may be specified. The actual set of negotiated settings depends on the available policies specified by the remote VPN endpoint.

The VPN Phase 2 options are used to configure a set of security policies for ISAKMP tunnels. The settings define the set of encryption and authentication algorithms used for incoming and outgoing traffic over the VPN tunnel.

A security policy can have multiple proposals. For example, a policy can have two proposals so to allow older VPN devices to connect using less- secure methods, while allowing the same policy to have a second (or more) proposal to allow newer, more powerful end-points to use more secure methods.

set vpn phase2

Specifies that the “set vpn” command is for configuring a VPN Phase 2options.

tunnel=1-2

The index number assigned to the VPN tunnel.

name=tunnel name

The name of the VPN tunnel.

proposal=(1- 8)

The index number assigned to the security proposal.

state={enableddisabled}

Whether the VPN tunnel is enabled or disabled. You can use this option when creating several tunnels where only one would be used initially. In that case, you would add a disabled tunnel for future use and enable it on a subsequent “set vpn” command.

Chapter 2 Command Descriptions

239

Image 239

Digi 90000566_H manual Salifetime=10-232, Salifetimedata=0-232, Set vpn phase2, Tunnel=1-2, Proposal=1

Contents

Digi Connect Family Page Chapter Introduction Chapter Command DescriptionsContents Index 271 Modem Emulation CommandsWho 258 Contents Chapter T r o d u c t i o nFeature/Task Commands Quick Reference for Configuring FeaturesQuick Reference for Configuring Features Guide Feature/Task Commands Access the Command Line Access the Command LineConfigure an IP Address Basic Command Information Length Limitations on String Values Entering Special Characters in String ValuesEscape Processed as Sequence Escape Sequences for Special CharactersTwo-user Model User Models and User Permissions in Digi Connect ProductsIdentifying the User Model for Your Digi Connect Product One-user ModelIncreasing Security for Digi Device Users Login Suppression FeatureUser Models and User Permissions in Digi Connect Products Verifying Device Support for Commands Verifying Device Support for CommandsFrom=serveripaddressfilename To=serveripaddressfilenameLoad file BootHost ip address See also ExamplesConnection number Session Type Default Escape KeysClose Serial port Ip address DhcpserverDisplay Dhcp server status Reserved inactive Assigned activeAssigned expired Reserved activeSet dhcpserver on Offered pre-leaseReleased Unavailable AddressDisplay Buffers Options AccesscontrolArp Memory DeviceDdns GpioSpd SwitchesSerial SocketsDisplay Virtual Private Network VPN status information Display device informationPrimary dns addr OutputState Ip addressReset status Non-administrative Last reset reasonNo service AdministrativeSession consecutive failures Lcp echo requestsSession successes Session failuresTotal bypasses Total link down requestsServer Display buffersTail=number Tftp=serverfilenameOutput multi-port buffering information to a Tftp server Set buffer onDisplay port buffering information on the screen Output buffering information to a Tftp serverExit Displaying Online Help on Help and ? help and ?Icmp InfoEthernet Displays statistics from the UDP table Displays statistics from the wireless Ethernet wlan tableStatistics, see Output on Displays statistics from the TCP tableIcmp statistics Statistic DescriptionEthernet statistics IP statistics Serial statistics UDP statistics TCP statisticsWireless Wlan statistics Display Icmp statistics Connection id KillRange Crmod=onoff OptionsBinary=onoff Name=string NewpassId=number Size=bytes IpaddressCount=0n Interval=millisecondsProvision Manually provision the module for a SIP-only