Conference noted::decnis

3597.0. "X25 security on DECNIS 3.1-8 remains open" by BACHUS::GOOVAERTS () Thu Apr 10 1997 06:47

Hi,

	we have a problem with a DECnis used as an x25 gateway.
	It works fine but we wanted to setup security so that
	only one number could call this decnis.
	The version is 3.1-eco8
(nr 2210095)
	We used the configurator and here you find the NCL-script the
	configurator generated.But still the security is open,
	so again any number can enter.
	Can somebody have a look,or is this a bug somewhere?
        (I edited out all non x25 stuff)
Best regards

Danny 



!
!		DECNIS CONFIGURATION SCRIPT
!		===========================
!
!	This script was produced on:	Wed Apr  9 15:24:18 1997 
!	using the utility:	SYS$MANAGER:NIS$DECNIS_CONFIG.COM 
!
create X25 access security dte class default
!
!
create device unit W618-3  name W618-3 
!
! Create and set Line :  W618-3-0 
! to use device: W618-3-0 
!
create modem connect line W618-3-0 communication port W618-3-0 -
    , profile  "NORMAL"
set modem connect line W618-3-0 -
    modem control full, clock external, suppress test indicator TRUE
!
!
! Create and set DTE:  DTE-3-0 
! and LAPB link:  DTE-3-0 
! using Line:  W618-3-0 
!
create lapb link DTE-3-0 profile  "LUXPAC"
set lapb link DTE-3-0 physical line modem connect line W618-3-0 ,  -
    maximum data size 261 ,  window size 3 
!
!
! Create and set DTE:  DTE-3-0 
! using Line:  W618-3-0 
!
!
create x25 protocol dte DTE-3-0 profile  "LUXPAC"
set x25 protocol dte DTE-3-0 link service provider lapb link DTE-3-0 ,  -
    inbound dte class LUXPAC ,  x25 address 451213 ,  -
    outgoing list  {[1..16]} ,  minimum packet size 32 ,  -
    maximum packet size 128 ,  default packet size 128 ,  -
    minimum window size 1 ,  maximum window size 2 ,  default window size 2 
!
! Create Local DTE Class: LUXPAC 
!
create x25 access dte class LUXPAC type local
set x25 access dte class LUXPAC local dtes -
     (DTE-3-0) 
!
! Create Local DTE Class: DTE-3-0 
!
create x25 access dte class DTE-3-0 type local
set x25 access dte class DTE-3-0 local dtes -
     (DTE-3-0) 
!
!
! Create and set up X25 Access FILTERS
!
!
create x25 access filter saturn 
set x25 access filter saturn priority 1 ,  security filter saturn 
!
!
! Create and set up CLIENTS
!
!
create x25 server client saturn 
set x25 server client saturn node saturn 
set x25 server client saturn filters -
     (saturn) 
!
!
! Create Security filters
!
!
!
create x25 access security filter DEFAULT 
set x25 access security filter DEFAULT -
    acl ((identifier =( PSI$DEFAULT_ALL -
    ), access = ALL),(identifier = ( PSI$DEFAULT_REMOTE -
    ), access = REMOTE_CHARGE),(identifier = ( PSI$DEFAULT_NONE -
    ), access = NONE))
create x25 access security filter saturn 
set x25 access security filter saturn -
    acl ((identifier =( PSI$SATURN_ALL -
    ), access = ALL),(identifier = ( PSI$SATURN_REMOTE -
    ), access = REMOTE_CHARGE),(identifier = ( PSI$SATURN_NONE -
    ), access = NONE))
!
!
! Create Remote DTEs
!
!
create x25 access security dte class default remote dte match_all -
    remote address prefix * 
set x25 access security dte class default remote dte match_all -
    rights identifiers -
     (PSI$SATURN_NONE,PSI$DEFAULT_NONE) 
set x25 access security dte class default remote dte match_all    -
    acl ((identifier = ( PSI$SATURN -
    ), access = ALL),(identifier = (*), access = NONE))
!
!
create x25 access security dte class default remote dte remdte-0 -
    remote address prefix 2210095 
set x25 access security dte class default remote dte remdte-0 -
    rights identifiers -
     (PSI$SATURN_ALL) 
set x25 access security dte class default remote dte remdte-0    -
    acl ((identifier = ( PSI$SATURN -
    ), access = ALL),(identifier = (*), access = NONE))
!
!
! Create Security Nodes
!
!
!
create x25 server security nodes saturn 
set x25 server security nodes saturn nodes { saturn }
set x25 server security nodes saturn rights identifiers { PSI$SATURN }
!
!
!