Ipsec Tunnels - CTEK Z45 Series User Manual

IPsec Tunnels

The Z4550 Controller supports 8 concurrent IPsec tunnels. For each tunnel the
configuration options below are available.
System-Wide IPsec Tunnel Options
Parameter
Tunnel Select
IPSEC
Security Level
Individual IPsec Tunnel Options
The remaining portion of the IPsec configuration deals with tunnel specific parameters
meaning that each parameter must be set for each tunnel deployed. The configurable
options can be seen in the table below.
Phase 1 and Phase 2 under IPSec Key Exchange refer to IKE Phase 1 and IKE phase 2.
During IKE phase 1 IKE authenticates IPSec peers and negotiates IKE Security
Associations (SAs), setting up a secure channel for negotiating IPSec SAs in phase
2.During IKE phase 2 IKE negotiates IPSec SA parameters and sets up matching IPSec
SAs in the peers. The selection choices with this panel for Phase 1 and Phase 2 are
identical but repeated so that different choices can be applied to Phase 1 and Phase 2
Z45X SERIES INDUSTRIAL CONTROLLERS - DECEMBER 23, 2020
Options
Tunnel to be configured ( up to 8 )
System level Enable/Disable of IPSEC tunnels
Allow Internet and Secure Traffic – In this mode IP traffic
addressed for the IPsec tunnel will be transmitted through
the tunnel. Other traffic will continue to route over the
open IP network. This setting allows web type traffic to co-
exist with secure traffic on the same Ctek controller.
Allow Only Secure Traffic – In this mode only IP traffic
addressed for the IPsec tunnel will be transmitted. Since
this precludes the use of the standard routing feature the
Routing button in the main menu is disabled in this mode
of operation.
21