R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

411

412

413

414

415

416

417

418

419

420

402

Table 62 Configuration items

Item Descri

tion

VPN Domain Name Enter a name for the VPN domain.

Identity

Authentication

Settings

Authentication

Method

Select an authentication method for the VAM server to use to

authenticate the VAM clients. Options include PAP, CHAP, and None.

None means no identity authentication.

ISP Domain

Name

Specify the ISP domain for VAM client authentication. You can perform

the following configurations:

• Click Add to enter the page shown in Figure 302 and add an ISP

domain. For ISP domain configuration information, see Table 63.

• Select an ISP domain and click Modify to modify the ISP domain.

For ISP domain configuration information, see Table 63.

• Select an ISP domain and click Delete to delete the ISP domain.

If you specify an ISP domain, the specified domain will be used for

authentication.

If you do not specify any ISP domain, the VAM server will check

whether domain information is carried in a username. If yes, the

domain will be used for authentication (if the domain does not exist, the

authentication will fail); otherwise, the default domain (system by

default) will be used for authentication.

Authentication Algorithms

Select authentication and encryption algorithms for VAM protocol

packets.

With the selected authentication and encryption algorithms, the VAM

server negotiates with a client to determine the packet integrity

authentication and encryption algorithms to be used for VAM protocol

packets between them.

• Available authentication algorithms include SHA1 and MD5, in

descending order of priority.

• Available encryption algorithms include AES-128, 3DES, and DES,

in descending order of priority.

Encryption Algorithms

Pre-Shared Key

Enter a pre-shared key for the VAM server.

The pre-shared key is used to generate the keys for securing the

channels between the VAM server and a client. In the connection

initialization process, the pre-shared key is used to generate the initial

key for validating and encrypting connection requests and connection

responses. If encryption and authentication is needed for subsequent

packets, the pre-shared key is also used to generate the connection key

for validating and encrypting the subsequent packets.