Siemens SINAUT MD741-1 System Manual page 83

NAT-T
There may be a NAT router between the SINAUT MD741-1 and the VPN gateway
of the remote network. Not all NAT routers allow IPsec data packets to go through.
It may therefore be necessary to encapsulate the IPsec data packets in UDP
packets so that they can go through the NAT router.
On:
If the SINAUT MD741-1 detects a NAT router that does not let the IPsec data
packets through, then UDP encapsulation is started automatically.
Force:
During negotiation of the connection parameters for the VPN connection,
encapsulated transmission of the data packets during the connection is insisted
upon.
Off:
The NAT-T function is switched off.
Enable dead peer detection
If the remote station supports the dead peer detection (DPD) protocol, then the
partner in question can detect whether the IPsec connection is still valid or not,
meaning that it may have to be re-established. Without DPD, depending on the
configuration it may be necessary to wait until the SA lifetime elapses or the
connection has to be re-initiated manually. To check whether the IPsec connection
is still valid, the dead peer detection sends DPD requests to the remote station
itself. If there is no answer, then after the permitted number of failed attempts the
IPsec connection is considered to be interrupted.
Yes
Dead peer detection is switched on. Attempts are made to re-establish the IPsec
connection if it has been declared dead, independently of the transmission of user
data.
No
Dead peer detection is switched off.
DPD - delay (seconds)
Time period in seconds after which DPD requests will be sent. These requests test
whether the remote station is still available.
SINAUT MD741-1
C79000- G8976-C212
VPN connection
83