Perle Systems IOLAN SDS User Manual
Page 116
IPsec Commands
116 IOLAN
Reference Guide, Version 3.7
remote-external-ip-address
When
NAT Traversal (NAT_T)
is enabled, the remote VPN’s public external IPv4 or
IPv6 address or FQDN. If you want to accept a VPN connection from any host/network,
you can enter
%any
in this field.
remote-host-nextwork
The IPv4 or IPv6 address of a specific host or the network address that the IOLAN will
provide a VPN connection to. If the IPsec tunnel is listening for connections (
Boot
Action
set to
Add
), and the field value is left at
0.0.0.0
, any VPN peer with a private
remote network/host that conforms to RFC 1918 (10.0.0.0/8, 172.16.0.0./12,
192.168.0.0/16) will be allowed to use this tunnel if it successfully authenticates.
remote-ip-address
The IPv4 or IPv6 address or FQDN of the remote VPN peer. If you want to accept a
VPN connection from any VPN peer, you can enter
%any
in this field.
remote-next-hop
The IPv4 or IPv6 address of the router/gateway that will forward data packets to the
IOLAN (if required). The router/gateway must reside on the same subnet at the remote
VPN.
remote-validation-criteria
Any values that are entered in the remote validation criteria must match the remote
X.509 certificate for a succsessful connection; any fields left blank will not be validated
against the remote X.509 certificate. Note that all validation criteria must be configured
to match the X.509 certificate. An asterick (*) is valid as a wildcard.
country
A two character country code; for example, US. This field is case sensitive in order to
successfully match the information in the remote X.509 certificate. An asterisk (*)
works as a wildcard.
state-province
Up to a 128 character entry for the state/province; for example, IL. This field is case
sensitive in order to successfully match the information in the remote X.509 certificate.
An asterisk (*) works as a wildcard.
locality
Up to a 128 character entry for the location; for example, a city. This field is case
sensitive in order to successfully match the information in the remote X.509 certificate.
An asterisk (*) works as a wildcard.
organisation
Up to a 64 character entry for the organisation; for example, Accounting. This field is
case sensitive in order to successfully match the information in the remote X.509
certificate. An asterisk (*) works as a wildcard.
organisation-unit
Up to a 64 character entry for the unit in the organisation; for example, Payroll. This
field is case sensitive in order to successfully match the information in the remote
X.509 certificate. An asterisk (*) works as a wildcard.
common-name
Up to a 64 character entry for common name; for example, the host name or fully
qualified domain name. This field is case sensitive in order to successfully match the
information in the remote X.509 certificate. An asterisk (*) works as a wildcard.