Conel xr5i sl Скачать руководство пользователя страница 42 | Manualshive

Страница: 42 / 79

background image

CONFIGURATION

42

4.12. IPSec Tunnel Configuration

IPsec tunnel configuration can be called up by option IPsec item in the menu. IPsec

tunnel  allows  protected  connection  of  two  networks  LAN  to  the  one  which  looks  like  one
homogenous.  In  the  IPsec  Tunnels  Configuration  window  are  four  rows,  each  row  for  one
configured  IPSec  tunnel.  The  column  Create  switches  on  tunnels,  other  columns  contain
values  view  set  in  the  IPsec  Tunnel  Configuration  windows;  configuration  is  possible  by
the Edit button.

In the IPsec Tunnel Configuration windows it is possible to define the tunnel name

(Description),  off  -  side  tunnel  IP  address  (Remote  IP  Address),  identification  of  off-side
tunnel  (Remote  ID),  address  nets  behind  off  -  side  tunnel  (Remote  Subnet),  mask  nets
behind  off  -  side  tunnel  (Remote  Subnet  Mask),  identification  of  local  side  (Local  ID),  local
subnet  address  (Local  Subnet),  local  network  mask  (Local  Subnet  Mask),  sharable  key  for
both parties  tunnel (Pre shared Key), service life keys (Key Lifetime) and service life IKA SA
(IKE Lifetime). Rekey Margin specifies how long before connection expiry should attempt to
negotiate  a  replacement  begin.  Rekey  Fuzz  specifies  the  maximum  percentage  by  which
Rekey  Margin  should  be  randomly  increased  to  randomize  re-keying  intervals.  Parameter
DPD  Delay  defines  time  after  which  is  made  IPsec  tunnel  verification.  By  parameter  DPD
Timeout  is  set  timeout  of  the  answer.  If  address  translation  between  two  end  points  of  the
IPsec  tunnel  is  used,  it  needs  to  allow  NAT  Traversal  (Enabled).  If  parameter  Aggressive
mode  is  enabled,  then  establishing  of  IPsec  tunnel  will  be  faster,  but  encryption  will  set
permanently  on  3DES-MD5.  Authentication  is  possible  to  set  by  parameter  Authenticate
mode.  At  choice  are  following  possibilities:  Pre-shared  key  or  X.509  Certificate.  Parameter
Pre-shared Key set shared key for both off-side tunnel. At authentication by X.509 certificate
it is necessary put in certificates CA Certificate, Remote Certificate and Local Certificate and
private key Local Private Key and Local Passphrase. The certificates and private keys have
to  be  in  PEM  format.  As  certificate  it  is  possible  to  use  only  certificate  which  has  start  and
stop  tag  certificate.  Parameters  ID  contain  two  parts:  hostname  and  domain-name.  Items
which  can  be  blank,  are  used  for  to  exact  IPsec  tunnel  identification.  By  the  help
of parameter Extra Options it is possible to define additional parameters of the IPsec tunnel,
for example secure parameters and the like.

The changes in settings will apply after pressing the Apply button.

Openswan version: 2.6.25

«
...
40
41
42
43
44
...
»

Содержание xr5i sl

Страница 1: ...Router XR5i and XR5i SL USER S GUIDE Declared system ISO 9001 2009 WWW INFOPULSAS LT info infopulsas lt...

Страница 2: ...port mounting 18 3 1 Expansion port mounting for XR5i 18 3 2 Expansion port mounting for XR5i SL 20 4 Configuration setting over web browser 22 4 1 Network Status 23 4 2 DHCP Status 24 4 3 IPsec statu...

Страница 3: ...Configuration 64 4 31 6 IPsec Tunnel Configuration 66 4 31 7 GRE Tunnels Configuration 67 4 31 8 L2TP Tunnel Configuration 67 4 31 9 DynDNS Configuration 68 4 31 10 NTP Configuration 68 4 31 11 SNMP...

Страница 4: ...ntion notice on possible problems which can arise to in specific cases Information notice information which contains useful advices or special interest GPL licence Source codes under GPL licence are a...

Страница 5: ...outer must not be exceeded Do not expose the communication router to extreme ambient conditions Protect the communication router against dust moisture and high temperature It is recommended that the c...

Страница 6: ...h is designed only for connection to a USB device The ethernet router has two versions The first version is basic XR5i and the second version is XR5i SL in the aluminum box Examples of Possible Applic...

Страница 7: ...allation CD containing instructions The router standard is designed for possibility to be put on a work surface for mounting onto a DIN rail the plastic clips are included 2 3 Power Supply The router...

