The LAN-Cell 2 supports 256-bit AES for Phase 2 IPSec negotiation of VPN tunnels. Phase 1 (IKE) always uses 128-bits if AES is selected.

Note: You cannot select 256-bit AES from the LAN-Cell 2's Web GUI. You must enter the commands below via the Command Line Interface.

2. Connect to the LAN-Cell's System Management Terminal (SMT) by either:

a) Telnet or SSH to the LAN-Cell's IP address

3. Press Enter to get the password prompt, then enter the password for the LAN-Cell (same as the Web GUI)

3. At the text-based SMT screen, select Menu #24, then Menu #8. This will expose a command line mode.

4. Enter the following commands (note: Commands are CASE SENSITIVE)

ipsec ipsecList

This will display a list of the network policies you have defined. Note the index number (first column) of the policy you wish to edit

ipsec ipsecEdit n
where n is the policy index number from above

ipsec ipsecDisplay
This will display the configuration details of the policy so you double check that you have the correct one. Note that the Encryption Key Length is 128.

ipsec ipsecConfig encryKeyLen 2
This will set the AES key length to 256 bits (choices are 0 = 128, 1= 192, 2 = 256)

ipsec ipsecSave
Saves the new settings

ipsec ipsecDisplay n
where n is the policy index

Will display the new ipsec parameters, Note the EncryptionKeyLen is now 256.

Repeat this process for any Network Policies that you want to use AES-256.