network Given youEnter phone numbers as numbers only with no dashes Display current provisioning parametersMin=mobile ID number Spc=service programming code MSLNai=network access id Mdn=mobile directory numberHass=host agent shared secret Ha=home addressPriha=primary host agent IP address Secha=secondary host agent IP addressOtaspnumber= Otasp number for example, *228 Type=iotaType=otasp Program args Tftp server ipfilenameQuit =serial port s=session Time Revert multiple settingsAuth command. The revert auth command revert authentication RevertAutoconnect port=range AlarmOptions all AuthHost LoginEkahau ForwardingProfile port=range ServicePmodem port=range Pppoutbound port=rangeWireless Vpn allglobaltunnelphase1phase2Phase1 Phase2User=user name -luser name Options EscSend Autoaddsubnets=onoff Set accesscontrolOptions Enabled=onoff OffSubnmask1-32= mask Subnets will be allowed to access this device serverNetmask 255.255.255.0 to access this device server Subnip1-32=ipaddressDevices supported Purpose Required permissions Syntax Set alarmConfigure alarms with general options applies to all alarms Configure alarms for a range set multiple alarmsConfigure alarms based on mobile temperature Configure alarms based on data pattern matchingConfigure alarms based on mobile signal strength GSM Configure alarms based on signal strength CdmaCwm=onoff State= onoffMailserverip=ipaddress From=stringCc=string To=string Lowpins=list of lowpins Pins=list of pinsHighpins=list of highpins Mode=match Reminder=onoffReminderinterval=seconds Triggerinterval=secondsTime=max time Celldata=byte count thresholdMode=mobileunavail Mode=configchangeMode=mobiletemp Mode=1xevdounavailEnable alarm #1 Error conditions triggering alarmsSet alarm #1 mode to Gpio mode Set alarm #1 to designate which pins trigger alarmSet snmp on Set alarm Turn alarm #10 onGpio input, Gpio output, or standard serial Set autoconnect Trigger=alwaysdatadcddsrstring Service=rawrloginssltelnetRlogin State=onoffIpport=ipport Nodelay=onoffDescription=string Ipaddress=ipaddressSet tcpserial on Network IP destination when data arrives on the serial portSet network on Set serial onSet bsc Baud rate State=disabledenabledSerialmode=bisync3270bisync3275 Baudrate=baud rateexternalclockSelectionaddress=0x followed by 2 hex digits Codeset=asciiebcdicTextconversion=onoff Pollingaddress=0x followed by 2 hex digitsRxtimeout=milliseconds Txretries option Poweronmessage=0x followed by up to 64 hex digitsNoresponsemessage=0x followed by up to 64 hex digits Size Options ClearPort Pause On mode and the buffer size to 64 kilobytesData will not be buffered and all data will be cleared from BufferDdnsupdater=read Update requests will be rejectedRegistered with that service For a user to display Dynamic DNS settings set permissionsUpdatenow Service=disableddyndnsorgDisabled Action=updatenowclearstatusSecurehttp Ddpassword=passwordStandardhttp AlternatehttpDisplay on Dynamic DNS serviceNochg Set dhcpserver set dhcpserver User interface’s Network Configuration settingsCommand. See dhcpserver on For a user to display Dhcp server settings set permissionsRevert Item=scopeAction=setrevert SetLeasetime=timeinfinite Offerdelay=0-5000Startip=ip address Endip=ip addressClientid=client MAC address Item=reservationRange=1-16all Ip=ip addressFirst address in the exclusion block Item=exclusionRange=1-4all Is, reservations override exclusions Using the web UIDisable all reservations that were previously added IP address, which is the purpose of a reservation102 Command Descriptions Dhcp terminology and managing Dhcp server operation Web user interface, the online help for Network SettingsDhcpserver on Proprietary hardware components Wireless deviceSet ekahau set ekahau Digi Connect Wi-EM onlyName=device name Id=device