Name | Type a name for the VPN tunnel. The maximum name length is 15 characters for an interface mode VPN, 35 characters for a policy-based VPN. |
Local SPI | Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents the SA that handles outbound traffic on the local FortiGate unit. The valid range is from 0x100 to 0xffffffff. This value must match the Remote SPI value in the manual key configuration at the remote peer. |
Remote SPI | Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents the SA that handles inbound traffic on the local FortiGate unit. The valid range is from 0x100 to 0xffffffff. This value must match the Local SPI value in the manual key configuration at the remote peer. |
Remote Gateway | Enter the IP address of the public interface to the remote peer. The address identifies the recipient of ESP datagrams. |
Local Interface | This option is available in NAT mode only. Select the name of the interface to which the IPsec tunnel will be bound. The FortiGate unit obtains the IP address of the interface from the network interface settings. |
Encryption Algorithm | Select one of the following symmetric-key encryption algorithms: • NULL — Do not use an encryption algorithm. • DES — Digital Encryption Standard, a 64-bit block algorithm that uses a 56-bit key. • 3DES — Triple-DES, where plain text is encrypted three times by three keys. • AES128 — a 128-bit block Cipher Block Chaining algorithm that uses a 128-bit key. • AES192 — a 128-bit block Cipher Block Chaining ) algorithm that uses a 192-bit key. • AES256 — a 128-bit block Cipher Block Chaining algorithm that uses a 256-bit key. Note: The algorithms for encryption and authentication cannot both be NULL. |
Authentication Algorithm | Select one of the following message digests: • NULL –– Do not use a message digest. • MD5 — Message Digest 5 algorithm, which produces a 128-bit message digest. • SHA1 — Secure Hash Algorithm 1, which produces a 160-bit message digest. • SHA256 — Secure Hash Algorithm 2, which produces a 256-bit message digest. • SHA384 – Secure Hash Algorithm 2, which produces a 384-bit message digest. • SHA512 – Secure Has Algorithm 2, which produces a 512-bit message digest. Note: The Algorithms for encryption and authentication cannot both be NULL. |
IPsec Interface Mode | Create a virtual interface for the local end of the VPN tunnel. Select this check box to create a route-based VPN, clear it to create a policy-based VPN. This is available only in NAT mode. |