Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add a Manual Key VPN

You are here: VPN > Manual Key VPN.

To add a manual key VPN:

  1. Click the add icon (+) on the upper right side of the Manual Key VPN page.

    The Add Manual Key VPN page appears.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Manual Key VPN Configuration Page

Field

Action

VPN Manual Key

VPN Name

Enter the VPN name for the IPsec tunnel.

Remote Gateway

Enter the name for the remote gateway.

External Interface

Select an interface from the list.

Protocol

Select an option from the list to specify the types of protocols available for configuration:

  • ESP

  • AH

SPI

Enter a SPI value.

Range: 256 through 16639.

Bind to tunnel interface

Select an interface from the list to which the route-based VPN is bound.

Do not fragment bit

Select an option from the list to specify how the device handles the DF bit in the outer header.

  • clear—Clear (disable) the DF bit from the outer header. This is the default.

  • Set—Set the DF bit to the outer header.

  • copy—Copy the DF bit to the outer header.

Enable VPN Monitor

Select this option to configure VPN monitoring.

Destination IP

Enter an IP address for the destination peer.

Optimized

Select the check box to enable optimization for the device to use traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.

Source Interface

Enter a source interface for ICMP requests (VPN monitoring “hellos”). If no source interface is specified, the device automatically uses the local tunnel endpoint interface.

Key Values
Authentication

Algorithm

Specifies the hash algorithm that authenticates packet data. Select a hash algorithm from the list:

  • hmac-md5-96—Produces a 128-bit digest.

  • hmac-sha1-96—Produces a 160-bit digest.

  • hmac-sha-256-128

ASCII Text

Select the ASCII Text option, and enter the key in the appropriate format.

Hexadecimal

Select the Hexadecimal option, and enter the key in the appropriate format.

Encryption

Encryption

Specifies the supported Internet Key Exchange (IKE) proposals. Select an option from the list:

  • 3des-cbc—3DES-CBC encryption algorithm.

  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.

  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.

  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.

  • des-cbc—DES-CBC encryption algorithm.

ASCII Text

Enable this option and enter the key in the appropriate format.

Hexadecimal

Enable this option and enter the key in the appropriate format.