Siemens SCALANCE M874-3

To Next Page

To Previous Page

VPN tunnel between SCALANCE M-800 and S612

3.3 Secure VPN tunnel with certificates

SCALANCE M-800 Getting Started

122 Getting Started, 06/2015, C79000-G8976-C337-04

The configuration file contains the exported configuration information for the SCALANCE M-

800 including information on the additionally generated certificates.

Configuration file

Settings in WBM

IPsec VPN > Certificates

Upload Remote Site Certificate: Configuration-

1.group1.S612.cer

Upload PKCS12 File (.p12): Configuration-

1.U800CB3FF@G471C.M-800.p12

System > Load&Save > HTTP > IPSecCert : Load

IPsec VPN > Connections > VPN Standard Mode -

Edit Settings

Security > IPSec VPN > Remote End > Remote Mode: Standard

Address of the remote site's VPN gateway:

91.19.6.84

Security > IPSec VPN > Remote End > Remote Address:

91.19.6.84/32

Authentication method: X.509 remote certificate Security > IPSec VPN > Authentication > Authentication: Remote

Cert

Remote Certificate: Configuration-1.group1.S612.cer Security > IPSec VPN > Authentication > Remote Certificate: Con-

figuration-1.Gruppe1.CP.cer

Remote ID: U5A634732@GC4D8 Security > IPSec VPN > Authentication > Remote ID:

U5A634732@GC4D8

Remote net address: 192.168.184.0

Security > IPSec VPN > Remote End > Remote Subnet:

192.168.184.0/24

Remote subnet mask: 255.255.255.0

Local net address: 192.168.100.0

Security > IPSec VPN > Connections > Local Subnet:

192.168.100.0/24

Local subnet mask: 255.255.255.0

IPsec VPN > Connections > Edit IKE

Security > IPSec VPN > Connections > Keying Protocol: IKEv1

Phase 1 - ISAKMP SA

ISAKMP-SA encryption: 3DES-168

Security > IPSec VPN > Phase 1 > Encryption: 3DES

ISAKMP-SA hash: SHA-1

Security > IPSec VPN > Phase 1 > Authentication: SHA-1

ISAKMP-SA mode: Main mode --

ISAKMP-SA lifetime (seconds): 86400

The value is specified in seconds in the text file. In

the WBM, the value must be entered in minutes.

Security > IPSec VPN > Phase 1 > Liftime [min]: 1440

Phase 2 - IPSec SA

IPsec SA encryption: 3DES-168

Security > IPSec VPN > Phase 2 > Encryption: 3DES

IPsec SA hash: SHA-1

Security > IPSec VPN > Phase 2 > Authentication: SHA-1

IPsec SA lifetime (seconds): 86400

The value is specified in seconds in the text file. In

the WBM, the value must be entered in minutes.

Security > IPSec VPN > Phase 1 > Liftime [min]: 1440

Perfect Forward Secrecy (PFS): No

DH/PFS group: DH-2 1024 Security > IPSec VPN > Phase 1 > Key Derivation: DH group 2

Security > IPSec VPN > Phase 2 > Key Derivation: DH group 2

NAT-T: On

DPD delay (seconds): 150 --

Main Page

Siemens SCALANCE M874-3 - Page 122

Table of Contents

Other manuals for Siemens SCALANCE M874-3

Related product manuals