7 VPN connection
SINAUT MD741-1
C79000-G8976-C236-05
87
ISAKMP-SA hash, IPsec-SA hash
Agree with the administrator of the remote station which method will be used for
computing checksums/hashes during the ISAKMP phase and the IPsec phase. The
following selections are available:
●
MD5 or SHA-1 (automatic detection)
●
MD5
●
SHA-1
The method can be defined differently for ISAKMP-SA and IPsec-SA.
ISAKMP-SA mode
Agree with the administrator of the remote station which method will be used for
negotiating the ISAKMP-SA. The following selections are available:
●
Main mode
●
Aggressive mode
Note
:
When the authentication method Pre-Shared Key is used, Aggressive mode must
be set in Roadwarrior mode.
ISAKMP-SA lifetime, IPsec-SA lifetime
The keys for an IPsec connection are renewed at certain intervals in order to
increase the effort required to attack an IPsec connection.
Specify the lifetime (in seconds) of the keys agreed on for the ISAKMP-SA and
IPsec-SA.
The lifetime can be defined differently for ISAKMP-SA and IPsec-SA.
NAT-T
There may be a NAT router between the SINAUT MD741-1 and the VPN gateway
of the remote network. Not all NAT routers allow IPsec data packets to go through.
It may therefore be necessary to encapsulate the IPsec data packets in UDP
packets so that they can go through the NAT router.
On
:
If the SINAUT MD741-1 detects a NAT router that does not let the IPsec data
packets through, then UDP encapsulation is started automatically.