Perle Systems 4030370, SCS8C DC Network-to-Network

362

Configuring a Virtual Private Network

Network-to-Network

The following examples shows how to configure a network-to-network IPsec tunnel. This example

uses the X.509 Certificate authentication method, so it includes the configuration requirements for the

X.509 certificate. NAT Traversal (NAT_T) is enabled in this example (on both sides) because the

VPN tunnel is going private network to public network to private network. Notice also that the serial

devices connected to the IOLAN can be accessed by the VPN tunnel, since they are included in the

network configuration as part of the 172.16.45.0 subnetwork.

1. Configure the IPsec tunnel in the IOLAN:

2. Click the Remote Validation Criteria button and enable and populate the fields that are required

for the remote X.509 certificate validation. If you just want to validate the X.509 certificate

signer, you do not need to enable any of the remote validation criteria fields.

Remote VPN

Gateway

172.16.45.84

172.16.45.1

Internet

172.16.45.23

192.168.45.45

192.168.45.12

192.168.45.87

External IP Address

196.15.23.56

172.16.45.99 192.168.45.99

Router Router

External IP Address

199.15.23.56

Left

Right

IPsec Tunnel--Encrypted Data

Unencrypted

Data

Unencrypted

Data

Contents

Main Page Table of Contents Preface ...............................................................................25 Chapter 1 Introduction...................................................... 27 Chapter 2 Hardware and Connectivity ............................32 Power Supply Specifications.................................................... 33 Getting to Know Your IOLAN.................................................... 36 Chapter 3 Configuration Methods ...................................54 WebManager............................................................................... 60 Command Line Interface........................................................... 63 Menu............................................................................................ 64 DHCP/BOOTP............................................................................. 66 Chapter 4 Getting Started................................................. 75 Chapter 5 Using DeviceManager and WebManager.......84 Chapter 6 Network Settings .............................................92 Advanced.................................................................................. 100 Chapter 7 Configuring Serial Ports ...............................114 Serial Port Profiles................................................................... 117 Page Port Buffering........................................................................... 205 Advanced.................................................................................. 208 Chapter 8 Configuring Users .........................................212 Adding/Editing Users .............................................................. 214 Chapter 9 Configuring Security .....................................223 SSH............................................................................................ 234 SSL/TLS .................................................................................... 237 VPN............................................................................................ 242 HTTP Tunneling ....................................................................... 251 Services .................................................................................... 257 Chapter 10 Configuring I/O Interfaces...........................261 Channels................................................................................... 269 I/O UDP...................................................................................... 289 Chapter 11 Configuring Clustering................................305 Chapter 12 Configuring the Option Card ......................309 Chapter 13 Configuring the System ..............................315 Chapter 14 Controlling the RPS, I/O Channels, IPsec .333 Chapter 15 System Administration................................339 Serial Port Power Control ....................................................... 336 I/O Channels............................................................................. 337 IPsec Tunnel Control............................................................... 