Public Key, Preshared Keys | RuggedCom RX1100, RX1000 instruction

Chapter 12 – Configuring An IPsec VPN

Note: When connections become active, Openswan assigns them to ipsec interfaces. You must plan on these interfaces being the source of incoming traffic in firewall rules.

The NAT Traversal fields enable and disable this feature. Enable Nat Traversal if this router originates the VPN connection and the VPN connection passes through a firewall.

The Syslog logging level fields determines the facility and priority of log messages generated by Openswan.

Public Key

Figure 108: Show Public Key

This menu displays the RuggedRouters's public RSA key.

Preshared Keys

Figure 109: Preshared Keys

This menu creates, deletes and edits pre-shared keys used by VPN connections using secret key encryption.

Select the links under the “Remote Address” column to edit or delete a secret key.

The menu will not allow more than one entry to have a specific pair of IP addresses. The menu will not allow a password shorter than eight characters in length.

RuggedCom

129

Image 131

RuggedCom RX1100, RX1000 manual Public Key, Preshared Keys

Contents

RuggedRouter Ruggedrouter User Guide Who Should Use This User Guide How To Use This User GuideAbout this User Guide Applicable Firmware Revision Quick Start Recommendations Document Conventions Basic Web Based Configuration Additional Configuration About this User Guide Table Of Contents Table Of Contents RuggedRouter User Guide 100 114 144 Page Table Of Contents Page 241 Page Table Of Figures RuggedRouter Setup Main Menu Scheduled Commands Displaying a Command T1/E1 Network Interfaces After Interface Creation Adsl Link Statistics Show Public Key Link Backup Status 162 Raw Socket Menu IRIGB/IEEE1588 General Configuration menu 230 255 IAS Window Edit Profile 282 Default Configuration Setting Up And Administering The RouterAccess Methods Accounts And Password Management From the Console Port Accessing The RuggedRouter Command PromptRuggedRouter Setup Shell Configuring Passwords Configuring Radius Authentication Configuring IP Address InformationSetting The Hostname Enabling And Disabling The SSH and Web Server Radius Server Configuration menu Enabling And Disabling The Gauntlet Security Appliance Configuring The Date, Time And Timezone RuggedRouter Hardware Information Menu Displaying Hardware Information Selecting a configuration to reload Restoring a Configuration Structure of the Web Interface Using a Web Browser to Access the Web InterfaceRuggedRouter Web Interface SSL Certificate Warnings RuggedRouter Web Interface Main Menu Window LED Status Panel Using The LED Status Panel LED Name Description Obtaining Chassis Information IP Access Control Webmin ConfigurationWebmin Configuration Menu Change Help Server Ports And Addresses Logging Webmin Configuration Menu, Logging Webmin Configuration Menu, Authentication Authentication Webmin Events Log Webmin Events Log This page intentionally blank Bootup And Shutdown Configuring The System Scheduled Commands Change Password Command Scheduled Commands Displaying a Command Webmin Scheduled Cron Jobs Scheduled Cron Jobs System Time System Hostname Network Configuration Configuring Networking Dummy Interface Core Settings Routing And Gateways Default Route TableConfigured Static Routes Manually Entered Static Routes Static Multicast Routing Static Multicast Routing Host Addresses End To End BackupDNS Client Page Current Routing & Interface Table Configuring End To End Backup LED Designations Configuring Ethernet InterfacesEthernet Interface Fundamentals Vlan Interface Fundamentals RuggedRouter Functions Supporting VLANs PPPoE On Native Ethernet Interfaces Fundamentals Ethernet Interfaces Ethernet Editing a Network Interface Editing Currently Active Interfaces Virtual Lan Interfaces Edit Boot Time InterfacesVirtual Interfaces List PPPoE Interfaces PPPoE On Native Ethernet Interfaces Editing a PPPoE Interface Edit PPPoE Interface Current Routes & Interface Table PPP Logs Frame Relay Configuring Frame Relay/PPP And T1/E1T1/E1 Fundamentals Included With T1E1 T1/E1Location Of Interfaces And Labeling Strategy For Creating Interfaces T1/E1 Network Interfaces Naming Of Logical Interfaces Editing a T1/E1 Interface E1 Settings T1 Settings Frame Relay Link Parameters Editing a Logical Interface Frame Relay Frame Relay DLCIs Editing a Logical Interface PPP Link Statistics T1/E1 Statistics Frame Relay Statistics Frame Relay Interface Statistics PPP Link Statistics PPP Interface Statistics