Encryption Key Manual Settings (Settings 1 to 4)
Device Management > Configuration > Security >
IPsec > Encryption Key Manual Settings (Settings 1 to 4)
Use this page to configure the IPsec encryption key manually. Settings 1 to 4 are the IPsec settings for communicating with specified peers.
Address Type
Select the address type for IPsec communications. Selecting Inactive disables all the other settings on this page.
Local Address
Specify the address of the machine.
You can enter the address in the format of "base address/mask length", or select one from the drop-down list.
To specify a range, click the option button, enter the base address, and then enter the mask length.
The mask length must be in the range of 0 to 32 for IPv4, or 0 to 128 for IPv6, as shown in the following tables:
IPv4
| IP address | Mask | Address range |
|---|---|---|
| 192.168.1.1 | 32 | 192.168.1.1 only |
| 192.168.5.0 | 24 | 192.168.5.0 to 192.168.5.255 |
| 0.0.0.0 | 0 | All IPv4 addresses |
IPv6
| IP address | Mask | Address range |
|---|---|---|
| 2001:1000:0:1234::1 | 128 | 2001:1000:0:1234::1 only |
| 2001:1000:0:1234:: | 80 | 2001:1000:0:1234:: to 2001:1000:0:1234:ffff:ffff:ffff:ffff |
| :: | 0 | All IPv6 addresses |
Remote Address
Specify the address of the destination peer. Enter the address in the format of "base address/mask length".
To specify a range, follow the instructions for Local Address.
Encapsulation Mode
Select one of the following encapsulation modes:
Transport
This mode protects the payload of IP packets. Select this mode for communication between IPsec hosts.
Tunnel
This mode protects entire IP packets. Select this mode for communication between security gateways (VPN devices, for example).
Note
- If you select Transport, the Tunnel End Point option is unavailable.
Tunnel End Point
If you select Tunnel for Encapsulation Mode, you must also specify the IPsec coverage (i.e. the start and end of the tunnel end point).
Note
- You must specify an IP address that is consistent with the specified Address Type.
- For the start of the tunnel end point, enter the Local Address.
- If you are using IPv6 addresses, you cannot specify link-local or site-local addresses.
SPI (Output)
Specify the output SPI (Security Parameter Index) value for the manual key. You can enter a value between 256 and 4095.
SPI (Input)
Specify the input SPI (Security Parameter Index) value for the manual key. You can enter a value between 256 and 4095.
Security Protocol
Select the security protocol for IPsec communications.
Note
- If you select AH, the Encryption Algorithm and Encryption Key options are unavailable.
Authentication Algorithm
Select the authentication algorithm that you require.
Authentication Key
This field indicates whether or not an authentication key is created for the selected authentication algorithm.
To create or edit an authentication key, click Change.
Encryption Algorithm
Select the encryption algorithm that you require.
Encryption Key
This field indicates whether or not an encryption key is created for the selected encryption algorithm.
To create or edit an encryption key, click Change.
Buttons
OK
Click to send the settings to the machine. To apply the settings, click OK on the IPsec page.
Cancel
Click to cancel the settings.