338 Page Chapter 16 Applications .................................................352 Appendix A RADIUS and TACACS+ ..............................377 Appendix B SSL/TLS Ciphers ........................................391 Appendix C Virtual Modem AT Commands ..................393 Appendix D Pinouts and Cabling Diagrams .................395 Appendix E Setting Jumpers .........................................408 Introduction.............................................................................. 408 Introduction.............................................................................. 420 Appendix F I/O Wiring Diagrams ...................................415 Wiring I/O Diagrams................................................................. 415 Appendix H Accessories ................................................423 Appendix I Troubleshooting...........................................436 Appendix J Data Logging............................................... 446 Appendix K Modbus Remapping................................... 447 Page Preface About This Book Intended Audience Documentation Typeface Conventions Online Help About the IOLAN IOLAN Family Models Introduction IOLAN Features Hardware Software Accessing the IOLAN General Features Advanced Features Security Page Hardware and Connectivity IOLAN Components Whats Included What You Need to Supply Available Accessories Power Supply Specifications Desktop Models Power Over Ethernet (PoE) Models I/O Models Rack Mount Models (except Electric Utility models) DC Power Requirements AC Power Requirements Medical Unit Models TELCO-NEBS Models Getting to Know Your IOLAN 1-Port 2-Port 4-Port and 8-Port desktop models I/O Top View End View Rack Mount Medical Unit Page Console/Serial Switch Console Mode Serial Mode Dedicated Console Port Connecting your IOLAN to the Network Powering up your IOLAN Desktop/Rack Mount Models (excluding Electric Utility models) Medical Unit Models Terminal Block Models +- Left Right DC Power Models (excluding Electric Utility models) Disconnecting 48V Power Supplies from the IOLAN Electric Utility Models Wiring Wiring up an HV unit Wiring up a DHV unit Wiring up a LDC unit TELCO - NEBS Models Install Locations for LDC Models Wiring up a the Fail-Safe Relay Page Configuration Methods Configuration Methods Overview Configures an IP Address Requires a Configured IP Address Easy Config Wizard DeviceManager Connecting to the IOLAN Using DeviceManager Page Using DeviceManager Navigating the Options Downloading the Configuration WebManager Connecting to the IOLAN Using WebManager Using WebManager Command Line Interface Connecting to the IOLAN Using the CLI Through the Network Through the Serial Port Using the CLI Menu Connecting to the IOLAN Using the Menu Using the Menu DHCP/BOOTP Connecting to the IOLAN Using DHCP/BOOTP Using DHCP/BOOTP DHCP/BOOTP Parameters SNMP Connecting to the IOLAN Using SNMP Using the SNMP MIB IOLAN+ Interface Connecting to the IOLAN to Use the IOLAN+ Interface Using the IOLAN+ Interface Changes to the IOLAN+ Interface Page Page Page Getting Started Easy Configuration Wizard Setting Up the Network Using DeviceManager Using WebManager Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP Using ARP-Ping For an IPv6 Network Setting Up the Serial Port(s) Page Setting Up Users Using DeviceManager and WebManager Navigating DeviceManager/WebManager DeviceManager WebManager EasyPort Web Using DeviceManager to Connect to the IOLAN Starting a New Session Assigning a Temporary IP Address to a New IOLAN Adding/Deleting IOLANs Manually Logging in to the IOLAN Using WebManager to Connect to the IOLAN Logging into the IOLAN Configuration Files Creating a New IOLAN Configuration in DeviceManager Opening an Existing Configuration File Managing the IOLAN Network Settings IP Settings IPv4 Settings IPv6 Settings Page Adding/Editing a Custom IPv6 Address Page Page Page Advanced Host Table Adding/Editing a Host Route List Adding/Editing Routes DNS/WINS Editing/Adding DNS/WINS Servers RIP Page Dynamic DNS Account Settings Page Adding/Editing a Cipher Suite Page IPv6 Tunnels Adding/Editing an IPv6 Tunnel Configuring Serial Ports Serial Ports Page Copying a Serial Port Resetting a Serial Port Serial Port Profiles Common Tabs Hardware Tab Field Descriptions Page Email Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Page Page SSL/TLS Settings Tab Field Descriptions Page Adding/Editing a Cipher Suite Page Page Console Management Profile Page Page Page TruePort Profile Page Adding/Editing Additional TruePort Hosts Page Page Page Page TCP Sockets Profile Page Adding/Editing