3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

211

212

213

214

215

216

217

218

219

220

220 CHAPTER 13: DVPN

Configuring how a DVPN server authenticates clients

You can configure a DVPN server to authenticate clients that are to access the

DVPN domain. At present, you can specify to authenticate using PAP and CHAP.

Perform the following configuration in a DVPN policy view.

A DVPN server does not authenticate clients by default.

Configuring the encryption algorithm suite for a session

You can apply DES, 3DES, and AES encryption algorithms, MD5 and SHA1

authentication algorithms, and DH-GROUP1 and DH-GROUP2 key negotiation

algorithms to control packets transmitted during DVPN session negotiation by

performing the following operations.

Perform the following configuration in a DVPN policy view.

The suite-number parameter is 1 by default, which stands for DES (for encryption),

MD5 (for authentication) and DH-GROUP1 (for key negotiation).

Configuring the idle time out time for a session

A session is torn down if no packet passes through it during a specified interval

known as the idle time out time.

Perform the following configuration in a DVPN policy view.

The default idle time out time is 300 seconds.

Configuring the interval for sending keepalive packets

After a session is established, the active side sends keepalive packets regularly to

check the connection state of the session if no packet passes through the session.

A session is regarded as disconnected if the active side receives no keepaliveack

packet after it sends three successive keepalive packets.

Tabl e 239 Configure how a DVPN server authenticates clients

Operation Command

Configure how a DVPN server authenticates

clients

authentication-client method { none | {

chap | pap } [ domain isp-name ] }

Tabl e 240 Configure the encryption algorithm suite for a session

Operation Command

Configure the encryption algorithm suite for a

session

session algorithm-suite suite-number

Revert to the default encryption algorithm

suite

undo session algorithm-suite

Tabl e 241 Configure the idle time out time for a session

Operation Command

Configure the idle time out time for a session session idle-time time-interval

Revert to the default idle time out time undo session idle-time