264
01-28008-0013-20050204
Fortinet Inc.
Manual key
VPN
It is essential that both VPN peers be configured with matching encryption and
authentication algorithms, matching authentication and encryption keys, and
complementary Security Parameter Index (SPI) settings.
Each SPI identifies a Security Association (SA). The value is placed in ESP
datagrams to link the datagrams to the SA. When an ESP datagram is received, the
recipient refers to the SPI to determine which SA applies to the datagram. An SPI
must be specified manually for each SA. Because an SA applies to communication in
one direction only, you must specify two SPIs per configuration (a local SPI and a
remote SPI) to cover bidirectional communications between two VPN peers.
To specify manual keys for creating a tunnel
1
Go to
VPN > IPSEC > Manual Key
and select Create New.
2
Follow the guidelines in these sections:
•
“Manual key list” on page 264
•
“Manual key options” on page 264
Manual key list
Figure 132:IPSec VPN Manual Key list
Manual key options
!
Caution:
If you are not familiar with the security policies, SAs, selectors, and SA databases for
your particular installation, do not attempt the following procedure without qualified assistance.
Create New
Select Create New to create a new manual key configuration.
Remote Gateway
The IP address of the remote peer or client.
Encryption
Algorithm
The names of the encryption algorithms used in the configuration.
Authentication
Algorithm
The names of the authentication algorithms used in the configuration.
Delete and Edit
icons
Delete or edit a manual key configuration.
VPN Tunnel Name
Type a name for the VPN tunnel.
Local SPI
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents
the SA that handles outbound traffic on the local FortiGate unit. The valid
range is from
0xbb8
to
0xffffffff
. This value must match the Remote
SPI value in the manual key configuration at the remote peer.
Remote SPI
Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents
the SA that handles inbound traffic on the local FortiGate unit. The valid
range is from
0xbb8
to
0xffffffff
. This value must match the Local
SPI value in the manual key configuration at the remote peer.
Summary of Contents for FortiGate FortiGate-5020
Page 86: ...86 01 28008 0013 20050204 Fortinet Inc Dynamic IP System DHCP ...
Page 118: ...118 01 28008 0013 20050204 Fortinet Inc FortiManager System Config ...
Page 254: ...254 01 28008 0013 20050204 Fortinet Inc CLI configuration User ...
Page 318: ...318 01 28008 0013 20050204 Fortinet Inc CLI configuration Antivirus ...
Page 350: ...350 01 28008 0013 20050204 Fortinet Inc Using Perl regular expressions Spam filter ...
Page 370: ...370 01 28008 0013 20050204 Fortinet Inc CLI configuration Log Report ...
Page 382: ...382 01 28008 0013 20050204 Fortinet Inc Glossary ...
Page 402: ...402 01 28008 0013 20050204 Fortinet Inc Index ...