Manual Key List; Manual Key Options - Fortinet FortiGate FortiGate-5001 Administration Manual
Fortigate 5000 series
Hide thumbs
Also See for FortiGate FortiGate-5001:
- Quick start manual (2 pages) ,
- Introduction manual (77 pages) ,
- Quick manual (37 pages)
Table of Contents
Advertisement
Manual key
Manual key list
Manual key options
264
It is essential that both VPN peers be configured with matching encryption and
authentication algorithms, matching authentication and encryption keys, and
complementary Security Parameter Index (SPI) settings.
Each SPI identifies a Security Association (SA). The value is placed in ESP
datagrams to link the datagrams to the SA. When an ESP datagram is received, the
recipient refers to the SPI to determine which SA applies to the datagram. An SPI
must be specified manually for each SA. Because an SA applies to communication in
one direction only, you must specify two SPIs per configuration (a local SPI and a
remote SPI) to cover bidirectional communications between two VPN peers.
Caution: If you are not familiar with the security policies, SAs, selectors, and SA databases for
your particular installation, do not attempt the following procedure without qualified assistance.
To specify manual keys for creating a tunnel
1
Go to VPN > IPSEC > Manual Key and select Create New.
2
Follow the guidelines in these sections:
•
"Manual key list" on page 264
•
"Manual key options" on page 264
Figure 132:IPSec VPN Manual Key list
Create New
Remote Gateway
Encryption
Algorithm
Authentication
Algorithm
Delete and Edit
icons
VPN Tunnel Name Type a name for the VPN tunnel.
Local SPI
Remote SPI
Select Create New to create a new manual key configuration.
The IP address of the remote peer or client.
The names of the encryption algorithms used in the configuration.
The names of the authentication algorithms used in the configuration.
Delete or edit a manual key configuration.
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents
the SA that handles outbound traffic on the local FortiGate unit. The valid
range is from 0xbb8 to 0xffffffff. This value must match the Remote
SPI value in the manual key configuration at the remote peer.
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents
the SA that handles inbound traffic on the local FortiGate unit. The valid
range is from 0xbb8 to 0xffffffff. This value must match the Local
SPI value in the manual key configuration at the remote peer.
01-28008-0013-20050204
VPN
Fortinet Inc.
Advertisement
Table of Contents
