Configuring Access Point Security 6-41
The Inbound and Outbound SPI settings are required to be interpolated to function correctly. For example:AP1 Inbound SPI = 800AP1 Outbound SPI = 801Inbound ESP
Encryption Key
Enter a key for inbound traffic. The length of the key is determined
by the selected encryption algorithm. The key must match the
outbound key at the remote gateway.
Outbound ESP
Encryption Key
Define a key for outbound traffic. The length of the key is
determined by the selected encryption algorithm. The key must
match the inbound key at the remote gateway.
ESP Authentication
Algorithm
Select the authentication algorithm to use with ESP. This option is
available only when ESP with Authentication was selected for
the ESP type. Options include:
• MD5 - Enables the Message Digest 5 algorithm, which
requires 128-bit (32-character hexadecimal) keys.
• SHA1 - Enables Secure Hash Algorithm 1, which requires
160-bit (40-character hexadecimal) keys.
Inbound ESP
Authentication Key
Define a key for computing the integrity check on the inbound
traffic with the selected authentication algorithm. The key must be
32/40 (for MD5/SHA1) hexadecimal (0-9, A-F) characters in length.
The key must match the corresponding outbound key on the remote
security gateway.
Outbound ESP
Authentication Key
Enter a key for computing the integrity check on outbound traffic
with the selected authentication algorithm. The key must be 32/40
(for MD5/SHA1) hexadecimal (0-9, A-F) characters in length. The
key must match the corresponding inbound key on the remote
security gateway.
Inbound SPI (Hex) Define an up to six-character (maximum) hexadecimal value to
identify the inbound security association created by the encryption
algorithm. The value must match the corresponding outbound SPI
value configured on the remote security gateway.
Outbound SPI (Hex) Enter an up to six (maximum) hexadecimal value to identify the
outbound security association created by the encryption algorithm.
The value must match the corresponding inbound SPI value
configured on the remote security gateway.