Johnson Controls P2000 Installation Manual Download Page 30 | Manualshive

Page: 30 / 36

background image

Configuration

VPN/DSL Security Option

2-18

24-10618-155 Rev. A

This document contains confidential and proprietary information of Johnson Controls, Inc.

© 2012 Johnson Controls, Inc.

Resetting the Linksys Router

The Reset button on the Linksys router enables you to restore the router’s factory
defaults and clear all of its settings, including any IP addresses you entered.

The Reset button can be used in one of two ways:



If the Linksys router is having connection problems, press the Reset button
for a moment with a bent paper clip or a pencil tip. This clears up any jammed
connections and is similar to pressing the Reset button to reboot your PC.



If you are experiencing extreme problems with the Linksys router and have
tried all other troubleshooting measures, press the Reset button and hold it
down until the red Diag LED on the front panel turns on and off completely.

Figure 2-8: Digi EtherLite Device Connections

Installing the Digi EtherLite Device (S320 Connection Only)

Installation of the Digi EtherLite is required only if connecting to an S320
controller. The Digi EtherLite is a shared serial device that enables serial ports to
share a single IP address. The basic requirements to share the serial device are:



The Digi EtherLite device must be physically connected to the Ethernet and
accessible by both nodes.



The same serial port number must be configured on both nodes.



To install the Digi EtherLite device:

1. Connect the Digi EtherLite to the network using 10Base-T cable to one of the

available, Trusted LAN Ports on the front end VPN router.

2. Apply power to the Digi Etherlite device.

S320

Serial

Connection

VPN Front End Router

Digi EtherLite

10Base-T

Port

Trusted (LAN) Port

«
...
28
29
30
31
32
...
»

Summary of Contents for P2000

Page 1: ...VPN DSL Security Option Installation Manual P2000 Security Management System April 2012 24 10618 155 Revision A ...

Page 2: ......

Page 3: ...P2000 Security Management System VPN DSL Security Option Installation Manual April 2012 24 10618 155 Revision A Security Solutions 805 522 5555 www johnsoncontrols com ...

Page 4: ...Copyright 2012 Johnson Controls Inc All Rights Reserved No part of this document may be reproduced without the prior permission of Johnson Controls Inc ...

Page 5: ...nson Controls Inc shall not be liable for errors contained herein or for incidental or consequential damages in connection with furnishing or use of this material Contents of this publication may be preliminary and or may be changed at any time without any obligation to notify anyone of such revision or change and shall not be regarded as a warranty Declaration of Conformity This product complies ...

Page 6: ...rwarded away from the host computer Central Station using the feature Message Forwarding 9 The Panel Poll Interval must not exceed 90 seconds 10 The Host Poll Delay must not exceed 200 seconds 11 P2000 or P2K server must use transient suppression devices on the LAN interfaces at the computers The table below specifies the devices that must be used for the various types of LAN interfaces LAN Interf...

Page 7: ...ified 19 For Line Security over the Internet between the P2000 or P2K server and the controllers D620 D6AP and S320 the following equipment shall be used NetScreen Model NS 5XT X0X where X is any number 0 to 9 4 Port VPN router and Digi International Model EtherLite2 serial port server The P2000 or P2K server and router shall be configured to use an encryption method including an Authentication He...

Page 8: ...ough the Web Access feature are supplementary 30 P2000 or P2K systems use the PC232 S4 1 Protocol Converter to communicate to D620 D6AP and or S320 controllers a controller must be connected to the port defined as Loop 1 at the P2000 or P2K for Protocol Converter s tamper switch to report as an alarm 31 The communication medium between the protected property and communications service provider sha...

Page 9: ...ver to Back End Router Connection 2 4 NetScreen 5XT Router Installation and Configuration 2 5 NetScreen 5XT Installation 2 5 NetScreen 5XT Configuration 2 6 Resetting the NetScreen 5XT Router 2 13 Linksys BEFVP41 Router Installation and Configuration 2 13 Linksys BEFVP41 Installation 2 13 Linksys BEFVP41 Configuration 2 14 Linksys BEFSX41 Router Installation and Configuration 2 15 Linksys BEFSX41 ...

