Manuals / Perle Systems / Computer Equipment / Server

Perle Systems 5500161-40 manual IPsec, IKE Phase 1 Proposals, ESP Phase 2 Proposals

Models: 5500161-40

1 424

Download 424 pages 39.35 Kb

Page 232

VPN

IKE Phase 1 Proposals

The following IKE Phase 1 proposals are supported by the IOLAN VPN gateway:

zCiphers—3DES, AES

zHashes—MD5, SHA1

zDiffie-HellmanGroups—2 (MODP1024), 5 (MODP1536), 14 (MODP2048), 15 (MODP3072), 16 (MODP4096), 17 (MODP6144), 18 (MODP8192)

ESP Phase 2 Proposals

The following ESP Phase 2 proposals are supported by the IOLAN VPN gateway:

zCiphers—3DES, AES

zAuthentication Algorithms—MD5, SHA1, SHA2

IPsec

When an IPsec tunnel becomes active, you are requiring that all access to the IOLAN go through the configured IPsec tunnel(s), so you must configure any exceptions first (see Exceptions on page 238 for more information on exceptions) or you will not be able to access the IOLAN through the network unless you are configured to go through the IPsec tunnel (you can still access the IOLAN through the Console port).

Field Descriptions

The following buttons are available:

Add Button	Click this button to add a new IPsec VPN tunnel.
Edit Button	Select an existing IPsec VPN tunnel to edit the tunnel’s parameters.
Delete Button	Select an existing IPsec VPN tunnel to remove the tunnel.

232	IOLAN SDS/SCS/STS/MDC User’s Guide, Version 4.0

Image 232

Perle Systems 5500161-40 IPsec, IKE Phase 1 Proposals, ESP Phase 2 Proposals, Authentication Algorithms-MD5, SHA1, SHA2

