● Encryption
For phase 2, select the required encryption algorithm. Can only be selected if "Default
Ciphers" is disabled.
Further information can be found in the section "IPsec VPN".
Note
The AES modes CCM and GCM contain separate mechanisms for authenticating data. If
you use a mode AES x CCM or AES x GCM for "Encryption", this will also be used for
authentication. Then only the pseudo random function will be derived from the
"Authentication" parameter.
● Authentication
Specify the method for calculating the checksum. Can only be selected if "Default Ciphers"
is disabled.
The following methods are supported:
– MD5
– SHA1
– SHA512
– SHA256
– SHA384
● Key Derivation
Select the required Diffie-Hellmann group (DH) from which a key will be generated. Can only
be selected if "Default Ciphers" is disabled.
The following DH groups are supported:
– None: For phase 2, no separate keys are exchanged. This means that Perfect Forward
Secrecy (PFS) is disabled.
– DH group 1
– DH group 2
– DH group 5
– DH group 14
– DH group 15
– DH group 16
– DH group 17
– DH group 18
Note
So that a VPN connection can be established, all devices need to use the same settings or
provide compatible key procedures..
● Lifetime [min]
Enter a period in minutes to specify the lifetime of the agreed keys. When the time expires,
the key is renegotiated.
Configuring with Web Based Management
4.9 "Security" menu
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08 291
To Next Page
Loading...
