Siemens SINAUT MD741-1 System Manual page 68

Simatic net egprs/gprs-router

Hide thumbs Also See for SINAUT MD741-1:

System manual (150 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

page of 137

/ 137
Contents
Table of Contents
Bookmarks

Table of Contents

VPN connection

For the VPN tunnel, the SINAUT MD741-1 uses the IPsec method in tunnel mode.

In this method the IP data packets to be transmitted are completely encrypted and

provided with a new header before they are sent to the remote station's VPN

gateway. There the data packets are received, decrypted, and used to reconstruct

the original data packets. These are then forwarded to their destination in the

remote network.

Differences between two VPN connection modes:

In VPN Roadwarrior Mode the SINAUT MD741-1 VPN can accept connections

●

from remote stations with an unknown address. These can be, for example,

remote stations in mobile use that obtain their IP address dynamically.

The VPN connection must be established by the remote station. Only one VPN

connection is possible in Roadwarrior Mode. VPN connections in Standard

Mode can be used at the same time.

In VPN Standard Mode the address (IP address or hostname) of the remote

●

station's VPN gateway must be known for the VPN connection to be

established. The VPN connection can be established either by the SINAUT

MD741-1 or by the remote station's VPN gateway as desired.

Establishment of the VPN connection is subdivided into two phases: First in Phase

1 (ISAKMP = Internet Security Association and Key Management Protocol) the

Security Association (SA) for the key exchange between the SINAUT MD741-1 and

the VPN gateway of the remote station is established.

After that in Phase 2 (IPsec = Internet Protocol Security) the Security Association

(SA) for the actual IPsec connection between the SINAUT MD741-1 and the

remote station's VPN gateway is established.

Requirements for the remote network's VPN gateway

In order to successfully establish an IPsec connection, the VPN remote station

must support IPsec with the following configuration:

Authentication via X.509 certificates, CA certificates or pre-shared key (PSK)

●

ESP

●

Diffie-Hellman group 1, 2 or 5

●

3DES or AES encryption

●

MD5 or SHA-1 hash algorithms

●

Tunnel Mode

●

Quick Mode

●

Main Mode

●

SA Lifetime (1 second to 24 hours)

●

SINAUT MD741-1

C79000- G8976-C212

Table of Contents

Show Quick Links

Quick Links:
Configuration

Hide quick links:

Chapters

Table of Contents

Siemens SINAUT MD741-1 System Manual page 68

Hide quick links:

Chapters

Related Manuals for Siemens SINAUT MD741-1

Related Products for Siemens SINAUT MD741-1

Table of Contents