Страница 8: ...erface The software is built on the Linux operating system The router support services like DHCP NAT GRE IPsec tunnels etc The modem settings are saved in the FLASH EEPROM memory All modem configurati...

Страница 9: ...DESCRIPTION 9 Front panel XR5i Rear panel XR5i Front panel XR5i SL Rear panel XR5i SL...

Страница 10: ...ly voltage 10 to 30 V 5 GND Negative pole of DC supply voltage 6 GND Negative pole of DC supply voltage Circuit example Panel socket MRT9 Pin number Signal mark Description 1 UN Positive pole of DC su...

Страница 11: ...utput 7 8 ATTENTION Port ETH is not POE Power Over Ethernet compatible Example of the ETH router connection 2 6 3 Connection of the ETH Connector Panel socket RJ45 Pin number Signal mark Description D...

Страница 12: ...ings of binary output signal Example of the I O router connection I O port is part of the XR5i SL version only 2 6 5 Connection of the Connector USB Panel socket USB A Pin number Signal mark Descripti...

Страница 13: ...put 120 mA max 30 V I O port is part of the XR5i SL version only 2 8 Technical specification of expansion ETH XPORT Expansion port ETH Power supply Internal Operating temperature 20 55 C Environment S...

Страница 14: ...n selected 100 Mbit s Off selected 10 Mbit s Back Green On the network cable is connected Blinking data transmission Off the network cable is not connected 2 10 Putting into operation Before putting t...

Страница 15: ...DESCRIPTION 15 2 11 Mechanical external dimensions and mounting recommendations...

Страница 16: ...t assembly of the router to the switch board for single cables we recommend to bind the bunch according to the following picture for this use we recommend length of the bunch combination of power supp...

Страница 17: ...DESCRIPTION 17 the circuit diagram of the XR5i router is on the following pictures the circuit diagram of the XR5i SL router is on the following pictures...

Страница 18: ...ition 8 on box bottom part position 3 and carried out box top part position 2 the expansion port XPORT position 6 connect to connector J3 see below of the router B UR 5i motherboard position 1 from TO...

Страница 19: ...description Part Description Number 1 Router motherboard 1 2 Box top part 1 3 Box bottom part 1 4 Rear head 1 5 Front head 1 6 Expansion port 1 7 Distant columns for expansion port XPORT mounting to m...

Страница 20: ...ition 5 and removing it is possible to take out the B UR 5i motherboard position 1 The expansion port XPORT position 2 is connected to connector J3 see below of the router B UR 5 motherboard position...

Страница 21: ...cription Number 1 UMTS router motherboard 1 2 Expansion port XPORT 1 3 Left box part 1 4 Right box part 1 5 Rear head 1 6 Front head 1 7 Bottom box part 1 8 Top box part 1 9 Spacers for expansion port...

Страница 22: ...the user root with initial password root For providing higher security of your network we recommend changing this password More about changing password can be found in chapter 4 25 The left part of t...

Страница 23: ...ion HWaddr hardware unique address of networks interface inet own IP address P t P IP address second ends connection Bcast broadcast address Mask mask of network MTU maximal size of packet which is eq...

Страница 24: ...are ethernet hardware MAC unique address uid unique ID In the extreme cases the DHCP status can display two records for one IP address That could have been caused by resetting of network cards 4 3 IPs...

Страница 25: ...yslog daemon For starting syslogd with these options you could modify script etc init d syslog or add lines killall syslogd and syslogd options into Startup Script 4 6 LAN Configuration To enter the n...

Страница 26: ...ected equipment etc The changes in settings will apply after pressing the Apply button The DHCP server assign IP addresses to the connected clients from defined address pool IP address of the gate and...

Страница 27: ...CONFIGURATION 27 Example of the network interface with dynamic DHCP server 192 168 1 3 192 168 1 4 ETH 192 168 1 2 192 168 1 1 WAN...

Страница 28: ...NFIGURATION 28 Example of the network interface with dynamic and static DHCP server 192 168 1 3 192 168 1 4 ETH 192 168 1 2 192 168 1 10 01 23 45 67 89 ab 192 168 1 11 01 54 68 18 ba 7e 192 168 1 1 WA...

Страница 29: ...CONFIGURATION 29 Example of the network interface with dynamic DHCP server and DHCP client 192 168 1 3 192 168 1 254 ETH port 192 168 1 1 ETH 192 168 1 2 DHCP server XPORT ETH...

Страница 30: ...CONFIGURATION 30 Example of the network interface with default gateway and DNS server 192 168 1 3 192 168 1 4 192 168 1 1 ETH 192 168 1 2 192 168 1 20 WAN...

