AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
Deploying Avaya IP Office™ Platform SSL VPN Services
Appendix D: AVG configuration settings
Last Updated : Dec 21, 2012 |
[Main Menu] info - Information menu stats -
Statistics menu cfg - Configuration menu boot
- Boot menu maint - Maintenance menu diff
- Show pending config changes [global command] apply
- Apply pending config changes [global command] revert
- Revert pending config changes [global command] paste
- Restore saved config with key [global command] help
- Show command help [global command] exit
- Exit [global command, always available]
>> Main# cfg
------------------------------------------------------------
[Configuration Menu]
ssl - SSL offload menu
cert - Certificate menu
vpn - VPN menu
test - Create test vpn, portal and certificate
quick - Quick vpn setup wizard
sys - System-wide parameter menu
lang - Language support
bwm - Bandwidth management menu
log - logging system menu
ptcfg - Backup configuration to TFTP/FTP/SCP/SFTP server
gtcfg - Restore configuration from TFTP/FTP/SCP/SFTP server
dump - Dump configuration on screen for copy-and-paste
>> Configuration# dump
Dump private/secret keys (yes/no) [no]:
Collecting data, please wait...
/*
/*
/* Alteon iSD SSL
/* Configuration dump taken Tue Sep 18 08:40:50 EDT 2012
/* Hardware Platform: 3050-VM
/* Software Version: 8.0.17.0
/* Uptime: 8 days 3 hours 59 minutes
/* IP Address: 172.16.1.4
/* Hardware Address: 00:0c:29:e0:d8:73
/* Disk space: config 10110 386513 3 %
user_content 32832 6015488 1 %
/*
/*
/cfg/.
/cfg/ssl/.
/cfg/ssl/server 1/.
name "Redirect to VPN 1"
vips 216.13.56.91
standalone off
port "80 (http)"
rip 0.0.0.0
rport 81
type http
proxy on
loopback on
fastfin off
ena enabled
/cfg/ssl/server 1/trace/.
/cfg/ssl/server 1/ssl/.
cert 1
cachesize 4000
cachettl 5m
renegotiate legacy
protocol ssl3
verify none
log none
verifylog none
ciphers ALL:-EXPORT:-LOW!ADH
ena disabled
/cfg/ssl/server 1/tcp/.
cwrite 15m
ckeep 15m
swrite 15m
sconnect 30s
csendbuf auto
crecbuf auto
ssendbuf auto
srecbuf 6000
/cfg/ssl/server 1/http/.
httpsredir on
redirect on
downstatus unavailable
securecookie off
certcard off
cookieonce off
sslheader on
sslxheader off
sslsidheader off
addxfor off
addvia on
addxisd off
addfront off
addbeassl off
addbeacli off
addclicert off
addnostore off
nocachehdr off
compress off
cmsie on
rhost off
maxrcount 40
maxline 16384
urlobscure off
sessionhdr off
/cfg/ssl/server 1/http/redirmap/.
/cfg/ssl/server 1/http/dynheader/.
/cfg/ssl/server 1/http/rewrite/.
paramtag none
urldeferattr on
rewrite off
ciphers HIGH:MEDIUM
response iSD
URI "/cgi-bin/weakcipher"
/cfg/ssl/server 1/http/auth/.
mode basic
realm Xnet
proxy off
ena disabled
/cfg/ssl/server 1/dns/.
/cfg/ssl/server 1/adv/.
/cfg/ssl/server 1/adv/pool/.
timeout 15s
ena disabled
/cfg/ssl/server 1/adv/traflog/.
protocol bsd
sysloghost 0.0.0.0
udpport 514
priority info
facility local4
ena disabled
/cfg/ssl/server 1/adv/loadbalancing/.
type all
persistence none
metric hash
health auto
interval 10s
grace on
ena disabled
/cfg/ssl/server 1/adv/loadbalancing/script/.
