Manual key options, 255 manual key options – Fortinet 100A User Manual

VPN

Manual key options

FortiGate-100A Administration Guide

01-28007-0068-20041203

255

Manual key options

Figure 127:Adding a manual key VPN tunnel

VPN Tunnel Name Type a name for the VPN tunnel.
Local SPI

Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents

the SA that handles outbound traffic on the local FortiGate unit. The valid

range is from 0xbb8 to 0xffffffff. This value must match the Remote

SPI value in the manual key configuration at the remote peer.

Remote SPI

Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents

the SA that handles inbound traffic on the local FortiGate unit. The valid

range is from 0xbb8 to 0xffffffff. This value must match the Local

SPI value in the manual key configuration at the remote peer.

Remote Gateway

Type the IP address of the public interface to the remote peer. The

address identifies the recipient of ESP datagrams.

Encryption
Algorithm

Select one of the following symmetric-key encryption algorithms:
•

DES-Digital Encryption Standard, a 64-bit block algorithm that uses a
56-bit key.

•

3DES-Triple-DES, in which plain text is encrypted three times by three
keys.

•

AES128-A 128-bit block algorithm that uses a 128-bit key.

•

AES192-A 128-bit block algorithm that uses a 192-bit key.

•

AES256-A 128-bit block algorithm that uses a 256-bit key.

Encryption Key

If you selected:
•

DES, type a 16-character hexadecimal number (0-9, a-f).

•

3DES, type a 48-character hexadecimal number (0-9, a-f) separated
into three segments of 16 characters.

•

AES128, type a 32-character hexadecimal number (0-9, a-f)
separated into two segments of 16 characters.

•

AES192, type a 48-character hexadecimal number (0-9, a-f)
separated into three segments of 16 characters.

•

AES256, type a 64-character hexadecimal number (0-9, a-f)
separated into four segments of 16 characters.