[Prev][Report an Error]

Configuring an IPSec Manual Key VPN—Quick Configuration

You can use J-Web Quick Configuration to quickly configure an IPSec manual key VPN

To configure a manual key with Quick Configuration:

  1. Select Configuration > Quick Configuration > VPN > IPSec Manual Key.

    The figure below shows the quick configuration page where you can select an existing manual key VPN, or click Add to create a new one.

    Figure 65: IPSec Manual Key VPN

    IPSec Manual Key VPN

  2. To use an existing manual key VPN, select one from among those listed and click one of the following buttons:

  3. To create a new manual key VPN, click Add.

    The figure below shows the quick configuration page where you create a new IPSec manual key VPN.

    Figure 66: IPSec Manual Key VPN Configuration

    IPSec Manual Key VPN Configuration

  4. Fill in the VPN options as described in the table below.
  5. Click one of the following buttons:

Table 129: IPSec Manual Key VPN Configuration Options

Field

Function

Action

IPSec Manual Key VPN

VPN Name

Name of the VPN.

Enter a name.

Remote gateway

Name of the remote gateway.

Select a name.

External Interface

Outgoing interface.

Select an interface.

Protocol

Security protocol for this VPN.

Select a protocol.

Spi

The security parameter index. An arbitrary value that uniquely identifies which security association (SA) to use at the receiving host (the destination address in the packet).

Enter a value from 256 through 16,639.

Authentication

Algorithm

Hash algorithm that authenticates packet data. It can be one of the following:

  • hmac-md5-96—Produces a 128-bit digest.
  • hmac-sha1-96—Produces a 160-bit digest.

Select an algorithm.

Key

Type of authentication. It can be one of the following:

  • None
  • ascii-text—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters.
  • hexadecimal—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.

Select none, or select the type of key and enter it in the appropriate format.

Encryption

Algorithm

Supported Internet Key Exchange (IKE) proposals include the following:

  • 3des-cbc—3DES-CBC encryption algorithm.
  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.
  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.
  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.
  • des-cbc—DES-CBC encryption algorithm

Select an encryption algorithm.

Key

Type of encryption key. It can be one of the following:

  • None
  • ascii-text—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters.
  • hexadecimal—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.

Select none, or select the type of key and enter it in the appropriate format.

Bind to tunnel interface

The tunnel interface to which the route-based virtual private network (VPN) is bound.

Select an interface.

Don’t Fragment bit

Specifies how the router handles the Don’t Fragment (DF) bit in the outer header.

  • clear—Clear (disable) the DF bit from the outer header. This is the default.
  • copy—Copy the DF bit to the outer header.
  • set—Set (enable) the DF bit in the outer header.

Choose an option.

Enable VPN monitor

Allows for monitoring of the VPN.

Click the check box.

Destination ip

IP address of the destination peer.

Enter an IP address.

Optomized

Specify that the router uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.

Click the check box.

Source interface

The source interface for monitor messages.

Enter a source interface name.


[Prev][Report an Error]