Contents

Iolan SDS/SCS/STS/MDC EN 55022 1998, Class A, Note Table of Contents Power Supply Specifications Getting to Know Your IolanPowering Up the Iolan Introduction Configuration Methods OverviewEasy Config Wizard DeviceManager WebManagerMenu Command Line InterfaceIOLAN+ Interface Setting Up the Serial Ports Setting Up Users Using DeviceManager to Connect to the IolanUsing WebManager to Connect to the Iolan Configuration FilesManaging the Iolan Introduction IP SettingsAdvanced Introduction 113 Serial Ports Serial Port Profiles 116UDP Sockets Profile 142 Control Signal I/O Profile 169 Port BufferingAdvanced 197 Introduction 201 User Settings 202Adding/Editing Users 203 223 Introduction 213 Authentication226 Services 240 Introduction 245 Settings 246231 Keys and Certificates 242Channels Modbus SlaveModbus I/O Access 278 Accessing I/O Data Via TruePort 285TruePort I/O 283 Snmp Traps 289Introduction 295 Option Card Settings 296Introduction 299 Alerts Management 302Serial Port Power Control 315 Introduction 319 Managing Configuration FilesIntroduction 313 RPS Control Channels 316323 326327 329Configuring Modbus 333 Configuring PPP Dial On Demand 337 Setting Up Printers 338Configuring a Virtual Private Network 340 Introduction 347EIA-232 Cabling Diagrams 371 Introduction 359 Valid SSL/TLS Ciphers361 Serial Pinouts 363Wiring I/O Diagrams 385 Introduction 391 TruePortAPI I/O Access Over TruePort 392 Communication Issues 410Host Problems 411 Decoder 393415 Models 415 IPv6 Issues 416 Contacting Technical Support 417Index Preface About This BookIntended Audience DocumentationTypeface Conventions Online HelpAbout the Iolan IntroductionIolan Family Models Iolan Features HardwareSoftware Security LdapConnectivity IntroductionIolan Components What’s IncludedPower Supply Specifications Available AccessoriesPower Over Ethernet PoE Models Desktop ModelsMedical Unit Models Rack Mount Models except Electric Utility modelsElectric Utility models Getting to Know Your Iolan OverviewPort Iolan Model LED Label Green lightPort Top View End ViewConsole Port/LED View Rack MountSerial/Ethernet View Medical Unit Power/Ethernet ViewSerial View Back Serial/Ethernet/power View Front LED/Console portViewConsole Mode Console/Serial SwitchSerial Mode Dedicated Console Port Powering Up the IolanDesktop/Rack Mount Models excluding Electric Utility models Models Left VDC + RightDC Power Models excluding Electric Utility models Earthing WirePrimary Supply Secondary back-up SupplyDisconnecting 48V Power Supplies from the Iolan Wiring GroundingWiring up an HV unit Terminal # Description UsageWiring up a DHV unit Wiring up a the Fail-Safe Relay Powering Up the Iolan Configuration Methods Chapter Configures an IP Address Configuration Methods OverviewRequires a Configured IP Address Easy Config Wizard Access Platforms FeaturesConnecting to the Iolan Using DeviceManager DeviceManagerDeviceManager Using DeviceManager Navigating the OptionsDownloading the Configuration WebManagerConnecting to the Iolan Using WebManager IolanUsing WebManager Connecting to the Iolan Using the CLI Command Line InterfaceThrough the Network Using the CLI Connecting to the Iolan Using the MenuMenu Through the Serial PortUsing the Menu Connecting to the Iolan Using DHCP/BOOTP Using DHCP/BOOTPDHCP/BOOTP Parameters TACACS+ SecuridConnecting to the Iolan Using Snmp SnmpUsing the Snmp MIB Using the IOLAN+ Interface Connecting to the Iolan to Use the IOLAN+ InterfaceIOLAN+ Interface REMOTE-ADMIN Changes to the IOLAN+ InterfaceOpt HEX Rlogin/Telnet Remote Access Systems Screen Name Wchiewsds2 Debug mode IP address IOLAN+ Interface Getting Started Easy Configuration Wizard Setting Up the Network Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP Using ARP-Ping For an IPv6 NetworkSetting Up the Serial Ports Setting Up the Serial Ports Setting Up Users Setting Up Users Using DeviceManager WebManager Navigating DeviceManager/WebManager