10/100
Manual
If you select Manual, you generate the key yourself, and no key negotiation is needed. Basically, manual key management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key Management method.
Incoming & Outgoing SPI (Security Parameter Index): SPI is carried in the ESP (Encapsulating Security Payload Protocol) header and enables the receiver and sender to select the SA, under which a packet should be processed. The hexadecimal values is acceptable, and the valid range is 100~ffffffff. Each tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel, and vice versa
Encryption: There are two methods of encryption, DES and 3DES. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. DES is
Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. MD5 is a
Encryption Key: This field specifies a key used to encrypt and decrypt IP traffic, and the Encryption Key is generated yourself. The hexadecimal value is acceptable in this field. Both sides must use the same Encryption Key. If DES is selected, the Encryption Key is
Authentication Key: This field specifies a key used to authenticate IP traffic and the Authentication Key is generated yourself. The hexadecimal value is acceptable in this field. Both sides must use the same Authentication key. If MD5 is selected, the Authentication Key is
IKE with Preshared Key (automatic)
IKE is an Internet Key Exchange protocol that is used to negotiate key material for SA (Security Association). IKE uses the
Phase 1 DH Group: Phase 1 is used to create a security association (SA). DH
Chapter 5: Setting Up and Configuring the Router
Figure
IPSec Setup
51
VPN Tab - Client to Gateway