Exceptions | Perle Systems STS, SCS specs

VPN

Remote Validation	Depending on the Authentication Method:
Criteria	Shared Secret—Specify the text-based secret that is used to authenticate the
	IPsec tunnel (case sensitive). This applies to all VPN tunnels (IPsec and
	L2TP/IPsec).
	X.509 Certificate—Specify the remote X.509 certificate validation criteria
	that must match for successful authentication (case sensitive). Note that all
	validation criteria must be configured to match the X.509 certificate. An
	asterisk (*) is valid as a wildcard.
	See Shared Secret Field Description on page 225 for more information.
	See Remote Validation Criteria Field Descriptions on page 226 for more
	information on the X.509 certificate validation criteria.
IPv4 Local IP	Specify the unique IPv4 address that hosts accessing the IOLAN through the
Address	L2TP tunnel will use.
	Field Format: IPv4 address
IPv4 Remote IP	Specify the first IPv4 address that can be assigned to incoming hosts through
Start Address	the L2TP tunnel.
	Field Format: IPv4 address
IPv4 Remote IP	Specify the end range of the IPv4 addresses that can be assigned to incoming
End Address	hosts through the L2TP tunnel.
	Field Format: IPv4 address
Authentication	Specify the authentication method that will be used for the L2TP tunnel.
	Data Options: CHAP, PAP, Both
	Default: Both

Exceptions

Exceptions allow specific hosts or any host in a network to access the IOLAN outside of a VPN tunnel. This is especially useful when allowing local network hosts access to the IOLAN when VPN tunnels have been configured for remote user security.

Field Descriptions

The following buttons are available:

Add Button	Click the Add button to add a VPN exception to the Exception List.
Edit Button	Highlight an Exception List entry and click the Edit button to change the
	entry.