DeviceManagerWebManager EasyPort WebUsing DeviceManager to Connect to the Iolan Starting a New SessionAssigning a Temporary IP Address to a New Iolan Adding/Deleting IOLANs Manually Logging in to the IolanUsing WebManager to Connect to the Iolan Configuration FilesCreating a New Iolan Configuration in DeviceManager Logging into the IolanImporting an Existing Configuration File Opening an Existing Configuration FileManaging the Iolan Network Settings IP Settings IPv4 SettingsOverview Field DescriptionsIPv6 Settings Field Format IPv6 address DSN Server Field Format IPv6 addressPrefix Bits Range Default Adding/Editing a Custom IPv6 AddressAdvanced Server Name.Domain Prefix.Domain NameDefault 100 ms Default 200 msDefault Disabled Advertise DHCPv6 ConfigurationAdvanced Host TableFunctionality IP Filtering Data OptionsAdding/Editing a Host Host NameFully Qualified Domain NameRoute List Default Default Adding/Editing RoutesType IPv4 Subnet MaskDNS/WINS RIP Editing/Adding DNS/WINS ServersEthernet Mode Default NoneAuthentication PasswordDynamic DNS Overview FunctionalityEnd Time KeyAccount Settings Default DynamicUser Name System TypeCipher Suite Field Descriptions Adding/Editing a Cipher Suite Validation Criteria Field Descriptions IPv6 Tunnels Common NameDefault Manual Adding/Editing an IPv6 TunnelName Mode112 Iolan SDS/SCS/STS/MDC User’s Guide, Version Serial Ports FunctionalityEditing a Serial Port Copying a Serial Port Serial Port Profiles Resetting a Serial PortCommon Tabs Hardware Tab Field Descriptions Default Full Default Auto Flow ControlEnable Inbound Flow Control Default Enabled Enable OutboundEmail Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Enable Trigger1 Enable Trigger2Packet Definition Packet SizeDefault Trigger EOF1 CharacterEOF2 Character TriggerSSL/TLS Settings Tab Field Descriptions Default Client124 Iolan SDS/SCS/STS/MDC User’s Guide, Version 125 126 Iolan SDS/SCS/STS/MDC User’s Guide, Version Default Telnet Console Management ProfileGeneral Tab Field Descriptions ProtocolAdvanced Tab Field Descriptions Enable Microsoft AdministratorSupport Default Disabled Multisessions Idle TimeoutModem TruePort ProfilePhone System Default Enabled Host Name Connect to remoteConnect to Multiple HostsAdding/Editing Additional TruePort Hosts Adding/Editing a Multihost Entry133 Day Motd Default Disabled Enable TCP Signals highWhen Session Timeout Enable DataLogging Connection Workstation/Server on the network Default Enabled TCP Sockets ProfileInitiate Connection Received on the serial portAdding/Editing Additional Hosts 139 Day Motd Default Disabled Enable Data 141 UDP Sockets Profile UDP port Default 0 zero Terminal ProfileDirection Start IP Address145 Default Dumb VT100TVI925 VT320 specifically supporting VT320-7Default Disabled Protocol Is receivedData Range 149 User Service Settings Login SettingsTelnet Settings InterruptQuit EraseUser is only prompted for a password Rlogin SettingsEscape SSH Settings Slip Settings RSA authentication for the SSH sessionAuthentication for the SSH session ArcfourRouting VJ CompressionPPP Settings IPv6 Remote Default ChapNone Remote User Remote Password Configure ReqTimeout Default 3 secondsDefault 1 minute Roaming CallbackChallenge Interval Address/ControlPrinter Profile Serial Tunneling Profile Serial Server TunnelSerial Client Iolan TunnelClient Default Disabled Host Name Act As TunnelVirtual Modem Profile 165 DCD AT Command DTR Signal Acts as RTS Signal Always On RTS Signal Acts asResponse Delay Phone Number to Host Mapping Control Signal I/O Profile VModem Phone Number EntryPhone Number Host IP AddressInput Signal Field Descriptions Invert SignalDescription LatchAuto Clear Mode Mode Default DisabledManual Clear SyslogOutput Signal Field Descriptions Failsafe ActionModbus Gateway Profile Settings Button UID Range Destination SlaveIP Mappings Advanced SlaveDefault 1000 ms Default 30 msAdvanced Field Descriptions Modbus Slave IP Settings Field