Page 10: ...Table of Contents VPN DSL Security Option viii 24 10618 155 Rev A This document contains confidential and proprietary information of Johnson Controls Inc 2012 Johnson Controls Inc ...

Page 11: ... The traffic that flows between these points passes through shared resources such as routers switches and other network equipment that make up the public WAN To secure communication while passing through the WAN the two participants create an IP Security IPSec tunnel CHAPTER SUMMARIES Chapter 1 Introduction describes the purpose of this document and the manual conventions Chapter 2 Configuration c...

Page 12: ...Introduction VPN DSL Security Option 1 2 24 10618 155 Rev A This document contains confidential and proprietary information of Johnson Controls Inc 2012 Johnson Controls Inc ...

Page 13: ...ecurity Payload employed Table 2 1 IPSEC Parameters Mode Tunnel Protocol Encapsulating Security Payload ESP Authentication Protocol AH Authentication SH1 Secure Hash Algorithm 1 SHA 1 ESP Encryption Triple DES 3DES 168 bit Key Key Management AutoKey IKE with a preshared key Diffie Hellman Exchange Group 2 1024 bit modulus Perfect Forward Secrecy PFS Enabled Phase 1 3DES Main Mode six message excha...

Page 14: ...nksys and or NetScreen routers listed below Linksys routers are less expensive but are not National Institute of Standards and Technology NIST certified or Underwriters Laboratories UL compliant Select the routers according to your site requirements Table 2 2 Required Hardware Make Model Description Combination of two of the following see router combination information below NetScreen 5XT NIST Cer...

Page 15: ...roller 192 168 1 x 255 255 255 0 OR 192 168 1 x 255 255 255 0 Workstation 201 0 0 x 255 255 255 0 Wide Area Network WAN 201 0 0 x 255 255 255 0 Wide Area Network WAN 200 0 0 x 255 255 255 0 200 0 0 x 255 255 255 0 NetScreen VPN Router Model 5XT Linksys VPN Router Model BEFVP41 OR FRONT END ROUTER BACK END ROUTER Wide Area Network WAN VPN DSL Security Option Configuration 24 10618 155 Rev A 2 3 Thi...

Page 16: ...ption 2 4 24 10618 155 Rev A This document contains confidential and proprietary information of Johnson Controls Inc 2012 Johnson Controls Inc P2000 Server to Back End Router Connection To connect the P2000 Server to the back end router connect a network cable from one of the Router s Trusted or available LAN ports to the P2000 Server P2000 Server Rear View Ethernet UNTRUSTED NetScreen 5XT Router ...

Page 17: ...adapter to the rear panel of the NetScreen 5XT The NetScreen 5XT device runs a 100 240 VAC 10 and 12 watts When properly connected to an AC power source the power LED on the faceplate illuminates solid green When power fails the power LED turns off 2 Connect a network cable from a laptop or PC to one of the NetScreen 5XT s available Trusted ports This connection will be used to configure the NetSc...

Page 18: ...able Trusted port on the NetScreen 5XT to the Controller or Workstation Laptop or PC UNTRUSTED NetScreen 5XT Front End Router Ethernet TRUSTED 4 3 2 1 DC POWER CONSOLE MODEM Used for Configuration Purposes Only Controller or Workstation WAN NetScreen 5XT Configuration This section provides instructions for configuring the NetScreen 5XT s parameters using the WebUI To access the NetScreen using the...

Page 19: ...x can be between 2 and 254 and change the subnet mask to 255 255 255 0 3 Open your browser and enter the NetScreen s default LAN IP address of 192 168 1 1 in the Address bar Example http 192 168 1 1 The Enter Network Password dialog box appears 4 Enter netscreen in the User Name and Password fields Use lowercase letters only The User Name and Password fields are both case sensitive 5 Click OK The ...

