Allow L2TP/IPsec | Perle Systems SCS, STS specification

VPN

L2TP/IPsec

Many operating systems support L2TP/IPsec VPN tunnels, however, Windows XP requires this VPN tunnel protocol. When L2TP/IPsec is enabled, the IOLAN will listen for L2TP/IPsec VPN tunnel requests.

When you enable L2TP/IPsec, you are requiring that all access to the IOLAN go through the L2TP/IPsec tunnel, so you must configure any exceptions first (see Exceptions on page 228 for more information on exceptions) or you will not be able to access the IOLAN through the network unless you are configured to go through the L2TP/IPsec tunnel (you can still access the IOLAN through the Console port).

Field Descriptions

Configure the following parameters:

Allow L2TP/IPsec	When enabled, the IOLAN listens for L2TP/IPsec VPN tunnel connections.
connections	Note: to allow non-VPN tunnel connections to the IOLAN, you must create
	entries in the VPN Exceptions list.
	Default: Disabled
Local IP Address	The IPv4 address that the IOLAN will listen on for L2TP/IPsec connections. If
	the default value (0.0.0.0) is kept, the IOLAN will use the Default Gateway
	value (if no Default Gateway is specified, L2TP/IPsec VPN connections will
	not be established).
	Default: 0.0.0.0
Authentication	Specify the authentication method that will be used between VPN peers to
Method	authenticate the VPN tunnel.
	Data Options:
	z Shared Secret—A text-based secret that is used to authenticate the IPsec
	tunnel (case sensitive).
	z X.509 Certificate—X.509 certificates are used to authenticate the IPsec
	tunnel. When using this authentication method, you must include the
	signing authority’s certificate information in the SSL/TLS CA list and
	download it to the IOLAN.
	Default: Shared Secret