228	IOLAN SDS/SCS/STS User’s Guide, Version 3.6

Image 228

Perle Systems STS, SCS manual Exceptions

Contents

Iolan SDS/SCS/STS EN 55022 1998, Class A, Note Table of Contents Configuration Methods DHCP/BOOTP Getting Started Network Settings Configuring Serial Ports UDP Sockets Profile 132 Remote Access Slip Profile 179 Configuring Users Configuring Security Configuring I/O Interfaces Channels UDP Configuring Clustering Controlling the RPS, I/O Channels, System Administration Applications Appendix B SSL/TLS Ciphers Appendix E Setting Jumpers 361 Appendix G Utilities Appendix I Troubleshooting Glossary Index Preface About This BookIntended Audience Documentation Typeface Conventions Online Help Introduction About the IolanIolan Family Models Iolan Features Hardware Software Security Ldap Connectivity IntroductionIolan Components What’s Included Power Supply Specifications Available AccessoriesPower Over Ethernet PoE Models Desktop Models DC Power Requirements AC Power RequirementsGetting to Know Your Iolan Rack Mount Models Port Serial Activity Port Top View End View Rack Mount Console Port/LED ViewSerial/Ethernet View Console/Serial Switch Console ModeSerial Mode Dedicated Console Port Rack Mount Models Powering Up the Iolan Desktop/Rack Mount ModelsModels DC Power Models Earthing WirePrimary Supply Secondary back-up Supply Disconnecting 48V Power Supplies from the Iolan Powering Up the Iolan Configuration Methods Chapter Configuration Methods Overview Configures an IP AddressRequires a Configured IP Address Easy Config Wizard Access Platforms Unique FeaturesConnecting to the Iolan Using DeviceManager DeviceManager DeviceManager Using DeviceManager WebManager Connecting to the Iolan Using WebManager Iolan Using WebManager Command Line Interface Connecting to the Iolan Using the CLIThrough the Network Using the CLI Connecting to the Iolan Using the MenuMenu Through the Serial Port Using the Menu Connecting to the Iolan Using DHCP/BOOTP Using DHCP/BOOTP DHCP/BOOTP Parameters TACACS+ Securid Connecting to the Iolan Using Snmp Snmp Using the Snmp MIB Connecting to the Iolan to Use the IOLAN+ Interface Using the IOLAN+ InterfaceIOLAN+ Interface REMOTE-ADMIN Changes to the IOLAN+ Interface Opt HEX Rlogin/Telnet Remote Access Systems Screen Name Wchiewsds2 Debug mode IP address IOLAN+ Interface Easy Configuration Wizard Getting Started Setting Up the Network Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP Using ARP-Ping For an IPv6 Network Setting Up the Serial Ports Setting Up the Serial Ports Setting Up Users Using DeviceManager WebManager Navigating DeviceManager/WebManager DeviceManager WebManager EasyPort Web Using DeviceManager to Connect to the Iolan Starting a New Session Assigning a Temporary IP Address to a New Iolan Adding/Deleting Manual IOLANs Logging in to the Iolan Using WebManager to Connect to the Iolan Configuration FilesCreating a New Iolan Configuration in DeviceManager Logging into the Iolan Opening an Existing Configuration File Importing an Existing Configuration FileManaging the Iolan Network Settings IP Settings IPv4 SettingsOverview Field Descriptions IPv6 Settings Autoconfiguration IPv6DHCPv6 Custom IPv6 Prefix Bits Range Default Adding/Editing a Custom IPv6 Address Advanced Server Name.Domain Prefix.Domain Name Default 100 ms Default 200 msDefault Disabled Advertise DHCPv6 Configuration Advanced Host TableFunctionality IP Filtering Data Options Adding/Editing a Host Host NameFully Qualified Domain Name Route List Default Default Adding/Editing RoutesType IPv4 Subnet Mask DNS/WINS RIP Editing/Adding DNS/WINS Servers Ethernet Mode Default NoneAuthentication Password Dynamic DNS Overview FunctionalityEnd Time Key Account Settings Default DynamicUser Name System Type Cipher Suite Field Descriptions Adding/Editing a Cipher Suite Validation Criteria Field Descriptions IPv6 Tunnels Common Name Default Manual Adding/Editing an IPv6 TunnelName Mode 102 Iolan SDS/SCS/STS User’s Guide, Version Serial Ports Functionality Editing a Serial Port Copying a Serial Port Resetting a Serial Port Serial Port ProfilesCommon Tabs Hardware Tab Field Descriptions Default Full Default Auto Flow ControlEnable Inbound Flow Control Default Enabled Enable Outbound Email Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Enable Trigger1 Enable Trigger2Packet Definition Packet Size Default Trigger EOF1 CharacterEOF2 Character Trigger SSL/TLS Settings Tab Field Descriptions Default Client 114 Iolan SDS/SCS/STS User’s Guide, Version 115 116 Iolan SDS/SCS/STS User’s Guide, Version Default Telnet Console Management ProfileGeneral Tab Field