beautypg.com

Panasonic NN46110-600 User Manual

Page 36

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

26

Chapter 2 Configuring servers

• the configuration and LDAP files to be restored must be ones that were saved

before any user defined keys were applied.

External LDAP key information

For authentication to work between all VPN Routers using the shared LDAP, the

keys must match on all VPN Routers.

To change the key, the VPN Router must be configured with the last saved key.

Keys on all routers that use a shared LDAP must match before any router can

change the key; and if one router changes the key, all the others must have
matching keys configured. For example, if two routers, VPN Routerl and VPN

Router2, use the same external LDAP, and VPN Routerl sets a user-defined key,
then VPN Router2 cannot set any key except the one that matches the key of VPN
Routerl. After VPN Router2 sets a key that matches, then VPN Router2 can

configure a new key. If VPN Router 2 sets a new key, then VPN Routerl must
configure a matching key before authentication is successful.

After VPN Routerl sets a key, the LDAP passwords are encrypted using the key.
When VPN Router2 sets the same key, there is no change to the LDAP passwords.

Changing from DES to 3DES

For internal and external LDAP, 3DES uses the default internal key unless a user

key is defined. After 3DES is used, the VPN Router processes the entire LDAP,
field by field, and sets a flag for every password that is encrypted by 3DES.

For both internal and external LDAP, after 3DES is enabled, to return to DES, you

must restore a previously saved configuration and LDAP file.

3DES external LDAP information

All VPN Routers that use a shared LDAP must run a software version that

supports 3DES LDAP encryption. Even if a VPN Router is not configured to use
3DES LDAP encryption, it can decrypt 3DES passwords from an LDAP

encrypted by another VPN Router that uses 3DES.

After a VPN Router enables 3DES, the LDAP passwords are encrypted using

3DES. When another VPN Router that shared the LDAP enables 3DES, no

changes are made to the LDAP stored passwords.

NN46110-600

See also other documents in the category Panasonic Routers: