Black Box ACS120 Uživatelská příručka Strana 396
- Strana / 450
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Appendix G - IPSEC
396 BLACK BOX ® Advanced Console Server
The Configuration File
Description
The ipsec.conf file specifies most configuration and control information for the FreeS/WAN
IPsec subsystem. (The major exception is secrets for authentication; ipsec.secrets) Its con-
tents are not security-sensitive unless manual keying is being done for more than just testing,
in which case the encryption/authentication keys in the descriptions for the manually-keyed
connections are very sensitive (and those connection descriptions are probably best kept in a
separate file, via the include facility described below).
The file is a text file, consisting of one or more sections. White space followed by # followed
by anything to the end of the line is a comment and is ignored, as are empty lines which are
not within a section.
A line which contains include and a file name, separated by white space, is replaced by the
contents of that file, preceded and followed by empty lines. If the file name is not a full path-
name, it is considered to be relative to the directory containing the including file. Such inclu-
sions can be nested. Only a single filename may be supplied, and it may not contain white
space, but it may include shell wildcards for example:
include ipsec.*.conf
The intention of the include facility is mostly to permit keeping information on connections,
or sets of connections, separate from the main configuration file. This permits such connec-
tion descriptions to be changed, copied to the other security gateways involved, etc., without
having to constantly extract them from the configuration file and then insert them back into
it. Note the also parameter (described below) which permits splitting a single logical section
(e.g., a connection description) into several actual sections.
A section begins with a line of the form:
type name
where type indicates what type of section follows, and name is an arbitrary name which dis-
tinguishes the section from others of the same type. (Names must start with a letter and may
contain only letters, digits, periods, underscores, and hyphens.) All subsequent non-empty
lines which begin with white space are part of the section; comments within a section must
- BLACK BOX 1
- Advanced Console Server 1
- Version 2.1.4 Revision 1a 1
- User Guide 1
- Table of Contents 10
- Audience and User Levels 13
- How to use this Guide 14
- Conventions and Symbols 15
- Glossary Entries 16
- Quick Steps 16
- Parameter Syntax 16
- Spacing and Separators 17
- Note Box Icons 18
- Introduction and Overview 19
- Introduction 31
- System Requirements 31
- Pre-Install Checklist 33
- Task List 34
- The Wizard 34
- Custom Wizard 35
- Quick Start 36
- Configuration using Telnet 46
- Power Users 49
- New Users 50
- Task 5: Activate the changes 60
- Task 7: Save the changes 61
- Accessing the Serial Ports 62
- Access Method 73
- Authentication 100
- How to Test the Configuration 113
- CAS Port Pool 115
- Clustering 118
- Enhanced Clustering 125
- General Configuration 129
- Master box Configuration 129
- Slave-1 box Configuration 131
- Browser Method 135
- Data Buffering 137
- CLI Method 149
- Dual Power Management 154
- Configuration for TS 155
- Description 156
- Structure of the iptables 156
- Rule Specification Options 160
- Match Extensions 161
- TCP Extension 162
- UDP Extension 163
- ICMP Extension 163
- Multiport Extension 163
- Target Extensions 164
- REJECT (filter table only) 164
- SNAT (nat table only) 164
- DNAT (nat table only) 165
- MASQUERADE (nat table only) 165
- REDIRECT (nat table only) 165
- Browser method 166
- Generating Alarms 172
- Help Wizard Information 188
- Requesting Help for the CLI 194
- Supported Cards 197
- Ejecting Cards 197
- PCMCIA Network Configuration 198
- Wireless LAN PC Cards 199
- Modem PC Cards 200
- Client Side Setup 205
- ISDN PC Cards 206
- How to configure dial out 207
- Linux (Callback Client) 212
- TS Setup Wizard 213
- Serial Settings 219
- Wizard Method 221
- Session Sniffing 235
- The Syslog Functions 256
- Terminal Appearance 271
- Time Zone 280
- How to set Date and Time 281
- Users and Passwords 283
- Linux File Structure 284
- The vi Editor 286
- The Routing Table 288
- Secure Shell Session 289
- The Process Table 293
- TS Menu Script 294
- ºC to 44ºC) 297
- External 298
- Dimensions 298
- Weight 6 lb. 6.2 lb 298
- Approvals FCC and CE, Class A 298
- Rear Panel LEDs 299
- The RS-232 Standard 300
- Cable Length 301
- Connectors 302
- Which cable should be used? 303
- Cable Diagrams 304
- Adapters 307
- Black Box\Sun Netra Adapter 308
- Configuration Parameters 311
- CAS Parameters 321
- TS Parameters 331
- Dial-in Access Parameters 333
- Appendix D - Linux-PAM 337
- Upgrades 357
- Troubleshooting 359
- Hardware Test 362
- Port Conversation 363
- Test Signals Manually 363
- Single User Mode 364
- Procedure 369
- User Guide 371 371
- #saveconf 371
- Appendix G - IPSEC 373
- How Web User Management works 407
- Adding and Deleting Users 409
- Deleting a User 410
- Adding a group 411
- Deleting a group 411
- Adding an Access Limit 412
- Deleting an access limit 413
- Tested Environment 415
- On Windows 416
- Step-by-Step Process 417
- Console Access Server 419
- Terminal Server 422
- Dial-in Access 424
- Basic Parameters (wiz) 427
- Alarm Parameter (wiz --al) 428
- Syslog Parameters (wiz --sl) 431
- • Conf.locallogins 432
- Appendix L - Copyrights 433
- List of Figures 437
- List of Tables 441
- Glossary 443
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.048 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce