F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

421

422

423

424

425

426

427

428

429

430

416

Table 59 Configuration items

Item Descri

tion

VPN Domain Name Enter a name for the VPN domain.

Identity

Authentication

Settings

Authentication Method

Select an authentication method that the VAM server uses to

authenticate VAM clients. Options include PAP, CHAP, and

None. None means no authentication.

ISP Domain Name

Specify the ISP domain for VAM client authentication. You can

perform add, modify, or delete an ISP domain by using the

buttons. For ISP domain configuration information, see

1043H

Configuring an ISP domain."

Authentication Algorithms

Select authentication and encryption algorithms for VAM

protocol packets.

With the selected authentication and encryption algorithms, the

VAM server negotiates with a client to determine the packet

integrity authentication and encryption algorithms to be used

for VAM protocol packets between them.

• Available authentication algorithms include SHA1 and

MD5, in descending order of priority.

• Available encryption algorithms include AES-256, AES-128,

3DES, and DES, in descending order of priority.

Encryption Algorithms

Pre-Shared Key

Enter a pre-shared key for the VAM server, and enter the same

pre-shared key to confirm it.

The pre-shared key is used to generate the keys for securing the

channels between the VAM server and a client. In the

connection initialization process, the pre-shared key is used to

generate the initial key for validating and encrypting

connection requests and connection responses. If encryption

and authentication is needed for subsequent packets, the

pre-shared key is also used to generate the connection key for

validating and encrypting the subsequent packets.

Confirm Pre-Shared Key

Keepalive Settings

Keepalive Interval

Set the interval and the maximum number of attempts for a VAM

client to send keepalive packets to the VAM server.

After a client successfully registers with the server, the server

sends the keepalive settings in a registration response to the

client. The client then sends keepalive packets periodically to

the server. After the server receives the keepalive packets, it

sends responses to the clients. If the server does not receive any

keepalive packet from the client within a specific period

(keepalive interval × keepalive retries), the server deletes the

client's information and logs off the client.

IMPORTANT:

In a VPN domain, all clients use the same keepalive settings. If

you change the keepalive settings of the server, the new settings

are sent to only clients that register later. All clients registering

before use the old settings.

Keepalive Retries