6: Basic Parameters
SLCâ„¢ 8000 Advanced Console Manager User Guide 86
remotepeertype <ietf|cisco>
forceencaps <enable|disable>
deadpeerdelay <disable|1-300 seconds>
deadpeertimeout <5-1200 seconds>
deadpeeraction <restart|hold|clear>
2. Enter RSA public key or Pre-Shared Key of remote host: set vpn key
3. Configure X.509 certificate for remote peer or local peer.
set vpn certificate local via <sftp|scp> rootfile
<Cert Authority File>
certfile <Certificate File> keyfile <Private Key File>
host <IP Address or Name> login <User Login> [path <Path to Files>
set vpn certificate remote via <sftp|scp> [rootfile
<Cert Authority File>
certfile <Certificate File> host <IP Address or Name>
login <User Login> [path <Path to Files>
4. Delete X.509 certificate for local and/or remote peer.
set vpn certificate delete
5. Enter XAUTH password: set vpn xauthpassword
6. Display all VPN settings and current status: show vpn [email <Email Address>]
7. Display detailed VPN status: show vpn status [email <Email Address>]
8. Display VPN logs: show vpn viewlog [numlines <Number of Lines][email
<Email Address>]
9. Display RSA public key of the SLC: show vpn rsakey
Security
The SLC 8000 advanced console manager supports a security mode that complies with the FIPS
140-2 standard. FIPS (Federal Information Processing Standard) 140-2 is a security standard
developed by the United States federal government that defines rules, regulations and standards
for the use of encryption and cryptographic services. The National Institute of Standards and
Technology (NIST) maintains the documents related to FIPS at:
http://csrc.nist.gov/publications/PubsFIPS.html
FIPS 140-2 defines four security levels, Level 1 through Level 4. The SLC unit uses a FIPS
module certified at Level 1.
Note: The SSH client keyboard-interactive authentication type is not supported while the
SLC unit is in FIPS mode. The SLC 8000 can support a limit of 25 concurrent CLI sessions
simultaneously when in FIPs mode.
To enable FIPS mode, the Network -> Security -> FIPS Mode flag needs to be enabled and the
SLC unit rebooted. Each time the SLC unit is booted in FIPS mode, it will perform a power up self
test to verify the integrity of the SLC unit's cryptographic module. If there are any issues with the
integrity of the cryptographic module, FIPS mode will be disabled and the SLC unit will be
rebooted into non-FIPS mode.
When the SLC unit is running in FIPS mode, the following protocols are supported: TLS 1.0, TLS
1.1, TLS 1.2, and SSH v2.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
