Table of Contents
Advertisement
Configuring with Web Based Management
4.7 "Security" menu
4.7.6.5
Phase 1
Phase 1: Encryption agreement and authentication (IKE = Internet Key Exchange)
On this WBM page, you set the parameters for the protocol of the IPsec key
management. The key exchange uses the standardized IKE method for which you can set
the following protocol parameters.
Description
The table contains the following columns:
• Name
Shows the name of the VPN connection to which the settings relate.
• Default Ciphers
When enabled, a preset list is transferred to the VPN connection partner during
connection establishment. The list contains combinations of the three algorithms
(Encryption, Authentication, Key Derivation). To establish a VPN connection, the VPN
connection partner must support at least one of these combinations. The selection
depends on the key exchange method. Additional information can be found in the
section "IPsec VPN (Page 60)".
• Encryption
For phase 1, select the required encryption algorithm. Can only be selected if "Default
Ciphers" is disabled.
The selection depends on the key exchange method. Additional information can be
found in the section "IPsec VPN (Page 60)".
Note
The AES modes CCM and GCM contain separate mechanisms for authenticating data.
If you use a mode AES x CCM for "Encryption", this is also used for authentication.
Then only the pseudo random function will be derived from the "Authentication"
parameter. So that a VPN connection can be established, all devices need to use the
same settings.
332
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
- Quick Links:
- Function
- Ip Address
Hide quick links:
Advertisement
Table of Contents
