Table of Contents
Advertisement
7 VPN connection
– In Roadwarrior mode, you need to enter the ID of the partner manually. It
must have the format of a host name or the format of an e-mail address and
must match the local ID of the partner.
– If you leave the local ID set to "NONE", the IP address is used as the local
ID.
– If you enter the local ID manually, this must have the format of a host name
or the format of an e-mail address and must match the ID of the partner.
1:1 NAT
When a VPN tunnel is being established, a special variant of the NAT is used with
the SINAUT MD741-1, the 1:1 NAT, also known as bidirectional NAT. This variant
allows connection establishment both from the local network to the external
network and from the external network to the local network. With the
SINAUT MD741-1, the network addresses of the frames are changed.
For each VPN connection and for both connection directions, you can specify
individually whether or not the 1:1 NAT function is enabled. You can make the
relevant settings on the " IPsec VPN - Edit connection" page.
IKE
Abbreviations/acronyms
IKE: Internet Key Exchange
●
SA: Security Association
●
ISAKMP: Internet Security Association and Key Management Protocol
●
IPsec: Internet Protocol security
●
Connection establishment
The VPN connection is established in two phases.
1. Initially, in phase 1, the security association (SA) is established using the
ISAKMP protocol. Phase 1 is used for the exchange of keys between the
SINAUT MD741-1 and the VPN gateway of the remote station.
2. Following this, in phase 2, the SA is established via the IPsec protocol. Phase
2 is the actual IPsec connection between the SINAUT MD741-1and the VPN
gateway of the remote station.
ISAKMP SA and IPsec SA encryption
82
SINAUT MD741-1
C79000-G8976-C236-05
Advertisement
Table of Contents
