Manuals / Perle Systems / Computer Equipment / Network Card

Perle Systems STS, SCS manual IPsec, IKE Phase 1 Proposals, ESP Phase 2 Proposals

Models: SCS STS

1 408

Download 408 pages 44.1 Kb

Page 222

VPN

IKE Phase 1 Proposals

The following IKE Phase 1 proposals are supported by the IOLAN VPN gateway:

zCiphers—3DES, AES

zHashes—MD5, SHA1

zDiffie-HellmanGroups—2 (MODP1024), 5 (MODP1536), 14 (MODP2048), 15 (MODP3072), 16 (MODP4096), 17 (MODP6144), 18 (MODP8192)

ESP Phase 2 Proposals

The following ESP Phase 2 proposals are supported by the IOLAN VPN gateway:

zCiphers—3DES, AES

zAuthentication Algorithms—MD5, SHA1, SHA2

IPsec

When an IPsec tunnel becomes active, you are requiring that all access to the IOLAN go through the configured IPsec tunnel(s), so you must configure any exceptions first (see Exceptions on page 228 for more information on exceptions) or you will not be able to access the IOLAN through the network unless you are configured to go through the IPsec tunnel (you can still access the IOLAN through the Console port).

Field Descriptions

The following buttons are available:

Add Button	Click this button to add a new IPsec VPN tunnel.
Edit Button	Select an existing IPsec VPN tunnel to edit the tunnel’s parameters.
Delete Button	Select an existing IPsec VPN tunnel to remove the tunnel.

222	IOLAN SDS/SCS/STS User’s Guide, Version 3.6

Image 222

Perle Systems STS, SCS manual IPsec, IKE Phase 1 Proposals, ESP Phase 2 Proposals, Authentication Algorithms-MD5, SHA1, SHA2

