Lantronix SLC 8000 Advanced Console Manager User Guide - Page 101
IKEv1 Aggressive and 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, when
View all Lantronix SLC 8000 Advanced Console Manager manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 101 highlights
6: Basic Parameters 220.41.123.45), the type of authentication (pre-shared key authentication), the algorithms in use (IKEv1 Aggressive and 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024), when the tunnel will be rekeyed/SA Lifetime (rekeying in 7 hours), the bytes in and out (131 bytes_i (1 pkt, 93s ago), 72 bytes_o (1 pkt, 94s ago)), a dynamic address assigned to the console manager side of the tunnel (child: dynamic and 172.28.28.188), and the subnets on both sides of the tunnel (172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24 10.81.102.0/24 10.81.103.0/24). Connections: MyVPNConn: 192.168.1.103...220.41.123.45 IKEv1 Aggressive, dpddelay=30s MyVPNConn: local: [vpnid] uses pre-shared key authentication MyVPNConn: local: [vpnid] uses XAuth authentication: any with XAuth identity 'gfountain' MyVPNConn: remote: [220.41.123.45] uses pre-shared key authentication MyVPNConn: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): MyVPNConn[1]: ESTABLISHED 26 minutes ago, 192.168.1.103[vpnid]...220.41.123.45[220.41.123.45] MyVPNConn[1]: IKEv1 SPIs: 62c06b5b5fc3c5de_i* 74300552060118f6_r, pre-shared key+XAuth reauthentication in 2 hours MyVPNConn[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ MODP_1024 MyVPNConn{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c6b71deb_i 95f877ec_o MyVPNConn{1}: 3DES_CBC/HMAC_MD5_96/MODP_1024, 131 bytes_i (1 pkt, 93s ago), 72 bytes_o (1 pkt, 94s ago), rekeying in 7 hours MyVPNConn{1}: 172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24 10.81.102.0/24 10.81.103.0/24 The SLC loads a subset of the available strongSwan plugins. If an option is given in a custom ipsec.config file that requires a plugin that is not loaded by the SLC, this may cause an error during tunnel negotiation. The loaded plugins can be viewed in the VPN Status when the VPN tunnel is enabled. Sample ipsec.conf Files are provided for a variety of tunnel configurations and peers. The strongSwan Wiki also provides a variety of usable examples and sample configurations, in addition to interoperability recommendations. Depending on the VPN configuration, it may be necessary to enable IP Forwarding (see Network Port Settings) or to add static routes; in some cases traffic may not be passed through the tunnel without enabling IP Forwarding or static routes (see Routing). Refer to the VPN routing table that is displayed with the VPN status. A watchdog program is automatically run when the VPN tunnel is enabled. This program will detect if the VPN tunnel goes down (for reasons other than the user disabling the tunnel). The watchdog program will: Generate a syslog message when the tunnel goes up or down If traps are enabled, send a slcEventVPNTunnel SNMP trap when the tunnel goes up or down If an email address is configured in the VPN configuration, send an email when the tunnel goes up or down If enabled, automatically restart the VPN tunnel SLC™ 8000 Advanced Console Manager User Guide 101