Siemens SCALANCE S615 - Default-Ciphers

To Next Page

To Previous Page

Security and authentication

9.3 IPsec VPN

SCALANCE S615 Command Line Interface

398 Configuration Manual, 06/2015, C79000-G8976-C406-02

Further notes

You display this setting and other information with the show ipsec conn-phase2 command.

You enable the setting with the

auto-fwrules command.

9.3.8.3

default-ciphers

Description

With this command, you specify that a preset list (default list) is transferred to the VPN

connection partner during connection establishment. The list contains a combination of the

three algorithms (Encryption, Authentication, Key Derivation).

To establish a VPN connection, the VPN connection partner must support at least one of

these combinations. The combinations depend on the phase und the key exchange method

IKE).

Combination

Phase 1

Phase 2

Encryption

Authentica-

tion

Key Derivation

IKEv1

IKEv2

IKEv1

IKEv2

AES128 SHA1 DH Group 14 x x x x

AES256

SHA512

DH Group 16

AES128 CCM 16

SHA256

DH Group 14

AES256 CCM 16

SHA512

DH Group 16

AES128

SHA1

none

AES256

SHA512

none

AES128 CCM 16 SHA256 none - - x x

AES256 CCM 16

SHA512

none

x: is supported

: is not supported

none: For phase 2, no separate keys are exchanged. This means that Perfect Forward Secrecy PFS) is disabled.

Requirement

You are in the IPSEC PHASE configuration mode.

The command prompt is as follows:

cli(config-conn-phsX)#

X: 1 (Phase 1)

2 (Phase 2)

Syntax

Call the command without parameter assignment:

default-ciphers

Main Page

Siemens SCALANCE S615 - Default-Ciphers

Table of Contents

Other manuals for Siemens SCALANCE S615

Related product manuals