ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Table 40. Add New VPN Policy screen settings (continued)
Setting
Traffic Selection
Local IP
Remote IP
Manual Policy Parameters
Note:
These fields apply only when you select Manual Policy as the policy type. When you specify the
settings for the fields in this section, a security association (SA) is created.
SPI-Incoming
Encryption Algorithm
Key-In
Key-Out
Virtual Private Networking Using IPSec Connections
Description
From the drop-down list, select the address or addresses that are part of the
VPN tunnel on the VPN firewall:
• Any. All computers and devices on the network.
• Single. A single IP address on the network. Enter the IP address in the Start
IP Address field.
• Range. A range of IP addresses on the network. Enter the starting IP address
in the Start IP Address field and the ending IP address in the End IP Address
field.
• Subnet. A subnet on the network. Enter the starting IP address in the Start IP
Address field and the subnet mask in the Subnet Mask field.
Note:
You cannot select Any for both the VPN firewall and the remote endpoint.
From the drop-down list, select the address or addresses that are part of the
VPN tunnel on the remote endpoint. The menu choices are the same as for the
Local IP drop-down list.
The security parameters index (SPI) for the inbound policy. Enter a hexadecimal
value between 3 and 8 characters (for example: 0x1234).
From the drop-down list, select one of the following five algorithms to negotiate
the security association (SA):
• DES. Data Encryption Standard (DES).
• 3DES. Triple DES. This is the default algorithm.
• AES-128. Advanced Encryption Standard (AES) with a 128-bit key size.
• AES-192. AES with a 192-bit key size.
• AES-256. AES with a 256-bit key size.
The encryption key for the inbound policy. The length of the key depends on the
selected encryption algorithm:
• DES. Enter 8 characters.
• 3DES. Enter 24 characters.
• AES-128. Enter 16 characters.
• AES-192. Enter 24 characters.
• AES-256. Enter 32 characters.
The encryption key for the outbound policy. The length of the key depends on
the selected encryption algorithm:
• DES. Enter 8 characters.
• 3DES. Enter 24 characters.
• AES-128. Enter 16 characters.
• AES-192. Enter 24 characters.
• AES-256. Enter 32 characters.
172