Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
351352353354355356357358359360
C-10
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Site-to-Site IPsec VPN
d. For SA Lifetime in Seconds, type the number of seconds that the IKE SA is kept open.
For this example, leave the default, 28800.
Valid values are between 300 seconds and 86400 seconds (1 day).
13. Click Next.
Figure C-6. Add IKE Policy Window—Step 3 of 3
14. Select Disable XAUTH.
15. Click Finish. The IKE policy is displayed in the VPN > IPsec > IKEv1 Policies window.
Install Certificates for IKE
For this configuration, the TMS zl Module requires:
A CA root certificate for the CA that will sign its IPsec certificate
A CA root certificate for the CA that will sign the remote modules IPsec certificate
In this example, the same CA will sign both modules’ certificates, so the module requires
only one CA certificate.
An IPsec certificate
You can install certificates manually or automatically using Simple Certificate Enrollment
Protocol (SCEP). See the HP ProCurve Threat Management Services zl Module Management
and Configuration Guide for instructions on using SCEP. Follow these steps to install
certificates manually:
1. In the left navigation bar of the Web browser interface, click VPN > Certificates.
2. Click the IPsec Certificates tab.