Z45X SERIES INDUSTRIAL CONTROLLERS - DECEMBER 23, 2020
22
Parameter
Options
Tunnel
Enable/Disable an individual tunnel
Auto-Connect
Sends ICMP request as the defined interval in seconds to
the router subnet to maintain the tunnel connection
alive
Local Router Definition
Local Security Type – Available option are FQDN, USER
FQDN, KEY ID or NONE
Security ID – The identifier corresponding to the selected
security type
IP Address – IP address of the remote router
Subnet IP Address/Netmask – IP Address and netmask of
remote router
Authentication/Encryption Pre-Shared Key – Text string used by both ends of the
tunnel for authentication
Exchange Mode – Available settings are Main or
Aggressive. Defines the number of exchanges used to
complete IKE Phase 1. Main is the more robust setting
while aggressive mode uses few exchanges and is
therefore somewhat more risky.
Dead Peer Detection (DPD) – Defines the intervals (in
seconds) between DPD messages following idle periods.
A zero (0) setting disables DPD.
IPSEC Key Exchange
Encryption – Choices are 3des, or aes128, aes192,
ase256
Authentication – Choices are sha1, or md5
DH Group – Defines what size modulus to use for Diffie-
Hellman calculation. Choices are 768,1024, 1536, or 2048
PFS DH Group – Choices are No PFS, 768, 1024, 1536, or
2048. You specify the Diffie – Hellman group in Phase 2
only when you select Perfect Forward Secrecy (PFS). PFS
makes keys more secure because new keys are not
made from previous keys. When you specify PFS during
Phase 2, a Diffie-Hellman exchange occurs each time a
new SA is negotiated. The DH group you choose for
Phase 2 does not need to match the group you choose
for Phase 1.
SA Lifetime (Phase 1 & Phase 2) – The lifetime parameter
controls the duration (in minutes) for which the SA is
valid. A zero (0) setting disables SA Lifetime timeouts.
