Copyright © 2013 Weidmüller Interface GmbH & Co. KG
38 / 103
All rights reserved. Reproduction without permission is prohibited.
Figure 40: Configuration
VPN
IPsec
Tab „Configuration“
The IPsec menu allows to create and establish virtual private network connections based on the standard
IPsec implementation. The Router can be configured both as IPsec client and IPsec server.
IPsec allows the encryption of the complete communication flow between the Router and a remote site on IP
level. IPsec provides encryption of subnets, which are located behind the respective VPN peers.
IPsec connections can be used with both PSK encryption (pre-shared key using user name and password)
as well as certificate based encryption.
Implemented IPsec features:
Key exchange:
IKE (Internet Key Exchange) basedon ISAKMP (Internet Security Association and Key
Management Protocol)
IKE-Phases:
Main-Mode (Phase 1) and Quick-Mode (Phase 2)
Authentication:
X.509-certificates or Pre-shared-key
DH groups:
DH group 1 MODP 768, DH group 2 MODP 1024, DH group 5 MODP 1536
Data integrity:
MD5 (128bit), SHA1 (160bit)
Encoding:
DES (64bit), 3DES (192bit), AES (128bit), AES (192bit), AES (256bit)
Integrated hardware-based encoding
Ipsec mode:
ESP tunnel
Maximum number of Ipsec connections: 64
NAT-Traversal: Yes
Dead-Peer-Detection: Yes
Note: By default the Router uses the parameters AES128, MD5, DH group 2 for Main-Mode and
AES128, SHA1 for Quick-Mode.
Authentication by „Aggressive-Mode is due to security reasons not supported!