Configuring an IPSec Manual Key VPN—Quick Configuration

You can use J-Web Quick Configuration to quickly configure an IPSec manual key VPN

To configure a manual key with Quick Configuration:

Select Configuration > Quick Configuration > VPN > IPSec Manual Key.
The figure below shows the quick configuration page where you can select an existing manual key VPN, or click Add to create a new one.

Figure 65: IPSec Manual Key VPN
To use an existing manual key VPN, select one from among those listed and click one of the following buttons:
- To apply the configuration and stay on the Quick Configuration page, click Apply.
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.
To create a new manual key VPN, click Add.
The figure below shows the quick configuration page where you create a new IPSec manual key VPN.

Figure 66: IPSec Manual Key VPN Configuration
Fill in the VPN options as described in the table below.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 129: IPSec Manual Key VPN Configuration Options

Field	Function	Action
IPSec Manual Key VPN
VPN Name	Name of the VPN.	Enter a name.
Remote gateway	Name of the remote gateway.	Select a name.
External Interface	Outgoing interface.	Select an interface.
Protocol	Security protocol for this VPN.	Select a protocol.
Spi	The security parameter index. An arbitrary value that uniquely identifies which security association (SA) to use at the receiving host (the destination address in the packet).	Enter a value from 256 through 16,639.
Authentication
Algorithm	Hash algorithm that authenticates packet data. It can be one of the following: hmac-md5-96—Produces a 128-bit digest. hmac-sha1-96—Produces a 160-bit digest.	Select an algorithm.
Key	Type of authentication. It can be one of the following: None ascii-text—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters. hexadecimal—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.	Select none, or select the type of key and enter it in the appropriate format.
Encryption
Algorithm	Supported Internet Key Exchange (IKE) proposals include the following: 3des-cbc—3DES-CBC encryption algorithm. aes-128-cbc—AES-CBC 128-bit encryption algorithm. aes-192-cbc—AES-CBC 192-bit encryption algorithm. aes-256-cbc—AES-CBC 256-bit encryption algorithm. des-cbc—DES-CBC encryption algorithm	Select an encryption algorithm.
Key	Type of encryption key. It can be one of the following: None ascii-text—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters. hexadecimal—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.	Select none, or select the type of key and enter it in the appropriate format.
Bind to tunnel interface	The tunnel interface to which the route-based virtual private network (VPN) is bound.	Select an interface.
Don’t Fragment bit	Specifies how the router handles the Don’t Fragment (DF) bit in the outer header. clear—Clear (disable) the DF bit from the outer header. This is the default. copy—Copy the DF bit to the outer header. set—Set (enable) the DF bit in the outer header.	Choose an option.
Enable VPN monitor	Allows for monitoring of the VPN.	Click the check box.
Destination ip	IP address of the destination peer.	Enter an IP address.
Optomized	Specify that the router uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.	Click the check box.
Source interface	The source interface for monitor messages.	Enter a source interface name.

[Prev][Report an Error]