7 VPN connection
SINAUT MD741-1
C79000-G8976-C236-05
83
The SINAUT MD741-1 also supports the following methods:
●
3DES-168
●
AES-128
●
AES-192
●
AES-256
AES-128 is a commonly used method and is therefore set as default.
Note
The more bits in an encryption algorithm - specified by the appended number - the
safer the algorithm is. The AES-256 method is therefore considered the most
secure. However the encryption procedure takes more time and requires more
computing power the longer the key is.
NAT-T
There may be a NAT router between the SINAUT MD741-1 and the VPN gateway
of the remote network. Not all NAT routers allow IPsec frames to pass through.
This means that it may be necessary to encapsulate the IPsec frames in UDP
packets to be able to pass through the NAT router.
Dead peer detection
If the remote station supports the Dead Peer Detection protocol (DPD), the
partners can recognize whether the IPsec connection is still valid or needs to be re-
established. Without DPD and depending on the configuration, it may be necessary
to wait until the SA lifetime has expired or the connection must be reinitiated
manually. To check whether the IPsec connection is still valid, the Dead Peer
Detection itself sends DPD queries to the remote station. If the remote station does
not reply, the IPsec connection is considered to be interrupted after a number of
permitted failures.
Note
Sending DPD queries increases the amount of data sent and received. This can
lead to increased costs.