Page 20: ...etScreen with the Initial Configuration Wizard 1 Select NAT Mode and click Next 2 Enter master into the Password and Confirm Password fields click Next 3 Select Static IP enter the following and click Next Untrusted Zone Interface IP 200 0 0 2 Netmask 255 255 255 0 Gateway 200 0 0 1 4 Enter the following and click Next Front End Router Trust Zone Interface IP 192 168 1 1 Netmask 255 255 255 0 ...

Page 21: ... 3 Netmask 255 255 255 0 5 Click Next 6 Click Next 7 Select No to DHCP and click Next 8 Review and confirm the settings Trust Interface in NAT mode Admin Login Name netscreen Password Trust Interface IP 192 168 1 1 Front End Router or 200 0 0 3 Back End Router Trust Interface Netmask 255 255 255 0 Untrust Interface 200 0 0 2 Management Service Telnet enabled Management Service Web enabled Manageme...

Page 22: ...sword field Click OK The NetScreen Administration Tools window appears 11 Continue with the following configuration instructions To configure the date and time 1 On the NetScreen Administration Tools window select Configuration Date Time in the left hand frame 2 Configure the date and time accordingly Refer to the NetScreen documentation for details 3 Click Apply To verify the network interface se...

Page 23: ...ect Network Routing Routing Table in the left hand frame 2 Verify the displayed settings To configure the VPN settings with the VPN Wizard 1 Select Wizards VPN in the left hand frame to launch the VPN Wizard 2 Select LAN to LAN and click Next 3 Ensure Local Static IP Remote Static IP is selected and click Next 4 Enter 200 0 0 xxx where xxx can be between 2 and 254 in the Remote Gateway IP Address ...

Page 24: ...g remote IP address into the IP field according to the router you are configuring Front End Router 200 0 0 0 Back End Router 192 168 1 0 7 Change the Netmask to 255 255 255 0 and click Next 8 Enter the following local IP address into the IP field according to the router you are configuring Front End Router 192 168 1 0 Back End Router 200 0 0 0 9 Change the Netmask to 255 255 255 0 and click Next 1...

Page 25: ... and configure the Linksys BEFVP41 router Figure 2 6 Linksys BEFVP41 Back End Router Installation Linksys BEFVP41 Installation The Linksys BEFVP41 router may only be used as the back end router All connections to the Linksys BEFVP41 router are made to the device s rear panel To install the BEFVP41 router 1 Connect the power adapter to the rear panel of the Linksys BEFVP41 2 Connect a network cable...

Page 26: ...ys BEFVP41 router To access the Linksys device 1 Change the IP address of your PC or laptop to 192 168 1 xxx where xxx can be between 2 and 254 and the subnet mask to 255 255 255 0 2 Open your web browser and enter 192 168 1 1 in the Address bar press Enter Example http 192 168 1 1 The Enter Network Password dialog box appears 3 Enter admin in the Password field and leave the User Name field blank...

Page 27: ...DES for Encryption and SHA for Authentication 9 Select the PFS Perfect Forward Secrecy check box and verify that master is entered in the Pre shared Key field 10 Click the Connect button to establish a connection 11 Verify that the Status indicates that the Router is Connected Linksys BEFSX41 Router Installation and Configuration This section describes how to install and configure the Linksys BEFS...

Page 28: ...PC Ethernet Used for Configuration Purposes Only Controller or Workstation WAN Linksys BEFSX41 Router 1 2 3 4 POWER Reset WAN Linksys BEFSX41 Configuration This section describes how to configure the Linksys BEFSX41 router To access the Linksys device 1 Change the IP address of your PC or laptop to 192 168 1 xxx where xxx can be between 2 and 254 and the subnet mask to 255 255 255 0 2 Open your we...

