[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring an IPsec Manual Key VPN—Quick Configuration

You can use J-Web Quick Configuration to quickly configure an IPsec manual key VPN

Before You Begin

For background information, read

Figure 102 shows the quick configuration page where you can select an existing manual key VPN, or click Add to create a new one

Figure 102: IPsec Manual Key VPN

Image QC_ipsec_manual.gif

 

Figure 103 shows the quick configuration page where you create a new IPsec manual key VPN.

Figure 103: IPsec Manual Key VPN Configuration

Image QC_ipsec_manual_add.gif

To configure a manual key with Quick Configuration:

  1. Select Configuration > Quick Configuration > VPN > IPSec Manual Key.
  2. To use an existing manual key VPN, select one from among those listed and click one of the following buttons:
  3. To create a new manual key VPN, click Add.
  4. Fill in the VPN options as described in Table 71.
  5. Click one of the following buttons:

Table 71: IPsec Manual Key VPN Configuration Options

Field

Function

Action
IPSec Manual Key VPN

VPN Name

Name of the VPN.

Enter a name.

Remote gateway

Name of the remote gateway.

Select a name.

External Interface

Outgoing interface.

Select an interface.

Protocol

Security protocol for this VPN.

Select a protocol.

Spi

The security parameter index. An arbitrary value that uniquely identifies which security association (SA) to use at the receiving host (the destination address in the packet).

Enter a value from 256 through 16,639.
Authentication

Algorithm

Hash algorithm that authenticates packet data. It can be one of the following:

  • hmac-md5-96—Produces a 128-bit digest.
  • hmac-sha1-96—Produces a 160-bit digest.

Select an algorithm.

Key

Type of authentication. It can be one of the following:

  • None
  • ascii-text—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters.
  • hexadecimal—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.

Select none, or select the type of key and enter it in the appropriate format.
Encryption

Algorithm

Supported Internet Key Exchange (IKE) proposals include the following:

  • 3des-cbc—3DES-CBC encryption algorithm.
  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.
  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.
  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.
  • des-cbc—DES-CBC encryption algorithm

Select an encryption algorithm.

Key

Type of encryption key. It can be one of the following:

  • None
  • ascii-text—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters.
  • hexadecimal—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.

Select none, or select the type of key and enter it in the appropriate format.

Bind to tunnel interface

The tunnel interface to which the route-based virtual private network (VPN) is bound.

Select an interface.

Don't Fragment bit

Specifies how the device handles the Don't Fragment (DF) bit in the outer header.

  • clear—Clear (disable) the DF bit from the outer header. This is the default.
  • copy—Copy the DF bit to the outer header.
  • set—Set (enable) the DF bit in the outer header.

Choose an option.

Enable VPN monitor

Allows for monitoring of the VPN.

Click the check box.

Destination ip

IP address of the destination peer.

Enter an IP address

Optimized

Specify that the device uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default

Click the check box.

Source interface

The source interface for monitor messages

Enter a source interface name.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.