6: Basic Parameters

localsubnet <one or more subnets in CIDR notation> ikenegotation <mainaggressive>

ikeenc <any3desaes> ikeauth <anysha1md5> ikedhgroup <anydh2dh5> espenc <any3desaes> espauth <anysha1md5> espdhgroup <anydh2dh5> pfs <enabledisable> modeconfig <enabledisable> xauthclient <enabledisable> xauthlogin <User Login>

2.Enter RSA public key or Pre-Shared Key of remote host: set vpn key

3.Enter XAUTH password: set vpn xauthpassword

4.Display all VPN settings and current status: show vpn [email <Email Address>]

5.Display detailed VPN status: show vpn status [email <Email Address>]

6.Display VPN logs: show vpn viewlog [numlines <Number of Lines][email <Email Address>]

7.Dispplay RSA public key of the SLC: show vpn rsakey

Security

The SLC 8000 advanced console manager supports a security mode that complies with the FIPS 140-2 standard. FIPS (Federal Information Processing Standard) 140-2 is a security standard developed by the United States federal government that defines rules, regulations and standards for the use of encryption and cryptographic services. The National Institute of Standards and Technology (NIST) maintains the documents related to FIPS at: http://csrc.nist.gov/publications/PubsFIPS.html

FIPS 140-2 defines four security levels, Level 1 through Level 4. The SLC unit uses a FIPS module certified at Level 1.

To enable FIPS mode, the Network -> Security -> FIPS Mode flag needs to be enabled and the SLC unit rebooted. Each time the SLC unit is booted in FIPS mode, it will perform a power up self test to verify the integrity of the SLC unit's cryptographic module. If there are any issues with the integrity of the cryptographic module, FIPS mode will be disabled and the SLC unit will be rebooted into non-FIPS mode.

When the SLC unit is running in FIPS mode, the following protocols will be supported: SSL v3.1/ TLS 1.0, TLS 1.1, TLS 1.2, and SSH v2.

For SSL and TLS, the SLC unit will support the following cipher suites:

AES128-SHA

AES128-SHA256

AES128-GCM-SHA256

AES256-SHA

AES256-SHA256

AES256-GCM-SHA384

SLC™ 8000 Advanced Console Manager User Guide

73

Page 73
Image 73
Lantronix SLC 8000 manual Security