tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...

More documents

Recommendations

Info

VPN connections ISAKMP-SA lifetime IPsec-SA lifetime The keys for an IPsec connection are renewed at certain intervals in order to increase the effort required to attack an IPsec connection. Specify the lifetime (in seconds) of the keys agreed on for the ISAKMP-SA and IPsec-SA. The lifetime can be defined differently for ISAKMP-SA and IPsec-SA. NAT-T There may be a NAT router between the TAINY xMOD-V3-IO and the VPN gateway of the remote network. Not all NAT routers allow IPsec data packets to go through. It may therefore be necessary to encapsulate the IPsec data packets in UDP packets so that they can go through the NAT router. Enable dead peer detection On: If the TAINY xMOD-V3-IO detects a NAT router that does not let the IPsec data packets through, then UDP encapsulation is started automatically. Force: During negotiation of the connection parameters for the VPN connection, encapsulated transmission of the data packets during the connection is insisted upon. Off: The NAT-T function is switched off If the remote station supports the dead peer detection (DPD) protocol, then the partner in question can detect whether the IPsec connection is still valid or not, meaning that it may have to be re-established. Without DPD, depending on the configuration it may be necessary to wait until the SA lifetime elapses or the connection has to be re-initiated manually. To check whether the IPsec connection is still valid, the dead peer detection sends DPD requests to the remote station itself. If there is no answer, then after the permitted number of failed attempts the IPsec connection is considered to be interrupted. Warning Sending the DPD requests and using NAT-T increases the amount of data sent and received over the mobile data service connection (HSPA+, UMTS, EGPRS, GPRS). Depending on the selected settings, the additional data traffic can amount to 5 Mbyte per month or more. This can lead to additional costs. Yes Dead peer detection is switched on. Attempts are made to reestablish the IPsec connection if it has been declared dead, independently of the transmission of user data. No Dead peer detection is switched off DPD - delay (seconds) Time period in seconds after which DPD requests will be sent. These requests test whether the remote station is still available. DPD - timeout (seconds) Time period in seconds after which the connection to the remote station will be declared dead if no response has been made to the DPD requests. DPD – maximum failures Number of failed attempts permitted before the IPsec connection is considered to be interrupted. Factory setting The factory settings used by the TAINY xMOD-V3-IO for a newly created connection are as follows: Name NewConnection Enabled No (switched off) Authentication method CA certificate Remote ID NONE Local ID NONE Page 70 of 111 TAINY xMOD
7.4 Loading VPN certificates IPsec VPN > Connections ONLY TAINY HMOD-V3-IO ONLY TAINY EMOD-V3-IO Remote certificate - Wait for remote connection No Remote net address 192.168.2.1 Remote subnet mask 255.255.255.0 Local net address 192.168.1.1 Local subnet subnet mask 255.255.255.0 ISAKMP-SA encryption AES-128 IPsec-SA encryption AES-128 ISAKMP-SA hash MD5 IPsec-SA hash MD5 DH/PFS group DH-2 1024 ISAKMP-SA mode Main ISAKMP-SA lifetime (seconds) 86400 IPsec-SA lifetime (seconds) 86400 NAT-T On Enable dead peer detection Yes DPD - delay (seconds) 150 DPD – timeout (seconds) 60 DPD – maximum failures 5 Function Loading and administering certificates and keys. Upload remote certificate Upload PKCS12 file (.p12) VPN connections Here load key files (*.pem, *.crt) with remote certificates and public key from remote stations into the TAINY xMOD-V3-IO. To do this, the files must be saved on the Admin PC. A remote certificate is only required for the authentication method with X.509 certificate. Here load the certificate file (PKCS12 file) with the file extension .p12 into the TAINY xMOD-V3-IO. To do this, the certificate file must be saved on the Admin PC. Caution If there is already a certificate file in the device, then it must be deleted before loading a new file. TAINY xMOD Page 71 of 111
Page 1 and 2:
User Manual TAINY HMOD-V3-IO, TAINY
Page 3 and 4:
Products ! Safety instructions The
Page 5 and 6:
Firmware with open source GPL/LGPL
Page 7 and 8:
Contents Contents 1 Introduction ..
Page 9 and 10:
1 Introduction Introduction Product
Page 11 and 12:
Introduction Local applications cou
Page 13 and 14:
Terms Here are definitions of terms
Page 15 and 16:
2 Setup 2.1 Step by step Set up the
Page 17 and 18:
2.3 Overview 2.4 Service button Set
Page 19 and 20: TAINY EMOD Lamp Status Meaning S (S
Page 21 and 22: 2.6 Connections LAN0, LAN1 (10/100
Page 23 and 24: 24V / 0V power supply The TAINY xMO
Page 25 and 26: 3 Configuration 3.1 Overview Remote
Page 27 and 28: Preferred DNS server Configuration
Page 29 and 30: The start page is not displayed If
Page 31 and 32: Signal (CSQ Level) Indicates the st
Page 33 and 34: Carrying out configuration ONLY TAI
Page 35 and 36: Function Access to the TAINY xMOD i
Page 37 and 38: 4 Local interface 4.1 IP addresses
Page 39 and 40: 4.3 DNS to local network Local Netw
Page 41 and 42: Poll interval Serve system time to
Page 43 and 44: Provider selection mode - Manual Pr
Page 45 and 46: Provider selection mode - Automatic
Page 47 and 48: Activity on faulty connection Renew
Page 49 and 50: Remote host 0.0.0.0 Group group Use
Page 51 and 52: 5.7 Volume supervision External net
Page 53 and 54: Security functions Protocol Select
Page 55 and 56: 6.2 Port Forwarding Security > Port
Page 57 and 58: 6.4 Firewall Log Security > Firewal
Page 59 and 60: Requirements for the remote network
Page 61 and 62: VPN connections CA certificate The
Page 63 and 64: VPN connections ISAKMP-SA mode Agre
Page 65 and 66: VPN Standard Mode Edit Settings Con
Page 67 and 68: VPN connections Remote net address
Page 69: VPN Standard Mode Edit IKE VPN conn
Page 73 and 74: 7.6 Supervision of VPN connections
Page 75 and 76: Number of connect attempts until re
Page 77 and 78: Action Define how access to the spe
Page 79 and 80: Factory setting The factory setting
Page 81 and 82: 9 Status, log and diagnosis 9.1 Log
Page 83 and 84: Status, log and diagnosis Function
Page 85 and 86: Status, log and diagnosis Function
Page 87 and 88: Additional functions Text Here ente
Page 89 and 90: Port number 26864 Firewall Rules No
Page 91 and 92: The following parameters of the TAI
Page 93 and 94: Target host NONE Target port 162 Ta
Page 95 and 96: Asymmetric encryption CIDR Small le
Page 97 and 98: Small lexicon of routers CSQ / RSSI
Page 99 and 100: Small lexicon of routers EGPRS EGPR
Page 101 and 102: IPsec MIB See SNMP Small lexicon of
Page 103 and 104: Protocol, Transfer protocol Small l
Page 105 and 106: X.509 certificate A type of "seal"
Page 107 and 108: Network B Computer B1 B2 B3 B4 Addi
Page 109 and 110: Conformity CE Conforms to Directive
Page 111: Protection class IP20 Dimensions 11
show all

tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?