Manuals / Netopia / Home Audio / Stereo System

Netopia 6.3 manual Internet Key Exchange IKE Settings

Models: 6.3

1 161

Download 161 pages 41.36 Kb

Page 144

Appendix A

CONFIG Commands

BOTH

set security ipsec tunnels name "123" IKE-mode DH-group (1) { 1 2 5}

See page 73 for details about SafeHarbour IPsec tunnel capability.

BOTH

set security ipsec tunnels name "123" IKE_mode isakmp-SA-encrypt (DES) {DES 3DES Blowﬁsh CAST}

See page 73 for details about SafeHarbour IPsec tunnel capability.

BOTH

set security ipsec tunnels name "123" isakmp-SA-hash (MD5) {MD5 SHA1}

See page 73 for details about SafeHarbour IPsec tunnel capability.

BOTH

set security ipsec tunnels name "123"PFS-DH-group (off) {off 1 2 5 }

See page 73 for details about SafeHarbour IPsec tunnel capability.

Internet Key Exchange (IKE) Settings

The following four IPsec parameters conﬁgure the rekeying event.

BOTH set security ipsec tunnels name "123" IKE-mode ipsec-soft-mbytes (1000) {1-1000000}

BOTH set security ipsec tunnels name "123" IKE-mode ipsec-soft-seconds (82800) {60-1000000}

BOTH set security ipsec tunnels name "123" IKE-mode ipsec-hard-mbytes (1200) {1-1000000}

BOTH set security ipsec tunnels name "123" IKE-mode ipsec-hard-seconds (86400) {60-1000000}

•The soft parameters designate when the system negotiates a new key. For example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred (whichever comes ﬁrst) the key will be renegotiated.

•The hard parameters indicate that the renegotiation must be complete or the tunnel will be disabled. For example, 86400 seconds (24 hours) means that the renegotiation must be complete within one day.

Both ends of the tunnel set parameters, and typically they will be the same. If they are not the same, the rekey event will happen when the longest time period expires or when the largest amount of data has been sent.

