Phase 2 - Siemens SIMATIC NET SCALANCE S615 Configuration Manual

Configuring with Web Based Management
4.9 "Security" menu
● DPD Timeout [sec]
Enter a period. If there is no response to the DPD queries, the connection to the remote
station is declared to be invalid after this time has elapsed.
Note
To avoid unwanted connection breakdowns, set the DPD timeout significantly higher than
the DPD period. We recommend setting it at least 2 minutes longer than the DPD period.
● Aggressive Mode
– Disabled:
– Enabled
The difference between main and aggressive mode is the "identity protection" used in main
mode. The identity is transferred encrypted in main mode but not in aggressive mode.
4.9.6.6

Phase 2

Phase 2: Data exchange (ESP = Encapsulating Security Payload)
On this WBM page, you set the parameters for the protocol of the IPsec data exchange. The
entire communication during this phase is encrypted using the standardized security protocol
ESP for which you can set the following protocol parameters.
Description
The table contains the following columns:
● Name
Shows the name of the VPN connection to which the settings relate.
● Default Ciphers
When enabled, a preset list is transferred to the VPN connection partner during connection
establishment. The list contains a combination of the three algorithms (Encryption,
Authentication, Key Derivation). To establish a VPN connection, the VPN connection
partner must support at least one of the combinations. Further information can be found in
the section "IPsec VPN".
290
Main Mode is used.
Aggressive Mode is used
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08