Perle Systems 5500161-40 Network-to-Network

Configuring a Virtual Private Network

342 IOLAN SDS/SCS/STS/MDC User’s Guide, Version 4.0

Network-to-Network

The following examples shows how to configure a network-to-network IPsec tunnel. This example

uses the X.509 Certificate authentication method, so it includes the configuration requirements for the

X.509 certificate. NAT Traversal (NAT_T) is enabled in this example (on both sides) because the

VPN tunnel is going private network to public network to private network. Notice also that the serial

devices connected to the IOLAN can be accessed by the VPN tunnel, since they are included in the

network configuration as part of the 172.16.45.0 subnetwork.

Remote VPN

Gateway

172.16.45.84

172.16.45.1

Internet

172.16.45.23

192.168.45.45

192.168.45.12

192.168.45.87

External IP Address

196.15.23.56

172.16.45.99 192.168.45.99

Router Router

External IP Address

199.15.23.56

Left

Right

IPsec Tunnel--Encrypted Data

Unencrypted

Data

Unencrypted

Data

1. Configure the IPsec tunnel in the IOLAN:

2. Click the Remote Validation Criteria button and enable and populate the fields that are required

for the remote X.509 certificat e va lidation. If you just want to validate the X.509 certificate

signer, you do not need to enable any of the remote validatio n criteria fields.