Страница 31: ...ity value equals 0 is not allowed It is possible to set Check PPP connection flag in the second part of the window The currently active router either main or backup will send testing messages to defin...

Страница 32: ...Authentication MTU Maximum Transmission Unit it is the identifier of the maximum size of packet which is possible to transfer in given environment MRU Maximum Receiving Unit it is the identifier of t...

Страница 33: ...to set up to four remote accesses by the help of Source Source IP Address Protocol and Target Port Parameter Source defines if access is allowed to one IP address which is defined by Source IP Addres...

Страница 34: ...data from WAN will be routed to the computer with the defined IP address If the Enable remote HTTP access field and port number is filled in then configuration of the router over web interface is poss...

Страница 35: ...CONFIGURATION 35 Choice Masquerade outgoing packets option turns the system address translation NAT The changes in settings will apply after pressing the Apply button...

Страница 36: ...nfigurations it is important to have marked choice of Send all remaining incoming packets it default server IP address in this case is the address of the device behind the router Connected equipment b...

Страница 37: ...CONFIGURATION 37 Example of the configuration with more connected equipment 162 209 13 222 192 168 1 2 80 192 168 1 3 80 192 168 1 4 80 ppp0 10 0 0 1 SWITCH 10 0 0 1 81 10 0 0 1 82 10 0 0 1 83...

Страница 38: ...rotected connection of two networks LAN to the one which looks like one homogenous In the OpenVPN Tunnels Configuration window are two rows each row for one configured OpenVPN tunnel The column Create...

Страница 39: ...icate Username and Password next can be X 509 Certificate client this enables authentication by CA Certificate Local Certificate and Local Private Key last possibility is X 509 Certificate server whic...

Страница 40: ...CONFIGURATION 40...

Страница 41: ...ubnet Mask 255 255 255 0 255 255 255 0 Local Interface IP Address 19 16 1 0 19 16 2 0 Remote Interface IP Address 19 16 2 0 19 16 1 0 Compression LZO LZO Authenticate mode none none 192 168 1 4 192 16...

Страница 42: ...Margin should be randomly increased to randomize re keying intervals Parameter DPD Delay defines time after which is made IPsec tunnel verification By parameter DPD Timeout is set timeout of the answe...

Страница 43: ...CONFIGURATION 43...

Страница 44: ...unnels Configuration To enter the GRE tunnels configuration select the GRE menu item It is possible configure up to four GRE tunnels In the GRE Tunnels Configuration window are four rows each row for...

Страница 45: ...e GRE tunnel is used for connection of two networks to one that appears as one homogenous Last item Pre shared Key defines 32b number that identifies shared key of tunnel This code must be on both sid...

Страница 46: ...rver Server IP Address start IP address in range which is offered by server to clients Client Start IP Address end IP address in range which is offered by server to clients Client End IP Address IP ad...

Страница 47: ...ddress 192 168 3 254 Local IP Address 192 168 3 1 Remote IP Address Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password pa...

Страница 48: ...blank the default server is used The changes in settings will apply after pressing the Apply button Example of the DynDNS client configuration with domain conel dyndns org username conel password cone...

Страница 49: ...he inner clock Example of NTP server address can be seen on support ntp org bin view Servers StratumOneTimeServers By parameter Timezone it is possible to set the time zone of the router By parameter...

Страница 50: ...e router together with information how to contact this person item Name is the designation of the router and item Location describes the physical placing of the router By choosing Enable I O extension...

Страница 51: ...t BIN2 values 0 1 1 3 6 1 4 1 30140 2 1 7 0 Binary input BIN3 values 0 1 1 3 6 1 4 1 30140 2 1 8 0 Binary input BIN4 values 0 1 For the expansion port M BUSD the following range of OID is used OID Des...

Страница 52: ...licking on SMTP menu item In the window there is possible to enter login values to e mail server from which e mails will be sent The required values are address of SMTP server Server Address login nam...

Страница 53: ...enter the Server address and final TCP port At Check TCP connection it activates verification of coupled TCP connection Inside the window can be define time after which it will carry out verification...

Страница 54: ...TCP client it is necessary to enter the Server address and final TCP port At Check TCP connection it activates verification of coupled TCP connection Inside the window can be define time after which i...

Страница 55: ...rt 2000 ETH USB PC Equipment Settings in the router Mode TCP client Server Address 10 0 0 2 TCP Port 2000 192 168 1 100 ppp0 10 0 0 1 192 168 1 1 ppp0 10 0 0 2 Settings in application on PC TCP connec...

Страница 56: ...ce backup or restore option The changes in settings will apply after pressing the Apply button 4 21 1 802 1d Ethernet Bridging setting up Bridging functionality can be set up via startup script or tel...

