Configuration
4.3
VPN menu
The general prerequisite for a VPN connection is that the IP addresses of the VPN
partners are known and accessible. See IP address of the remote site, page 9.
•
In order for an IPSec connection to be established successfully the VPN remote site
must support IPsec with the following configuration:
- Authentication via Pre-Shared Key (PSK) or X.509 certificates
- ESP
- Diffie-Hellman groups 2 or 5
- DES, 3DES or AES encryption
- MD5 or SHA-1 Hash algorithms
- Tunnel or transport mode
- Quick mode
- Main mode
- SA Lifetime (1 second to 24 hours)
If the remote site is a computer running under Windows 2000, the Microsoft Windows
2000 High Encryption Pack or at least Service Pack 2 must be installed.
•
If the remote site is behind a NAT router it must support NAT-T. Alternatively, the
NAT router must recognise the IPsec protocol (IPsec/VPN Passthrough). In both
cases, only IPsec tunnel connections are possible for technical reasons.
36 von 105
SINAUT MD740-1