Datacryptor

	Newsroom

	Careers



	Solutions

	Products & Services

	Support

	Whitepapers

	Case Studies

	Alliances



	Sales

	Offices

Support

Datacryptor®

Datacryptor® X.25

Datacryptor® x.25 variants

Datacryptor® x.25 setup using Cisco routers

Datacryptor® x.25 tracing using the Parascope 2000

Appendix

This document gives some useful information on the Datacryptor® x.25 unit and gives an example of how to set up x.25 units using Cisco routers.

Datacryptor® x.25 variants

There are two Datacryptor® x.25 variants:

Datacryptor® EX (Standard speed) - capable of speeds up to 64kbps and up to 32 encrypted virtual circuits.

Datacryptor® EH (High speed) - capable of speeds up to 128kbps and up to 128 encrypted virtual circuits.

Datacryptor® x.25 setup using Cisco routers

The diagram below shows how to setup two Datacryptor® units and three Cisco routers as an encrypted x.25 network. The router in the middle called Router_sw acts as our x.25 network and simply routes x.25 data to create a Virtual Circuit. The command x25 idle 1 means that the virtual circuit will stay up for a period of 1 minute of inactivity after which the call will be disconnected. Setting this value to x25 idle 0 means that the call will stay up indefinitely (this is the default)

Note that in the configuration below if you want to ping from a device connected to the ethernet port of either Router_Left or Router_Right you will need to add a static route e.g. ip route 192.168.2.0 255.255.255.0 10.10.10.2 on Router_Left and the equivalent on Router_Right.

Click on picture thumbnail to view diagram

All configuration files for the routers and Datacryptor® in this diagram can be found in the Appendix section of this document.

Some useful commands which can be used on the central router are:

show x25 route

show x25 vc

debug x25 events

Datacryptor® x.25 tracing using the Parascope 2000

The diagram, below shows the same network as above but this time the Parascope 2000 WAN analyser has been put into the circuit. An x.21 Y cable is used to intercept the link between the network port of Datacryptor®_Left and Router_sw. See below for details on how to setup the Parascope software.

Click on picture thumbnail to view diagram

The Protocol Stack setup should look like this:

Click on picture thumbnail to view diagram

The Quick Start screen should look like this - click on Run to continue:

Click on picture thumbnail to view diagram

Tracing in this manner lets us see both the call negotiation and the data being passed over the x.25 network.

2 traces were performed - one with the units in encrypt mode, the other with the units in plain mode. Click here for the plain trace, click here for the encrypted trace. If you look at the line data portion of the plain trace packets you will see clear text (a login session to a Cisco router at the end of the link). In the encrypted trace the data is unreadable because it is encrypted.

You can see the x.25 call negotiation process in both traces:

Click on picture thumbnail to view diagram

Frame 45 is the calling packet - see below for the full decode:

Here you can see the Calling Address is 123456789111 - this is the NUA of Datacryptor®_Left. The Called Address is 123456789222 - this is the NUA of Datacryptor®_Right. Also note the LCN (Logical Channel Number) as defined in the Datacryptor®. The LCN defines the logical connection between the two x.25 devices - you can see that all packets after the initial Incoming Call do not contain the calling/called address but are simply denoted by the LCN.

In both traces you can see a lot of RR (Receiver Ready) frames - these are used to signify that the x25 host is up and ready to accept more data. You will typically see these when the x.25 call is connected but no user data is being passed over the link. A discussion of all the x.25 packet types is beyond the scope of this document - see http://www.protocols.com/pbook/x25.htm for more information.

Appendix

Click on the links below for the config files of the Datacryptor® and Cisco routers used in the example above.

Datacryptor® Left config file

Datacryptor® Left policy file

Datacryptor® Right config file

Datacryptor® Right policy file

Router_Left config

Router_sw config

Router_Right config

Datacryptor® Left config file

;Unit Time 13:06:48, 17/07/2003
[GENERAL_INFO]
management_software_version = 2.1.14.4
application_software_version = 1.14.4
bootstrap_software_version = 2.05.1
unit_type = 7
detected_host_cable = 3
detected_net_cable = 3
available_interfaces = 8
UnitName = "A3211040293V"

[GENERAL_CONFIG]
unit_description = "Datacryptor® Link, S/N: A3211040293V"
host_active_interface = 3
network_active_interface = 3
link_mode.line_mode = 0
link_mode.data_algorithm = link_mode.peer_unit_name
link_mode.peer_unit_name =

[SECURITY_CONFIG]
key_update_intervals.kek_lifetime = 2419200
key_update_intervals.dek_lifetime = 86400
movement_alarm_enable = 0
temperature_alarm_enable = 0
erase_button_enable = 3
snmp_mib_view_enable = 1
auto_notify_enable = 1

[SECURITY_CONFIG_PLUS]
use_time_of_day = 0
time_of_day = 3600

[POLL_RETRY]
poll_retry_type = 1

[CONTROL_PORT_CONFIG]
data_bits = 1
stop_bits = 0
baud_rate = 4
parity = 0

[UDP_IP_CONFIG]
control_port_ip_config.ip_address = "2.2.2.2"
control_port_ip_config.net_mask = "255.0.0.0"
network_port_ip_config.ip_address = "1.0.161.77"
network_port_ip_config.net_mask = "255.0.0.0"
ethernet_ip_config.ip_address = "10.10.10.2"
ethernet_ip_config.net_mask = "255.255.255.0"

[DTYPE_CONFIG]
inline_patchbox.host_dce_cts_indication_source = 2
inline_patchbox.host_dce_dcd_source = 3
inline_patchbox.host_dce_dsr_source = 4
inline_patchbox.host_dce_ri_source = 5
inline_patchbox.net_dte_dtr_source = 7
inline_patchbox.net_dte_rts_control_source = 6

safetalk_patchbox.host_dce_cts_indication_source = 1
safetalk_patchbox.host_dce_dcd_source = 3
safetalk_patchbox.host_dce_dsr_source = 4
safetalk_patchbox.host_dce_ri_source = 5
safetalk_patchbox.net_dte_dtr_source = 0
safetalk_patchbox.net_dte_rts_control_source = 0
clock_polarities.transmit_clock_state = 0
clock_polarities.receive_clock_state = 0
network_delay = 10000
terminal_timing = 0

safetalk_condition.condition_operation = 2
safetalk_condition.condition_timeout = 4000
safetalk_condition.net_dte_cts_indication_state = 2
safetalk_condition.net_dte_dcd_state = 2
safetalk_condition.net_dte_dsr_state = 2
safetalk_condition.net_dte_ri_state = 2
safetalk_condition.host_dce_dtr_state = 2
safetalk_condition.host_dce_rts_control_state = 2

[HOST_DATA_GATING]
gate_tx_data = 0
gate_rx_data = 0

[SNMP_IP_CONFIG]
snmp_status = 0
traps_enabled = 1
snmp_location = ""
snmp_contact = ""
ip_forwarding = 1
ip_default_ttl = 16

[SNMP_COMMUNITIES]
community_count = 2
community_1_name = "public"
community_1_access = 0
community_2_name = "private"
community_2_access = 2

[SNMP_TRAP_MANAGERS]
trap_man_count = 1
trap_man_1_address = "10.10.10.100"
trap_man_1_community = "public"
trap_man_1_information = 1
trap_man_1_warning = 1
trap_man_1_minor = 1
trap_man_1_major = 1
trap_man_1_critical = 1

Pages 1 / 2

Contact us AsiaPac

Contact us Americas

Contact us EMEA


		© Thales 2007 Legal Notice