Name | Type a name for the VPN tunnel. |
Local SPI | Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents the SA that handles outbound traffic on the local FortiGate unit. The valid range is from 0x100 to 0xffffffff. This value must match the Remote SPI value in the manual key configuration at the remote peer. |
Remote SPI | Type a hexadecimal number (up to 8 characters, 0-9, a-f) that represents the SA that handles inbound traffic on the local FortiGate unit. The valid range is from 0x100 to 0xffffffff. This value must match the Local SPI value in the manual key configuration at the remote peer. |
Remote Gateway | Type the IP address of the public interface to the remote peer. The address identifies the recipient of ESP datagrams. |
Local Interface | Select the name of the physical, aggregate, or VLAN interface to which the IPsec tunnel will be bound. The FortiGate unit obtains the IP address of the interface from System > Network > Interface settings. This is available in NAT mode only. |
Encryption Algorithm | Select one of the following symmetric-key encryption algorithms: • DES — Digital Encryption Standard, a 64-bit block algorithm that uses a 56-bit key. • 3DES — Triple-DES, in which plain text is encrypted three times by three keys. • AES128 — A 128-bit block algorithm that uses a 128-bit key. • AES192 — A 128-bit block algorithm that uses a 192-bit key. • AES256 — A 128-bit block algorithm that uses a 256-bit key. |
Encryption Key (Hex) | If you selected: • DES, type a 16-character hexadecimal number (0-9, a-f). • 3DES, type a 48-character hexadecimal number (0-9, a-f) separated into three segments of 16 characters. • AES128, type a 32-character hexadecimal number (0-9, a-f) separated into two segments of 16 characters. • AES192, type a 48-character hexadecimal number (0-9, a-f) separated into three segments of 16 characters. • AES256, type a 64-character hexadecimal number (0-9, a-f) separated into four segments of 16 characters. |
Authentication Algorithm | Select one of the following message digests: • MD5 — Message Digest 5 algorithm, which produces a 128-bit message digest. • SHA1 — Secure Hash Algorithm 1, which produces a 160-bit message digest. |
Authentication Key (Hex) | If you selected: • MD5, type a 32-character hexadecimal number (0-9, a-f) separated into two segments of 16 characters. • SHA1, type 40-character hexadecimal number (0-9, a-f) separated into one segment of 16 characters and a second segment of 24 characters. |
IPsec Interface Mode | Select to create a route-based VPN. A virtual IPsec interface is created on the Local Interface that you selected. This option is available only in NAT mode. |