144

Image 144

Netopia 6.3 manual Internet Key Exchange IKE Settings

Contents

Software User Guide Disclaimers Table of Contents Web-based User Interface Section Tour Command Line Interface 104 Appendix a Glossary 148 Appendix B Index 158 About Cayman Documentation Command Line Interface GeneralInternal Web Interface Bold italic sans serifIcons TextOrganization Appendix B, Glossary IndexBasic Product Structure Maintenance Enhancements New Embedded Web ServerCapabilities Roadmap for COS Feature Keys Overview of Major Capabilities SectionDiagnostics ManagementEmbedded Web Server Local Area Network DNS ProxyWide Area Network Instant-On PPPStatic IP Addresses IPMapsPassword Protection SecurityNetwork Address Translation NAT Cayman Advanced Features for NAT Internal ServersCable Modem Default Server PinholesCombination NAT Bypass Conﬁguration Security MonitorEvent Details IP Source Address SpooﬁngSource Routing Subnet Broadcast AmpliﬁcationPort Scan Excessive PingsLogin Failures MAC Address SpooﬁngBreakWater Settings BreakWater Basic FirewallClearSailing SilentRunningVPN IPSec Pass Through SafeHarbour VPN IPSec Tunnel SafeHarbour VPN IPSec Tunnel TerminationOpen the Web Connection EnterPeriod or http//cayman-dsl Home Home page Information Summary InformationToolbar Link Breadcrumb TrailRestart Button RestartLink Alert Symbol Help How to Use the Quickstart QuickstartConﬁgure Setup Your Gateway using a Dhcp Connection Link Conﬁgure QuickstartChange Procedure Enable MAC OverrideSave and Restart Configure Setup Your Gateway using a PPP Connection Setup Your Gateway using a Static IP Address Conﬁguration ProcedureYour Cayman Gateway can now use the conﬁgured IP parameters LAN Link Conﬁgure LANLink Conﬁgure WAN WAN IP InterfacesIP Gateway Other WAN OptionsAdvanced Link AdvancedLink IP Static Routes Link IP Static ARP Link PinholesConﬁgure Speciﬁc Pinholes Planning for Your PinholesExample a LAN Requiring Three Pinholes Internet Pinhole Conﬁguration Procedure Add Alert Save and RestartConﬁgure the IPMaps Feature FAQs for the IPMaps FeatureLink IPMaps What types of servers are supported by IPMaps? IPMaps Block Diagram Cayman GatewayLink Default Server Link Protocol LifetimesConﬁgure a Default Server Default ServerEnable Default Server Typical Network Diagram NAT Combination ApplicationLink DNS Link Dhcp Server Link Snmp Link Ethernet Bridge Link System Link Internal Servers Ethernet MAC Address Override Link Trafﬁc ShapingLink Clear Options Passwords Button SecurityCreate and Change Passwords New PasswordConﬁrm Password SubmitLink Firewall Use a Cayman FirewallBreakWater Basic Firewall Application Select this Level Other Considerations Basic Firewall Background Gateway LAN Side Link IPSec Conﬁgure a SafeHarbour VPNVPN IPSec Tunnel at the Gateway Parameter Description and Setup Groups 1, 2 IPSec Tunnel Parameter Setup Worksheet SafeHarbour Tunnel Setup Enable SafeHarbour IPSecIPSec Task 4 Make the IPSec Tunnel Entries Key ManagementEnable UpdateUsing the Security Monitoring Log When a new security event is detected, you will seeLink Security Log ShowConfigure Timestamp Background Install Button InstallInstall Software Link Install SoftwareUsing the Web Updating Your Gateway to COS VersionRequired Tasks Confirm Updater and COS Image Files BackgroundInstall Updater Application Code Contact InformationInstall Software InstallEthernet RestartVerify Updater Application Code Install the COS 6.3 ImageMonitor OverviewWhen Verify the COS 6.3 Image This completes the Upgrade process for COS Install Keys Link Install KeysUse Cayman Software Feature Keys Obtaining Software Feature Keys Procedure Install a New Feature Key FileInstall Keys To check your installed features List of FeaturesConfigure Perform Troubleshooting on Gateways Automated Multi-Layer DiagnosticsDiagnostics Run DiagnosticsEach test generates one of the following result codes Network Tools TroubleshootAddress in the text box and click TraceRouteNSLookup Manage a Restricted Number of WAN Users User StatusDisconnect Current WAN Users DisconnectExceeding the WAN User Limit Tour Command Line Interface Command Status and/or DescriptionCommand Status and/or Description Verbs Command UtilitiesKeywords Connecting from telnet Connecting from the Maintenance Console PortLogging Saving Settings Shell Command ShortcutsEnding a CLI Session Shell PromptReset ppp enet-B Platform ConventionArp nnn.nnn.nnn.nnn Atmping Vpi vci segment end-to-endConﬁgure DiagnoseDownload -fw -key Serveraddress ﬁlenameInstall serveraddress ﬁlename LogMessagestring Loglevel levelReset arp Reset atmReset crash Netstat -rReset dhcp client release B all Reset dhcp client releaseReset dhcp client renew B all Reset dhcp client renewVccn Show features Show dhcp server storeShow dsl Show enetShow wireless Show memory allShow ppp stats lcp ipcp lastconnect Show ppp stats lcp ipcp lastconnect vccnIpaddress Port HostnameConfig Mode Prompt Navigating the Config HierarchyEntering Commands in Config Mode Guidelines Config CommandsSet ip ethernet address IpaddressDisplaying Current Gateway Settings Step Mode a CLI Conﬁguration TechniqueValidating Your Conﬁguration ATM Settings Set atm option on offSet atm vccn option on off Set atm vccn vpi 0Bridging Settings Dhcp Settings Set dhcp option off server relay-agentSet dhcp start-address Set dhcp lease-time Lease-timeDMT Settings Domain Name System SettingsEthernet MAC Address Settings Domain-nameIP Settings BroadcastaddressNetmask Vccn Restriction admin-disabled admin-only Set ip dsl vccn addr-mapping on offSet ip dsl vccn proxy-arp on off Set ip ethernet a B option on offDSL set ip ethernet a restrictions none admin-disabled None admin-disabled admin-onlySet ip ethernet a B netmask Enet set ip ethernet a B restrictionsBoth set ip ethernet a B proxy-arp on off Set ip ethernet a B rip-receive Off v1 v2 v1-compat v2-MD5Set ip ethernet B addr-mapping off on Both set ip gateway option on offSet ip gateway default Set ip gateway interface ip-address ppp-vccnSet ip interwan-routing on off Set ip ip-ppp vccn option on offSet ip ip-ppp vccn peer-address Set ip ip-ppp vccn addr-mapping on offSet ip ip-ppp vccn vj-compression on off Set ip ip-ppp vccn ipcp-subnet on offSet ip ip-ppp vccn rip-receive off v1 v2 v1-compat Set ip ip-ppp vccn ﬂush-routes on offSet ip static-arp ip-address Netaddress GateaddressInteger Set ip wan vccn option on off Set ip wan vccn addressSet ip wan vccn netmask IPMaps Settings Set ip wan vccn restrictions Admin-disabled admin-only noneSet ip wan vccn addr-mapping off on Set ip wan vccn proxy-arp on offNetwork Address Translation NAT Default Settings Network Address Translation NAT Pinhole SettingsIp-address NamePPPoE Settings Internal-ipInternal-port Set PPP module vccn option on off Set PPP module vccn mruSet PPP module vccn magic-number on off Set PPP module vccn protocol-compression on offSet PPP module vccn restart-timer Set PPP module vccn time-outSet PPP module vccn port-authentication Chap-name chapname Set PPP module vccn port-authentication Chap-secret secretSet PPP module vccn port-authentication Pap-name papname Set PPP module port-authentication Pap-password passwordPassword Peer-name HostnamePeer-name Hostname Chap-secret Secret Command Line Interface Preference Settings Port Renumbering SettingsLines Deﬁne more LinesSecurity Settings Both set security ipsec nat-enable off on offSet servers telnet-tcp 0 Both set security ipsec option off on offSpeciﬁes the IP address of the destination gateway Internet Key Exchange IKE Settings Snmp Settings System SettingsCommunity-name ContactinfoSet system diagnostic-level Set system password admin userLevel Trafﬁc Shaping Settings Set trafﬁcshape option on offSet trafﬁcshape ethernet option on off Set trafﬁcshape ethernet rate 56000Glossary Appendix B Cast DNS Hdlc IKE MD5 PFS-DH SHA-1 UTP 157 Symbols IndexSnmp Shell Contact Information