Table of Contents
Advertisement
ISAKMP-SA lifetime, IPsec-SA lifetime
The keys for an IPsec connection are renewed at certain intervals in order to
increase the effort required to attack an IPsec connection.
Specify the lifetime (in seconds) of the keys agreed on for the ISAKMP-SA and
IPsec-SA.
The lifetime can be defined differently for ISAKMP-SA and IPsec-SA.
DH/PFS group
The SINAUT MD741-1supports the Diffie Hellmann key exchange (DH) with the
Perfect Forward Secrecy (PFS) property. You have three DH groups available for
the key exchange.
Select one of the three following options from the drop-down list.
DH-1 768
●
DH-2 1024
●
DH-5 1536
●
NAT-T
There may be a NAT router between the SINAUT MD741-1 and the VPN gateway
of the remote network. Not all NAT routers allow IPsec data packets to go through.
It may therefore be necessary to encapsulate the IPsec data packets in UDP
packets so that they can go through the NAT router.
On:
Force:
Off:
SINAUT MD741-1
C79000-G8976-C236-05
If the SINAUT MD741-1 detects a NAT router that does not let the
IPsec data packets through, then UDP encapsulation is started
automatically.
During negotiation of the connection parameters for the VPN
connection, encapsulated transmission of the data packets during the
connection is insisted upon.
The NAT-T function is switched off.
7 VPN connection
95
Advertisement
Table of Contents