227

Image 227

Perle Systems SCS, STS manual Allow L2TP/IPsec

Contents

Iolan SDS/SCS/STS EN 55022 1998, Class A, Note Table of Contents Configuration Methods DHCP/BOOTP Getting Started Network Settings Configuring Serial Ports UDP Sockets Profile 132 Remote Access Slip Profile 179 Configuring Users Configuring Security Configuring I/O Interfaces Channels UDP Configuring Clustering Controlling the RPS, I/O Channels, System Administration Applications Appendix B SSL/TLS Ciphers Appendix E Setting Jumpers 361 Appendix G Utilities Appendix I Troubleshooting Index Glossary Documentation PrefaceAbout This Book Intended Audience Online Help Typeface Conventions Iolan Family Models IntroductionAbout the Iolan Hardware Iolan Features Software Ldap Security What’s Included ConnectivityIntroduction Iolan Components Desktop Models Power Supply SpecificationsAvailable Accessories Power Over Ethernet PoE Models Rack Mount Models DC Power RequirementsAC Power Requirements Getting to Know Your Iolan Serial Activity Port Port End View Top View Serial/Ethernet View Rack MountConsole Port/LED View Dedicated Console Port Rack Mount Models Console/Serial SwitchConsole Mode Serial Mode Models Powering Up the IolanDesktop/Rack Mount Models Secondary back-up Supply DC Power ModelsEarthing Wire Primary Supply Disconnecting 48V Power Supplies from the Iolan Powering Up the Iolan Configuration Methods Chapter Requires a Configured IP Address Configuration Methods OverviewConfigures an IP Address Easy Config Wizard DeviceManager Access PlatformsUnique Features Connecting to the Iolan Using DeviceManager DeviceManager Using DeviceManager WebManager Iolan Connecting to the Iolan Using WebManager Using WebManager Through the Network Command Line InterfaceConnecting to the Iolan Using the CLI Through the Serial Port Using the CLIConnecting to the Iolan Using the Menu Menu Using the Menu Using DHCP/BOOTP Connecting to the Iolan Using DHCP/BOOTP TACACS+ Securid DHCP/BOOTP Parameters Snmp Connecting to the Iolan Using Snmp Using the Snmp MIB IOLAN+ Interface Connecting to the Iolan to Use the IOLAN+ InterfaceUsing the IOLAN+ Interface Changes to the IOLAN+ Interface REMOTE-ADMIN Opt HEX Rlogin/Telnet Remote Access Systems Screen Name Wchiewsds2 Debug mode IP address IOLAN+ Interface Getting Started Easy Configuration Wizard Setting Up the Network Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP For an IPv6 Network Using ARP-Ping Setting Up the Serial Ports Setting Up the Serial Ports Setting Up Users Using DeviceManager WebManager DeviceManager Navigating DeviceManager/WebManager EasyPort Web WebManager Starting a New Session Using DeviceManager to Connect to the Iolan Assigning a Temporary IP Address to a New Iolan Logging in to the Iolan Adding/Deleting Manual IOLANs Logging into the Iolan Using WebManager to Connect to the IolanConfiguration Files Creating a New Iolan Configuration in DeviceManager Managing the Iolan Opening an Existing Configuration FileImporting an Existing Configuration File Network Settings Field Descriptions IP SettingsIPv4 Settings Overview IPv6 Settings Custom IPv6 AutoconfigurationIPv6 DHCPv6 Adding/Editing a Custom IPv6 Address Prefix Bits Range Default Server Name.Domain Prefix.Domain Name Advanced Configuration Default 100 msDefault 200 ms Default Disabled Advertise DHCPv6 IP Filtering Data Options AdvancedHost Table Functionality Domain Name Adding/Editing a HostHost Name Fully Qualified Route List IPv4 Subnet Mask Default DefaultAdding/Editing Routes Type DNS/WINS Editing/Adding DNS/WINS Servers RIP Password Ethernet ModeDefault None Authentication Key Dynamic DNSOverview Functionality End Time System Type Account SettingsDefault Dynamic User Name Cipher Suite Field Descriptions Adding/Editing a Cipher Suite Validation Criteria Field Descriptions Common Name IPv6 Tunnels Mode Default ManualAdding/Editing an IPv6 Tunnel Name 102 Iolan SDS/SCS/STS User’s Guide, Version Functionality Serial Ports Editing a Serial Port Copying a Serial Port Common Tabs Resetting a Serial PortSerial Port Profiles Hardware Tab Field Descriptions Flow Control Default Enabled Enable Outbound Default FullDefault Auto Flow Control Enable Inbound Email Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Packet Size Enable Trigger1Enable Trigger2 Packet Definition Trigger Default TriggerEOF1 Character EOF2 Character Default Client SSL/TLS Settings Tab Field Descriptions 114 Iolan SDS/SCS/STS User’s Guide, Version 115 116 Iolan SDS/SCS/STS User’s Guide, Version Protocol Default TelnetConsole Management Profile General Tab Field Descriptions