VPN Manual key options
FortiGate-100A Administration Guide 01-28007-0068-20041203 255
Manual key options
Figure 127:Adding a manual key VPN tunnel
VPN Tunnel Name Type a name for the VPN tunnel.
Local SPI Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents
the SA that handles outbound traffic on the local FortiGate unit. The valid
range is from 0xbb8 to 0xffffffff. This value must match the Remote
SPI value in the manual key configuration at the remote peer.
Remote SPI Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents
the SA that handles inbound traffic on the local FortiGate unit. The valid
range is from 0xbb8 to 0xffffffff. This value must match the Local
SPI value in the manual key configuration at the remote peer.
Remote Gateway Type the IP address of the public interface to the remote peer. The
address identifies the recipient of ESP datagrams.
Encryption
Algorithm
Select one of the following symmetric-key encryption algorithms:
• DES-Digital Encryption Standard, a 64-bit block algorithm that uses a
56-bit key.
• 3DES-Triple-DES, in which plain text is encrypted three times by three
keys.
• AES128-A 128-bit block algorithm that uses a 128-bit key.
• AES192-A 128-bit block algorithm that uses a 192-bit key.
• AES256-A 128-bit block algorithm that uses a 256-bit key.
Encryption Key If you selected:
• DES, type a 16-character hexadecimal number (0-9, a-f).
• 3DES, type a 48-character hexadecimal number (0-9, a-f) separated
into three segments of 16 characters.
• AES128, type a 32-character hexadecimal number (0-9, a-f)
separated into two segments of 16 characters.
• AES192, type a 48-character hexadecimal number (0-9, a-f)
separated into three segments of 16 characters.
• AES256, type a 64-character hexadecimal number (0-9, a-f)
separated into four segments of 16 characters.