254
01-28007-0068-20041203
Fortinet Inc.
Manual key list
VPN
In both cases, you do not specify IPSec phase 1 and phase 2 parameters; you define
manual keys on the
VPN > IPSEC > Manual Key
tab instead.
If one of the VPN peers uses specific authentication and encryption keys to establish
a tunnel, both VPN peers must be configured to use the same encryption and
authentication algorithms and keys.
It is essential that both VPN peers be configured with matching encryption and
authentication algorithms, matching authentication and encryption keys, and
complementary Security Parameter Index (SPI) settings.
Each SPI identifies a Security Association (SA). The value is placed in ESP
datagrams to link the datagrams to the SA. When an ESP datagram is received, the
recipient refers to the SPI to determine which SA applies to the datagram. An SPI
must be specified manually for each SA. Because an SA applies to communication in
one direction only, you must specify two SPIs per configuration (a local SPI and a
remote SPI) to cover bidirectional communications between two VPN peers.
To specify manual keys for creating a tunnel
1
Go to
VPN > IPSEC > Manual Key
and select Create New.
2
Follow the guidelines in these sections:
•
“Manual key list” on page 254
•
“Manual key options” on page 255
Manual key list
Figure 126:IPSec VPN Manual Key list
Note:
It may not be safe or practical to define manual keys because network administrators
must be trusted to keep the keys confidential, and propagating changes to remote VPN peers in
a secure manner may be difficult.
!
Caution:
If you are not familiar with the security policies, SAs, selectors, and SA databases for
your particular installation, do not attempt the following procedure without qualified assistance.
Create New
Select Create New to create a new manual key configuration.
Remote Gateway
The IP address of the remote peer or client.
Encryption
Algorithm
The names of the encryption algorithms used in the configuration.
Authentication
Algorithm
The names of the authentication algorithms used in the configuration.
Edit, view, or delete manual key configurations.
Summary of Contents for FortiGate 100A
Page 12: ...Contents 12 01 28007 0068 20041203 Fortinet Inc ...
Page 24: ...24 01 28007 0068 20041203 Fortinet Inc FortiLog documentation Introduction ...
Page 72: ...72 01 28007 0068 20041203 Fortinet Inc Transparent mode VLAN settings System network ...
Page 80: ...80 01 28007 0068 20041203 Fortinet Inc DHCP IP MAC binding settings System DHCP ...
Page 114: ...114 01 28007 0068 20041203 Fortinet Inc Access profile options System administration ...
Page 232: ...232 01 28007 0068 20041203 Fortinet Inc Profile CLI configuration Firewall ...
Page 244: ...244 01 28007 0068 20041203 Fortinet Inc peergrp Users and authentication ...
Page 276: ...276 01 28007 0068 20041203 Fortinet Inc ipsec vip VPN ...
Page 338: ...338 01 28007 0068 20041203 Fortinet Inc Configuring the banned word list Spam filter ...
Page 356: ...356 01 28007 0068 20041203 Fortinet Inc syslogd setting Log Report ...
Page 374: ...374 01 28007 0068 20041203 Fortinet Inc Index ...