Advanced Tab Field Descriptions Idle Timeout Enable MicrosoftAdministrator Support Default Disabled Multisessions Phone TruePort ProfileModem Multiple Hosts System Default Enabled Host NameConnect to remote Connect to Define a primary Host and backupAdding/Editing Additional TruePort Hosts Hosts to connect to Primary Host Backup HostAdding/Editing a Multihost Entry When Signals highDay Motd Default Disabled Enable TCP Logging Enable DataSession Timeout TCP Sockets Profile Connection Workstation/Server on the network Default Enabled Received on the serial port Initiate Connection Adding/Editing Additional Hosts 129 Day Motd Default Disabled Enable Data 131 UDP Sockets Profile End IP Address UDP port DirectionStart IP Address UDP Port Default 0 zeroTerminal Profile VT320 specifically supporting VT320-7 Default DumbVT100 TVI925 Is received Default Disabled Protocol Data Range 138 Iolan SDS/SCS/STS User’s Guide, Version Login Settings User Service Settings Erase Telnet SettingsInterrupt Quit Escape Rlogin SettingsUser is only prompted for a password SSH Settings Arcfour Slip SettingsRSA authentication for the SSH session Authentication for the SSH session VJ Compression Routing PPP Settings None Default ChapIPv6 Remote Remote User Default 3 seconds Remote PasswordConfigure Req Timeout Address/Control Default 1 minuteRoaming Callback Challenge Interval Printer Profile Client Iolan Tunnel Serial Tunneling ProfileSerial Server Tunnel Serial Act As Tunnel Client Default Disabled Host Name Virtual Modem Profile 154 Iolan SDS/SCS/STS User’s Guide, Version DCD Response Delay DTR Signal Acts as RTS Signal Always On RTS Signal Acts asAT Command Phone Number to Host Mapping Host IP Address Control Signal I/O ProfileVModem Phone Number Entry Phone Number Latch Input Signal Field DescriptionsInvert Signal Description Syslog Auto Clear ModeMode Default Disabled Manual Clear Failsafe Action Output Signal Field Descriptions Modbus Gateway Profile Advanced Slave Settings Button UID RangeDestination Slave IP Mappings Advanced Field Descriptions Default 30 msDefault 1000 ms Modbus Slave IP Settings Field Descriptions UID End Adding/Editing Modbus Slave IP SettingsDefault Host UID Start Data Options TCP or UDP Modbus Slave Advanced Settings Field DescriptionsDefault TCP Range Default 50 ms Power Management Profile RPS Model Editing Power Management Plug Settings Field DescriptionsDefault RSP820 RPS Name Data Options On, Off Remote Access PPP ProfileDefault State Default Off Negotiate IP IPv6 Global Authentication Tab Field Descriptions 174 Iolan SDS/SCS/STS User’s Guide, Version Dynamic DNS Field Descriptions Enable DynamicDNS for this Serial Default Disabled Port Host Account Settings 176 Iolan SDS/SCS/STS User’s Guide, Version Enable Magic Configure RequestCompression Default Enabled Enable Protocol Enable VJ MS Direct Guest Dial In/OutMS Direct Host Remote Access Slip Profile 180 Iolan SDS/SCS/STS User’s Guide, Version 181 General Tab Field Description Custom Application Profile Keyboard Buttons Hot Keys Direction Port BufferingLocal Port Buffering Remote Port Buffers Field Definitions NFS Directory Enable PortData Default Disabled Enable Key Stroke NFS Host Deny Multiple Advanced Serial Settings TabSignals Process Break Session Escape Default ~menuSerial Port Menu String Name Name of the modem Modems TabAdding/Editing a Modem Field Definitions TruePort Baud Rate Tab 190 Iolan SDS/SCS/STS User’s Guide, Version Configuring Users User Settings General Tab Adding/Editing Users Default Normal Host IP Services TabService Default DSPrompt Indentifier IPv6 Interface Advanced Tab Default English Sessions Tab Connect Session 1, 2, 3 Clustered Ports Serial Port Access TabSerial Port Access Allow Access to 202 Iolan SDS/SCS/STS User’s Guide, Version Authentication Configuring Security Method AuthenticationMethod Default Local Secondary Primary Local General Field Descriptions Radius NAS-Identifier Authenticator response Default Enabled RetryNAS-IP-Address Default Enabled Attributes Field Descriptions KDC Port KerberosRealm KDC Domain TLS Port Enable TLSBase Primary Host Default None Authentication Authorization Primary Host Secondary HostDefault None Authentication Authorization Port Default Authentication SecurID NIS Tracy Users Logging into the Iolan Using SSHDevice Server Lynn HR Server Users Passing Through the Iolan Using SSH Dir/SilLynn Sales Server Keyboard Interactive Default Enabled PasswordField Descriptions Allow SSH-1 Break String Enable VerboseOutput Default Disabled Button For a valid SSL/TLS connection 218 Iolan SDS/SCS/STS