Dial-up Monitor
Manual key IPSec VPN between two networks
DFL-500 IPSec VPNs can be configured to use Autokey IKE or manual key exchange. In most cases Autokey
key exchange is preferred because it is easier to configure and maintain. However, manual key exchange
may be necessary in some cases for compatibility with third party VPN products.
Use the following procedures to configure a VPN between two networks protected by VPN gateways that use
manual key exchange (for an example, see
Example VPN between two internal networks
This section describes:
·
Configuring the manual key VPN tunnel
·
Adding source and destination addresses
·
Configuring the manual key VPN tunnel
Complete the following procedure on both VPN gateways:
·
Go to
VPN > IPSEC > Manual Key
.
·
Select New to add a new manual key VPN tunnel.
·
Configure the VPN tunnel.
VPN Tunnel
Name
Enter a name for the tunnel. The name can contain numbers (0-9) and upper and lower case
letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not
allowed. If you are configuring a VPN between two DFL-500 gateways, it is recommended that
you use the same tunnel name on both sides of the VPN.
Local SPI
(Secure Parameter Index) Enter a hexadecimal number of up to eight digits (digits can be 0 to 9,
a to f). This number must be added to the Remote SPI at the opposite end of the tunnel.
Remote SPI
Enter a hexadecimal number of up to eight digits. This number must be added to the Local SPI at
the opposite end of the tunnel.
Remote
Gateway
Enter the external IP address of the DFL-500 or other IPSec gateway at the opposite end of the
tunnel.
Incoming NAT
Select Incoming NAT if you require address translation for the VPN.
Encryption
Algorithm
Select an algorithm from the list. Make sure you use the same algorithm at both ends of the
tunnel.
Encryption Key
Required for encryption algorithms that include ESP-DES or ESP-3DES.
For all DES Encryption algorithms, enter one hexadecimal number of up to 16 digits. Use the
same encryption key at both ends of the tunnel
For all 3DES encryption algorithms, enter three hexadecimal numbers of up to 16 digits each. Use
the same encryption key at both ends of the tunnel.
Authentication
Key
Required for encryption algorithms that include MD5 or SHA1.
DFL-500 User Manual
67