FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Specify the manual keys for creating a tunnel<br />
Manual-key configurations<br />
Specify the manual keys for creating a tunnel<br />
Specify the manual keys for creating a tunnel as follows:<br />
1 Go to <strong>VPN</strong> > IPSEC > Manual Key and select Create New.<br />
2 Include appropriate entries as follows:<br />
Name<br />
Local SPI<br />
Remote SPI<br />
Remote Gateway<br />
Local Interface<br />
Encryption<br />
Algorithm<br />
Encryption Key<br />
Type a name for the <strong>VPN</strong> tunnel.<br />
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that<br />
represents the SA that handles outbound traffic on the local<br />
<strong>FortiGate</strong> unit. The valid range is from 0x100 to 0xffffffff. This<br />
value must match the Remote SPI value in the manual key<br />
configuration at the remote peer.<br />
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that<br />
represents the SA that handles inbound traffic on the local <strong>FortiGate</strong><br />
unit. The valid range is from 0x100 to 0xffffffff. This value must<br />
match the Local SPI value in the manual key configuration at the<br />
remote peer.<br />
Type the IP address of the public interface to the remote peer. The<br />
address identifies the recipient of ESP datagrams.<br />
Select the name of the physical, aggregate, or VLAN interface to<br />
which the <strong>IPSec</strong> tunnel will be bound. The <strong>FortiGate</strong> unit obtains the<br />
IP address of the interface from System > Network > Interface<br />
settings. This is available in NAT/Route mode only.<br />
Select one of the following symmetric-key encryption algorithms:<br />
• DES-Digital Encryption Standard, a 64-bit block algorithm that<br />
uses a 56-bit key.<br />
• 3DES-Triple-DES, in which plain text is encrypted three times by<br />
three keys.<br />
• AES128-A 128-bit block algorithm that uses a 128-bit key.<br />
• AES192-A 128-bit block algorithm that uses a 192-bit key.<br />
• AES256-A 128-bit block algorithm that uses a 256-bit key.<br />
If you selected:<br />
• DES, type a 16-character hexadecimal number (0-9, a-f).<br />
• 3DES, type a 48-character hexadecimal number (0-9, a-f)<br />
separated into three segments of 16 characters.<br />
• AES128, type a 32-character hexadecimal number (0-9, a-f)<br />
separated into two segments of 16 characters.<br />
• AES192, type a 48-character hexadecimal number (0-9, a-f)<br />
separated into three segments of 16 characters.<br />
• AES256, type a 64-character hexadecimal number (0-9, a-f)<br />
separated into four segments of 16 characters.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
112 01-30005-0065-20070716