Contents

Main Page Table of Contents Preface ...............................................................................25 Chapter 1 Introduction......................................................27 Chapter 2 Hardware and Connectivity ............................31 Power Supply Specifications ....................................................32 Getting to Know Your IOLAN ....................................................34 Chapter 3 Configuration Methods ...................................51 Command Line Interface............................................................60 Menu ............................................................................................61 DHCP/BOOTP..............................................................................63 SNMP ...........................................................................................65 IOLAN+ Interface ........................................................................67 Chapter 4 Getting Started.................................................73 Chapter 5 Using DeviceManager and WebManager.......83 Managing the IOLAN ..................................................................90 Chapter 6 Network Settings .............................................91 Advanced ....................................................................................98 Chapter 7 Configuring Serial Ports ...............................113 Serial Port Profiles................................................................... 116 Page Port Buffering........................................................................... 194 Advanced ..................................................................................197 Chapter 8 Configuring Users .........................................201 Adding/Editing Users...............................................................203 Chapter 9 Configuring Security .....................................213 SSH............................................................................................ 223 SSL/TLS .................................................................................... 226 VPN ............................................................................................231 Services.....................................................................................240 Chapter 10 Configuring I/O Interfaces...........................245 Channels................................................................................... 253 I/O UDP...................................................................................... 274 I/O Modbus Slave..................................................................... 277 Modbus I/O Access ..................................................................278 TruePort I/O...............................................................................283 Chapter 11 Configuring Clustering................................291 Chapter 12 Configuring the Option Card ......................295 Chapter 13 Configuring the System ..............................299 Chapter 14 Controlling the RPS, I/O Channels, and IPsec Tunnels 313 Chapter 15 System Administration................................319 Chapter 16 Applications .................................................333 Appendix A RADIUS and TACACS+..............................347 Appendix B SSL/TLS Ciphers ........................................359 Appendix C Virtual Modem AT Commands ..................361 Appendix D Pinouts and Cabling Diagrams .................363 Appendix E Setting Jumpers .........................................377 Appendix F I/O Wiring Diagrams ...................................385 Wiring I/O Diagrams .................................................................385 Appendix G Utilities ........................................................391 Appendix H Accessories ................................................395 Appendix I Troubleshooting...........................................409 Page Preface About This Book Intended Audience Documentation Typeface Conventions Online Help Introduction About the IOLAN IOLAN Family Models IOLAN Features Hardware Software Accessing the IOLAN General Features Advanced Features Security Hardware and Connectivity IOLAN Components Whats Included What You Need to Su pply Available Accessories Power Supply Specifications Desktop Models Power Over Ethernet (PoE) Models I/O Models Rack Mount Models (except Electric Utility models) DC Power Requirements AC Power Requirements Medical Unit Models Electric Utility models Getting to Know Your IOLAN 1-Port 2-Port 4-Port I/O Top View End View Rack Mount Medical Unit Page Console/Serial Switch Console Mode Serial Mode Dedicated Console Port Powering Up the IOLAN Desktop/Rack Mount Models (excluding Electric Utility models) Medical Unit Models I/O Models +- 9-30 VDC Left Right DC Power Models (excluding Electric Utility models) Page Electric Utility Models Wiring Wiring up an HV unit Wiring up a DHV unit Wiring up a the Fail-Safe Relay Page Configuration Methods Configuration Methods