Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config vpn ipsec manualkey-interface

Configure IPsec manual keys.

config vpn ipsec manualkey-interface

Description: Configure IPsec manual keys.

edit <name>

set interface {string}

set ip-version [4|6]

set addr-type [4|6]

set remote-gw {ipv4-address}

set remote-gw6 {ipv6-address}

set local-gw {ipv4-address-any}

set local-gw6 {ipv6-address}

set auth-alg [null|md5|...]

set enc-alg [null|des|...]

set auth-key {user}

set enc-key {user}

set local-spi {user}

set remote-spi {user}

set npu-offload [enable|disable]

next

end

config vpn ipsec manualkey-interface

Parameter

Description

Type

Size

Default

interface

Name of the physical, aggregate, or VLAN interface.

string

Maximum length: 15

ip-version

IP version to use for VPN interface.

option

-

4

 

Option

Description

4

Use IPv4 addressing for gateways.

6

Use IPv6 addressing for gateways.

addr-type

IP version to use for IP packets.

option

-

4

 

Option

Description

4

Use IPv4 addressing for IP packets.

6

Use IPv6 addressing for IP packets.

remote-gw

IPv4 address of the remote gateway's external interface.

ipv4-address

Not Specified

0.0.0.0

remote-gw6

Remote IPv6 address of VPN gateway.

ipv6-address

Not Specified

::

local-gw

IPv4 address of the local gateway's external interface.

ipv4-address-any

Not Specified

0.0.0.0

local-gw6

Local IPv6 address of VPN gateway.

ipv6-address

Not Specified

::

auth-alg

Authentication algorithm. Must be the same for both ends of the tunnel.

option

-

null

 

Option

Description

null

null

md5

md5

sha1

sha1

sha256

sha256

sha384

sha384

sha512

sha512

enc-alg

Encryption algorithm. Must be the same for both ends of the tunnel.

option

-

null

 

Option

Description

null

null

des

des

3des

3des

aes128

aes128

aes192

aes192

aes256

aes256

aria128

aria128

aria192

aria192

aria256

aria256

seed

seed

auth-key

Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

enc-key

Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

local-spi

Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

remote-spi

Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

npu-offload

Enable/disable offloading IPsec VPN manual key sessions to NPUs.

option

-

enable

 

Option

Description

enable

Enable NPU offloading.

disable

Disable NPU offloading.

config vpn ipsec manualkey-interface

Configure IPsec manual keys.

config vpn ipsec manualkey-interface

Description: Configure IPsec manual keys.

edit <name>

set interface {string}

set ip-version [4|6]

set addr-type [4|6]

set remote-gw {ipv4-address}

set remote-gw6 {ipv6-address}

set local-gw {ipv4-address-any}

set local-gw6 {ipv6-address}

set auth-alg [null|md5|...]

set enc-alg [null|des|...]

set auth-key {user}

set enc-key {user}

set local-spi {user}

set remote-spi {user}

set npu-offload [enable|disable]

next

end

config vpn ipsec manualkey-interface

Parameter

Description

Type

Size

Default

interface

Name of the physical, aggregate, or VLAN interface.

string

Maximum length: 15

ip-version

IP version to use for VPN interface.

option

-

4

 

Option

Description

4

Use IPv4 addressing for gateways.

6

Use IPv6 addressing for gateways.

addr-type

IP version to use for IP packets.

option

-

4

 

Option

Description

4

Use IPv4 addressing for IP packets.

6

Use IPv6 addressing for IP packets.

remote-gw

IPv4 address of the remote gateway's external interface.

ipv4-address

Not Specified

0.0.0.0

remote-gw6

Remote IPv6 address of VPN gateway.

ipv6-address

Not Specified

::

local-gw

IPv4 address of the local gateway's external interface.

ipv4-address-any

Not Specified

0.0.0.0

local-gw6

Local IPv6 address of VPN gateway.

ipv6-address

Not Specified

::

auth-alg

Authentication algorithm. Must be the same for both ends of the tunnel.

option

-

null

 

Option

Description

null

null

md5

md5

sha1

sha1

sha256

sha256

sha384

sha384

sha512

sha512

enc-alg

Encryption algorithm. Must be the same for both ends of the tunnel.

option

-

null

 

Option

Description

null

null

des

des

3des

3des

aes128

aes128

aes192

aes192

aes256

aes256

aria128

aria128

aria192

aria192

aria256

aria256

seed

seed

auth-key

Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

enc-key

Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

local-spi

Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

remote-spi

Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

npu-offload

Enable/disable offloading IPsec VPN manual key sessions to NPUs.

option

-

enable

 

Option

Description

enable

Enable NPU offloading.

disable

Disable NPU offloading.