Ipsecvpn - Siemens SIMATIC NET SCALANCE S615 Configuration Manual

2.5.2

IPsecVPN

The device is capable of establishing up to 20 IPsecVPN connections to a remote network.
You configure the IPsec connections in "Security" > " IPsec VPN (Page 159)".
With IPsecVPN, the frames are transferred in tunnel mode. To allow the device to establish a
VPN tunnel, the remote network must have a VPN gateway as the partner.
For the VPN connections, the device distinguishes two modes:
● Roadwarrior mode
In this mode, the device can only operate as a VPN server. The device can only wait for
VPN connections but cannot establish a VPN tunnel as the active partner. The address of
the partner does not need to be known in this mode. This means that it is also possible to
use a dynamic IP address.
● Standard mode
In standard mode, the address of the VPN gateway of the partner must be known so that
the VPN connection can be established. The device can either establish the connection
actively as a VPN client or wait passively for connection establishment by the partner.
The IPsec method
The device uses the IPsec method in the tunnel mode for the VPN tunnel. Here, the frames
to be transferred are completely encrypted and provided with a new header before they are
sent to the VPN gateway of the partner. The frames received by the partner are decrypted
and forwarded to the recipient.
To provide security, the IPsec protocol suite uses various protocols:
● The IP Authentication Header (AH) handles the authentication and identification of the
source.
● The Encapsulation Security Payload (ESP) encrypts the data.
SCALANCE S615 Web Based Management
Configuration Manual, 05/2015, C79000-G8976-C388-02
Technical basics
2.5 Security functions
29