Table of Contents
Advertisement
Technical basics
3.8 Security functions
Encryption methods
The following encryption methods are supported. The selection depends on the phase
und the key exchange method (IKE)
3DES
AES128 CBC
AES192 CBC
AES256 CBC
AES128 CTR
AES192 CTR
AES256 CTR
AES128 CCM 16
AES192 CCM 16
AES256 CCM 16
AES128 GCM 16
AES192 GCM 16
AES256 GCM 16
x: is supported
-: is not supported
Default Ciphers
During connection establishment a preset list can be transferred to the VPN connection
partners. The list contains combinations of the three algorithms (Encryption,
Authentication, Key Derivation). To establish a VPN connection, the VPN connection
partner must support at least one of these combinations. The combinations depend on
the phase und the key exchange method (IKE).
Combination
Encryption
Authenticati
on
AES128
SHA1
AES256
SHA512
AES128 CCM 16
SHA256
AES256 CCM 16
SHA512
AES128
SHA1
AES256
SHA512
AES128 CCM 16
SHA256
AES256 CCM 16
SHA512
x: Combination is part of the default cipher
-: Combination is not part of the default cipher
none: For phase 2, no separate keys are exchanged. This means that Perfect Forward Secrecy (PFS) is disabled.
62
Phase 1
IKEv1
x
x
x
x
-
-
-
-
-
-
-
-
-
Key derivation
IKEv1
DH Group 14
DH Group 16
DH Group 14
DH Group 16
none
none
none
none
IKEv2
x
x
x
x
x
x
x
x
x
x
x
x
x
Phase 1
IKEv2
x
x
x
x
-
x
-
x
-
-
-
-
-
-
-
-
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
Phase 2
IKEv1
IKEv2
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Phase 2
IKEv1
IKEv2
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
- Quick Links:
- Function
- Ip Address
Hide quick links:
Advertisement
Table of Contents
