Table of Contents
Advertisement
VPN menu features
IPSec Advanced Setup wizard
From the Keying list, select Manual.
d
Select a Local and Remote address from the lists. This example uses the default static IP address.
e
If you want to force clients to authenticate using XAUTH, select the Require XAUTH authentication
f
checkbox.
Click Next. The Local Endpoint Settings page appears
3
IPSec tunnel's local endpoint settings for manual keying.
Figure 291 IPSec VPN Setup — Local Endpoint Settings page
Fill in the fields.
Enter a unique, hexadecimal value for SPI (Security Parameter Index) in the SPI field. The SPI is used
a
to establish and uniquely identify the tunnel, and determine which key is used to encrypt and decrypt
the packets.
• Format: 0xhex, where hex is a three-digit hexadecimal number
• Range: 0x100-0xfff
Enter an Authentication Key. The ESP Authentication Key. It must be of the form 0xhex, where hex
b
is one or more hexadecimal digits. The hex part must be exactly 32 characters long when using MD5
or 40 characters long when using SHA1 (excluding any underscore characters).
Enter an Encryption key. The ESP Encryption Key. It must be of the form 0xhex, where hex is one
c
or more hexadecimal digits. The hex part must be exactly 16 characters long when using DES or 48
characters long when using 3DES (excluding any underscore characters).
Select a Cipher and Hash option. These are ESP
d
encryption/authentication algorithms that you can use for the tunnel. The option selected must
correspond to the encryption and authentication keys used. Available options are:
• 3DES-MD5-96 uses the encryption transform following the Triple-DES standard in
Cipher-Block-Chaining mode with authentication provided by HMAC and MD5 (96 bit authenticator).
It uses a 192 bit 3DES encryption key and a 128 bit HMAC-MD5 authentication key.
• 3DES-SHA1-96 uses the encryption transform following the Triple-DES standard in
Cipher-Block-Chaining mode with authentication provided by HMAC and SHA1 (96 bit
authenticator). It uses a 192 bit 3DES encryption key and a 160 bit HMAC-SHA1 authentication key.
• DES-MD5-96 uses the encryption transform following the DES standard in Cipher-Block_Chaining
mode with authentication provided by HMAC and MD5 (96 bit authenticator). It uses a 56 bit DES
encryption key and a 128 bit HMAC-MD5 authentication key.
• DES-SHA1-96 uses the encryption transform following the DES standard in Cipher-Block_Chaining
mode with authentication provided by HMAC and SHA1 (96 bit authenticator). It uses a 56 bit DES
encryption key and a 160 bit HMAC-SHA1 authentication key.
282
McAfee UTM Firewall 4.0.4 Administration Guide
(Figure
291). This page is where you configure an
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound