Perle Systems IOLAN CSS User Manual
Page 117
Network Commands 113
IPsec Commands
Options
authentication-method
Specify the authentication method that will be used between VPN peers to authenticate
the VPN tunnel.
Data Options:
z
Shared Secret—A text-based secret that is used to authenticate the IPsec tunnel
(case sensitive).
z
RSA Signature—RSA signatures are used to authenticate the IPsec tunnel. When
using this authentication method, you must download the IPsec RSA public key to
the IOLAN and upload the IPsec RSA public key from the IOLAN to the VPN
gateway.
z
X.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel.
When using this authentication method, you must include the signing authority’s
certificate information in the SSL/TLS CA list and download it to the IOLAN.
The default is shared secret.
boot-action
Determines the state of the VPN network when the IOLAN is booted.
z
Start—Starts the VPN network, initiating communication to the remote VPN.
z
Add—Adds the VPN network, but doesn’t initiate a connection to the remote VPN.
z
Ignore—Maintains the VPN network configuration, but the VPN network is not
started and cannot be started through the IPsec command option.
When defining peer VPN gateways, one side should be defined as
Start
(initiate) and
the other as
Add
(listen). It is invalid to define both gateways as
Add
. VPN connection
time can take longer when both gateways are set to
Start
, as both sides will attempt to
initiate the same VPN connection.
The default is start.
local-device
When the VPN tunnel is established, one side of the tunnel is designated as Right and
the other as Left. You are configuring the IOLAN-side of the VPN tunnel. The default
is left.
local-external-ip-address
When
NAT Traversal (NAT_T)
is enabled, this is IOLAN’s external IPv4 or IPv6
address or FQDN. When the IOLAN is behind a NAT router, this will be its public IP
address.
local-host-nextwork
The IPv4 or IPv6 address of a specific host, or the network address that the IOLAN will
provide a VPN connection to.
local-ip-address
The IPv4 or IPv6 address or FQDN of the IOLAN. You can specify
%defaultroute
when the IP address of the IOLAN is not always known (for example, when it gets its
IP address from DHCP). When
%defaultroute
is used, a default gateway must be
configured in the route table.
local-next-hop
The IPv4 or IPv6 address of the router/gateway that will forward data packets to the
remote VPN (if required). The router/gateway must reside on the same subnet at the
IOLAN. Leave this parameter blank if you want to use the
Default Gateway
configured
in the IOLAN.