Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure IPsec manual keys.

  config vpn ipsec manualkey-interface
      Description: Configure IPsec manual keys.
      edit <name>
          set interface {string}
          set ip-version [4|6]
          set addr-type [4|6]
          set remote-gw {ipv4-address}
          set remote-gw6 {ipv6-address}
          set local-gw {ipv4-address-any}
          set local-gw6 {ipv6-address}
          set auth-alg [null|md5|...]
          set enc-alg [null|des|...]
          set auth-key {user}
          set enc-key {user}
          set local-spi {user}
          set remote-spi {user}
      next
  end

config vpn ipsec manualkey-interface

Parameter Name Description Type Size
interface Name of the physical, aggregate, or VLAN interface. string Maximum length: 15
ip-version IP version to use for VPN interface.
4: Use IPv4 addressing for gateways.
6: Use IPv6 addressing for gateways.
option -
addr-type IP version to use for IP packets.
4: Use IPv4 addressing for IP packets.
6: Use IPv6 addressing for IP packets.
option -
remote-gw IPv4 address of the remote gateway's external interface. ipv4-address Not Specified
remote-gw6 Remote IPv6 address of VPN gateway. ipv6-address Not Specified
local-gw IPv4 address of the local gateway's external interface. ipv4-address-any Not Specified
local-gw6 Local IPv6 address of VPN gateway. ipv6-address Not Specified
auth-alg Authentication algorithm. Must be the same for both ends of the tunnel.
null: null
md5: md5
sha1: sha1
sha256: sha256
sha384: sha384
sha512: sha512
option -
enc-alg Encryption algorithm. Must be the same for both ends of the tunnel.
null: null
des: des
3des: 3des
aes128: aes128
aes192: aes192
aes256: aes256
aria128: aria128
aria192: aria192
aria256: aria256
seed: seed
option -
auth-key Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. user Not Specified
enc-key Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. user Not Specified
local-spi Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. user Not Specified
remote-spi Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. user Not Specified

Configure IPsec manual keys.

  config vpn ipsec manualkey-interface
      Description: Configure IPsec manual keys.
      edit <name>
          set interface {string}
          set ip-version [4|6]
          set addr-type [4|6]
          set remote-gw {ipv4-address}
          set remote-gw6 {ipv6-address}
          set local-gw {ipv4-address-any}
          set local-gw6 {ipv6-address}
          set auth-alg [null|md5|...]
          set enc-alg [null|des|...]
          set auth-key {user}
          set enc-key {user}
          set local-spi {user}
          set remote-spi {user}
      next
  end

config vpn ipsec manualkey-interface

Parameter Name Description Type Size
interface Name of the physical, aggregate, or VLAN interface. string Maximum length: 15
ip-version IP version to use for VPN interface.
4: Use IPv4 addressing for gateways.
6: Use IPv6 addressing for gateways.
option -
addr-type IP version to use for IP packets.
4: Use IPv4 addressing for IP packets.
6: Use IPv6 addressing for IP packets.
option -
remote-gw IPv4 address of the remote gateway's external interface. ipv4-address Not Specified
remote-gw6 Remote IPv6 address of VPN gateway. ipv6-address Not Specified
local-gw IPv4 address of the local gateway's external interface. ipv4-address-any Not Specified
local-gw6 Local IPv6 address of VPN gateway. ipv6-address Not Specified
auth-alg Authentication algorithm. Must be the same for both ends of the tunnel.
null: null
md5: md5
sha1: sha1
sha256: sha256
sha384: sha384
sha512: sha512
option -
enc-alg Encryption algorithm. Must be the same for both ends of the tunnel.
null: null
des: des
3des: 3des
aes128: aes128
aes192: aes192
aes256: aes256
aria128: aria128
aria192: aria192
aria256: aria256
seed: seed
option -
auth-key Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. user Not Specified
enc-key Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. user Not Specified
local-spi Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. user Not Specified
remote-spi Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. user Not Specified