Configuring the Manual Tunnel using J-Web

Use the following procedure to configuring auto tunnel.

To access Manual Tunnel using J-Web:

  1. In the J-Web user interface, select Configure>Manual Tunnel. The details of the display page are as shown in Table 68.
  2. Click one of the following:
    • Add—Adds a manual tunnel. Enter information as specified in Table 69.
    • Edit— Modifies the selected manual tunnel.
    • Delete— Deletes a selected manual tunnel.

Table 68: Display Page for Manual Tunnel

Field

Function

Name

Name of the manual tunnel.

Gateway

Gateway selected.

Bind Interface

The tunnel interface to which the route-based virtual private network (VPN) is bound.

Df Bit

Don't Fragment (DF) bit in the outer header.

Table 69: VPN Manual Configuration Add Options

Field

Function

Action

IPsec Manual

  

VPN Name

Name of the VPN Name for the IPsec tunnel..

Enter the VPN Name.

Remote Gateway

Name of the remote gateway.

Enter the gateway.

 

Types of protocols available for configuration. AH stands for authentication and ESP stands for Encryption algorithm

  • ESP
  • AH

Select a protocol for the proposal.

SIP

Security Parameter Index values ranging from (256..16639).

Select a policy.

Blind to tunnel interface

The tunnel interface to which the route-based virtual private network (VPN) is bound.

Select an interface.

Do not fragment bit

Specifies how the device handles the Don't Fragment (DF) bit in the outer header.

  • clear—Clear (disable) the DF bit from the outer header. This is the default.
  • copy—Copy the DF bit to the outer header.
  • Set—Sets the DF bot to the outer header.

Choose an option.

Enable VPN Monitor

Destination IP

IP address of the destination peer.

Enter an IP address.

Optimized

Specifies that the device uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.

Click the check box.

Source Interface

The source interface for ICMP requests (VPN monitoring “hellos”). If no source interface is specified, the device automatically uses the local tunnel endpoint interface.

Specify a source interface.

Key Values

Authentication

Algorithm

Hash algorithm that authenticates packet data. It can be one of the following:

  • hmac-md5-96—Produces a 128-bit digest.
  • hmac-sha1-96—Produces a 160-bit digest.

Select a hash algorithm.

ASCII Text

Pre-shared value of key

Enable the ASCII Text option and enter the key in the appropriate format.

Hexadecimal

Pre-shared value of key

Enable the hexadecimal option and enter the key in the appropriate format.

Encryption

Supported Internet Key Exchange (IKE) proposals include the following:

  • 3des-cbc—3DES-CBC encryption algorithm.
  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.
  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.
  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.
  • des-cbc—DES-CBC encryption algorithm

Select an encryption algorithm.

ASCII Text

Preshared value of key

Enable the ASCII Text option and enter the key in the appropriate format.

Hexadecimal

Pre shared

Enable the hexadecimal option and enter the key in the appropriate format.