/cfg/ssl/server 1/adv/loadbalancing/remotessl/.
protocol ssl3
ciphers ALL
/cfg/ssl/server 1/adv/loadbalancing/remotessl/verify/.
verify none
/cfg/ssl/server 1/adv/sslconnect/.
protocol ssl3
cachemode on
ciphers EXP-RC4-MD5:ALL!DH
ena disabled
/cfg/ssl/server 1/adv/sslconnect/verify/.
verify none
/cfg/cert 1/.
name test_cert
cert
-----BEGIN CERTIFICATE-----
MIIEejCCA+OgAwIBAgIJAODDyCE7V9E3MA0GCSqGSIb3DQEBBAUAMIG/MQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHVGVzdGluZzEo
MCYGA1UEChMfVGVzdCBJbmMuIDEgMDQ6Mzc6MjEgMjAxMi0wOS0xMDESMBAGA1UE
CxMJdGVzdCBkZXB0MSAwHgYDVQQDExd3d3cuZHVtbXlzc2x0ZXN0aW5nLmNvbTEp
MCcGCSqGSIb3DQEJARYadGVzdGVyQGR1bW15c3NsdGVzdGluZy5jb20wHhcNMTIw
OTEwMDgzNzIyWhcNMTMwOTEwMDgzNzIyWjCBvzELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB1Rlc3RpbmcxKDAmBgNVBAoTH1Rlc3Qg
SW5jLiAxIDA0OjM3OjIxIDIwMTItMDktMTAxEjAQBgNVBAsTCXRlc3QgZGVwdDEg
MB4GA1UEAxMXd3d3LmR1bW15c3NsdGVzdGluZy5jb20xKTAnBgkqhkiG9w0BCQEW
GnRlc3RlckBkdW1teXNzbHRlc3RpbmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCyw80A6VzNwFRpizR9iWJnvZziAgwJZBmI7V2QjtQD+7tMwZA1mNZf
JohYRRS24WGOerGJd3YtAkQHv3yWSo6NiQ5X0Ng8ou4wvg7nlhsqSjeReSn7RUPV
Jl7L45MySiLI5iKWH2j+i1NxLfLbtkqO7+RVAlM3lL4T0Lsjg4RiswIDAQABo4IB
ejCCAXYwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAkQwMgYJYIZIAYb4
QgENBCUWI0FsdGVvbi9Ob3J0ZWwgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSGR0w74d4NpcyEeYyLayjiBtRc9DCB9AYDVR0jBIHsMIHpgBSGR0w74d4N
pcyEeYyLayjiBtRc9KGBxaSBwjCBvzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExEDAOBgNVBAcTB1Rlc3RpbmcxKDAmBgNVBAoTH1Rlc3QgSW5jLiAx
IDA0OjM3OjIxIDIwMTItMDktMTAxEjAQBgNVBAsTCXRlc3QgZGVwdDEgMB4GA1UE
AxMXd3d3LmR1bW15c3NsdGVzdGluZy5jb20xKTAnBgkqhkiG9w0BCQEWGnRlc3Rl
ckBkdW1teXNzbHRlc3RpbmcuY29tggkA4MPIITtX0TcwCQYDVR0SBAIwADANBgkq
hkiG9w0BAQQFAAOBgQAMw7vnW4aWgwQZEpjWEYxzRkbAD1+vWYbtdNix9kPtHzWu
e5Fr9c4iuzSHW6cC8natTQc+8iAUNjokBpZ2PT62mENRsNjfj2Ov3/OzXuUYtwkt
OtOCddd5gMlDL6ovxM4k59VLkDYdn5p0kwknSAGHJyoUjQ3g7XWGAOffJy+Wbw==
-----END CERTIFICATE-----
...
/cfg/cert 1/revoke/.
/cfg/cert 1/revoke/automatic/.
anonymous false
interval 1d
verify off
ena disabled
/cfg/vpn 1/.
name VPN-1
ips 216.13.56.91
standalone on
hostippool false
/cfg/vpn 1/aaa/.
idlettl 2m
sessionttl infinity
authorder 1
defauth on
defippool 1
/cfg/vpn 1/aaa/tg/.
ena disabled
recheck 15m
action teardown
details on
runonce off
logmode off
loglevel info
bypass off
/cfg/vpn 1/aaa/tg/agent/.
timeout 2s
minver 0.0.0.0
/cfg/vpn 1/aaa/nap/.
autorem false
/cfg/vpn 1/aaa/nap/probation/.
ena false
/cfg/vpn 1/aaa/nap/servers/.