Page 29: ...on selected from the Local Secure Group field Verify also that the IP Address is 192 168 1 0 4 Select Subnet from the Remote Secure Group field 5 Enter the IP Address Subnet ID in the IP field This would be the IP Address of the remote endpoint on the other side of the tunnel for example 200 0 0 0 6 Select IP Address from the Remote Security Gateway field and enter 201 0 0 1 as the IP address 7 Se...

Page 30: ...eshooting measures press the Reset button and hold it down until the red Diag LED on the front panel turns on and off completely Figure 2 8 Digi EtherLite Device Connections Installing the Digi EtherLite Device S320 Connection Only Installation of the Digi EtherLite is required only if connecting to an S320 controller The Digi EtherLite is a shared serial device that enables serial ports to share ...

Page 31: ... OFF 3 Up ON 4 Down OFF Installing the Digi One SP S321 Connection Only Installation of the Digi One SP is required only if connecting to an S321 controller The Digi One SP device enables an S321 controller to connect to the router via the controller s serial port To install the Digi One SP converter 1 Change the DIP switch settings on the bottom of the Digi One SP converter according to Figure 2 ...

Page 32: ...ls Inc 2012 Johnson Controls Inc 3 Connect the DB 9F connector to the Digi One SP s DB 9M connector 4 Run an Ethernet cable from the Digi One SP to one of the available Trusted LAN Ports on the front end VPN router 5 Connect the power cable to the Digi One SP and run to an appropriate 110 240 VAC power source NOTE To install the driver for the Digi One SP and configure the device download the driv...

Page 33: ...ts of data which are transformed and combined with the first 64 bits of the message to be sent To apply the encryption the message is broken up into 64 bit blocks so that each can be combined with the key using a complex 16 step process Although DES is fairly weak with only one iteration repeating it using slightly different keys can provide excellent security Diffie Hellman An exchange that allow...

Page 34: ...th ESP you can encrypt and authenticate encrypt only or authenticate only For encryption you can choose either of the following encryption algorithms Data Encryption Standard DES A cryptographic block algorithm with a 56 bit key Triple DES 3DES A more powerful version of DES in which the original DES algorithm is applied in three rounds using a 168 bit key DES provides a significant performance sa...

Page 35: ...agement MD5 Message Digest version 5 an algorithm that produces a 128 bit message digest or hash from a message of arbitrary length The resulting hash is used like a fingerprint of the input to verify authenticity Netmask A netmask indicates which part of an IP address indicates network identification and which part indicates the host identification For example the IP address and netmask 10 20 30 ...

Page 36: ... must be at least two SAs one for each direction The VPN participants negotiate and agree to Phase 1 and Phase 2 SAs during an AutoKey IKE negotiation See also Security Parameters Index Security Parameters Index SPI is a hexadecimal value which uniquely identifies each tunnel It also tells the NetScreen device which key to use to decrypt packets SHA 1 Secure Hash Algorithm 1 an algorithm that prod...

Reviews:

No comments

Related manuals for P2000

Brand: TCS Basys Controls Pages: 2

Compact Comfort VAV12

Brand: SAI HVAC Pages: 16

Brand: saia-burgess Pages: 203

Brand: Sailor Pages: 1

Brand: V2 Pages: 12

NORA-W10 Series

Brand: u-blox Pages: 56

Brand: z21 Pages: 2

Brand: Frico Pages: 12

Brand: Burlington Pages: 7

Brand: Nordelettronica Pages: 8

Diaval AF Series

Brand: Comeval Pages: 10

SMARTCONNECT SMART/REP

Brand: Zeta Alarm Systems Pages: 48

Brand: Festo Pages: 87

Dual Motor Focus Controller

Brand: Pegasus Astro Pages: 16

Brand: Hach Pages: 48

Brand: Eaton Pages: 108

Brand: Carrier Pages: 4

SUPERSEAL 2014 Series

Brand: APV Pages: 20

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands