AMX NI-3100 Especificaciones Pagina 135
- Pagina / 160
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Appendix A: IPSec Configuration File
125
NetLinx Integrated Controllers- WebConsole & Programming Guide (FMv3)
Appendix A: IPSec Configuration File
IPSec Config file
The IPSec Configuration file contains user specified IPSec rule definitions to be applied to the running IPSec
database. The IPSec Configuration file is read at boot-up and the individual lines are applied to the IPSec
database. Configuration lines are applied to the database in the order that they appear in the configuration file.
Each line of the configuration file represents an individual rule. All lines follow the format:
<config action>=<config string>
All characters of a configuration line, both the action and the string, are case sensitive and white space is
relevant.
Lines beginning with a ‘#’ symbol are considered comments and are subsequently ignored during the loading
process.
All references to the Master’s IP address in configuration lines can be substituted by %LOCAL_ADDR% in
order to provide flexibility and reuse of an IPSec Config file. At boot, all occurrences of %LOCAL_ADDR%
will be replaced by the actual IP address of the Master. In this way, a single IPSec configuration file can be
uploaded to multiple Masters that are to be configured with the same IPSec configuration without having to
specify the Master’s local IP Address directly.
The IPSec Configuration file is loaded onto the Master via the Master’s Web interface under Security->
IPSec Security Settings.
The following are the list of configuration lines supported by the AMX IPSec Configuration file.
Internet Key Exchange (IKE)
ikeAddPeerAuth
ikeAddPeerAuth
NAME ikeAddPeerAuth – add a peer's authentication information
SYNOPSIS
ikeAddPeerAuth=configString
DESCRIPTION This rule is used to specify IKE authentication information between the host and a peer.
This rule may be called multiple times to define a set of peers with which the host will conduct
IKE negotiations.
NOTE Specifying KEYPFS to this function will not enable perfect forward secrecy when negotiating
with the peer unless a DHGROUP is also specified in the Phase 2 attributes, set via
spdSetPropAttrib.
Rule Value
Rule Value = configString
A string formatted as follows:
peerIpAddress,interfaceIpAddress,proposalName,PFS,authenticationMethod,
authenticationInfo
where
- peerIpAddress is the address of the IKE peer.
- interfaceIpAddress is the local IP address that is to communicate with the peer.
- proposalName is an existing Phase 1 proposal name, defined via ikeSetProp.
- authenticationMethod is PSK (pre-shared key) or RSA (certificate support).
- authenticationInfo depends on authenticationMethod. See below.
When authenticationMethod is PSK, authenticationInfo is the pre-shared key, represented as
printable ASCII.
When authenticationMethod is RSA, authenticationInfo is a string formatted as follows:
localKey,localKeyPassword,localCertificate[,PEER_CERT,peerCertificate]
• localKey - The filename where the local peer's key is stored.
• localKeyPassword - The password for the local peer's key. Specify NOPASS if there is no
password. Note that the maximum password length is
MAX_PRIVATE_KEY_PASSWORD_LENGTH.
• localKey - The filename where the local peer's key is stored.
- Last Revised: 5/25/2012 1
- Table of Contents 10
- About This Document 12
- Related Documents 13
- Using Zero Configuration 14
- Before You Start 15
- Device Addressing dialog 16
- WebConsole UI Overview 31
- Device Tree 32
- Device Network Settings Pages 33
- ZeroConfig Networking 34
- WebConsole - Security Options 35
- Login Rules 36
- User Name and Password Rules 36
- Allowed Special Characters 36
- Security - System Level 37
- Access Options 38
- Accepting Changes 39
- Configuring Settings 39
- System Security - Group Level 40
- Group Security Details Page 42
- System Security - User Level 44
- Deleting a User 46
- Compression Options 47
- WebConsole - System Options 49
- Diagnostic Options table 54
- Edit Options window 56
- Port Settings 59
- Server Port Settings 59
- SSL Certificate Options 61
- SSL Certificate Entries 62
- Import SSL Certificate window 64
- System - Manage License 68
- System - Manage NetLinx 69
- System - Manage Devices 71
- Manage Devices - Bindings 73
- Adding a User-Defined Device 77
- Editing Polled Port Settings 80
- Manage Devices - URL List 82
- Manage Devices - Log 85
- Manage Devices - Diagnostics 86
- NetLinx Programming 89
- Master SEND_COMMANDs (Cont.) 90
- Port: System 91
- RS232/422/485 Ports Channels 92
- IR / Serial Ports Channels 97
- IR RX Port Channels 97
- IR/Serial SEND_COMMANDs 97
- Input/Output SEND_COMMANDs 103
- I/O SEND_COMMANDs (Cont.) 104
- Overview 105
- Terminal Commands 107
- Terminal Commands (Cont.) 108
- ESC Pass Codes 125
- Setup Security Menu 127
- Security Options Menu 128
- Edit User Menu 129
- Edit Group Menu 129
- Telnet Diagnostics Commands 132
- Linux Telnet Client 133
- IPSec Config file 135
- Internet Key Exchange (IKE) 135
- SpdAddTunnel 138
- SpdAddBypass 139
- SpdAddDiscard 139
- SpdSetProp 140
- SpdSetProp (Cont.) 141
- SpdSetPropAttrib 143
- Manual Key Manager (MKM) 145
- IPSec Security Settings page 153
- Programming API 155
- CLKMGR_GET_ACTIVE_TIMESERVER 156
- (CONSTANT CHAR RECORD[]) 157
- Increase Your Revenue 160
Relacionado con productos y manuales para Gateways / Controladores AMX NI-3100
(40 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.070 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales