Fortinet FortiGate Series Administration Manual page 623

Hide thumbs Also See for FortiGate Series:

Table of Contents

FortiGate Version 4.0 MR1 Administration Guide

01-410-89802-20090903

http://docs.fortinet.com/

To specify manual keys for creating a tunnel, go to VPN > IPSEC > Manual Key and

select Create New.

Figure 383: New Manual Key

Type a name for the VPN tunnel. The maximum name length is 15 characters

for an interface mode VPN, 35 characters for a policy-based VPN.

Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents the

SA that handles outbound traffic on the local FortiGate unit. The valid range is

from 0x100 to 0xffffffff. This value must match the Remote SPI value in

the manual key configuration at the remote peer.

Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents the

SA that handles inbound traffic on the local FortiGate unit. The valid range is

from 0x100 to 0xffffffff. This value must match the Local SPI value in

the manual key configuration at the remote peer.

Remote Gateway

Type the IP address of the public interface to the remote peer. The address

identifies the recipient of ESP datagrams.

Local Interface

This option is available in NAT/Route mode only. Select the name of the

interface to which the IPSec tunnel will be bound. The FortiGate unit obtains

the IP address of the interface from the network interface settings. For more

information, see

Select one of the following symmetric-key encryption algorithms:

DES — Digital Encryption Standard, a 64-bit block algorithm that uses a 56-

3DES — Triple-DES, in which plain text is encrypted three times by three

AES128 — a 128-bit block Cipher Block Chaining (CBC) algorithm that uses

a 128-bit key.

AES192 — a 128-bit block Cipher Block Chaining (CBC) algorithm that uses

a 192-bit key.

AES256 — a 128-bit block Cipher Block Chaining (CBC) algorithm that uses

a 256-bit key.

Note: The algorithms for encryption and authentication cannot both be NULL.

"Configuring interfaces" on page