Descriptions Protocol Advanced Tab Field Descriptions Enable Microsoft AdministratorSupport Default Disabled Multisessions Idle Timeout TruePort Profile ModemPhone System Default Enabled Host Name Connect to remoteConnect to Multiple Hosts Host and backup Adding/Editing Additional TruePort HostsHosts to connect to Define a primary Backup Host Adding/Editing a Multihost EntryPrimary Host Signals high Day Motd Default Disabled Enable TCPWhen Enable Data Session TimeoutLogging Connection Workstation/Server on the network Default Enabled TCP Sockets Profile Initiate Connection Received on the serial port Adding/Editing Additional Hosts 129 Day Motd Default Disabled Enable Data 131 UDP Sockets Profile UDP port Direction Start IP AddressEnd IP Address Default 0 zero Terminal ProfileUDP Port Default Dumb VT100TVI925 VT320 specifically supporting VT320-7 Default Disabled Protocol Is received Data Range 138 Iolan SDS/SCS/STS User’s Guide, Version User Service Settings Login Settings Telnet Settings InterruptQuit Erase Rlogin Settings User is only prompted for a passwordEscape SSH Settings Slip Settings RSA authentication for the SSH sessionAuthentication for the SSH session Arcfour Routing VJ Compression PPP Settings Default Chap IPv6 RemoteNone Remote User Remote Password Configure ReqTimeout Default 3 seconds Default 1 minute Roaming CallbackChallenge Interval Address/Control Printer Profile Serial Tunneling Profile Serial Server TunnelSerial Client Iolan Tunnel Client Default Disabled Host Name Act As Tunnel Virtual Modem Profile 154 Iolan SDS/SCS/STS User’s Guide, Version DCD DTR Signal Acts as RTS Signal Always On RTS Signal Acts as AT CommandResponse Delay Phone Number to Host Mapping Control Signal I/O Profile VModem Phone Number EntryPhone Number Host IP Address Input Signal Field Descriptions Invert SignalDescription Latch Auto Clear Mode Mode Default DisabledManual Clear Syslog Output Signal Field Descriptions Failsafe Action Modbus Gateway Profile Settings Button UID Range Destination SlaveIP Mappings Advanced Slave Default 30 ms Default 1000 msAdvanced Field Descriptions Modbus Slave IP Settings Field Descriptions Adding/Editing Modbus Slave IP Settings Default HostUID Start UID End Modbus Slave Advanced Settings Field Descriptions Default TCPRange Default 50 ms Data Options TCP or UDP Power Management Profile Editing Power Management Plug Settings Field Descriptions Default RSP820RPS Name RPS Model Remote Access PPP Profile Default StateDefault Off Data Options On, Off Negotiate IP IPv6 Global Authentication Tab Field Descriptions 174 Iolan SDS/SCS/STS User’s Guide, Version Enable Dynamic DNS for this Serial Default Disabled Port HostAccount Settings Dynamic DNS Field Descriptions 176 Iolan SDS/SCS/STS User’s Guide, Version Configure Request Compression Default Enabled Enable ProtocolEnable VJ Enable Magic Dial In/Out MS Direct HostMS Direct Guest Remote Access Slip Profile 180 Iolan SDS/SCS/STS User’s Guide, Version 181 Custom Application Profile General Tab Field Description Port Buffering Local Port BufferingKeyboard Buttons Hot Keys Direction Field Definitions Remote Port Buffers Enable Port Data Default Disabled Enable Key StrokeNFS Host NFS Directory Advanced Serial Settings Tab SignalsProcess Break Deny Multiple Default ~menu Serial Port MenuString Session Escape Modems Tab Adding/Editing a ModemName Name of the modem TruePort Baud Rate Tab Field Definitions 190 Iolan SDS/SCS/STS User’s Guide, Version Configuring Users User Settings Adding/Editing Users General Tab Default Normal Services Tab ServiceDefault DSPrompt Host IP IPv6 Interface Indentifier Advanced Tab Default English Sessions Tab Session 1, 2, 3 Connect Serial Port Access Tab Serial Port AccessAllow Access to Clustered Ports 202 Iolan SDS/SCS/STS User’s Guide, Version Configuring Security Authentication Authentication Method Default Local SecondaryPrimary Method Local Radius General Field Descriptions Authenticator response Default Enabled Retry NAS-IP-Address Default EnabledAttributes Field Descriptions NAS-Identifier Kerberos RealmKDC Domain KDC Port Enable TLS BaseTLS Port Authentication Authorization Primary Host Secondary Host Default None AuthenticationAuthorization Port Default Authentication Primary Host Default None SecurID NIS Users Logging into the Iolan Using SSH Device ServerLynn Tracy Users Passing Through the Iolan Using SSH Dir/Sil Lynn Sales ServerHR Server Interactive Default Enabled Password Field DescriptionsAllow SSH-1 Keyboard Enable Verbose Output Default DisabledBreak String Button For a valid SSL/TLS connection 218 Iolan SDS/SCS/STS