Overview Configures an IP Address Requires a Configured IP Address Easy Config Wizard DeviceManager Connecting to the IOLAN Using DeviceManager Page Using DeviceMana ger Navigating the Options Downloading the Configuration WebManager Connecting to the IOLAN Using WebManager Using W ebManager Command Line Interface Connecting to the IOLAN Using the CLI Through the Network Through the Serial Port Using the CLI Menu Connecting to the IOLAN Using the Menu Using the Menu DHCP/BOOTP Connecting to the IOLAN Using DHCP/BOOTP Using DHCP/BOOTP DHCP/BOOTP Parameters SNMP Connecting to the IOLAN Using SNMP Using the SNMP MIB IOLAN+ Interface Connecting to the IOLAN to Use the IOLAN+ Interface Using the IOLAN+ Interface Changes to the IOLAN+ Interface Page Page Page Page Getting S t arted Easy Configuration Wizard Setting Up the Network Using DeviceMana ger Using W ebManager Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP Using ARP-Ping For an IPv6 Network Setting Up the Serial Port(s) Page Setting Up Users Page Using DeviceManager and W ebManager Navigating DeviceManager/WebManager DeviceManager WebManager EasyPort Web Using DeviceManager to Connect to the IOLAN Starting a New Session Assigning a Temporary IP Address to a New IOLAN Adding/Deleting IOLANs Manually Logging in to the IOLAN Using WebManager to Connect to the IOLAN Logging into the IOLAN Configuration Files Creating a New IOLAN Configuration in DeviceManager Opening an Existing Configuration File Managing the IOLAN Network Settings IP Settings IPv4 Settings IPv6 Settings Page Adding/Editing a Custom IPv6 Address Page Page Advanced Host Table Adding/Editing a Host Route List Adding/Editing Routes DNS/WINS Editing/Adding DNS/WINS Servers RIP Page Dynamic DNS Account Settings Page Adding/Editing a Cipher Suite Page IPv6 Tunnels Adding/Editing an IPv6 Tunnel Page Configuring Serial Port s Serial Ports Page Copying a Serial Port Resetting a Serial Port Serial Port Profiles Common Tabs Hardware Tab Field Descriptions Page Email Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Page Page SSL/TLS Settings Tab Field Descriptions Page Adding/Editing a Cipher Suite Page Console Management Profile Page Page TruePort Profile Page Adding/Editing Additional TruePort Hosts Page Page Page TCP Sockets Profile Page Adding/Editing Additional Hosts Page Page Page UDP Sockets Profile Page Terminal Profile Page Page Page Page Page User Service Settings Login Settings Telnet Settings Rlogin Settings SSH Settings SLIP Settings Page PPP Settings Page Page Page Page Printer Profile Serial Tunneling Profile Page Virtual Modem Profile Page Page Page Phone Number to Host Mapping VModem Phone Number Entry Control Signal I/O Profile Input Signal Field Descriptions Page Output Signal Field Descriptions Modbus Gateway Profile Page Advanced Field Descriptions Modbus Slave IP Settings Field Descriptions Adding/Editing Modbus Slave IP Settings Modbus Slave Advanced Settings Field Descriptions Power Management Profile Editing Power Management Plug Settings Field Descriptions Remote Access (PPP) Profile Page Page Authentication Tab Field Descriptions Page Dynamic DNS Field Descriptions Page Page Page Remote Access (SLIP) Profile Page Page Custom Application Profile General Tab Field Description Port Buffering Local Port Buffering Remote Port Buffers Field Definitions Page Advanced Advanced Serial Settings Tab Page Modems Tab Adding/Editing a Modem TruePort Baud Rate Tab Configuring Users Page Adding/Editing Users General Tab Page Services Tab Page Advanced Tab Page Sessions Tab Page Serial Port Access Tab Page Configuring Security Authentication Authentication Local RADIUS General Field Descriptions Attributes Field Descriptions Kerberos LDAP TACACS+ SecurID NIS SSH Users Logging into the IOLAN Using SSH Users Passing Through the IOLAN Using SSH (Dir/Sil) Page SSL/TLS Page Page Adding/Editing a Cipher Page VPN IKE Phase 1 Proposals ESP Phase 2 Proposals IPsec Adding/Editing the IPsec Tunnel Page Shared Secret Field Description Remote Validation Criteria Field Descriptions L2TP/IPsec Exceptions Adding/Editing a VPN Exception Field Description Services Page Keys and Certificates Page Page Configuring I/O Interfaces Settings I/O Access Functionality Advanced Slave Modbus Settings Page Failsafe Timer Functionality UDP Functionality I/O UDP Settings Temperature Functionality Channels Analog Page Digital Input Page Page Digital Output Page Page Relay Page Digital I/O Extension Page Digital Input/DSR/DCD/CTS Digital Output/Relay/DTR/RTS Page Adding/Editing Additional Hosts Page Temperature Page Alarm Settings Basic Analog Alarm Settings Advanced Analog Alarm Settings Page I/O UDP UDP Unicast Format UDP Broadcast Packet Analog Section Digital/Relay Section Serial Pin Signal Section UDP Unicast Example I/O Modbus Slave Modbus Serial Application Connected to the Serial Port Modbus Serial Application Connected to the Network Modbus TCP Application Modbus I/O Access Function Codes I/O Coil/Register Descriptions Serial Port Coil/Register Descriptions A4/T4 Registers A4D2/A4R2 Registers D4/D2R2 Registers