idServer=hostnameip address Set identifiers Enable Ekahau ClientFull Set ethernetOptions Duplex Half100 SpeedPrivileges Set forwardingAdd Options ipforwarding=onoffStaticrouteindex=1-8 Action=addchangedeleteMetric=1-16 Net=destination ip addressMask=subnet mask Gateway=ip addressSet nat on Settings under Network ConfigurationRouting information Mode=serialinputoutput Set gpioDevices supported Purpose Options Range=1-nDefault serial signal settings for Gpio pins Pin Number Default Serial Signal Signal DirectionSignals Messages or Snmp traps when Gpio pins changeId=range Set groupOptions Add RemoveName= string Commandline=onoffDefaultaccess=nonecommandlinemenu CommandlinePermissions Examples DefaultOptions Name=name Device supportSet ia Configure network-based masters set ia master Configure serial-port connected devices set ia serialSerial options Instead of a set ia command with no optionsSerial settings, which include Serial= rangeTable=1..8 applies to master only Slavetimeout=10-99999 ms applies to slave onlyChartimeout=3-99999 ms applies to master or slave Idletimeout=0=disabled1-99000 secondsMedium Priority=highmediumlowModbus options Type=tcpudp Modbusrtu Modbusascii Modbustcp Messagetimeout=100-99000 msChartimeout=3-99000 ms Master=range126 Command Descriptions Route options Table optionsAddroute=route index Moveroute=fromrouteindex,torouteindexPort=serial port Mapto=protocol address Existing IA configuration settings Settings for the Digi Connect WAN IAConfiguration settings in the Web user interface Revert on page 61. The revert ia command options revert anyOptions Suppress=onoff Set loginQuitkey=key Presskeylabel=string Quitlabel=stringPreviouskey=key Previouslabel=stringLabel Title=string subtitle=stringSortby=nonekeylabel KeyItem=1-32 Direction=horizontalverticalHorizontal VerticalContains spaces, enclose it in double quotes Command=stringSubmenu=string Menu displayed to the user upon selecting the menu itemSet mgmtconnection Immediate Lkaupdateenabled=onoffTimedperiod=period Timedoffset=immediateoneperiodrandomtimeSet values for the client connection Clntreconntimeout=nonetimeoutRetry timeout interval feature Display current connection settingsOptions Deviceid=hex string Settings set permissions s-mgmtglobal=rwSet mgmtglobal Set permissions s-mgmtglobal=readTcpkeepalivesenabled=onoff Rcicompressionenabled=onoffTcpnodelayenabled=onoff Revertdeviceid Connidletimeout=nonetimeout value802.11 Set mgmtnetworkOptions Networktype=modempppethernet802.11 ModempppMdh Proxylogin=stringProxypassword=string Connectionmethod=autononemtmdhproxyMdhwaitcount=count Mtwaitcount=countMdhrxkeepalive=time Mdhtxkeepalive=timeSupported are Protocol forwarding settingsSettings set permissions s-router=rw Set nat set natPrnumber1-4=greesp Prenabled1-4=onoffPoenabled1-64=onoff Maxentries=64-1024Pointernal1-64=number of ports in range, minimum Poproto1-64=tcpudpPocount=1-64=number of ports in range, minimum Poexternal1-64=number of ports in range, minimumWhere Setting user permissions for commandsSet network Network levelSubmask=device submask Ip address optionsIp=device ip address Gateway=gateway ipTCP retransmit options TCP keepalive optionsGarp=30-3600 seconds ARP optionsArpttl=1-20 minutes Set passthrough Remote Device Management and IP Pass-through Using Pinholes to Manage the Digi Cellular Family DeviceTelnet=passterminate Options State=enableddisabledHttp=passterminate Https=passterminatePing=passterminate Connectware=passterminateSurelink=passterminate Permission descriptions Set permissionsOn page 14 for more information HelpSet permissions Self Backup=noneexecuteBoot=noneexecute ExecuteDhcpserver=noneexecute Rlogin=noneexecuteAccesscontrol=nonereadrw Connect=noneexecuteAutoconnect=noner-selfreadrw-selfw-self-rrw Alarm=nonereadrwDdnsupdater=nonereadrw