Descriptions Adding/Editing Modbus Slave IP Settings Default HostUID Start UID EndModbus Slave Advanced Settings Field Descriptions Default TCPRange Default 50 ms Data Options TCP or UDPPower Management Profile Editing Power Management Plug Settings Field Descriptions Default RSP820RPS Name RPS ModelRemote Access PPP Profile Default StateDefault Off Data Options On, OffNegotiate IP Dynamic DNSIPv6 Global Authentication Tab Field Descriptions 185 Enable Dynamic DNS for this Serial Default Disabled Port HostAccount Settings Dynamic DNS Field Descriptions187 Configure Request Compression Default Enabled Enable ProtocolEnable VJ Enable MagicMS Direct Host Dial In/OutMS Direct Guest Remote Access Slip Profile 191 192 Iolan SDS/SCS/STS/MDC User’s Guide, Version Custom Application Profile General Tab Field DescriptionLocal Port Buffering Port BufferingKeyboard Buttons Hot Keys Direction Field Definitions Remote Port BuffersEnable Port Data Default Disabled Enable Key StrokeNFS Host NFS DirectoryAdvanced Serial Settings Tab SignalsProcess Break Deny MultipleDefault ~menu Serial Port MenuString Session EscapeAdding/Editing a Modem Modems TabName Name of the modem TruePort Baud Rate Tab Field DefinitionsConfiguring Users User Settings Adding/Editing Users General TabDefault Normal Services Tab ServiceDefault DSPrompt Host IPIPv6 Interface IndentifierAdvanced Tab Default English Sessions Tab Session 1, 2, 3 ConnectSerial Port Access Tab Serial Port AccessAllow Access to Clustered Ports212 Iolan SDS/SCS/STS/MDC User’s Guide, Version Configuring Security AuthenticationAuthentication Method Default Local SecondaryPrimary MethodLocal Radius General Field DescriptionsAuthenticator response Default Enabled Retry Address Default EnabledAttributes Field Descriptions NAS-IdentifierKerberos RealmKDC Domain KDC PortBase Enable TLSTLS Port Authentication Authorization Primary Host Secondary Host Default None AuthenticationAuthorization Port Default Authentication Primary Host Default NoneSecurID NIS Users Logging into the Iolan Using SSH Device ServerLynn TracyLynn Sales Server Users Passing Through the Iolan Using SSH Dir/SilHR Server Protocol Default Disabled Interactive Default Enabled PasswordField Descriptions Allow SSH-1Output Default Disabled Enable VerboseBreak String Button For a valid SSL/TLS connection 228 Iolan SDS/SCS/STS/MDC User’s Guide, Version Adding/Editing a Cipher 230 Iolan SDS/SCS/STS/MDC User’s Guide, Version VPN IKE Phase 1 Proposals ESP Phase 2 ProposalsAuthentication Algorithms-MD5, SHA1, SHA2 IPsecAdding/Editing the IPsec Tunnel Default Left Secret/RemoteValidation Criteria Local DeviceShared Secret Field Description Remote Validation Criteria Field Descriptions L2TP/IPsec Allow L2TP/IPsecExceptions Adding/Editing a VPN Exception Field DescriptionServices Telnet ServerTruePort Full Syslog ClientDeviceManager WebManagerSSH Server Sntp ClientKeys and Certificates Key Type 244 Iolan SDS/SCS/STS/MDC User’s Guide, Version Configuring I/O InterfacesChapter Settings Access FunctionalityAdvanced Slave Modbus Settings Request Queuing Default 30 seconds Failsafe Timer FunctionalityFailsafe Action is triggered Broadcast of I/O Default Disabled Status Enable UDPUDP Functionality UDP Settings UDP EntryTemperature Functionality Default CelsiusChannels AnalogMonitoring Application A4D2 Analog I/O AnalogDefault Current Alarm SettingsMonitoring Application Digital InputDigital I/O Input Mode 257 Digital Output Default Sink Output ModeOutput Pulse Mode Inactive Signal Width Active Signal WidthDelay Pulse CountMonitoring Application A4D2Relay RelayRelay I/O Inactive Signal WidthActive Signal Digital I/O ExtensionFront Door Warehouse Perle Iolan ReceptionMessage type 1 Byte Current Alarm State 1 Byte z 0 = Not in alarmInput number 1 Byte Extension Enable I/OInput TCP Port Hosts Local connectionSimultaneously Communicate to the Host Temperature Temperature I/O Industrial FreezersDefault