IPSec VPN
Manual key IPSec VPNs
FortiGate-50 Installation and Configuration Guide
155
Manual key IPSec VPNs
When manual keys are employed, complementary security parameters must be
entered at both ends of the tunnel. In addition to encryption and authentication
algorithms and keys, the security parameter index (SPI) is required. The SPI is an
arbitrary value that defines the structure of the communication between the peers.
With other methods the SPI is generated automatically but with the manual key
configuration it must be entered as part of the VPN setup.
The encryption and authentication keys must match on the local and remote peers;
the SPI values must be mirror images of each other. After you enter these values, the
VPN tunnel can start without any need for the authentication and encryption
algorithms to be negotiated. So long as you have entered correct, complementary
values, the tunnel will be established between the peers. In essence, the tunnel
already exists between the peers. As a result, when traffic matches a policy requiring
the tunnel, it can be authenticated and encrypted immediately.
•
General configuration steps for a manual key VPN
•
Adding a manual key VPN tunnel
General configuration steps for a manual key VPN
A manual key VPN configuration consists of a manual key VPN tunnel, the source and
destination addresses for both ends of the tunnel, and an encrypt policy to control
access to the VPN tunnel.
To create a manual key VPN configuration:
1
Add a manual key VPN tunnel. See
“Adding a manual key VPN tunnel” on page 155
.
2
Configure an encrypt policy that includes the tunnel, source address, and destination
address for both ends of the tunnel. See
“Configuring encrypt policies” on page 168
.
Adding a manual key VPN tunnel
Configure a manual key tunnel to create an IPSec VPN tunnel between the FortiGate
unit and a remote IPSec VPN client or gateway that is also using manual key.
To add a manual key VPN tunnel:
To add a manual key VPN tunnel:
1
Go to
VPN > IPSec > Manual Key
.
2
Select New to add a new manual key VPN tunnel.
3
Enter a VPN Tunnel Name.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.
4
Enter the Local SPI.
The Local Security Parameter Index is a hexadecimal number of up to eight digits
(digits can be 0 to 9, a to f) in the range bb8 to FFFFFFF. This number must be added
to the Remote SPI at the opposite end of the tunnel.
Содержание FortiGate FortiGate-50
Страница 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Страница 32: ...32 Fortinet Inc Next steps Getting started...
Страница 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Страница 88: ...88 Fortinet Inc Registering a FortiGate unit after an RMA Virus and attack definitions updates and registration...
Страница 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Страница 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Страница 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Страница 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Страница 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Страница 232: ...232 Fortinet Inc Glossary...