Manual Key - Fortinet Fortigate-5000 series Administration Manual

Manual Key

Manual Key
296
VPN Tunnel
Inbound NAT
Configure other settings as required.
Route-based VPN Internet browsing configuration
Configure an additional firewall policy as follows:
Source Interface/Zone
Source Address Name
Destination Interface/Zone
Destination Address Name
Action
NAT
Configure other settings as required.
If required, you can manually define cryptographic keys for establishing an IPSec
VPN tunnel. You would define manual keys in situations where:
• Prior knowledge of the encryption and/or authentication key is required (that is,
one of the VPN peers requires a specific IPSec encryption and/or
authentication key).
• Encryption and authentication needs to be disabled.
In both cases, you do not specify IPSec phase 1 and phase 2 parameters; you
define manual keys on the VPN > IPSEC > Manual Key page instead.
Note: It may not be safe or practical to define manual keys because network administrators
must be trusted to keep the keys confidential, and propagating changes to remote VPN
peers in a secure manner may be difficult.
Figure 180:Manual Key list
Create New Create a new manual key configuration. See
manual key configuration" on page
Tunnel Name The names of existing manual key configurations.
Remote Gateway The IP addresses of remote peers or dialup clients.
Encryption The names of the encryption algorithms specified in the manual key
configurations.
Algorithm
Select the tunnel that provides access to the private
network behind the FortiGate unit.
Enable
Select the IPSec interface.
Select All
Select the FortiGate unit public interface.
Select All
Select ACCEPT.
Enable
297.
FortiGate Version 3.0 MR4 Administration Guide
VPN IPSEC
Edit
Delete
"Creating a new
01-30004-0203-20070102