Fortinet white logo
Fortinet white logo

CLI Reference

config vpn ipsec manualkey

config vpn ipsec manualkey

Configure IPsec manual keys.

config vpn ipsec manualkey
    Description: Configure IPsec manual keys.
    edit <name>
        set authentication [null|md5|...]
        set authkey {user}
        set enckey {user}
        set encryption [null|des|...]
        set interface {string}
        set local-gw {ipv4-address-any}
        set localspi {user}
        set npu-offload [enable|disable]
        set remote-gw {ipv4-address}
        set remotespi {user}
    next
end

config vpn ipsec manualkey

Parameter

Description

Type

Size

Default

authentication

Authentication algorithm. Must be the same for both ends of the tunnel.

option

-

null

Option

Description

null

Null.

md5

MD5.

sha1

SHA1.

sha256

SHA256.

sha384

SHA384.

sha512

SHA512.

authkey

Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

enckey

Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

encryption

Encryption algorithm. Must be the same for both ends of the tunnel.

option

-

null

Option

Description

null

Null.

des

DES.

3des

3DES.

aes128

AES128.

aes192

AES192.

aes256

AES256.

aria128

ARIA128.

aria192

ARIA192.

aria256

ARIA256.

seed

Seed.

interface

Name of the physical, aggregate, or VLAN interface.

string

Maximum length: 15

local-gw

Local gateway.

ipv4-address-any

Not Specified

0.0.0.0

localspi

Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

name

IPsec tunnel name.

string

Maximum length: 35

npu-offload *

Enable/disable NPU offloading.

option

-

enable

Option

Description

enable

Enable NPU offloading.

disable

Disable NPU offloading.

remote-gw

Peer gateway.

ipv4-address

Not Specified

0.0.0.0

remotespi

Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

* This parameter may not exist in some models.

config vpn ipsec manualkey

config vpn ipsec manualkey

Configure IPsec manual keys.

config vpn ipsec manualkey
    Description: Configure IPsec manual keys.
    edit <name>
        set authentication [null|md5|...]
        set authkey {user}
        set enckey {user}
        set encryption [null|des|...]
        set interface {string}
        set local-gw {ipv4-address-any}
        set localspi {user}
        set npu-offload [enable|disable]
        set remote-gw {ipv4-address}
        set remotespi {user}
    next
end

config vpn ipsec manualkey

Parameter

Description

Type

Size

Default

authentication

Authentication algorithm. Must be the same for both ends of the tunnel.

option

-

null

Option

Description

null

Null.

md5

MD5.

sha1

SHA1.

sha256

SHA256.

sha384

SHA384.

sha512

SHA512.

authkey

Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

enckey

Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

encryption

Encryption algorithm. Must be the same for both ends of the tunnel.

option

-

null

Option

Description

null

Null.

des

DES.

3des

3DES.

aes128

AES128.

aes192

AES192.

aes256

AES256.

aria128

ARIA128.

aria192

ARIA192.

aria256

ARIA256.

seed

Seed.

interface

Name of the physical, aggregate, or VLAN interface.

string

Maximum length: 15

local-gw

Local gateway.

ipv4-address-any

Not Specified

0.0.0.0

localspi

Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

name

IPsec tunnel name.

string

Maximum length: 35

npu-offload *

Enable/disable NPU offloading.

option

-

enable

Option

Description

enable

Enable NPU offloading.

disable

Disable NPU offloading.

remote-gw

Peer gateway.

ipv4-address

Not Specified

0.0.0.0

remotespi

Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

* This parameter may not exist in some models.