Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentCraft Works Interface
12345678910
4
Secure Socket Layer Encryption Configuration
The secure configuration uses Secure Socket Layer (SSL) encryption. If you use the SSL protocol on your network, use the SSL
configuration. See the “Setting Up the Required Management Services with a Secure Connection” section on page 8 for
procedures.
IP Security
IP security (IPSec) does not require any special configuration for CWI on the router or client. See the “Setting Up the Required
Management Services Without a Secure Connection” section on page 8 for procedures.
Firewall
If you have a firewall in your network, you can use the basic or SSL encryption configurations. See the “Setting Up the Required
Management Services witha Secure Connection”section on page 8and “Setting Upthe Required ManagementServices Without
a Secure Connection” section on page 8 for procedures.
You must open the ports listed in Table 1 when configuring the firewall. See the firewall documentation for information on
opening the ports.
Virtual Private Network
When setting the minimum router configuration you must use the client Virtual Private Network (VPN) IP address and Domain
Name Server (DNS) name instead of the client IP address and DNS name when configuring the IP hostname for the CWI client.
This mapping is required for the client to receive notifications from the router. See the “Router Prerequisites” section on page 7.
If you have a VPN, you can use the basic or SSL encryption configurations. See the “Setting Up the Required Management
Services with a Secure Connection” section on page 8 and “Setting Up the Required Management Services Without a Secure
Connection” section on page 8 for procedures.
Dual-Homed
Dual-homed devices are used to bridge two networks. You can run an instance of CWI on the dual-homed device so that you
can access the secondary network. You will require terminal services or X-client software to run the CWI graphical application
from the client PC. A dual-homed device contains a client-side interface (IP address) and router-side interface (IP address). The
client-side is the primary interface, and the router-side is the secondary interface (see Figure 1).
Table 1 Firewall Ports
Component Port Direction
HTTP/HTTPS 80/443 Inbound
CORBA/CORBA SSL 10001/10002 Inbound
CORBA Notifications 49901 to 49950 Outbound
Telnet/SSH 23/22 Inbound/Outbound