Westermo RedFox Series User Manual
Page 814
Westermo OS Management Guide
Version 4.17.0-0
Security part:
Aggressive
Mode
Configure whether this VPN tunnel should use aggres-
sive or main mode for the IKE handshake. Checking the
Aggressive mode checkbox specifies use of aggressive
mode; un-checking the checkbox means specifies use of
main mode.
For Certificate based authentication, only main mode can
be used. For PSK either main or aggressive mode can be
used.
IKE Auto
(Checkbox)
The cipher suite to use for the IKE handshake can either
be negotiated automatically between the peers, or a spe-
cific suite can be configured manually. Check the Auto
checkbox to specify cipher auto-negotiation; un-check
the checkbox to specify an IKE cipher suite manually (see
below).
Note: Cipher auto-negotiation is only valid with main
mode IKE. In case of aggressive mode, a specific IKE ci-
pher suite must be configured (see below).
IKE Encryption,
Authentication
& DH-Group
Configure the encryption algorithm, message authentica-
tion algorithm and Diffie-Hellman group to use for the IKE
handshake.
This option is only possible to set if the IKE Auto checkbox
is un-checked.
Authentication
Method
Select between PSK and Certificate based IKE authentica-
tion.
Secret
The pre-shared secret (PSK) password string used to pro-
tect the IKE handshake.
The password string should consist of at least 8 charac-
ters and at most 63 characters. Valid characters are ASCII
characters 33-126, except ’#’ (ASCII 35).
Local
Certificate
Label of local certificate (and associated private key).
Mandatory when IKE authentication is based on certifi-
cates.
Remote
Certificate
Label of remote (peer) certificate. Only used for trusted
peer scenarios, see
Continued on next page
814
➞ 2015 Westermo Teleindustri AB