RTD Alarm Settings Basic Analog Alarm SettingsClear Mode Advanced Analog Alarm SettingsTrigger Type Clear UDP Unicast Format UDP Broadcast PacketAnalog Section Length EnabledSection Channel Serial Pin Signal Section Digital/Relay SectionLength Channel Length PinModbus Slave UDP Unicast ExampleModbus Serial Application Connected to the Serial Port Modbus Serial Application Connected to the NetworkModbus I/O Access Modbus TCP ApplicationFunction Codes PC running a Modbus RTU or Ascii Application UIDCoil/Register Descriptions Serial Port Coil/Register Descriptions A4/T4 RegistersData Model A1/T1 A2/T2 A3/T3 A4/T4 Holding Registers Input RegistersA4D2/A4R2 Registers Data Model D1/R1 D2/R2 CoilsSerial Pin Signals D4/D2R2 RegistersData Model D3/R1 D4/R2 Coils Data Model Pin CoilsModbus Serial Application TruePort Power Digital Output TruePort I/OTruePort/Modbus Combination PC running aAPI Over TruePort Only PC running Custom Application API TruePortSetup Accessing I/O Data Via TruePortIntroduction Format of API Commands Get CommandsCommand Format Response FormatSet Commands Successful Response Format Unsuccessful Response FormatExample 1 Turn on the first relay on a D2R2 unit Example 2 Turn on the first and second relay on a D2R2 unitError Codes Snmp Traps290 Iolan SDS/SCS/STS/MDC User’s Guide, Version Clustering Slave List Configuring Clustering ChapterAdvanced Button Adding Clustering Slaves Advanced Clustering Slave Options Editing Clustering Slave SettingsPort Name Slave TCP Port Master TCP PortOption Card Settings Configuring the Option CardConfiguring the Iolan Modem Card Overview Field Descriptions Configuring a Wireless WAN CardCard APN 298 Iolan SDS/SCS/STS/MDC User’s Guide, Version Alerts Configuring the System ChapterEmail Alerts Alerts Syslog Management ContactLocation CommunityAuth Algorithm Data Options MD5, SHA Default MD5 Auth PasswordDefault DES Privacy PasswordAlgorithm Data Options MD5, SHA Default MD5 Privacy Algorithm Data Options DES, AES Default DESConfirm Password Trap TimeNetwork Time Tab Field Descriptions Sntp ModeSntp Version Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Login Tab Field Descriptions Bootup Files Tab Field Descriptions Message of the Day Motd Tab Field Descriptions Tftp HostFilename Display Motd WebManager EasyPort WebDefault Flow Control Tftp Tab Field DescriptionsConsole Port Tab Field Descriptions Baud Rate312 Iolan SDS/SCS/STS/MDC User’s Guide, Version Controlling the RPS, I/O Channels, and IPsec Tunnels State Button Management profile settingsRPS Control Plug Control OK Button Closes the windowPower Plug Status Serial Port Power ControlButton Serial port Deactivate Output Manually deactivates the channel output IPsec Tunnel Control 318 Iolan SDS/SCS/STS/MDC User’s Guide, Version Managing Configuration Files System Administration ChapterSaving Configuration Files Downloading Configuration Files Downloading Configuration Files to Multiple IOLANs Reboot ServerUploading Configuration Files Specifying a Custom Factory Default ConfigurationResetting the Iolan to the Default Configuration Downloading Iolan FirmwareCalibrating I/O Calibrating Analog InputCalibrating Temperature Input Calibrating VoltageCalibrating Current Calibrating ThermocoupleResetting Calibration Data Calibrating Analog ChannelsRebooting the Iolan Setting the IOLAN’s Date and TimeResetting the Iolan to Factory Defaults Language Support Resetting the SecurID Node SecretLoading a Supplied Language Software Upgrades and Language Files Translation GuidanceDownloading Terminal Definitions Creating Terminal Definition FilesResetting Configuration Parameters For exampleLost Admin Password 332 Iolan SDS/SCS/STS/MDC User’s Guide, Version Configuring Modbus Configuring a Master GatewayConfiguring a Slave Gateway ApplicationsModbus Master Gateway Modbus Gateway SettingsModbus Slave Gateway Modbus Serial Port Settings Modbus Master SettingsModbus Slave UID Master Gateway Serial