Contents

Iolan SDS/SCS/STS EN 55022 1998, Class A, Note Table of Contents Configuration Methods DHCP/BOOTP Getting Started Network Settings Configuring Serial Ports UDP Sockets Profile 132 Remote Access Slip Profile 179 Configuring Users Configuring Security Configuring I/O Interfaces Channels UDP Configuring Clustering Controlling the RPS, I/O Channels, System Administration Applications Appendix B SSL/TLS Ciphers Appendix E Setting Jumpers 361 Appendix G Utilities Appendix I Troubleshooting Glossary IndexIntended Audience PrefaceAbout This Book DocumentationTypeface Conventions Online HelpIntroduction About the IolanIolan Family Models Iolan Features HardwareSoftware Security LdapIolan Components ConnectivityIntroduction What’s IncludedPower Over Ethernet PoE Models Power Supply SpecificationsAvailable Accessories Desktop ModelsGetting to Know Your Iolan DC Power RequirementsAC Power Requirements Rack Mount ModelsPort Serial ActivityPort Top View End ViewRack Mount Console Port/LED ViewSerial/Ethernet View Serial Mode Console/Serial SwitchConsole Mode Dedicated Console Port Rack Mount ModelsPowering Up the Iolan Desktop/Rack Mount ModelsModels Primary Supply DC Power ModelsEarthing Wire Secondary back-up SupplyDisconnecting 48V Power Supplies from the Iolan Powering Up the Iolan Configuration Methods Chapter Configuration Methods Overview Configures an IP AddressRequires a Configured IP Address Easy Config Wizard Connecting to the Iolan Using DeviceManager Access PlatformsUnique Features DeviceManagerDeviceManager Using DeviceManager WebManager Connecting to the Iolan Using WebManager IolanUsing WebManager Command Line Interface Connecting to the Iolan Using the CLIThrough the Network Menu Using the CLIConnecting to the Iolan Using the Menu Through the Serial PortUsing the Menu Connecting to the Iolan Using DHCP/BOOTP Using DHCP/BOOTPDHCP/BOOTP Parameters TACACS+ SecuridConnecting to the Iolan Using Snmp SnmpUsing the Snmp MIB Connecting to the Iolan to Use the IOLAN+ Interface Using the IOLAN+ InterfaceIOLAN+ Interface REMOTE-ADMIN Changes to the IOLAN+ InterfaceOpt HEX Rlogin/Telnet Remote Access Systems Screen Name Wchiewsds2 Debug mode IP address IOLAN+ Interface Easy Configuration Wizard Getting StartedSetting Up the Network Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP Using ARP-Ping For an IPv6 NetworkSetting Up the Serial Ports Setting Up the Serial Ports Setting Up Users Using DeviceManager WebManager Navigating DeviceManager/WebManager DeviceManagerWebManager EasyPort WebUsing DeviceManager to Connect to the Iolan Starting a New SessionAssigning a Temporary IP Address to a New Iolan Adding/Deleting Manual IOLANs Logging in to the IolanCreating a New Iolan Configuration in DeviceManager Using WebManager to Connect to the IolanConfiguration Files Logging into the IolanOpening an Existing Configuration File Importing an Existing Configuration FileManaging the Iolan Network Settings Overview IP SettingsIPv4 Settings Field DescriptionsIPv6 Settings DHCPv6 AutoconfigurationIPv6 Custom IPv6Prefix Bits Range Default Adding/Editing a Custom IPv6 AddressAdvanced Server Name.Domain Prefix.Domain NameDefault Disabled Advertise DHCPv6 Default 100 msDefault 200 ms ConfigurationFunctionality AdvancedHost Table IP Filtering Data OptionsFully Qualified Adding/Editing a HostHost Name Domain NameRoute List Type Default DefaultAdding/Editing Routes IPv4 Subnet MaskDNS/WINS RIP Editing/Adding DNS/WINS ServersAuthentication Ethernet ModeDefault None PasswordEnd Time Dynamic DNSOverview Functionality KeyUser Name Account SettingsDefault Dynamic System TypeCipher Suite Field Descriptions Adding/Editing a Cipher Suite Validation Criteria Field Descriptions IPv6 Tunnels Common NameName Default ManualAdding/Editing an IPv6 Tunnel Mode102 Iolan SDS/SCS/STS User’s Guide, Version Serial Ports FunctionalityEditing a Serial Port Copying a Serial Port Resetting a Serial Port Serial Port ProfilesCommon Tabs Hardware Tab Field Descriptions Enable Inbound Default FullDefault Auto Flow Control Flow Control Default Enabled Enable OutboundEmail Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Packet Definition Enable Trigger1Enable Trigger2 Packet SizeEOF2 Character Default TriggerEOF1 Character TriggerSSL/TLS Settings Tab Field Descriptions Default Client114 Iolan SDS/SCS/STS User’s Guide, Version 115 116 Iolan SDS/SCS/STS User’s Guide, Version General Tab Field Descriptions Default TelnetConsole Management Profile ProtocolAdvanced Tab Field Descriptions Support Default Disabled Multisessions