Manualshelf

Specifications

ManualsBrandsAMX ManualsNetworkingNI-3100
151152153154155156157158159160
Appendix A: IPSec Configuration File
143
NetLinx Integrated Controllers- WebConsole & Programming Guide (FMv3)
Sample IPSec Configuration File
The following is a sample IPSec configuration file:
ikeAddPeerAuth=192.168.220.57,%LOCAL_ADDR%,mm_g2,RSA,new.key.pem,AMXCA,
new.cert.pem
ikeAddPeerAuth=192.168.220.37,%LOCAL_ADDR%,mm_g2,PSK,password
spdAddTransport=ANY,192.168.220.57,%LOCAL_ADDR%,OUT,PACKET,IKE,qm_sa_g2_transport
spdAddTransport=ANY,192.168.220.37,%LOCAL_ADDR%,OUT,PACKET,IKE,qm_sa_g2_transport
# add bypass for IKE TCP port (500)
spdAddBypass=17/500/500,192.168.220.57,%LOCAL_ADDR%,OUT,MIRRORED
spdAddBypass=17/500/500,192.168.220.37,%LOCAL_ADDR%,OUT,MIRRORED
# add bypass for IPSEC-ESP protocol
spdAddBypass=50,192.168.220.57,%LOCAL_ADDR%,OUT,MIRRORED
spdAddBypass=50,192.168.220.37,%LOCAL_ADDR%,OUT,MIRRORED
# add bypass for IPSEC-AH protocol
spdAddBypass=51,192.168.220.57,%LOCAL_ADDR%,OUT,MIRRORED
spdAddBypass=51,192.168.220.37,%LOCAL_ADDR%,OUT,MIRRORED
IPSec Web Configuration Interface
Once the IPSec Config file for a system has been created on a PC, the configuration of IPSec on a Master is
accomplished via its Web interface. The following is a screen shot of the IPSec Security Settings page and
descriptions of each field (FIG. 70).
All setting and file modifications require a system reboot to take effect.
The “Enabled” checkbox turns “on” and “off” the entire IPSec feature.
The CRL radio buttons indicate the level of Certificate Revocation List checking that is performed
for IPSec connections.
CRL Checking” checks the sources certificate while “CRL Checking (All)” checks all of the
certificates in a sources certificate chain. If eitherCRL Checking” or “CRL Checking (All)” are
selected, then at least one certificate must be present in the CRL Certificates directory on the
Master.
The Upload Configuration File section provides the capability to upload the IPSec Config file
onto a Master. Simply browse to the file’s location on a PC, select the file, and select “Submit”. The
file will be uploaded to its proper location on the Master.
There is no “delete” capability for the Config file. New uploads overwrite the existing Config file.
FIG. 70 IPSec Security Settings page