/cfg/vpn 1/aaa/nap/shvs/.
add 311 128 wshv
add 40082 0 nshv
/cfg/vpn 1/aaa/nap/wshv/.
firewall on
autoupdate on
/cfg/vpn 1/aaa/nap/wshv/virus/.
enabled false
/cfg/vpn 1/aaa/nap/wshv/spyware/.
enabled false
/cfg/vpn 1/aaa/nap/wshv/secupdates/.
enabled false
/cfg/vpn 1/aaa/wholesec/.
ena false
/cfg/vpn 1/aaa/auth 1/.
type local
name local
/cfg/vpn 1/aaa/auth 1/local/.
pwdage 0
expirewarn 15
/cfg/vpn 1/aaa/auth 1/adv/.
/cfg/vpn 1/aaa/seqauth/.
ena false
copyuser off
usesecond off
retries 3
/cfg/vpn 1/aaa/network 1/.
name intranet
/cfg/vpn 1/aaa/network 1/subnet 4/.
net 172.16.1.50
mask 255.255.255.255
/cfg/vpn 1/aaa/group 1/.
name trusted
restrict 0
usertype advanced
idlettl 0
sessionttl 0
ippool 1
/cfg/vpn 1/aaa/group 1/access 1/.
network intranet
service *
appspec *
extspec *
action accept
/cfg/vpn 1/aaa/group 1/linkset/.
add base-links
/cfg/vpn 1/aaa/group 1/l2tp/.
/cfg/vpn 1/aaa/group 1/ipsec/.
/cfg/vpn 1/aaa/ssodomains/.
/cfg/vpn 1/aaa/ssoheaders/.
/cfg/vpn 1/aaa/radacct/.
ena false
/cfg/vpn 1/aaa/radacct/servers/.
/cfg/vpn 1/aaa/radacct/vpnattribute/.
vendorid "1872 (alteon)"
vendortype 3
/cfg/vpn 1/aaa/adv/.
/cfg/vpn 1/aaa/adv/unmatchgrp/.
ena disabled
/cfg/vpn 1/server/.
port "443 (https)"
loopback on
fastfin off
ena enabled
/cfg/vpn 1/server/trace/.
/cfg/vpn 1/server/ssl/.
cert 1
cachesize 4000
cachettl 5m
renegotiate legacy
protocol ssl3
log none
verifylog none
ciphers AES256-SHA
verify none
ena enabled
/cfg/vpn 1/server/tcp/.
cwrite 15m
ckeep 15m
skeep 2m
sinterval 1m
swrite 15m
sconnect 30s
csendbuf auto
crecbuf auto
ssendbuf auto
srecbuf 6000
/cfg/vpn 1/server/http/.
downstatus unavailable
securecookie on
certcard off
cookieonce off
sslheader off
sslxheader off
sslsidheader off
addxfor off
addvia on
addxisd off
addclicert off
addnostore on
nocachehdr off
compress off
allowimage on
allowdoc off
allowscript off
allowica on
cmsie on
maxrcount 40
maxline 16384
urlobscure off
sessionhdr off
/cfg/vpn 1/server/http/rewrite/.
paramtag none
urldeferattr on
rewrite off
ciphers HIGH:MEDIUM
response iSD
URI "/cgi-bin/weakcipher"
/cfg/vpn 1/server/proxymap/.
/cfg/vpn 1/server/portal/.
wipecookies on
cookiedb on
resetcookie off
persistent off
/cfg/vpn 1/server/portal/urlrewrite/.
rewrite on
jrewrite on
cssrewrite on
gziprewrite on
ena enabled
/cfg/vpn 1/server/adv/.