User’s Guide, Version Adding/Editing a Cipher 220 Iolan SDS/SCS/STS User’s Guide, Version VPN IKE Phase 1 Proposals ESP Phase 2 ProposalsAuthentication Algorithms-MD5, SHA1, SHA2 IPsec Adding/Editing the IPsec Tunnel Default Left Secret/RemoteValidation Criteria Local Device Shared Secret Field Description Remote Validation Criteria Field Descriptions L2TP/IPsec Allow L2TP/IPsec Exceptions Adding/Editing a VPN Exception Field Description Services Telnet ServerTruePort Full Syslog Client DeviceManager WebManagerSSH Server Sntp Client Keys and Certificates Key Type 234 Iolan SDS/SCS/STS User’s Guide, Version Configuring I/O InterfacesChapter Settings Access Functionality Advanced Slave Modbus Settings Request Queuing Failsafe Timer Functionality Default 30 secondsFailsafe Action is triggered Enable UDP Broadcast of I/O Default Disabled StatusUDP Functionality UDP Settings UDP Entry Temperature Functionality Default Celsius Channels AnalogMonitoring Application A4D2 Analog I/O Analog Default Current Alarm Settings Digital Input Monitoring ApplicationDigital I/O Input Mode 247 Digital Output Output Mode Default SinkOutput Pulse Mode Inactive Signal Width Active Signal WidthDelay Pulse Count Relay Monitoring Application A4D2RelayRelay I/O Inactive Signal Width Active Signal Digital I/O ExtensionFront Door Warehouse Perle Iolan Reception Current Alarm State 1 Byte z 0 = Not in alarm Message type 1 ByteInput number 1 Byte Enable I/O ExtensionInput TCP Port Hosts Local connection Simultaneously Communicate to the Primary Host Temperature Temperature I/O Industrial Freezers Default RTD Alarm Settings Basic Analog Alarm Settings Advanced Analog Alarm Settings Clear ModeTrigger Type Clear UDP Unicast Format UDP Broadcast Packet Length Enabled Analog SectionSection Channel Serial Pin Signal Section Digital/Relay SectionLength Channel Length Pin Modbus Slave UDP Unicast ExampleModbus Serial Application Connected to the Serial Port Modbus Serial Application Connected to the Network Modbus I/O Access Modbus RTU Or Ascii Application Power Digital OutputModbus TCP Application Function Codes Coil/Register Descriptions Serial Port Coil/Register Descriptions A4/T4 RegistersData Model A1/T1 A2/T2 A3/T3 A4/T4 Holding Registers Input Registers A4D2/A4R2 Registers Data Model D1/R1 D2/R2 Coils Serial Pin Signals D4/D2R2 RegistersData Model D3/R1 D4/R2 Coils Data Model Pin Coils Modbus Serial Application TruePort Power Digital Output TruePort I/OTruePort/Modbus Combination API Over TruePort Only PC running Custom Application API TruePort Accessing I/O Data Via TruePort SetupIntroduction Format of API Commands Get CommandsCommand Format Response Format Set Commands Successful Response Format Unsuccessful Response FormatExample 1 Turn on the first relay on a D2R2 unit Example 2 Turn on the first and second relay on a D2R2 unit Error Codes Snmp Traps 280 Iolan SDS/SCS/STS User’s Guide, Version Configuring Clustering Chapter Clustering Slave ListAdvanced Button Adding Clustering Slaves Editing Clustering Slave Settings Advanced Clustering Slave OptionsPort Name Slave TCP Port Master TCP Port Configuring the Option Card Option Card SettingsConfiguring the Iolan Modem Card Configuring a Wireless WAN Card Overview Field DescriptionsCard APN 288 Iolan SDS/SCS/STS User’s Guide, Version Configuring the System Chapter AlertsEmail Alerts Alerts Syslog Management ContactLocation Community Auth Algorithm Data Options MD5, SHA Default MD5 Auth PasswordDefault DES Privacy Password Algorithm Data Options MD5, SHA Default MD5 Privacy Algorithm Data Options DES, AES Default DESConfirm Password Trap Time Sntp Mode Network Time Tab Field DescriptionsSntp Version Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Login Tab Field Descriptions Bootup Files Tab Field Descriptions Message of the Day Motd Tab Field Descriptions Tftp HostFilename Display Motd WebManager/Easy Port Web Default Flow Control Tftp Tab Field DescriptionsConsole Port Tab Field Descriptions Baud Rate 302 Iolan SDS/SCS/STS User’s Guide, Version State Button Management profile settings Controlling the RPS, I/O Channels, and IPsec TunnelsRPS Control Plug Control OK Button Closes the window Serial Port Power Control Power Plug StatusButton Serial port Deactivate Output Manually deactivates the channel output IPsec Tunnel Control 308 Iolan SDS/SCS/STS User’s Guide, Version System Administration Chapter Managing Configuration FilesSaving Configuration Files Downloading Configuration Files Downloading Configuration Files to Multiple IOLANs Reboot Server Uploading Configuration Files Specifying a Custom Factory