fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Specify the manual keys for creating a tunnel Manual-key configurations<br />
Specify the manual keys for creating a tunnel<br />
Specify the manual keys for creating a tunnel as follows:<br />
1 Go to VPN > IPsec > Manual Key and select Create New.<br />
2 Include appropriate entries as follows:<br />
Name Type a name for the VPN tunnel.<br />
Local SPI<br />
Remote SPI<br />
Remote<br />
Gateway<br />
Local Interface<br />
Encryption<br />
Algorithm<br />
Encryption Key<br />
Authentication<br />
Algorithm<br />
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that<br />
represents the SA that handles outbound traffic on the local<br />
FortiGate unit. The valid range is from 0x100 to 0xffffffff.<br />
This value must match the Remote SPI value in the manual key<br />
configuration at the remote peer.<br />
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that<br />
represents the SA that handles inbound traffic on the local<br />
FortiGate unit. The valid range is from 0x100 to 0xffffffff.<br />
This value must match the Local SPI value in the manual key<br />
configuration at the remote peer.<br />
Type the IP address of the public interface to the remote peer. The<br />
address identifies the recipient of ESP datagrams.<br />
Select the name of the physical, aggregate, or VLAN interface to<br />
which the IPsec tunnel will be bound. The FortiGate unit obtains<br />
the IP address of the interface from System > Network > Interface<br />
settings. This is available in NAT mode only.<br />
Select one of the following symmetric-key encryption algorithms:<br />
DES — Digital Encryption Standard, a 64-bit block algorithm<br />
that uses a 56-bit key.<br />
3DES — Triple-DES, in which plain text is encrypted three<br />
times by three keys.<br />
AES128 — A 128-bit block algorithm that uses a 128-bit key.<br />
AES192 — A 128-bit block algorithm that uses a 192-bit key.<br />
AES256 — A 128-bit block algorithm that uses a 256-bit key.<br />
If you selected:<br />
DES, type a 16-character hexadecimal number (0-9, a-f).<br />
3DES, type a 48-character hexadecimal number (0-9, a-f)<br />
separated into three segments of 16 characters.<br />
AES128, type a 32-character hexadecimal number (0-9, a-f)<br />
separated into two segments of 16 characters.<br />
AES192, type a 48-character hexadecimal number (0-9, a-f)<br />
separated into three segments of 16 characters.<br />
AES256, type a 64-character hexadecimal number (0-9, a-f)<br />
separated into four segments of 16 characters.<br />
Select one of the following message digests:<br />
MD5 — Message Digest 5 algorithm, which produces a 128-bit<br />
message digest.<br />
SHA1 — Secure Hash Algorithm 1, which produces a 160-bit<br />
message digest.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
184 01-434-112804-20120111<br />
http://docs.fortinet.com/