Siemens SIMATIC NET SCALANCE S615 Configuration Manual page 166

Configuring with Web Based Management
4.8 "Security" menu
● Authentication
Specify the method for calculating the checksum.
The following methods available:
– Auto: automatic detection
– MD5
– SHA1
– SHA512
● IKE Key Derivation
Select the required Diffie-Hellmann group (DH) from which a key will be generated. If
"Auto" is set, there is no restriction. It is compared to the capabilities of the remote station
and selected accordingly.
● Keying Tries
Enter the number of repetitions for a failed connection establishment. If you enter the
value 0, the connection establishment will be attempted endlessly.
● Lifetime [min]
Enter a period in minutes to specify the lifetime of the authentication. When the time has
elapsed, the VPN endpoints involved must authenticate themselves with each other again
and generate a new key
● DPD
When enabled DPD is used. Using DPD, it is possible to find out whether the VPN
connection still exists or whether it has aborted.
Note
Sending DPD queries increases the amount of data sent and received. This can lead to
increased costs
● DPD Period [sec]
Enter the period after which DPD queries are sent. These queries test whether or not the
remote station is still available
● DPD Timeout [sec]
Enter the period. If there is no response to the DPD queries, the connection to the remote
station is declared to be invalid after this time has elapsed.
● Aggressive Mode
– Disabled:
– Enabled
The difference between main and aggressive mode is the "identity protection" used in
main mode. The identity is transferred encrypted in main mode but not in aggressive
mode.
166
Main Mode is used.
Aggressive Mode is used
SCALANCE S615 Web Based Management
Configuration Manual, 05/2015, C79000-G8976-C388-02