User’s Guide, Version Adding/Editing a Cipher 220 Iolan SDS/SCS/STS User’s Guide, Version VPN IPsec IKE Phase 1 ProposalsESP Phase 2 Proposals Authentication Algorithms-MD5, SHA1, SHA2 Adding/Editing the IPsec Tunnel Local Device Default LeftSecret/Remote Validation Criteria Shared Secret Field Description Remote Validation Criteria Field Descriptions Allow L2TP/IPsec L2TP/IPsec Exceptions Field Description Adding/Editing a VPN Exception Syslog Client ServicesTelnet Server TruePort Full Sntp Client DeviceManagerWebManager SSH Server Keys and Certificates Key Type 234 Iolan SDS/SCS/STS User’s Guide, Version Configuring I/O InterfacesChapter Access Functionality Settings Advanced Slave Modbus Settings Request Queuing Failsafe Action is triggered Failsafe Timer FunctionalityDefault 30 seconds UDP Functionality Enable UDPBroadcast of I/O Default Disabled Status UDP Entry UDP Settings Default Celsius Temperature Functionality Analog I/O Analog ChannelsAnalog Monitoring Application A4D2 Alarm Settings Default Current Digital I/O Digital InputMonitoring Application Input Mode 247 Digital Output Output Output ModeDefault Sink Pulse Count Pulse ModeInactive Signal Width Active Signal Width Delay Relay I/O RelayMonitoring Application A4D2Relay Width Inactive Signal Warehouse Perle Iolan Reception Active SignalDigital I/O Extension Front Door Input number 1 Byte Current Alarm State 1 Byte z 0 = Not in alarmMessage type 1 Byte Input TCP Port Enable I/OExtension Local connection Hosts Simultaneously Communicate to the Primary Host Temperature I/O Industrial Freezers Temperature Default RTD Basic Analog Alarm Settings Alarm Settings Trigger Type Advanced Analog Alarm SettingsClear Mode Clear UDP Broadcast Packet UDP Unicast Format Section Channel Length EnabledAnalog Section Length Pin Serial Pin Signal SectionDigital/Relay Section Length Channel Modbus Serial Application Connected to the Network Modbus SlaveUDP Unicast Example Modbus Serial Application Connected to the Serial Port Function Codes Modbus I/O AccessModbus RTU Or Ascii Application Power Digital Output Modbus TCP Application Coil/Register Descriptions Input Registers Serial Port Coil/Register DescriptionsA4/T4 Registers Data Model A1/T1 A2/T2 A3/T3 A4/T4 Holding Registers Data Model D1/R1 D2/R2 Coils A4D2/A4R2 Registers Data Model Pin Coils Serial Pin SignalsD4/D2R2 Registers Data Model D3/R1 D4/R2 Coils TruePort/Modbus Combination Modbus Serial Application TruePort Power Digital OutputTruePort I/O PC running Custom Application API TruePort API Over TruePort Only Introduction Accessing I/O Data Via TruePortSetup Response Format Format of API CommandsGet Commands Command Format Set Commands Example 2 Turn on the first and second relay on a D2R2 unit Successful Response FormatUnsuccessful Response Format Example 1 Turn on the first relay on a D2R2 unit Snmp Traps Error Codes 280 Iolan SDS/SCS/STS User’s Guide, Version Advanced Button Configuring Clustering ChapterClustering Slave List Adding Clustering Slaves Port Name Editing Clustering Slave SettingsAdvanced Clustering Slave Options Master TCP Port Slave TCP Port Configuring the Iolan Modem Card Configuring the Option CardOption Card Settings Card Configuring a Wireless WAN CardOverview Field Descriptions APN 288 Iolan SDS/SCS/STS User’s Guide, Version Email Alerts Configuring the System ChapterAlerts Alerts Syslog Community ManagementContact Location Privacy Password Auth Algorithm Data Options MD5, SHA Default MD5Auth Password Default DES Time Algorithm Data Options MD5, SHA Default MD5Privacy Algorithm Data Options DES, AES Default DES Confirm Password Trap Sntp Version Sntp ModeNetwork Time Tab Field Descriptions Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Login Tab Field Descriptions Bootup Files Tab Field Descriptions Display Motd WebManager/Easy Port Web Message of the Day Motd Tab Field DescriptionsTftp Host Filename Baud Rate Default Flow ControlTftp Tab Field Descriptions Console Port Tab Field Descriptions 302 Iolan SDS/SCS/STS User’s Guide, Version RPS Control State Button Management profile settingsControlling the RPS, I/O Channels, and IPsec Tunnels OK Button Closes the window Plug Control Button Serial port Serial Port Power ControlPower Plug Status Deactivate Output Manually deactivates the channel output IPsec Tunnel Control 308 Iolan SDS/SCS/STS User’s Guide, Version Downloading Configuration Files System Administration ChapterManaging Configuration Files Saving Configuration Files Reboot Server Downloading Configuration Files to Multiple IOLANs Less than 3 seconds-Reboots the Iolan Uploading