Enable MicrosoftAdministrator Idle TimeoutTruePort Profile ModemPhone Connect to System Default Enabled Host NameConnect to remote Multiple HostsHosts to connect to Host and backupAdding/Editing Additional TruePort Hosts Define a primaryBackup Host Adding/Editing a Multihost EntryPrimary Host Signals high Day Motd Default Disabled Enable TCPWhen Enable Data Session TimeoutLogging Connection Workstation/Server on the network Default Enabled TCP Sockets ProfileInitiate Connection Received on the serial portAdding/Editing Additional Hosts 129 Day Motd Default Disabled Enable Data 131 UDP Sockets Profile UDP port Direction Start IP AddressEnd IP Address Default 0 zero Terminal ProfileUDP Port TVI925 Default DumbVT100 VT320 specifically supporting VT320-7Default Disabled Protocol Is receivedData Range 138 Iolan SDS/SCS/STS User’s Guide, Version User Service Settings Login SettingsQuit Telnet SettingsInterrupt EraseRlogin Settings User is only prompted for a passwordEscape SSH Settings Authentication for the SSH session Slip SettingsRSA authentication for the SSH session ArcfourRouting VJ CompressionPPP Settings Default Chap IPv6 RemoteNone Remote User Timeout Remote PasswordConfigure Req Default 3 secondsChallenge Interval Default 1 minuteRoaming Callback Address/ControlPrinter Profile Serial Serial Tunneling ProfileSerial Server Tunnel Client Iolan TunnelClient Default Disabled Host Name Act As TunnelVirtual Modem Profile 154 Iolan SDS/SCS/STS User’s Guide, Version DCD DTR Signal Acts as RTS Signal Always On RTS Signal Acts as AT CommandResponse Delay Phone Number to Host Mapping Phone Number Control Signal I/O ProfileVModem Phone Number Entry Host IP AddressDescription Input Signal Field DescriptionsInvert Signal LatchManual Clear Auto Clear ModeMode Default Disabled SyslogOutput Signal Field Descriptions Failsafe ActionModbus Gateway Profile IP Mappings Settings Button UID RangeDestination Slave Advanced SlaveDefault 30 ms Default 1000 msAdvanced Field Descriptions Modbus Slave IP Settings Field Descriptions UID Start Adding/Editing Modbus Slave IP SettingsDefault Host UID EndRange Default 50 ms Modbus Slave Advanced Settings Field DescriptionsDefault TCP Data Options TCP or UDPPower Management Profile RPS Name Editing Power Management Plug Settings Field DescriptionsDefault RSP820 RPS ModelDefault Off Remote Access PPP ProfileDefault State Data Options On, OffNegotiate IP IPv6 Global Authentication Tab Field Descriptions 174 Iolan SDS/SCS/STS User’s Guide, Version Account Settings Enable DynamicDNS for this Serial Default Disabled Port Host Dynamic DNS Field Descriptions176 Iolan SDS/SCS/STS User’s Guide, Version Enable VJ Configure RequestCompression Default Enabled Enable Protocol Enable MagicDial In/Out MS Direct HostMS Direct Guest Remote Access Slip Profile 180 Iolan SDS/SCS/STS User’s Guide, Version 181 Custom Application Profile General Tab Field DescriptionPort Buffering Local Port BufferingKeyboard Buttons Hot Keys Direction Field Definitions Remote Port BuffersNFS Host Enable PortData Default Disabled Enable Key Stroke NFS DirectoryProcess Break Advanced Serial Settings TabSignals Deny MultipleString Default ~menuSerial Port Menu Session EscapeModems Tab Adding/Editing a ModemName Name of the modem TruePort Baud Rate Tab Field Definitions190 Iolan SDS/SCS/STS User’s Guide, Version Configuring Users User Settings Adding/Editing Users General TabDefault Normal Default DSPrompt Services TabService Host IPIPv6 Interface IndentifierAdvanced Tab Default English Sessions Tab Session 1, 2, 3 ConnectAllow Access to Serial Port Access TabSerial Port Access Clustered Ports202 Iolan SDS/SCS/STS User’s Guide, Version Configuring Security AuthenticationPrimary AuthenticationMethod Default Local Secondary MethodLocal Radius General Field DescriptionsAttributes Field Descriptions Authenticator response Default Enabled RetryNAS-IP-Address Default Enabled NAS-IdentifierKDC Domain KerberosRealm KDC PortEnable TLS BaseTLS Port Authorization Port Default Authentication Authentication Authorization Primary Host Secondary HostDefault None Authentication Primary Host Default NoneSecurID NIS Lynn Users Logging into the Iolan Using SSHDevice Server TracyUsers Passing Through the Iolan Using SSH Dir/Sil Lynn Sales ServerHR Server Allow SSH-1 Interactive Default Enabled PasswordField Descriptions KeyboardEnable Verbose Output Default DisabledBreak String Button For a valid SSL/TLS connection 218 Iolan SDS/SCS/STS User’s Guide, Version Adding/Editing a Cipher 220 Iolan SDS/SCS/STS User’s Guide, Version VPN Authentication Algorithms-MD5, SHA1, SHA2 IKE Phase 1 ProposalsESP Phase 2 Proposals IPsecAdding/Editing the IPsec Tunnel Validation Criteria Default LeftSecret/Remote Local DeviceShared Secret Field Description Remote Validation Criteria Field Descriptions L2TP/IPsec Allow L2TP/IPsecExceptions Adding/Editing a VPN Exception Field DescriptionTruePort Full ServicesTelnet Server Syslog ClientSSH Server DeviceManagerWebManager Sntp ClientKeys and Certificates Key Type 234 Iolan SDS/SCS/STS User’s Guide, Version Configuring I/O InterfacesChapter Settings Access FunctionalityAdvanced Slave Modbus Settings Request Queuing Failsafe Timer Functionality Default 30 secondsFailsafe Action is triggered Enable UDP Broadcast of I/O Default Disabled StatusUDP Functionality UDP Settings UDP EntryTemperature Functionality Default CelsiusMonitoring Application A4D2 ChannelsAnalog Analog I/O AnalogDefault Current Alarm SettingsDigital Input Monitoring ApplicationDigital I/O Input Mode 247 Digital Output Output Mode Default SinkOutput Delay Pulse ModeInactive Signal Width Active Signal Width Pulse CountRelay Monitoring Application A4D2RelayRelay I/O Inactive Signal WidthFront Door Active SignalDigital I/O Extension Warehouse Perle Iolan ReceptionCurrent Alarm State 1 Byte z 0 = Not in alarm Message type 1 ByteInput number 1 Byte Enable I/O ExtensionInput TCP Port Hosts Local connectionSimultaneously Communicate to the Primary Host Temperature Temperature I/O Industrial FreezersDefault RTD Alarm Settings Basic Analog Alarm SettingsAdvanced Analog Alarm Settings Clear ModeTrigger Type Clear UDP Unicast Format UDP Broadcast PacketLength Enabled Analog SectionSection Channel Length Channel Serial Pin Signal SectionDigital/Relay Section Length PinModbus Serial Application Connected to the Serial Port Modbus SlaveUDP Unicast Example Modbus Serial Application Connected to the NetworkModbus TCP Application Modbus I/O AccessModbus RTU Or Ascii Application Power Digital Output Function CodesCoil/Register Descriptions Data Model A1/T1 A2/T2 A3/T3 A4/T4 Holding Registers Serial Port Coil/Register DescriptionsA4/T4 Registers Input RegistersA4D2/A4R2 Registers Data Model D1/R1 D2/R2 CoilsData Model D3/R1 D4/R2 Coils Serial Pin SignalsD4/D2R2 Registers Data Model Pin CoilsModbus Serial Application TruePort Power Digital Output TruePort I/OTruePort/Modbus Combination API Over TruePort Only PC running Custom Application API TruePortAccessing I/O Data Via TruePort SetupIntroduction Command Format Format of API CommandsGet Commands Response FormatSet Commands Example 1 Turn on the first relay on a D2R2 unit Successful Response FormatUnsuccessful Response Format Example 2 Turn on the first and second relay on a D2R2 unitError Codes Snmp Traps280 Iolan SDS/SCS/STS User’s Guide, Version Configuring Clustering Chapter Clustering Slave ListAdvanced Button Adding Clustering Slaves Editing Clustering Slave Settings Advanced Clustering Slave OptionsPort Name Slave TCP Port Master TCP PortConfiguring the Option Card Option Card SettingsConfiguring the Iolan Modem Card Configuring a Wireless WAN Card Overview Field DescriptionsCard APN 288 Iolan SDS/SCS/STS User’s Guide, Version Configuring the System Chapter AlertsEmail Alerts Alerts Syslog Location ManagementContact CommunityDefault DES Auth Algorithm Data Options MD5, SHA Default MD5Auth Password Privacy PasswordConfirm Password Trap Algorithm Data Options MD5, SHA Default MD5Privacy Algorithm Data Options DES, AES Default DES TimeSntp Mode Network Time Tab Field DescriptionsSntp Version Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Login Tab Field Descriptions Bootup Files Tab Field Descriptions Filename Message of the Day Motd Tab Field DescriptionsTftp Host Display Motd WebManager/Easy Port WebConsole Port Tab Field Descriptions Default Flow ControlTftp Tab Field Descriptions Baud Rate302 Iolan SDS/SCS/STS User’s Guide, Version State Button Management profile settings Controlling the RPS, I/O Channels, and IPsec TunnelsRPS Control Plug Control OK Button Closes the windowSerial Port Power Control Power Plug StatusButton Serial port Deactivate Output Manually deactivates the channel output IPsec Tunnel Control 308 Iolan SDS/SCS/STS User’s Guide, Version Saving Configuration Files System Administration ChapterManaging Configuration Files Downloading Configuration FilesDownloading Configuration Files to Multiple IOLANs Reboot ServerUploading Configuration Files Specifying a Custom Factory Default ConfigurationLess than 3 seconds-Reboots the Iolan Calibrating Analog Input Downloading Iolan FirmwareCalibrating I/O Calibrating VoltageCalibrating Thermocouple Calibrating Temperature InputCalibrating Analog Channels Calibrating RTDResetting Calibration Data Setting the IOLAN’s Date and Time Rebooting the IolanResetting the Iolan to Factory Defaults Resetting the SecurID Node Secret Language SupportLoading a Supplied Language Software Upgrades and Language Files Translation GuidanceDownloading Terminal Definitions Creating Terminal Definition FilesResetting Configuration Parameters For exampleLost Admin Password Configuring a Slave Gateway Configuring ModbusConfiguring a Master Gateway ApplicationsModbus Gateway Settings Modbus Master GatewayModbus Slave Gateway Modbus Slave UID Modbus Serial Port SettingsModbus Master Settings Master Gateway Serial EIA-232Modbus Slave Settings Modbus Master Slave GatewaySerial Port EIA-422/485 Modbus Master Modbus Slave UID Configuring PPP Dial On Demand 172.16.0.0Setting Up Printers Remote Printing Using LPDRemote Printing Using RCP Remote Printing Using Host-Based Print Handling SoftwareConfiguring a Virtual Private Network IOLAN-to-Host/NetworkOr just Network-to-Network 172.16.45.84 192.168.45.87 192.168.45.12Gateway Router Host-to-HostLeft External IP Address Right 172.16.45.99332 Iolan Device Server User’s Guide, Version VPN Client-to-Network VPN Client Initiate Communication Router Broadband Right334 Iolan Device Server User’s Guide, Version Radius and TACACS+ Appendix a Supported Radius ParametersPPP User level. See Perle Radius Dictionary Example Accounting Message Mapped Radius Parameters to Iolan Parameters Radius Parameter Iolan ParameterPerle Radius Dictionary Example Value Accessing the Iolan Through a Serial Port Users TACACS+Name Values Description Slip Accessing the Iolan from the Network Users Accessing the Iolan from the Network User Example Settings SSL/TLS Ciphers Valid SSL/TLS CiphersDES-CBC-MD5 Commands Virtual Modem Initialization CommandsAT&Sn AT&RnAT&Cn Pinouts and Cabling Diagrams Serial PinoutsDB25 Male DB25 Female RJ45 RJ45 SCS48C/SCS32C/SCS16C/SCS8C DB9 Male Serial OnlyPower Over Ethernet Pinouts DB9 Male I/ODB25 Male EIA-232 Cabling DiagramsTerminal DB25 Connector DB25 FemaleRJ45 DB9 Male10-pin Pin Modem DB25 Connector Iolan RJ45 DCERxD TxD DTR 20 DTR GND 360 Iolan SDS/SCS/STS User’s Guide, Version Setting Jumpers Port Iolan DB25 Male/FemalePort Iolan RJ45 P Power Over Ethernet Port Iolan RJ45Port Iolan DB9 Port Iolan SDS1M ModemPort Iolan Port Desktop Iolan Port/Line # Line Termination 5V Output Input Volt OutputDigital I/O Module Analog Input Module 368 Iolan SDS/SCS/STS User’s Guide, Version Digital Input Wet Contact Wiring I/O DiagramsDigital I/O Digital Input Dry ContactDigital Output Sink Digital Output SourceAnalog Input CurrentVoltage RTD 3-Wire Temperature InputRTD 2-Wire ThermocoupleNormally Open Contact RTD 4-WireRelay Output Normally Closed Contact374 Iolan SDS/SCS/STS User’s Guide, Version Utilities TruePortAPI I/O Access Over TruePort API Request FormatAPI Response Format Error Codes Decoder378 Iolan SDS/SCS/STS User’s Guide, Version Accessories Installing a Perle PCI CardInstalling a Perle PCI Card Accessories Starter Kit Adapters/Cable RJ45F to DB25M DTE Crossover AdapterRJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F DB25FRJ45F to DB9M DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models RJ45F to DB9F DTE Crossover AdapterSCS48C/SCS32C/SCS16C/SCS8C Starter Kit Adapters/Cable GND DTR 20 DTR DSR RJ45F to DB25F DTE Crossover Adapter 390 Iolan SDS/SCS/STS User’s Guide, Version Sun/Cisco Roll-Over Adapter for Rack Mount Models RJ45F392 Iolan SDS/SCS/STS User’s Guide, Version Power/Ready LED stays red after a boot TroubleshootingHardware Troubleshooting Power/Ready LED on a rack mount model flashes redCommunication Issues DeviceManager ProblemsGeneral communication checks and practices are as follows Host Problems Radius Authentication ProblemsLogin Problems Problems with TerminalsLanguage Problems DHCP/BOOTP ProblemsCallback Problems You observe Tftp errors when the Iolan boots, for examplePrinting Problems Modem ProblemsPPP Problems Long Reboot CycleCould not obtain peers certificate Certificate did not match configurationModels An A4R2 model is starting/stoppingIPv6 Issues Contacting Technical Support Making a Technical Support QueryRepair Procedure Feedback on this ManualGlossary Authentication Dial Users Services Reverse Connection PAP PasswordAuthentication Protocol Radius Remote RIP RoutingIndex APILdap Radius Index W