VPN Manual Key Configuration Page Options

  1. Select Configure>IPSec VPN>Manual Tunnel.

    The VPN Manual Key configuration page appears. Table 92 explains the contents of this page.

  2. Click one:
    • Add—Adds a new or duplicate VPN manual key configuration. Enter information as specified in Table 93.
    • Edit—Edits a selected VPN manual key configuration.
    • Delete—Deletes the selected VPN manual key configuration.
  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.
    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.
    • Cancel—Cancels your entries and returns to the main configuration page.

Table 92: VPN Manual Key Configuration Page

Field

Function

Name

Displays the name of the manual tunnel.

Gateway

Displays the selected gateway.

Bind Interface

Displays the tunnel interface to which the route-based VPN is bound.

Df Bit

Displays the DF bit in the outer header.

Table 93: Add VPN Manual Key Configuration Details

Field

Function

Action

IPSec Manual Key

VPN Name

Specifies the name of the VPN for the IPsec tunnel.

Enter the VPN name.

Remote Gateway

Specifies the name of the remote gateway.

Enter the gateway.

External Interface

Specifies the external interface.

Select an interface from the list.

Protocol

Specifies the types of protocols available for configuration.

The available options are as follows:

  • ESP
  • AH

Select an option.

SPI

Specifies the SPI value.

Range: 256 through 16639.

Enter a value.

Bind to tunnel interface

Specifies the tunnel interface to which the route-based VPN is bound.

Select an interface from the list.

Do not fragment bit

Specifies how the device handles the DF bit in the outer header.

The available options are as follows:

  • clear—Clear (disable) the DF bit from the outer header. This is the default.
  • Set—Set the DF bit to the outer header.
  • copy—Copy the DF bit to the outer header.

Select an option from the list

Enable VPN Monitor

Destination IP

Specifies the IP address of the destination peer.

Enter an IP address.

Optimized

Specifies that the device uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.

Select the check box to enable the feature.

Source Interface

Specifies the source interface for ICMP requests (VPN monitoring “hellos”). If no source interface is specified, the device automatically uses the local tunnel endpoint interface.

Specify a source interface.

Key Values

Authentication

Algorithm

Specifies the hash algorithm that authenticates packet data. The options available are as follows:

  • hmac-md5-96—Produces a 128-bit digest.
  • hmac-sha1-96—Produces a 160-bit digest.

Select a hash algorithm from the available option.

ASCII Text

Specifies the preshared value of the key in ASCII format.

Select the ASCII Text option, and enter the key in the appropriate format.

Hexadecimal

Specifies the preshared value of the key in hexadecimal format.

Select the Hexadecimal option, and enter the key in the appropriate format.

Encryption

Encryption

Specifies the supported Internet Key Exchange (IKE) proposals, which includes the following:

  • 3des-cbc—3DES-CBC encryption algorithm.
  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.
  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.
  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.
  • des-cbc—DES-CBC encryption algorithm.

Select an option.

ASCII Text

Specifies the preshared value of the key in ASCII format.

Enable the ASCII Text option and enter the key in the appropriate format.

Hexadecimal

Specifies the preshared value of the key in hexadecimal format.

Enable the Hexadecimal option and enter the key in the appropriate format.

Related Documentation

Copyright© 2011 Juniper Networks, Inc. All rights reserved.