Страница 57: ...N4 OLD4 then if BIN4 1 then gsmsms 739546801 test SMS bin4 1 fi if BIN4 0 then gsmsms 739546801 test SMS bin4 0 fi OLD4 BIN4 fi sleep 2 io get bin3 BIN3 if BIN3 OLD3 then if BIN3 1 then gsmsms 7395468...

Страница 58: ...o set automatic configuration update This choice enables that the router automatically downloads the configuration and the newest firmware from the server itself The configuration and firmware are sto...

Страница 59: ...ameter Update Hour If the entered URL is different configuration than in the router then the router downloads this configuration and restarts itself The changes in settings will apply after pressing t...

Страница 60: ...f the router setting can be called up in option Set Real Time Clock item in the menu Clocks are set according to the engaged NTP server after push button operation Apply 4 27 Backup Configuration The...

Страница 61: ...update the following pressing the Update button After successful firmware updating the following statement is listed There is information about updating of the FLASH memory By firmware actualization t...

Страница 62: ...er green LED starts to blink it is possible to restore initial settings of the router by pressing button RST on front panel After press button RST it is restoration of the configuration and reset gree...

Страница 63: ...CONFIGURATION 63 4 31 2 VRRP Configuration 4 31 3 Firewall Configuration...

Страница 64: ...CONFIGURATION 64 4 31 4 NAT Configuration 4 31 5 OpenVPN Tunnel Configuration...

Страница 65: ...CONFIGURATION 65...

Страница 66: ...CONFIGURATION 66 4 31 6 IPsec Tunnel Configuration...

Страница 67: ...CONFIGURATION 67 4 31 7 GRE Tunnels Configuration 4 31 8 L2TP Tunnel Configuration...

Страница 68: ...CONFIGURATION 68 4 31 9 DynDNS Configuration 4 31 10 NTP Configuration 4 31 11 SNMP Configuration...

Страница 69: ...CONFIGURATION 69 4 31 12 Expansion Port Configuration 4 31 13 USB Port Configuration...

Страница 70: ...CONFIGURATION 70 4 31 14 Startup script...

Страница 71: ...CONFIGURATION 71 4 31 15 Up Down script 4 31 16 Automatic update...

Страница 72: ...mend send gsminfo displaying of informations about signal quality gsmsms SMS send hwclock displaying change of time in RTC ifconfig displaying change of interface configuration io reading writing inpu...

Страница 73: ...d DynDNS not function If the same IP address is found in your canonic name as dynamically assign address it means that the operator is using NAT or firewall NAT is possible to verify by the help of th...

Страница 74: ...coefficient SAR defined by association ICNIRP and values of About protection of health before non ionized radiation Declaration about consistency was issued and is possible get it at producer 9 Produ...

Страница 75: ...ee claim The object of the guarantee claim should be submitted in a state corresponding to the state at the sale Caution The seller does not guarantee that individual settings or data stored in the ob...

Страница 76: ...product is detected which is not covered by the guarantee a repair not covered by the guarantee the seller shall notify of this fact the customer and the customer shall notify the seller whether he wa...

Страница 77: ...sidered to be a defect For the assessment whether a defect has occurred the product parameters included in the technical documentation of the product are decisive The guarantee shall be terminated in...

Страница 78: ...GUARANTEE CERTIFICATE 78 11 Guarantee certificate Type of the device Serial number Guarantee period in months Seller Date of sale Stamp of the seller...

Страница 79: ...the guarantee claim report Date of reception of the device into the repair shop Date of completion of the repair by the repair shop Number of the receipt form of the repair shop Guarantee repair YES N...

Отзывы:

Нет отзывов

Похожие инструкции для xr5i sl

Бренд: Ubiquiti Страницы: 24

Бренд: IBM Страницы: 4

Device Server UDS 10

Бренд: Lantronix Страницы: 8

Бренд: Lorex Страницы: 186

Бренд: Intellinet Страницы: 2

RUGGEDSWITCH RS900G

Бренд: RuggedCom Страницы: 23

ICS-G7748A Series

Бренд: Moxa Technologies Страницы: 10

Бренд: Billion Страницы: 120

NVRx-7300 series

Бренд: Swann Страницы: 9

Бренд: NBase Страницы: 18

Бренд: Gearlinx Страницы: 23

Бренд: CAME Страницы: 32

Бренд: Alfa Network Страницы: 11

Бренд: Neousys Technology Страницы: 39

Бренд: Net Optics Страницы: 2

Бренд: Sharedband Страницы: 3

Бренд: Ubiquiti Страницы: 2

Бренд: Me Страницы: 28

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды