AMX NI-3100 Especificações Página 136
- Página / 160
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Appendix A: IPSec Configuration File
126
NetLinx Integrated Controllers- WebConsole & Programming Guide (FMv3)
ikeSetProp
ikeAddPeerAuth (Cont.)
Rule Value
(Cont.)
• localKeyPassword - The password for the local peer's key. Specify NOPASS if there is no
password. Note that the maximum password length is
MAX_PRIVATE_KEY_PASSWORD_LENGTH.
• localCertificate - The filename where the local peer's certificate is stored.
• peerCertificate - The filename where the remote peer's certificate is locally stored. If
PEER_CERT is specified, any certificate payload(s) received from the remote IKE peer
during IKE phase 1 negotiation will be ignored and the certificate specified in
peerCertificate will be used to authenticate the remote peer.
All keys and certificates are stored on the local file system, in the directory set by the project
facility parameter IKE_CERT_PATH.
EXAMPLES Using a pre-shared key for IPv4:
ikeAddPeerAuth=100.100.100.4,100.100.100.1,mm_grp2,NOPFS,PSK,thisisatest
Using a pre-shared key for IPv6:
ikeAddPeerAuth=3ffe:2::2,3ffe:1::2,mm_grp2,NOPFS,PSK,thisisatest
Using certificates for IPv4:
ikeAddPeerAuth=192.168.1.36,192.168.1.35,ph1_g1_1,NOPFS,RSA,local_key.key,
mypassword,local_cert.crt,PEER_CERT,peer_cert.crt
ikeAddPeerAuth=192.168.1.36,192.168.1.35,ph1_g1_1,NOPFS,RSA,
local_key.key,mypassword,local_cert.crt
ikeAddPeerAuth=192.168.1.36,192.168.1.35,ph1_g1_1,NOPFS,RSA,
local_key.key,NOPASS,local_cert.crt
Config String
Format
peerIpAddress,interfaceIpAddress,proposalName,authenticationMethod,
authenticationInfo
Pre-defined
proposal
names
The following are proposal names already defined inside the AMX Firmware and available for
use in the ikeAddPeerAuth configuration:
mm_g2=mm_3des_sha,mm_3des_md5,mm_des_sha,mm_des_md5
Attributes: DHGROUP=G2, LIFETIME=28800 sec
mm_g1=mm_3des_sha,mm_3des_md5,mm_des_sha,mm_des_md5\n"
Attributes: DHGROUP=G1, LIFETIME=28800 sec
mm_prop=mm_des_md5
Attributes: DHGROUP=G2, LIFETIME=300 sec
mm_prop1= mm_des_md5
Attributes: DHGROUP=G2, LIFETIME=3600 sec
Additional IKE proposals and attributes can be created with the next two API’s.
ikeSetProp
NAME ikeSetProp – create a Phase 1 proposal
SYNOPSIS
ikeSetProp=configString
DESCRIPTION This rule creates a Phase 1 proposal with previously defined Phase 1 transform names.
Rule Value
Rule Value = configString
A string formatted as follows:
proposalName,transformName,[transformName][,transformName]...
where
- proposalName is a unique name for a Phase 1 proposal.
- transformName is an existing Phase 1 transform name, defined via ikeSetXform.
EXAMPLES
ikeSetProp=mm_group2,mm_3des_sha,mm_3des_md5,mm_des_sha,mm_des_md5
Config String
Format
proposalName,transformName,[transformName][,transformName]…
Pre-defined
proposal
names
A transform consists of an encryption algorithm and a hash algorithm. The first value is the
encryption, the second the hash.
mm_3des_sha=3DES,SHA-1
mm_3des_sha2_256=3DES,SHA2-256
mm_3des_sha2_384=3DES,SHA2-384
mm_3des_sha2_512=3DES,SHA2-512
mm_3des_md5=3DES,MD5
- Last Revised: 5/25/2012 1
- Table of Contents 10
- About This Document 12
- Related Documents 13
- Using Zero Configuration 14
- Before You Start 15
- Device Addressing dialog 16
- WebConsole UI Overview 31
- Device Tree 32
- Device Network Settings Pages 33
- ZeroConfig Networking 34
- WebConsole - Security Options 35
- Login Rules 36
- User Name and Password Rules 36
- Allowed Special Characters 36
- Security - System Level 37
- Access Options 38
- Accepting Changes 39
- Configuring Settings 39
- System Security - Group Level 40
- Group Security Details Page 42
- System Security - User Level 44
- Deleting a User 46
- Compression Options 47
- WebConsole - System Options 49
- Diagnostic Options table 54
- Edit Options window 56
- Port Settings 59
- Server Port Settings 59
- SSL Certificate Options 61
- SSL Certificate Entries 62
- Import SSL Certificate window 64
- System - Manage License 68
- System - Manage NetLinx 69
- System - Manage Devices 71
- Manage Devices - Bindings 73
- Adding a User-Defined Device 77
- Editing Polled Port Settings 80
- Manage Devices - URL List 82
- Manage Devices - Log 85
- Manage Devices - Diagnostics 86
- NetLinx Programming 89
- Master SEND_COMMANDs (Cont.) 90
- Port: System 91
- RS232/422/485 Ports Channels 92
- IR / Serial Ports Channels 97
- IR RX Port Channels 97
- IR/Serial SEND_COMMANDs 97
- Input/Output SEND_COMMANDs 103
- I/O SEND_COMMANDs (Cont.) 104
- Overview 105
- Terminal Commands 107
- Terminal Commands (Cont.) 108
- ESC Pass Codes 125
- Setup Security Menu 127
- Security Options Menu 128
- Edit User Menu 129
- Edit Group Menu 129
- Telnet Diagnostics Commands 132
- Linux Telnet Client 133
- IPSec Config file 135
- Internet Key Exchange (IKE) 135
- SpdAddTunnel 138
- SpdAddBypass 139
- SpdAddDiscard 139
- SpdSetProp 140
- SpdSetProp (Cont.) 141
- SpdSetPropAttrib 143
- Manual Key Manager (MKM) 145
- IPSec Security Settings page 153
- Programming API 155
- CLKMGR_GET_ACTIVE_TIMESERVER 156
- (CONSTANT CHAR RECORD[]) 157
- Increase Your Revenue 160
Manuais e produtos relacionados com Gateways/controladores AMX NI-3100
Gateways/controladores AMX NXB-CCG Especificações
(40 páginas)
(40 páginas)
Gateways/controladores AMX NXB-CCG-K Especificações
(32 páginas)
(32 páginas)
© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.049 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais