L2TP/IPsec

L2TP/IPsec

Once L2TP/IPsec is enabled, the IOLAN expects all connections to be established through a VPN tunnel. To allows hosts to connect outside of the VPN tunnel, you must configure VPN exceptions, see VPN Exceptions on page 121 for the command syntax.

Set L2TP

Description

User Level Admin

Syntax set l2tp listen-for-l2tp onoff

set l2tp authentication-method shared-secret [secret <text>]

set l2tp authentication-method x.509-certificate remote-validation-criteria [country <code>] [state-province <text>] [locality <text>] [organisation <text>] [organisation-unit <text>] [common-name <text>]

[email <email_addr>]

set l2tp [ipsec-local-ip-address <ipv4_addr>] [local-ip-address <ipv4_addr>] [remote-ipv4-start-address <start_ip>] [remote-ipv4-end-address <end_ip>] [authentication-type papchapboth]

Options listen-for-l2tp

When enabled, allows L2TP/IPsec VPN connections. Note: to allow non-VPN connections to the IOLAN, you must create entries in the VPN Exceptions list. The default is off.

authentication methed shared-secretx.509-certificate

Specify the authentication method that will be used between VPN peers to authenticate the VPN tunnel.

Data Options:

zShared Secret—A text-based secret that is used to authenticate the IPsec tunnel (case sensitive).

zX.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel. When using this authentication method, you must include the signing authority’s certificate information in the SSL/TLS CA list and download it to the IOLAN.

Default: Shared Secret

secret

When the Authentication Method is Secret, enter the case-sensitive secret word.

Maximum of 16 characters, spaces not allowed. The secret is shared for all IPsec and

L2TP/IPsec tunnels.

remote-validation-criteria

Any values that are entered in the remote validation criteria must match the remote X.509 certificate for a succsessful connection; any fields left blank will not be validated against the remote X.509 certificate. Note that all validation criteria must be configured to match the X.509 certificate. An asterick (*) is valid as a wildcard.

Network Commands 119

Page 118 Page 120
Page 119
Image 119
Perle Systems MDC, SDS L2TP/IPsec, Set L2TP, Options listen-for-l2tp, Authentication methed shared-secretx.509-certificate
Page 118 Page 120

SDS, MDC specifications

Perle Systems is a leading provider of connectivity solutions, renowned for its robustness and reliability in networking hardware. Among its expansive product offerings, the MDC (Multiport Device Converter) and SDS (Serial Device Server) stand out as pivotal solutions for industries requiring seamless data communication and device management.

The Perle MDC serves as a powerful multi-port device converter, providing the ability to connect multiple serial devices to a computer network without needing a separate connection for each device. This is particularly useful in environments with limited computing resources or high device density, such as railways, manufacturing plants, or remote field operations. It is designed to convert serial communication, which is commonly used in legacy devices, into Ethernet/IP or TCP/IP protocols, ensuring that older devices can integrate into modern networks.

Main features of the MDC include its robust design for industrial environments, support for a variety of serial protocols, and multiple device connections. It supports data rates of up to 115200 bps and provides easy monitoring and configuration via a web-based interface. Additionally, the MDC incorporates advanced security features including SSL and SSH encryption, ensuring data integrity and protection against unauthorized access.

On the other hand, the Perle SDS model exemplifies advanced serial device hosting capabilities, allowing users to connect Ethernet networks to serial devices. It acts as a bridge, enabling remote devices to be configured and managed over IP networks. The SDS series is known for its versatility, supporting a range of serial communication protocols, including RS-232, RS-422, and RS-485, making it suitable for various applications such as point-of-sale systems, industrial automation, and remote monitoring.

The SDS boasts several characteristics that enhance its functionality, such as automatic device discovery, real-time monitoring, and local or cloud-based management options. Its feature set also includes traffic management capabilities, allowing the optimization of device communication by controlling the flow of data, which is critical for applications requiring high reliability and low latency.

Both the MDC and SDS benefit from a strong emphasis on ease of deployment and management. They support a range of network topologies, facilitating seamless integration into existing infrastructures. Furthermore, these devices are backed by Perle Systems' reputation for customer support and a commitment to ongoing innovation, ensuring that organizations can rely on these solutions for future growth and technological advancement.
Top Page Image Contents