4.9.6.5
Phase 1
Phase 1: Encryption agreement and authentication (IKE = Internet Key Exchange)
On this WBM page, you set the parameters for the protocol of the IPsec key management. The
key exchange uses the standardized IKE method for which you can set the following protocol
parameters.
Description
The table contains the following columns:
● Name
Shows the name of the VPN connection to which the settings relate.
● Default Ciphers
When enabled, a preset list is transferred to the VPN connection partner during connection
establishment. The list contains a combination of the three algorithms (Encryption,
Authentication, Key Derivation). To establish a VPN connection, the VPN connection
partner must support at least one of the combinations. The selection depends on the key
exchange method. Additional information can be found in the section "IPsec VPN".
● Encryption
For phase 1, select the required encryption algorithm. Can only be selected if "Default
Ciphers" is disabled.
The selection depends on the key exchange method. Additional information can be found
in the section "IPsec VPN".
Note
The AES modes CCM and GCM contain separate mechanisms for authenticating data. If
you use a mode AES x CCM for "Encryption", this is also used for authentication. Then only
the pseudo random function will be derived from the "Authentication" parameter. So that a
VPN connection can be established, all devices need to use the same settings.
Configuring with Web Based Management
4.9 "Security" menu
SCALANCE S615 Web Based Management
288
Configuration Manual, 11/2019, C79000-G8976-C388-08