Serial Pin Signals TruePort I/O TruePort/Modbus Combination API Over TruePort Only Accessing I/O Data Via TruePort Introduction Setup Format of API Commands Get Commands Command Format Response Format Set Commands Command Format Successful Response Format Unsuccessful Response Format Error Codes I/O SNMP Traps Page Configuring Clustering Clustering Slave List Adding Clustering Slaves Advanced Clustering Slave Options Editing Clustering Slave Settings Page Configuring the Option Card Option Card Settings Configuring the IOLAN Modem Card Configuring a Wireless WAN Card Page Page Configuring the System Alerts Email Alerts Page Syslog Management SNMP Page Time Network Time Tab Field Descriptions Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Field Description Login Tab Field Descriptions Bootup Files Tab Field Descriptions Message of the Day (MOTD) Tab Field Descriptions TFTP Tab Field Descriptions Console Port Tab Field Descriptions Page Controlling the RPS, I/O Channels, and IPsec Tu n n e l s RPS Control Plug Control Serial Port Power Control Power Plug Status I/O Channels IPsec Tunnel Control Page System Administration Managing Configuration Files Saving Configuration Files Downloading Configuration Files Downloading Configuration Files to Multiple IOLANs Uploading Configuration Files Specifying a Custom Factory Default Configuration Resetting the IOLAN to the Default Configuration Downloading IOLAN Firmware Calibrating I/O Calibrating Analog Input Calibrating Voltage Calibrating Current Calibrating Temperature Input Calibrating Thermocouple Calibrating RTD Calibrating Analog Channels Resetting Calibration Data Setting the IOLANs Date and Time Rebooting the IOLAN Resetting the IOLAN to Factory Defaults Resetting the SecurID Node Secret Language Support Loading a Supplied Language Translation Guidance Software Upgrades and Language Files Downloading Terminal Definitions Creating Terminal Definition Files Resetting Configuration Parameters Lost Admin Password Page Applications Configuring Modbus Configuring a Master Gateway Configuring a Slave Gateway Modbus Gateway Settings Modbus Master Gateway Modbus Slave Gateway Modbus Serial Port Settings Modbus Master Settings Modbus Slave Settings Configuring PPP Dial On Demand Setting Up Printers Remote Printing Using LPD Remote Printing Using RCP Remote Printing Using Host-Based Print Handling Software Configuring a Virtual Private Network IOLAN-to-Host/Network Page Network-to-Network Host-to-Host Page VPN Client-to-Network Page RADIUS and T ACACS+ A Introduction RADIUS Supported RADIUS Parameters Page Page Accounting Message Mapped RADIUS Parameters to IOLAN Parameters Perle RADIUS Dictionary Example Page TACACS+ Accessing the IOLAN Through a Serial Port Users Page Accessing the IOLAN Through a Serial Port User Example Settings Accessing the IOLAN from the Network Users Accessing the IOLAN from the Network User Example Settings SSL/TLS Ciphers B Valid SSL/TLS Ciphers Page Virtual Modem AT Commands C Virtual Modem Initialization Commands Page Pinouts and Cabling Diagrams D Pin 14 Pin 25 Serial Pinouts DB25 Female Pin 1 Pin 25 Pin 14 Pin 13 RJ45 RJ45 (for desktop and rack mount models) RJ45 (for SCS48C/SCS32C/SCS16C/SCS8C models) RJ45 (for SDS32C/SDS16C/SDS8C Electric Utility models) RJ45 (for medical unit models) DB9 Male (Serial Only) DB9 Male I/O Power Over Ethernet Pinouts EIA-232 Cabling Diagrams Terminal DB25 Connector DB25 Male DB25 Female RJ45 DB9 Male Modem DB25 Connector DB25 Male RJ45 DB9 Male Page Setting Jumpers E 1-Port IOLAN DB25 Male/Female 1-Port IOLAN RJ45 1-Port IOLAN RJ45 P (Power Over Ethernet) 1-Port IOLAN DB9 2-Port IOLAN SDS1M (Modem) 2-Port IOLAN 2-Port IOLAN RJ45 P (Power Over Ethernet) 4-Port Desktop IOLAN Digita l I/O Module Analog Input Module Page I/O W iring Diagrams F Wiring I/O Diagrams Digital I/O Digital Input Wet Contact Digital Output Sink Digital Output Source Analog Input Current Voltage Temperature Input Thermocouple RTD 2-Wire RTD 3-Wire RTD 4-Wire Relay Output Normally Open Contact Normally Closed Contact Page Utilities G TruePort Network API I/O Access Over TruePort API Request Format API Response Format Error Codes Decoder Page Accessories H Installing a Perle PCI Card Page Page Starter Kit (Adapters/Cable) RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models SCS48C/SCS32C/SCS16C/SCS8C Starter Kit (Adapters/Cable) RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco Roll-Over Adapter for Rack Mount Models Page T roubleshooting I Hardware Troubleshooting Power/Ready LED Labels Communication Issues DeviceManager Problems Host Problems RADIUS Authentication Problems Login Problems Problems with Terminals Unknown IP Address DHCP/BOOTP Problems Callback Problems Language Problems Modem Problems PPP Problems Printing Problems Long Reboot Cycle SSL/TLS I/O Models IPv6 Issues Contacting Technical Support Making a Technical Support Query Who To Contact Have Your Product Information Ready Making a support query via the Perle web page Repair Procedure Feedback on this Manual Glossary Page Index A B C D J K L M N R S T U V