/cfg/vpn 1/server/adv/traflog/.
protocol bsd
sysloghost 0.0.0.0
udpport 514
priority info
facility local4
ena disabled
/cfg/vpn 1/server/adv/sslconnect/.
protocol ssl23
cachemode on
ciphers EXP-RC4-MD5:ALL!DH
/cfg/vpn 1/server/adv/sslconnect/verify/.
verify none
/cfg/vpn 1/l2tp/.
ena disabled
cert unset
authorder mschapv2,pap
groupmatch true
/cfg/vpn 1/ipsec/.
ena disabled
cert unset
groupmatch true
groupbind off
/cfg/vpn 1/ipsec/sys/.
/cfg/vpn 1/ipsec/sys/failover/.
primary 0.0.0.0
secondary 0.0.0.0
tertiary 0.0.0.0
/cfg/vpn 1/ipsec/sys/nat-t/.
udpport 10001
portswitch off
ena false
/cfg/vpn 1/ippool 1/.
type local
name Local_pool
lowerip 10.0.0.1
upperip 10.0.0.100
proxyarp on
ena enabled
/cfg/vpn 1/ippool 1/exclude/.
/cfg/vpn 1/ippool 1/netattr/.
netmask 255.255.255.0
primnbns 0.0.0.0
secnbns 0.0.0.0
primdns 0.0.0.0
secdns 0.0.0.0
/cfg/vpn 1/portal/.
logintext
This is a configurable text.
...
seclogtext
This is a configurable text.
...
iconmode fancy
linktext
...
linkurl on
punblock off
linkcols 2
linkwidth 100%
companyname "Avaya Inc."
smbworkgrp WORKGROUP
autojre on
applet on
wiper on
rsaauto off
ieclear on
citrix off
clientauth off
trustsite off
/cfg/vpn 1/portal/colors/.
color1 #ececec
color2 #ececec
color3 #cc0000
color4 #cc0000
/cfg/vpn 1/portal/content/.
ena disabled
/cfg/vpn 1/portal/faccess/.
ena disabled
ipsecmode native
contip 0.0.0.0
portalmsg
From this page you can gain full network access. This
requires that Net Direct is enabled or
that you have either Avaya's IPSEC client (version 4.89 or better)
and/or SSL-VPN (TDI version 1.1 or better) client installed. If the Net Direct
installable client is installed it will be used if Net Direct is enabled.
Note: Your browser must support Java. If not download SUN's
J2SE JRE from
class="white_link" href="javascript:download_jre()">www.java.com.
Remember: You can only access resources on the network as defined by
your access rights. Contact your network operator if you are
dissatisfied with your current access rights.
...
appletmsg
The quest for full network access has started._The outcome of the quest will be indicated in the progress bar and console window below.
...
/cfg/vpn 1/portal/lang/.
setlang en
/cfg/vpn 1/portal/lang/beconv/.
/cfg/vpn 1/portal/whitelist/.
ena disabled
/cfg/vpn 1/portal/whitelist/domains/.
/cfg/vpn 1/portal/blacklist/.
ena disabled
/cfg/vpn 1/portal/blacklist/domains/.
/cfg/vpn 1/portal/usertype/.
/cfg/vpn 1/portal/usertype/novice/.
sysinfo off
/cfg/vpn 1/linkset 1/.
name base-links
autorun false
/cfg/vpn 1/linkset 1/link 1/.
href <netdirect>
NetdirectFlag off
type netdirect
/cfg/vpn 1/linkset 1/link 1/netdirect/.
/cfg/vpn 1/vdesktop/.
ena off
prelogon off
always off
force off
switch off
secure off
persist off
filesep off
remdisk off
print off
netshare off
cryptlevel 128
timeout 5
conncntrl off
/cfg/vpn 1/vdesktop/mcd/.
ena disabled
keylogger off
scrscrap off
acntcreate off
/cfg/vpn 1/vdesktop/mcd/vkeyboard/.
ena disabled
/cfg/vpn 1/sslclient/.
ippool off
netdirect on
caching off
ndbanner
This is Netdirect Banner!
...
ndlicense
END USER LICENSE AGREEMENT
FOR AVAYA VPN CLIENT
This Software License Agreement ('Agreement') is between you, ('User') and Avaya Corporation and its subsidiaries and affiliates ('Avaya'). PLEASE READ THE FOLLOWING CAREFULLY.
BY CLICKING ON THE 'YES' BUTTON OR USING THIS SOFTWARE, YOU ('USER') ARE CONSENTING TO BE BOUND BY THIS AGREEMENT BETWEEN YOURSELF AND AVAYA. IF YOU DO NOT AGREE TO BE BOUND BY THIS AGREEMENT, CLICK 'NO' AND DO NOT USE THIS SOFTWARE.
LICENSE GRANT: This Agreement shall govern the licensing of Avaya and Avaya licensor's software and the accompanying user manuals, on line help services, Avaya Web Site and other instructions (collectively, the 'Software') provided or made available to User. The Software includes client software, which resides on the computers of User, to access Sublicensor's networks (the 'Client Software'). The Software provided under this License is proprietary to Avaya and to third parties from whom Avaya has acquired license rights. This Software was licensed in conjunction with the purchase of a 'Avaya VPN Gateway' or other Avaya VPN device, that will give the User access to the Sublicensor's purchaser's network and may only be used for this purpose by you. User is hereby granted a nonexclusive object code only license to use the Software under the following terms:
- User shall use the Software only in conjunction with the Avaya VPN Gateway or other Avaya VPN device with which the Software was distributed.
- User may make one copy of the Software only for safekeeping (archives) or backup purposes.
- User may not modify, translate, adapt, decompile, disassemble, decrypt, extract, or otherwise reverse engineer or attempt to discover the source code and techniques incorporated in the Software. User may not create derivative works based on the Software or any trade secret or proprietary information of Avaya.
- Title to Software shall not pass to User.
- User shall not provide, or otherwise make available, any Software, in whole or in part, in any form, to any third party, nor shall User sublicense, rent or lease the Software.
- Upon termination or breach of this Agreement, or in the event that the Avaya device with which it was distributed is no longer in use, User will immediately cease use of and destroy all copies of the Software and return the Software to Avaya or certify as to such destruction to Avaya that is has been destroyed. Avaya and Third-party owners from whom Avaya has acquired license rights to material that is incorporated into the Software shall have the right to enforce the provisions of this Agreement against User. IN NO EVENT SHALL AVAYA OR ITS AGENTS, SUPPLIERS, MANUFACTURERS OR DISTRIBUTORS BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION OR DATA, DAMAGES BASED ON ANY THIRD PARTY CLAIM, OR, OR ANY OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THESE LIMITATIONS OR EXCLUSIONS AND IN SUCH EVENT THEY MAY NOT APPLY.
User agrees to comply with all export restrictions regarding the Software, and shall not export, directly or indirectly, any Software or related technical data or information without first obtaining any required export licenses or other governmental approvals. THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE REMAINS WITH USER. Avaya is not obligated to User to provide support of any kind for the Software, and in the event it chooses to do so, such support is subject to the terms of this Agreement. Some jurisdictions do not allow exclusion of implied warranties and, in such event, the above exclusions may not apply. If User is the United States Government, the following paragraph shall apply: All Software provided hereunder is commercial computer software and commercial computer software documentation, as applicable, and in the event Software is licensed for or on behalf of the United States Government, the respective rights to the Software is governed by Avaya standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities). Software contains trade secrets and copyrighted material and User agrees to treat the Software as confidential information using a reasonable standard of care. User shall not remove or obscure any copyright, patent, trademark, trade secret, or similar intellectual property or restricted rights notice within or affixed to any Software and shall reproduce and affix such notices on any backup copy of software. User may terminate this Agreement at any time. Avaya may terminate this Agreement if User fails to comply with any of its terms. This Agreement is the complete and exclusive agreement between the parties hereto regarding its subject matter, and shall be governed solely by the laws of the state of New York, without regard to its rules governing conflicts of law.
...
oslist all
udpports 5000-5001
rekeytraf 0
rekeytime 8h
portalbind on
idlecheck off
keepalive 0
recncttime 3m
clampmss on
splittun enabled
tdiclient off
lspclient off
oldclients false
/cfg/vp