Login=nonereadrwPpp=nonereadrw Service=nonereadrwPermissions=nonereadrw Pmodem=noner-selfreadrw-selfw-self-rrwStatus=nonereadrw User=nonereadrwVpn=nonereadrw Wlan=nonereadrwDisplay modem-emulation settings Enables modem emulationDisables modem emulation Configure modem emulationSpecific commands for modem-emulation configurations Enables Telnet processingDisables Telnet processing Modem Emulation Commands for descriptions of DigiSet pppoutbound Both Authmethod=nonePAPCHAPbothPap ChapAddresscompression=onoff Defaultgateway=yesnoAddressmask=ip address mask Protocolcompression=onoff000A0000 Lcpkeepalive=onoffLcpkaquiettime=10-86400 seconds Asyncmap=hex stringN1-4=phonenumber Dialscript=chat script Loginscript=chat scriptIpcpdnsenabled=onoff Display pppstats command displays the current status of PPPOption’s description Or displays the current port-profile settingsPort as a console to access the command line interface Set profile set profileConsolemanagement LocalconfigOptions Port=port Profile=profileUdpsockets TcpsocketsTunneling For it to process Displays current terminal-emulation settingsSet putty Keyboardport=/com/0/com/1No Keyboard Width=80132Height=10-60 Hostport=/com/0/com/1/vcom/0Blinkcursor=onoff Cursortype=noneblockunderlineverticalBlock UnderlineCharacterset=host charset Character Set name Description Set putty Complete list of allowed character sets isKey mapping terminal emulation options Outseq=00-FF Deletekeymaprange=1-32Keymaprange=1-32 Inseq=00-FFOne enter Emulation settingsWould enter Now, to delete the first 2 entriesOptions Range=1 Command=filenameSet python Options State Exclusive=onoff Set realportOptions Keepalive=onoff Probecount, probeinterval, garbagebyte, and overridedhcp Set service keepalive=onoff, or clients such as autoconnectSet rtstoggle Postdelay=delay Predelay=delayAltpin=onoff Set serialHardware Baudrate=bpsCsize=5678 Flowcontrol=hardwaresoftwarenoneIpport=network port Set serviceOptions Range= range Delayedack=0-1000 Base network port number + serial port number Port Number Service Services Provided NetworkCommand Descriptions 195 Index numbers and changing default port numbers Set surelink on Service tableDevice is configured for IP passthrough Privatecommunity=string Setsenabled=onoffOptions Trapdestip=ipaddress Publiccommunity=stringLinkuptrap=onoff Logintrap=onoffAuthfailtrap=onoff Coldstarttrap=onoffEnd initiated the tunnel Configure a socket tunnelDisplay current socket tunnel settings Set sockettunnelToport=port number Fromport=port numberTCP Connection Test Connection-failure settings can be disabled as wellSet surelink set surelink Ping TestOptions for Hardware reset thresholds Moduleresetconnectfailures=1-2550=offSystemresetconnectfailures=1-2550=off Display current SureLink settingsPing Test=pingtcpdnsInterval DnsTrigger=intervalidle Dnsfqdn2=dns fqdn Interval=10-65535Ipport=1-65535 Dnsfqdn1=dns fqdnStatistics on page 35 for descriptions of these statistics Display pppstats command displays connection and activityUsed Set switches set switchesConfigure MEI settings Display current MEI settings232 Wires=twofourOptions Range=range Mode=232485Set switches configuration Display on page 27. The display switches command displaysCurrent switch settings Revert on page 61. The revert switches command revertsContact=string Set systemOptions Description=string Location=stringFor a user to display the TCP serial settings for any line Serial settingsThis command affects the following TCP serial connections Connections made using the autoconnect featureSidstring=socketid string Revert on Show on Sendtime=01-65535msEndpattern=string Strippattern=onoffSet term Command line of the deviceConfigure terminal settings Display current terminal settingsAre logged in set permissions s-udpserial=r-self