Chapter 6 – RouteFinder Software
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
109
VPN > IPSec > Manual
Add a Manual Connection
Add Manual Connection
Connection Name
Enter a text name that will identify the connection for you.
Compression
Check the compression checkbox to enable IPCOMP, the compression algorithm.
Authentication Method
Decides the encryption and authentication algorithms to be used for the respective security services.
Options are:
Authentication only:
1. AH using MD5 –128 bit key
2. AH using SHA1 – 160 bit key
Encryption only:
1. ESP (Encapsulating Security Payload) using AES
2. ESP using DES – 56 bit key
3. ESP using 3DES – 192 bit key
Encryption & Authentication:
1. ESP using 3DES for encryption and MD5 for authentication
2. ESP using 3DES for encryption and SHA1 for authentication
3. ESP using 3DES for encryption and AH MD5 for authentication
4. ESP using 3DES for encryption and AH SHA1 for authentication
Note:
Encryption without authentication is not recommended since it is not secure.
SPI Base
Security Parameter Index identifies a manual connection. The SPI is a unique identifier in the SA (Secure
Association – a type of secure connection) that allows the receiving computer to select the SA under which
a packet will be processed. The SPI Base is a number needed by the manual keying code. Enter any 3-
digit hexadecimal number, which is unique for a security association. It should be in the form 0xhex (a
number between 0x100 - 0xfff is recommended). If you have more than one manual connection, then the
SPI Base must be different for each one.
ESP Encryption Key (Espenckey) -
The VPN firewall box uses 3DES as its encryption algorithm. 3DES
uses a 192 bit hexadecimal number as its encryption key.
ESP Authentication Key (Espauthkey) -
The VPN firewall could use either MD5 or SHA1 for ESP
authentication:
MD5 - 128 bit key example: 0x0123456789012345678901234567890ab.
SHA1 - 160 bit key example: 0x01234567890123456789012345678901234567890
AH Key
The VPN firewall could use either MD5 or SHA1 for authentication
MD5 - 128 bit key example: 0x0123456789012345678901234567890ab.
SHA1 - 160 bit key example: 0x01234567890123456789012345678901234567890
Local WAN IP
Select the Interface to initiate the IPSec tunnel (Left Security Gateway). Options are LAN, WAN, and DMZ.