WAN Configuration 4-15
3. Internet Key Exchange (IKE) protocol is an IPSec standard protocol used to ensure security for VPN negotiation, and
remote host or network access. IKE provides an automatic means of negotiation and authentication for communication
between two or more parties. IKE manages IPSec keys automatically for the parties.
Each of these options requires some configuration, as described below.
Configuring Manual Key Exchange
1. Select the Manual Key Exchange radio button.
2. Click the Manual Key Settings button to specify the encryption method and the following screen appears. The setup
process requires specifying both the authentication and the encryption methods and keys.
3. Select the authentication and anti-replay method you wish to use for the tunnel from the AH Authentication menu.
4. If either MD5 or SHA1 is the authentication type, specify an Inbound Authentication Encryption Key and an
Outbound Authentication Encryption Key. If MD5 is the authentication type, specify 32-character hexadecimal
keys. If SHA1 is the authentication type, specify 40-character hexadecimal keys.
5. Provide up to an eight-character hexadecimal values for the Inbound SPI and Outbound SPI fields (minimum is 100).
These fields are used to identify the inbound security association created by the AH algorithm. These values must match
the corresponding outbound and inbound SPI values (respectively) configured on the remote security gateway. These
values should also be unique across all tunnels on the system.
None Disables AH authentication and the rest of the fields in this area will not be active.
MD5 Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal) authenti-
cation keys.
SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal) keys.