Filter
Top Products
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 72
3. To save, click Apply button.
4. To see a details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
5. To see the last 100 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
6. To see the RSA public key for the SLC 8000 advanced console manager (required for
configuring the remote host if RSA Public Keys are being used), select the View SLC RSA
Public Key link.
Configuring an IPsec VPN Tunnel through the CLI
1. Set vpn <parameters>:
tunnel <enable|disable>
ethport <1|2>
auth <rsa|psk>
remotehost <RemoteHost IP Address or name>
remoteid <Authentication name>
remotehop <IP Address>
remotesubnet <one or more subnets in CIDR notation>
localid <Authentication Name>
localhop <IP Address>
Authentication The type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host. For RSA Public Key, each host
generates a RSA public-private key pair, and shares its public key with the
remote host. The RSA Public Key for the SLC 8000 advanced console
manager (which has 2192 bits) can be viewed at either the web or CLI. For
Pre-Shared Key, each host enters the same passphrase to be used for
authentication.
RSA Public Key for
Remote Host
If RSA Public Key is selected for authentication, enter the public key for the
remote host.
Pre-Shared Key If Pre-Shared Key is selected for authentication, enter the key.
Retype Pre-Shared Key If Pre-Shared Key is selected for authentication, re-enter the key.
Perfect Forward Secrecy When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a
new Diffie-Hellman key exchange can be performed to generate a new
session key to be used to encrypt the data being sent through the tunnel. If
this is enabled, it provides greater security, since the old session keys are
destroyed.
Mode Configuration Client If this is enabled, the SLC unit can receive network configuration from the
remote host. This allows the remote host to assign an IP address/netmask
to the SLC advanced console manager side of the VPN tunnel.
XAUTH Client If this is enabled, the SLC 8000 advanced console manager will send
authentication credentials to the remote host if they are requested. XAUTH,
or Extended Authentication, can be used as an additional security measure
on top of the Pre-Shared Key or RSA Public Key.
XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password If XAUTH Client is enabled, this is the password used for authentication.
Retype Password If XAUTH Client is enabled, this is the password used for authentication.