FortiGate Version 3.0 MR4 Administration Guide
296 01-30004-0203-20070102
Manual Key VPN IPSEC
Route-based VPN Internet browsing configuration
Configure an additional firewall policy as follows:
Manual Key
If required, you can manually define cryptographic keys for establishing an IPSec
VPN tunnel. You would define manual keys in situations where:
• Prior knowledge of the encryption and/or authentication key is required (that is,
one of the VPN peers requires a specific IPSec encryption and/or
authentication key).
• Encryption and authentication needs to be disabled.
In both cases, you do not specify IPSec phase 1 and phase 2 parameters; you
define manual keys on the VPN > IPSEC > Manual Key page instead.
Figure 180:Manual Key list
VPN Tunnel Select the tunnel that provides access to the private
network behind the FortiGate unit.
Inbound NAT Enable
Configure other settings as required.
Source Interface/Zone Select the IPSec interface.
Source Address Name Select All
Destination Interface/Zone Select the FortiGate unit public interface.
Destination Address Name Select All
Action Select ACCEPT.
NAT Enable
Configure other settings as required.
Note: It may not be safe or practical to define manual keys because network administrators
must be trusted to keep the keys confidential, and propagating changes to remote VPN
peers in a secure manner may be difficult.
Create New Create a new manual key configuration. See “Creating a new
manual key configuration” on page 297.
Tunnel Name The names of existing manual key configurations.
Remote Gateway The IP addresses of remote peers or dialup clients.
Encryption
Algorithm
The names of the encryption algorithms specified in the manual key
configurations.
Edit
Delete
To Next Page
Loading...
