Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
351352353354355356357358359360
C-9
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Site-to-Site IPsec VPN
Figure C-5. Add IKE Policy Window—Step 2 of 3
11. Under IKE Authentication, configure these settings (which must match exactly the settings
on the remote module):
a. For Key Exchange Mode, select Main Mode or Aggressive Mode. For this example, select
Main Mode.
b. For Authentication Method, select one of the following:
DSA Signature
RSA Signature
For this example, select RSA Signature.
12. Under Security Parameters Proposal, configure the security settings proposed by the TMS
zl Module for the IKE SA (which must match exactly the settings on the remote module):
a. For Diffie-Hellman (DH) Group, select the group for the Diffie-Hellman exchange:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
b. For Encryption Algorithm, select one of these protocols, listed from least secure (and
least processor-intensive) to most:
DES
AES128 (16)
3DES
AES192 (24)
AES256 (32)
c. For Authentication Algorithm, select one of these protocols, listed from least secure (and
least processor-intensive) to most:
MD5
SHA-1
For this example, leave the default settings.