EIA-232Modbus Master Slave Gateway Modbus Slave SettingsSerial Port EIA-422/485 Modbus Master Modbus Slave UID Configuring PPP Dial On Demand 172.16.0.0Setting Up Printers Remote Printing Using LPDRemote Printing Using RCP Remote Printing Using Host-Based Print Handling SoftwareConfiguring a Virtual Private Network IOLAN-to-Host/NetworkOr just Network-to-Network 172.16.45.84 192.168.45.87 192.168.45.12Host-to-Host Left External IP Address RightGateway Router 172.16.45.99344 Iolan SDS/SCS/STS/MDC User’s Guide, Version VPN Client-to-Network VPN Client Initiate Communication Router Broadband Right346 Iolan SDS/SCS/STS/MDC User’s Guide, Version Radius and TACACS+ Appendix a Supported Radius ParametersPPP User level. See Perle Radius Dictionary Example Accounting Message Mapped Radius Parameters to Iolan Parameters Radius Parameter Iolan ParameterPerle Radius Dictionary Example Value Accessing the Iolan Through a Serial Port Users TACACS+Name Values Description Slip Accessing the Iolan from the Network Users Accessing the Iolan from the Network User Example Settings SSL/TLS Ciphers Valid SSL/TLS CiphersDES-CBC-MD5 Commands Virtual Modem Initialization CommandsAT&Rn AT&SnAT&Cn Serial Pinouts Pinouts and Cabling DiagramsDB25 Male DB25 Female Number Iolan model Pins See RJ45RJ45 for desktop and rack mount models Pinout EIA-232 Admin Port Serial Ports RJ45 for SCS48C/SCS32C/SCS16C/SCS8C modelsRJ45 for SDS32C/SDS16C/SDS8C Electric Utility models EIA-485 Pin# EIA-232 EIA-422 Full Duplex Half DuplexDB9 Male Serial Only RJ45 for medical unit modelsPower Over Ethernet Pinouts DB9 Male I/OEIA-232 Cabling Diagrams Terminal DB25 ConnectorDB25 Male DB25 FemaleRJ45 10-pin PinDB9 Male Modem DB25 Connector Iolan RJ45 DCERxD TxD DTR 20 DTR GND 376 Iolan SDS/SCS/STS/MDC User’s Guide, Version Setting Jumpers Port Iolan DB25 Male/FemalePort Iolan RJ45 P Power Over Ethernet Port Iolan RJ45Port Iolan DB9 Port Iolan SDS1M ModemPort Iolan Port Desktop Iolan Port/Line # Line Termination 5V Output Input Volt OutputDigital I/O Module Analog Input Module 384 Iolan SDS/SCS/STS/MDC User’s Guide, Version Wiring I/O Diagrams Digital I/ODigital Input Wet Contact Digital Input Dry ContactDigital Output Sink Digital Output SourceCurrent Analog InputVoltage Temperature Input RTD 2-WireRTD 3-Wire ThermocoupleRTD 4-Wire Relay OutputNormally Open Contact Normally Closed Contact390 Iolan SDS/SCS/STS/MDC User’s Guide, Version Utilities TruePortAPI Request Format API I/O Access Over TruePortAPI Response Format Error Codes Decoder394 Iolan SDS/SCS/STS/MDC User’s Guide, Version Accessories Installing a Perle PCI CardInstalling a Perle PCI Card Accessories Starter Kit Adapters/Cable RJ45F to DB25M DTE Crossover AdapterRJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F DB25FRJ45F to DB9M DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models RJ45F to DB9F DTE Crossover AdapterSCS48C/SCS32C/SCS16C/SCS8C Starter Kit Adapters/Cable GND DTR 20 DTR DSR RJ45F to DB25F DTE Crossover Adapter 406 Iolan SDS/SCS/STS/MDC User’s Guide, Version Sun/Cisco Roll-Over Adapter for Rack Mount Models RJ45F408 Iolan SDS/SCS/STS/MDC User’s Guide, Version Troubleshooting Hardware TroubleshootingCommunication Issues DeviceManager ProblemsPower/Ready LED Labels General communication checks and practices are as followsHost Problems Radius Authentication ProblemsLogin Problems Problems with TerminalsDHCP/BOOTP Problems Callback ProblemsLanguage Problems You observe Tftp errors when the Iolan boots, for exampleModem Problems PPP ProblemsPrinting Problems Long Reboot CycleCertificate did not match configuration ModelsCould not obtain peers certificate An A4R2 model is starting/stoppingIPv6 Issues Contacting Technical Support Making a Technical Support QueryRepair Procedure Feedback on this ManualGlossary PAP Password Authentication Protocol Radius RemoteAuthentication Dial Users Services Reverse Connection RIP RoutingIndex APILdap Radius