Additional Hosts Page Page Page UDP Sockets Profile Page Page Page Page Terminal Profile Page Page Page User Service Settings Login Settings Telnet Settings Rlogin Settings SSH Settings SLIP Settings Page Page PPP Settings Page Page Page Page Page Printer Profile Page Serial Tunneling Profile Page Page Virtual Modem Profile Page Page Page Phone Number to Host Mapping VModem Phone Number Entry Control Signal I/O Profile Input Signal Field Descriptions Output Signal Field Descriptions Modbus Gateway Profile Advanced Field Descriptions Modbus Slave IP Settings Field Descriptions Page Adding/Editing Modbus Slave IP Settings Modbus Slave Advanced Settings Field Descriptions Page Power Management Profile Editing Power Management Plug Settings Field Descriptions Monitoring Tab Field Descriptions Page Remote Access (PPP) Profile Page Dynamic DNS Field Descriptions Authentication Tab Field Descriptions Page Page Page Page Page Remote Access (SLIP) Profile Page Page Custom Application Profile General Tab Field Description Advanced Tab Field Description Page Port Buffering Local Port Buffering Remote Port Buffers Field Definitions Page Advanced Advanced Serial Settings Tab Page Modems Tab Adding/Editing a Modem TrueP ort B aud Ra te Tab Configuring Users Page Adding/Editing Users General Tab Page Services Tab Page Advanced Tab Page Sessions Tab Page Serial Port Access Tab Authentication Configuring Security Authentication Local RADIUS General Field Descriptions Attributes Field Descriptions Kerberos LDAP/Microsoft Active Directory Page TACACS+ SecurID NIS SSH Users Logging into the IOLAN Using SSH Users Passing Through the IOLAN Using SSH (Dir/Sil) Page SSL/TLS Page Page Adding/Editing a Cipher Page VPN IKE Phase 1 Proposals ESP Phase 2 Proposals IPsec Adding/Editing the IPsec Tunnel Page Shared Secret Field Description Remote Validation Criteria Field Descriptions L2TP/IPsec Exceptions Adding/Editing a VPN Exception Field Description HTTP Tunneling Adding/Editing the HTTP Tunnel Configuring HTTP Tunnel Configuring HTTP Tunnel Proxy Configuring HTTP Tunnel Proxy Advanced Configuring HTTP Tunnel Destination Page Page Services Page Keys and Certificates Page Configuring I/O Interfaces Technical Specifications Digital I/O Digital Input Digital Output Settings I/O Access Functionality Advanced Slave Modbus Settings Page Failsafe Timer Functionality UDP Functionality I/O UDP Settings Temperature Functionality Channels Analog Page Digital Input Page Page Digital Output Page Page Relay Page Digital I/O Extension Page Digital Input/DSR/DCD/CTS Digital Output/Relay/DTR/RTS Page Adding/Editing Additional Hosts Temperature Page Alarm Settings Basic Analog Alarm Settings Advanced Analog Alarm Settings Page I/O UDP UDP Unicast Format UDP Broadcast Packet Analog Section Digital/Relay Section Serial Pin Signal Section UDP Unicast Example I/O Modbus Slave Modbus Serial Application Connected to the Serial Port Modbus Serial Application Connected to the Network Modbus TCP Application Modbus I/O Access Function Codes I/O Coil/Register Descriptions Serial Port Coil/Register Descriptions A4/T4 Registers A4D2/A4R2 Registers D4/D2R2 Registers Serial Pin Signals TruePort I/O TruePort/Modbus Combination API Over TruePort Only Accessing I/O Data Via TruePort Introduction Setup Format of API Commands Get Commands Response Format Command Format Set Commands Command Format Successful Response Format Unsuccessful Response Format Error Codes I/O SNMP Traps Configuring Clustering Clustering Slave List Adding Clustering Slaves Advanced Clustering Slave Options Editing Clustering Slave Settings Page Configuring the Option Card Option Card Settings Configuring the IOLAN Modem Card Configuring a Wireless (PCMCIA) WAN Card Page Configuring a USB Modem Page Configuring a Fiber Optic Card Configuring the System Alerts Email Alerts Page Page Syslog Management SNMP SNMP Tab Field Descriptions Page SNMP Traps Tab Field Descriptions Page Time Network Time Tab Field Descriptions Page Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Field Description Bootup Files Tab Field Descriptions Page Message of the Day (MOTD) Tab Field Descriptions TFTP Tab Field Descriptions SFTP Tab Field Descriptions Console Port Tab Field Descriptions Controlling the RPS, I/O Channels, IPsec RPS Control Plug Control Page Serial Port Power Control Power Plug Status I/O Channels IPsec Tunnel Control System Administration Managing Configuration Files Saving Configuration Files Downloading Configuration Files Downloading