T1/E1 Loopback Menu T1/E1 Loopback Upgrading Firmware Upgrading Software T3 Fundamentals Configuring Frame Relay/PPP And T3 T3 Network Interfaces T3 Configuration Edit T3 Interface Editing a T3 Interface T3 Statistics Upgrading Software Page DDS Fundamentals Configuring Frame Relay/PPP DDS Network Interfaces DDS Configuration Edit Logical Interface Frame Relay, single Dlci DDS Link Statistics DDS Statistics Frame Relay And PPP Interface Statistics DDS LoopbackPage Adsl Fundamentals Configuring PPPoE/Bridged Mode OnPPPoE/Bridged Mode Fundamentals Bridged Mode Authentication, Addresses and DNS ServersPPPoE MTU Issues Editing a Logical Interface PPPoE Adsl ConfigurationAdsl Network Interfaces Edit Logical Interface Bridged Editing a Logical Interface Bridged Adsl Link Statistics Adsl Statistics Current Routes & Interface Table Modem Fundamentals Configuring PPP and ModemPPP Mode Fundamentals When the Modem Connects Modem Main Menu Modem Configuration Blind dial Modem PPP Client Modem PPP Client Connections Modem Incoming Call Logs Modem PPP Server PPP Logs Modem PPP Logs PPP Connection Logs Modem PPP Connection LogsPage Linux netfilter, iptables And The Shoreline Firewall Configuring The FirewallFirewall Fundamentals Stateless vs Stateful Firewalls Network Address Translation Port Forwarding Shorewall Quick Setup Interfaces ShoreWall Terminology And ConceptsZones Policy Hosts Interface Subnet Address Protocol Ports Masquerading And Snat Reject Rules Route Based Virtual Private Networking Configuring The Firewall And VPN Virtual Private Networking To a DMZ Policy Based Virtual Private Networking Starting Shorewall Firewall Menu Firewall Main Menu Shorewall Firewall Menu Network Interfaces Network Zones Editing a Firewall Network Interfaces Firewall Zone Hosts Network Zone Hosts Masquerading Default Policies Editing a Masquerading Rule Firewall Rules Static NAT Static NAT Creating a Static NAT Entry Actions When StoppedPage Page Policy Vs Route Based VPNs Configuring An IPsec VPNVPN Fundamentals IPsec Modes Public Key And Pre-shared Keys Supported Encryption Protocols NAT Traversal Other Configuration Supporting IPSecX509 Certificates IPsec and Router Interfaces Openswan Configuration ProcessVPN Main Menu Before Key Generation VPN Main MenuPage IPsec VPN Configuration After Connections Have Been Created Server Configuration Preshared Keys Public Key IPsec VPN Connection Details List CertificatesVPN Connections Page Export Configuration Left/Right Systems Settings IPsec Status Showing IPsec Status Select a Certificate Authority IPSec X.509 Roaming Client Example Generate X.509 Certificates VPN Networking Parameters Client ConfigurationRouter IPSec Configuration Ethernet Port Configuration Firewall IPSec ConfigurationPage RIP Fundamentals Configuring Dynamic RoutingQuagga, RIP and Ospf Network Areas Ospf FundamentalsKey Ospf And RIP Parameters Link State Advertisements Redistributing Routes Active/Passive Interface DefaultRouter-ID Hello Interval and Dead Interval Link Detect Configuring Ospf Link CostsOspf Authentication RIP Authentication Administrative Distances Vrrp Operation Ospf And Vrrp Example NetworkArea And Subnets Dynamic Routing Enable Protocols Core Interface Parameters CoreCore Global Parameters View Core Configuration Ospf Global Parameters OspfPage Ospf Interfaces Ospf Interfaces Ospf Status View Ospf ConfigurationOspf Network Areas RIP Global Parameters RIP Global Parameters RIP Key Chains RIP Interfaces RIP Networks RIP Networks RIP Status View RIP ConfigurationPage Path Failure Discovery Configuring Link BackupLink Backup Fundamentals Use Of Routing Protocols And The Default Route Link Backup Main MenuLink Backup Configuration Edit Link Backup Configuration Test Link Backup Link Backup LogsLink Backup Status Page Page Vrrp Fundamentals Configuring VrrpProblem With Static Routing Vrrp Solution Vrrp Example Page Vrrp Main Menu Vrrp Configuration Vrrp Instance Editing a Vrrp Instance Vrrp Instances Status Viewing Vrrp Instances Status Filters Configuring Traffic PrioritizationTraffic Prioritization Fundamentals Priority Queues Included With Traffic Prioritization TOS Prioritization Prioritization Example Interface Prioritization Menu Traffic Prioritization Main Menu Prioritization Transmit Queue Length Prioritization QueuesPrioritization Filters Prioritization Statistics Prioritization Statistics GRE Fundamentals Configuring Generic Routing Encapsulation GRE Main Menu GRE Configuration MenuPage Network Utilities Main Menu Network Utilities Traceroute Menu Ping Menu Tcpdump a Network Interface Host MenuTrace Menu Serial Trace a Serial Server Port Frame Relay Link Layer Trace a WAN Interface Interface Statistics Menu Interface Statistics Menu Current Routing & Interface Table Current Routing & Interface Table Interface Status Page Serial IP Port Features Configuring Serial Protocols Broadcast RTU Polling Serial Protocols ApplicationsCharacter Encapsulation RTU Polling Message Packetization Serial Protocols Concepts And IssuesHost And Remote Roles Use Of Port Redirectors Serial Protocols Main Menu Use of Turnaround Delays RawSocket Menu Port Settings MenuAssign Protocols Menu Page Serial Protocols Statistics Menu Protocol Specific Packet Error Statistics Serial Protocols Trace Menu Serial Protocols Trace Menu Is provided Serial Protocols Sertrace UtilityPage Layer 2 Tunnel Daemon Details Configuring Goose TunnelsIEC61850 Goose Fundamentals Layer 2 Tunnels Main Menu Layer 2 Tunnels Main Menu Goose Tunnels Menu General Configuration Menu Activity Trace Menu Goose Statistics MenuPage Page Dhcp Client Options Configuring The Dhcp serverDhcp Fundamentals Dhcp Network OrganizationsPage Option 82 Support with Disable NAK Single Network With Static IP Assignment Example Dhcp Scenarios And ConfigurationsSingle Network With Option82 Clients On One Switch Single Network With Dynamic IP AssignmentPage Page Dhcp Server Menu Dhcp Server Main Menu Dhcp Shared Network Configuration Dhcp Shared Network Configuration Dhcp Subnet Configuration Dhcp Subnet Configuration Dhcp Host Configuration Dhcp Group Configuration Dhcp Pool Configuration Dhcp Pool Configuration NTP Fundamentals Configuring NTP Included With NTP NTP Sanity LimitNTP And The Precision Time Protocol Card Generic Options NTP Server Main Menu Peers Configuration Servers Configuration Viewing The NTP Log Viewing The NTP Status Viewing The GPS Log Viewing The GPS Status Included With SSH Configuring SSHSSH Fundamentals SSH Server SSH Main Menu Networking Access ControlPage PTP Master Election Configuring Irigb And IEEE1588IEEE1588 Fundamentals PTP Network Roles Irigb Output Formats Irigb FundamentalsSynchronizing NTP from IEEE1588 How The Router Selects a Reference Clock GPS Cable compensationReference Clocks IRIGB/IEEE1588 Main Menu General Configuration IEEE1588 Configuration Irigb Configuration IEEE1588 Status Irigb Status Irigb Log Page Snort Rules Configuring The Snort IDSSnort Fundamentals Which Interfaces To Monitor Performance And Resources Global ConfigurationSnort IDS Main Menu Rule Lookup by SID Network SettingsRulesets Alerts & Logging PreProcessors Edit Config File Alert Menu Maintaining The RouterAlert System Alert Configuration Menu Alert Configuration Alert Definition Configuration Alert Filter Configuration Change Alert Definition Page Gauntlet And The Firewall Gauntlet SecurityWhat And How Gauntlet Protects Upgrading Gauntlet Gauntlet Status Menu System Backup And Restore Backup And Restore General Configuration Setup Archive History Archive Backup Archive Difference Tool Archive Restore Archive Differences List Show Difference for selected file between two targets Snmp Configuration Network Addressing Configuration Snmp Configuration Main MenuSystem Configuration Access Control page, Snmp V1 and V2c 250 RuggedCom Trap Configuration page, Trap Options Trap Configuration RuggedRouter supports the following MIBs MIB Support Radius Authentication Edit Radius Server Parameters Radius Authentication Configuration Outgoing Mail Parameter Description Chassis Parameters System Logs Syslog Factory Defaults Changing a Syslog entry to remote log Remote Logging RuggedRouter Software Fundamentals Upgrade System Automatic Upgrade When a Software Upgrade Requires a Reboot Change Repository Server Upgrade to RX1100 Upgrading All Packages Automatic Upgrading Pre-upgrade/Post-upgrade scripts Installing a New Package Upload/Download menu Uploading And Downloading Files Security Actions Security ConsiderationsPage Repository Server Requirements Appendix a Setting Up a RepositoryInitial Repository Setup An Alternate Approach Setting Up The RoutersUpgrading The Repository Upgrading Considerations Appendix B Downgrading Router Software Apache Default Web Appendix C Installing Apache Web Server On WindowsPage Installing IIS Appendix D Installing IIS Web Server On Windows FreeRadius Appendix E Radius Server ConfigurationWindows Internet Authentication Service Edit Profile window, Click Add... button 276 RuggedCom RuggedCom 277 Dhcp Index Goose NTP SSH Vrrp