Configuration FilesSpecifying a Custom Factory Default Configuration Calibrating Voltage Downloading Iolan FirmwareCalibrating I/O Calibrating Analog Input Calibrating RTD Calibrating Temperature InputCalibrating Analog Channels Calibrating Thermocouple Resetting Calibration Data Resetting the Iolan to Factory Defaults Setting the IOLAN’s Date and TimeRebooting the Iolan Loading a Supplied Language Resetting the SecurID Node SecretLanguage Support Translation Guidance Software Upgrades and Language Files Creating Terminal Definition Files Downloading Terminal Definitions For example Resetting Configuration Parameters Lost Admin Password Applications Configuring ModbusConfiguring a Master Gateway Configuring a Slave Gateway Modbus Slave Gateway Modbus Gateway SettingsModbus Master Gateway Master Gateway Serial EIA-232 Modbus Serial Port SettingsModbus Master Settings Modbus Slave UID Serial Port EIA-422/485 Modbus Master Modbus Slave UID Modbus Slave SettingsModbus Master Slave Gateway 172.16.0.0 Configuring PPP Dial On Demand Remote Printing Using LPD Setting Up Printers Remote Printing Using Host-Based Print Handling Software Remote Printing Using RCP IOLAN-to-Host/Network Configuring a Virtual Private Network Or just 172.16.45.84 192.168.45.87 192.168.45.12 Network-to-Network 172.16.45.99 Host-to-HostLeft External IP Address Right Gateway Router 332 Iolan Device Server User’s Guide, Version VPN Client Initiate Communication Router Broadband Right VPN Client-to-Network 334 Iolan Device Server User’s Guide, Version Supported Radius Parameters Radius and TACACS+ Appendix a PPP User level. See Perle Radius Dictionary Example Accounting Message Radius Parameter Iolan Parameter Mapped Radius Parameters to Iolan Parameters Perle Radius Dictionary Example Value TACACS+ Accessing the Iolan Through a Serial Port Users Name Values Description Slip Accessing the Iolan from the Network Users Accessing the Iolan from the Network User Example Settings Valid SSL/TLS Ciphers SSL/TLS Ciphers DES-CBC-MD5 Virtual Modem Initialization Commands Commands AT&Cn AT&SnAT&Rn DB25 Male Pinouts and Cabling DiagramsSerial Pinouts DB25 Female RJ45 DB9 Male Serial Only RJ45 SCS48C/SCS32C/SCS16C/SCS8C DB9 Male I/O Power Over Ethernet Pinouts DB25 Female EIA-232 Cabling DiagramsTerminal DB25 Connector DB25 Male 10-pin Pin RJ45DB9 Male Iolan RJ45 DCE Modem DB25 Connector RxD TxD DTR 20 DTR GND 360 Iolan SDS/SCS/STS User’s Guide, Version Port Iolan DB25 Male/Female Setting Jumpers Port Iolan RJ45 Port Iolan RJ45 P Power Over Ethernet Port Iolan SDS1M Modem Port Iolan DB9 Port Iolan Port/Line # Line Termination 5V Output Input Volt Output Port Desktop Iolan Digital I/O Module Analog Input Module 368 Iolan SDS/SCS/STS User’s Guide, Version Digital Input Dry Contact Wiring I/O DiagramsDigital I/O Digital Input Wet Contact Digital Output Source Digital Output Sink Voltage Analog InputCurrent Thermocouple Temperature InputRTD 2-Wire RTD 3-Wire Normally Closed Contact RTD 4-WireRelay Output Normally Open Contact 374 Iolan SDS/SCS/STS User’s Guide, Version TruePort Utilities API Response Format API I/O Access Over TruePortAPI Request Format Decoder Error Codes 378 Iolan SDS/SCS/STS User’s Guide, Version Installing a Perle PCI Card Accessories Installing a Perle PCI Card Accessories RJ45F to DB25M DTE Crossover Adapter Starter Kit Adapters/Cable RJ45F to DB25M DCE Modem Adapter RJ45F DB25F RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models SCS48C/SCS32C/SCS16C/SCS8C Starter Kit Adapters/Cable GND DTR 20 DTR DSR RJ45F to DB25F DTE Crossover Adapter 390 Iolan SDS/SCS/STS User’s Guide, Version RJ45F Sun/Cisco Roll-Over Adapter for Rack Mount Models 392 Iolan SDS/SCS/STS User’s Guide, Version Power/Ready LED on a rack mount model flashes red TroubleshootingHardware Troubleshooting Power/Ready LED stays red after a boot General communication checks and practices are as follows Communication IssuesDeviceManager Problems Radius Authentication Problems Host Problems Problems with Terminals Login Problems You observe Tftp errors when the Iolan boots, for example DHCP/BOOTP ProblemsCallback Problems Language Problems Long Reboot Cycle Modem ProblemsPPP Problems Printing Problems An A4R2 model is starting/stopping Certificate did not match configurationModels Could not obtain peers certificate IPv6 Issues Making a Technical Support Query Contacting Technical Support Feedback on this Manual Repair Procedure Glossary RIP Routing PAP PasswordAuthentication Protocol Radius Remote Authentication Dial Users Services Reverse Connection API Index Ldap Radius Index W