Configuration Files to Multiple IOLANs Uploading Configuration Files Specifying a Custom Factory Default Configuration Resetting the IOLAN to the Default Configuration Downloading IOLAN Firmware Calibrating I/O Calibrating Analog Input Calibrating Voltage Calibrating Current Calibrating Temperature Input Calibrating Thermocouple Calibrating RTD Calibrating Analog Channels Resetting Calibration Data Setting the IOLANs Date and Time Rebooting the IOLAN Resetting the IOLAN to Factory Defaults Resetting the SecurID Node Secret Language Support Loading a Supplied Language Translation Guidance Software Upgrades and Language Files Downloading Terminal Definitions Creating Terminal Definition Files Resetting Configuration Parameters Lost admin Password Applications Configuring Modbus Configuring a Master Gateway Configuring a Slave Gateway Modbus Gateway Settings Modbus Master Gateway Modbus Slave Gateway Modbus Serial Port Settings Modbus Master Settings Modbus Slave Settings Configuring PPP Dial On Demand Setting Up Printers Remote Printing Using LPD Remote Printing Using RCP Remote Printing Using Host-Based Print Handling Software Configuring a Virtual Private Network IOLAN-to-Host/Network Page Page Network-to-Network Host-to-Host Page VPN Client-to-Network Configuring HTTP Tunnels Serial-to Serial Page The setup for HTTP Tunnel serial-to-serial is now complete. Serial-to Host Page The setup for HTTP Tunnel Host-to-Serial is now complete. Host-to Host Page The setup for HTTP Tunnel Host-to-Host is now complete. Tunnel Relay Page Page The setup for HTTP Tunnel Relay is now complete. RADIUS and TACACS+ A Introduction RADIUS Supported RADIUS Parameters Page Page Page Accounting Message Mapped RADIUS Parameters to IOLAN Parameters Page Perle RADIUS Dictionary Example Page TACACS+ Accessing the IOLAN Through a Serial Port Users Page Accessing the IOLAN Through a Serial Port User Example Settings Accessing the IOLAN from the Network Users Accessing the IOLAN from the Network User Example Settings SSL/TLS Ciphers B Valid SSL/TLS Ciphers Page Virtual Modem AT Commands C Virtual Modem Initialization Commands Page Pinouts and Cabling Diagrams D Pin 1 Pin 14 Pin 25 DB25 Female Pin 13 Pin 1 Pin 25 Pin 14 RJ45 RJ45 (for desktop and rack mount models) RJ45 (for SCS48C/SCS32C/SCS16C/SCS8C models) RJ45 (for SDS32C/SDS16C/SDS8C) Dual Ethernet and Electric Utility models RJ45 (for medical unit models) DB9 Male (Serial Only) DB9 Male I/O Power Over Ethernet Pinouts EIA-232 Cabling Diagrams Terminal DB25 Connector DB25 Female DB25 Male RJ45 DB9 Male Modem DB25 Connector DB25 Male RJ45 DB9 Male Setting Jumpers E 1-Port IOLAN DB25 Male/Female 1-Port IOLAN RJ45 1-Port IOLAN RJ45 P (Power Over Ethernet) 1-Port IOLAN DB9 2-Port IOLAN SDS1M (Modem) 2-Port IOLAN 2-Port IOLAN RJ45 P (Power Over Ethernet) 4-Port Desktop IOLAN Digital I/O Module Analog Input Module Page I/O Wiring Diagrams F Wiring I/O Diagrams Digital I/O Digital Input Wet Contact Digital Output Sink Digital Output Source Analog Input Current Volta ge Temperature Input Thermocouple RTD 2-Wire RTD 3-Wire RTD 4-Wire Relay Output Normally Open Contact Normally Closed Contact Utilities G True Por t Network API I/O Access Over TruePort API Request Format API Response Format Error Codes Decoder Accessories H Installing a Perle PCI Card Page Page Starter Kit (Adapters/Cable) RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models SCS48C/SCS32C/SCS16C/SCS8C Starter Kit (Adapters/Cable) RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco Roll-Over Adapter for Rack Mount Models Troubleshooting I Hardware Troubleshooting Communication Issues DeviceManager Problems Host Problems RADIUS Authentication Problems Login Problems Problems with Terminals Unknown IP Address DHCP/BOOTP Problems Callback Problems Language Problems Modem Problems PPP Problems Printing Problems Long Reboot Cycle SSL/TLS I/O Models IPv6 Issues Contacting Technical Support Making a Technical Support Query Who To Contact Have Your Product Information Ready Making a support query via the Perle web page Repair Procedure Feedback on this Manual Data Logging J Trueport Profile TCP Socket Profile Modbus Remapping K Modbus Remapping Feature Create a configuration file Line format for one UID is: Page Symmetric Key File L Symmetric Key File Troubleshooting the USB Modem M Modem not connecting to the network. Page Page USB Modem Support and Custom Options Downloading Custom USB Modem Configuration Files Page Glossary Page Index A B C D J K L M N R S T U V