Siemens SCALANCE M-800 Series Getting Started page 151

Configuration file
Local ID: U269159D5@GEA32
Remote net address: 192.168.184.0
Remote subnet mask: 255.255.255.0
Local net address: 192.168.100.0
Local subnet mask: 255.255.255.0
IPsec VPN > Connections > Edit IKE
Phase 1 - ISAKMP SA
ISAKMP-SA encryption: 3DES-168
ISAKMP-SA hash: SHA-1
ISAKMP-SA mode: Main mode
ISAKMP-SA lifetime (seconds): 86400
The value is specified in seconds in the text file. In
the WBM, the value must be entered in minutes.
Phase 2 - IPSec SA
IPsec SA encryption: 3DES-168
IPsec SA hash: SHA-1
IPsec SA lifetime (seconds): 86400
The value is specified in seconds in the text file. In
the WBM, the value must be entered in minutes.
Perfect Forward Secrecy (PFS): Nein
DH/PFS group: DH-2 1024
NAT-T: On
DPD delay (seconds): 150
DPD timeout (seconds): 60
DPD maximum failures: 5
SCALANCE M-800 Getting Started
Getting Started, 06/2015, C79000-G8976-C337-04
VPN tunnel between SCALANCE M-800 and security CPs
Settings in WBM
Security > IPSec VPN > Authentication > Local ID
not required. The entry remains empty in the WBM.
Security > IPSec VPN > Remote End > Remote Subnet:
192.168.184.0/24
Security > IPSec VPN > Connections > Local Subnet:
192.168.100.0/24
Security > IPSec VPN > Connections > Keying Protocol: IKEv1
--
Security > IPSec VPN > Phase 1 > Encryption: 3DES
Security > IPSec VPN > Phase 1 > Authentication: SHA-1
--
Security > IPSec VPN > Phase 1 > Liftime [min]: 1440
--
Security > IPSec VPN > Phase 2 > Encryption: 3DES
Security > IPSec VPN > Phase 2 > Authentication: SHA-1
Security > IPSec VPN > Phase 2 > Liftime [min]: 1440
--
Security > IPSec VPN > Phase 1 > Key Derivation: DH group 2
Security > IPSec VPN > Phase 2 > Key Derivation: DH group 2
--
--
Security > IPSec VPN > Phase 1 > DPD-Timeout [sec]: 60
--
4.2 Secure VPN tunnel with PSK
151