Default ConfigurationLess than 3 seconds-Reboots the Iolan Downloading Iolan Firmware Calibrating I/OCalibrating Analog Input Calibrating Voltage Calibrating Temperature Input Calibrating Analog ChannelsCalibrating Thermocouple Calibrating RTD Resetting Calibration Data Setting the IOLAN’s Date and Time Rebooting the IolanResetting the Iolan to Factory Defaults Resetting the SecurID Node Secret Language SupportLoading a Supplied Language Software Upgrades and Language Files Translation Guidance Downloading Terminal Definitions Creating Terminal Definition Files Resetting Configuration Parameters For example Lost Admin Password Configuring Modbus Configuring a Master GatewayConfiguring a Slave Gateway Applications Modbus Gateway Settings Modbus Master GatewayModbus Slave Gateway Modbus Serial Port Settings Modbus Master SettingsModbus Slave UID Master Gateway Serial EIA-232 Modbus Slave Settings Modbus Master Slave GatewaySerial Port EIA-422/485 Modbus Master Modbus Slave UID Configuring PPP Dial On Demand 172.16.0.0 Setting Up Printers Remote Printing Using LPD Remote Printing Using RCP Remote Printing Using Host-Based Print Handling Software Configuring a Virtual Private Network IOLAN-to-Host/Network Or just Network-to-Network 172.16.45.84 192.168.45.87 192.168.45.12 Host-to-Host Left External IP Address RightGateway Router 172.16.45.99 332 Iolan Device Server User’s Guide, Version VPN Client-to-Network VPN Client Initiate Communication Router Broadband Right 334 Iolan Device Server User’s Guide, Version Radius and TACACS+ Appendix a Supported Radius Parameters PPP User level. See Perle Radius Dictionary Example Accounting Message Mapped Radius Parameters to Iolan Parameters Radius Parameter Iolan Parameter Perle Radius Dictionary Example Value Accessing the Iolan Through a Serial Port Users TACACS+ Name Values Description Slip Accessing the Iolan from the Network Users Accessing the Iolan from the Network User Example Settings SSL/TLS Ciphers Valid SSL/TLS Ciphers DES-CBC-MD5 Commands Virtual Modem Initialization Commands AT&Sn AT&RnAT&Cn Pinouts and Cabling Diagrams Serial PinoutsDB25 Male DB25 Female RJ45 RJ45 SCS48C/SCS32C/SCS16C/SCS8C DB9 Male Serial Only Power Over Ethernet Pinouts DB9 Male I/O EIA-232 Cabling Diagrams Terminal DB25 ConnectorDB25 Male DB25 Female RJ45 DB9 Male10-pin Pin Modem DB25 Connector Iolan RJ45 DCE RxD TxD DTR 20 DTR GND 360 Iolan SDS/SCS/STS User’s Guide, Version Setting Jumpers Port Iolan DB25 Male/Female Port Iolan RJ45 P Power Over Ethernet Port Iolan RJ45 Port Iolan DB9 Port Iolan SDS1M Modem Port Iolan Port Desktop Iolan Port/Line # Line Termination 5V Output Input Volt Output Digital I/O Module Analog Input Module 368 Iolan SDS/SCS/STS User’s Guide, Version Wiring I/O Diagrams Digital I/ODigital Input Wet Contact Digital Input Dry Contact Digital Output Sink Digital Output Source Analog Input CurrentVoltage Temperature Input RTD 2-WireRTD 3-Wire Thermocouple RTD 4-Wire Relay OutputNormally Open Contact Normally Closed Contact 374 Iolan SDS/SCS/STS User’s Guide, Version Utilities TruePort API I/O Access Over TruePort API Request FormatAPI Response Format Error Codes Decoder 378 Iolan SDS/SCS/STS User’s Guide, Version Accessories Installing a Perle PCI Card Installing a Perle PCI Card Accessories Starter Kit Adapters/Cable RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F DB25F RJ45F to DB9M DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models RJ45F to DB9F DTE Crossover Adapter SCS48C/SCS32C/SCS16C/SCS8C Starter Kit Adapters/Cable GND DTR 20 DTR DSR RJ45F to DB25F DTE Crossover Adapter 390 Iolan SDS/SCS/STS User’s Guide, Version Sun/Cisco Roll-Over Adapter for Rack Mount Models RJ45F 392 Iolan SDS/SCS/STS User’s Guide, Version Troubleshooting Hardware TroubleshootingPower/Ready LED stays red after a boot Power/Ready LED on a rack mount model flashes red Communication Issues DeviceManager ProblemsGeneral communication checks and practices are as follows Host Problems Radius Authentication Problems Login Problems Problems with Terminals DHCP/BOOTP Problems Callback ProblemsLanguage Problems You observe Tftp errors when the Iolan boots, for example Modem Problems PPP ProblemsPrinting Problems Long Reboot Cycle Certificate did not match configuration ModelsCould not obtain peers certificate An A4R2 model is starting/stopping IPv6 Issues Contacting Technical Support Making a Technical Support Query Repair Procedure Feedback on this Manual Glossary PAP Password Authentication Protocol Radius RemoteAuthentication Dial Users Services Reverse Connection RIP Routing Index API Ldap Radius Index W