Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 50A Manual key IPSec VPNs, General configuration steps for a manual key VPN, 181

Models: 50A

1 272
Download 272 pages 24.69 Kb
Page 181
Image 181

IPSec VPN

Manual key IPSec VPNs

 

 

Manual key IPSec VPNs

When using manual keys, complementary security parameters must be entered at both ends of the tunnel. In addition to encryption and authentication algorithms and keys, the security parameter index (SPI) is required. The SPI is an arbitrary value that defines the structure of the communication between the peers. With other methods, the SPI is generated automatically but with the manual key configuration it must be entered as part of the VPN setup.

The encryption and authentication keys must match on the local and remote peers, that is, the SPI values must be mirror images of each other. After you enter these values, the VPN tunnel can start without a need for the authentication and encryption algorithms to be negotiated. Provided you entered correct, complementary values, the tunnels are established between the peers. This means that the tunnel already exists between the peers. As a result, when traffic matches a policy requiring the tunnel, it can be authenticated and encrypted immediately.

General configuration steps for a manual key VPN

Adding a manual key VPN tunnel

General configuration steps for a manual key VPN

A manual key VPN configuration consists of a manual key VPN tunnel, the source and destination addresses for both ends of the tunnel, and an encrypt policy to control access to the VPN tunnel.

To create a manual key VPN configuration

1Add a manual key VPN tunnel. See “Adding a manual key VPN tunnel” on page 181.

2Configure an encrypt policy that includes the tunnel, source address, and destination address for both ends of the tunnel. See “Configuring encrypt policies” on page 193.

Adding a manual key VPN tunnel

Configure a manual key tunnel to create an IPSec VPN tunnel between the FortiGate unit and a remote IPSec VPN client or gateway that is also using manual key.

To add a manual key VPN tunnel

1Go to VPN > IPSec > Manual Key.

2Select New to add a new manual key VPN tunnel.

3Type a VPN Tunnel Name.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Enter the Local SPI.

The Local Security Parameter Index is a hexadecimal number of up to eight digits (digits can be 0 to 9, a to f) in the range bb8 to FFFFFFF. This number must be added to the Remote SPI at the opposite end of the tunnel.

5Enter the Remote SPI.

The Remote Security Parameter Index is a hexadecimal number of up to eight digits (digits can be 0 to 9, a to f) in the range bb8 to FFFFFFF. This number must be added to the Local SPI at the opposite end of the tunnel.

FortiGate-50A Installation and Configuration Guide

181

Page 180 Page 182
Page 181
Image 181
Fortinet 50A Manual key IPSec VPNs, General configuration steps for a manual key VPN, Adding a manual key VPN tunnel, 181
Page 180 Page 182