Another service, the data will be sent to the serial portFor a user to display the UDP serial settings for any line Connect WAN and ConnectPort DisplaySendtime=0 time Port= rangeSendcount= bytes Range=1-64 Sidstring=stringClostime=time Data to be sent on to the network destination UDP serial settingsUDP port of the destination to which data is sent Identifies the range of UDP destinations to be displayedFor a user to display and set user configuration attributes Change user configuration attributesDisplay user configuration attributes For a user to display user configuration attributesDisassociate Maximum of 32 users can be definedAssociate Two groupsGid=number Groupaccess=onoffUser cannot use group access rights Default is off User is not allowed to access the custom menu interfaceGid Defaultaccess=nonecommandlinemenugroupDefaultgroup=nonegidgname GroupTftphost Publickey=tftphostfilenameclearTftphostfilename Splashtime=0-30 seconds Set videoPort=vnc server network port Password=vnc server passwordServer=vnc server ipaddrdns name Remote Access VNC Client Settings Configured globallyServer services are enabled and disabled by the set service VPN Settings and VPN Tunnel Settings Security associations SAs Display current VPN settingsDisplay current VPN settings Set IKE/ISAKMP SA Phase 1 OptionsSet IKE/ISAKMP SA Phase 2 Options Identity=fqdnuser fqdnip address Pfs=onoff Identity=ip-addressDhgroup=125 Newname=tunnel name Tunnel optionsName=tunnel name Inboundspi=256 Remotevpnendpoint=fqdnip addressManually-keyed options Mode=manually-keyedInboundauthkey=ascii keyhex key Inboundauthentication=nonemd5sha1Md5 Sha1Outboundauthkey=ascii keyhex key Outboundauthentication=nonemd5sha1Inboundenckey=ascii keyhex key Outboundspi=256Sharedkey=ascii keyhex key Encryption Authentication SA LifetimeIsakmp options Mode=isakmpSharedkey Set vpn phase1Authentication=md5sha1 Authmethod=sharedkeydssrsaTunnel=1-2 Set vpn phase2Salifetime=10-232 Salifetimedata=0-232Salifetimedata=0 232 kilobytes Authentication=nonemd5sha1Encryption=nonedes3desaes Salifetime=60-232Set wlan ConfiguringSettings PSK Authentication methods and associated data fieldsInner and outer protocols Configure wireless settingsSsid=string Wpapsk Authentication=Open WepauthCcmp Encryption=open,wep,tkip,ccmp,anyWep TkipOtp Password=stringGtc Mschapv2WepkeyN=hex string Psk=stringShow Issued to the deviceUser permissions for commands Settings... column to go to the command descriptionsShow Command Descriptions 251 Display settings for a particular user Configuration table entry or range of entriesDisplay network configuration settings Command Descriptions 253 Session number Tcp port TelnetIp addr Disconnect Options StatusconnectdisconnectConnect Connections Management page in the Web user interface from This command enables the tunnel at index 1 to be usedSet vpn on page 228. The set vpn command configures VPN This commandNone at this time To set permissions who=execute to use this command. SeeWho who Displays active connections to and from the deviceModes of Operation What Is Modem Emulation?Modem Emulation Cable Signals What Is Modem Emulation?Common User Scenarios for Modem Emulation User Scenario Diagram aUser Scenario Diagram B Modem Emulation Pooling Connection Scenarios for Modem EmulationOutgoing Modem Emulation Connection Incoming Modem Emulation ConnectionAccepted But Ignored AT Commands About the Commands in this ChapterFunction Result Command Code Modem Emulation AT Command SetEmulation configuration scenario Modem Emulation Commands 265 Function Result CommandRegister Definitions Register Function Range Units DefaultRegister Function Range Units Default Short Long Form Emulation commandsResult Codes 270 Modem Emulation Commands D e ESP GRE PSK Self user permission 198 Snmp