Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
361362363364365366367368369370
C-28
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Site-to-Site IPsec VPN
IKE policy
Policy Type Site-to-Site (Initiator & Responder) Site-to-Site (Initiator & Responder)
Local Gateway 10.1.1.1 10.2.1.2
Local ID Type Distinguished Name Distinguished Name
Local ID Value /CN=TMSM.procurve.com /CN=TMSB.procurve.com
Remote ID Type Distinguished Name Distinguished Name
Remote ID Value /CN=TMSB.procurve.com /CN=TMSM.procurve.com
Key Exchange Mode Main Main
Authentication Method RSA Signature RSA Signature
Security Parameters
Proposal
Diffie-Hellman = Group 1 (768)
Encryption Algorithm = 3DES
Authentication Algorithm = MD5
SA Lifetime = 28800
Diffie-Hellman = Group 1 (768)
Encryption Algorithm = 3DES
Authentication Algorithm = MD5
SA Lifetime = 28800
XAUTH Configuration Disabled Disabled
IPsec proposal
Encapsulation Mode Tunnel Tunnel
Protocol ESP ESP
Encryption Algorithm (if
you selected ESP)
3DES 3DES
Authentication
Algorithm
MD5 MD5
IPsec policy
Action Apply Apply
Protocol Any Any
Local Address LocalAddresses
192.168.4.0/22
LocalAddresses
192.168.32.0/22
Remote Address RemoteAddresses
192.168.32.0/22
RemoteAddresses
192.168.4.0/22
Enable PFS (Perfect
Forward Secrecy) for
keys
Disabled Disabled
SA Lifetime in Seconds 28800 28800
SA Lifetime in Kilobytes 0 0
Advanced Settings Default settings Default settings
Firewall access policies
User Group None permit Self <remote zone> isakmp LocalGateway
RemoteGateway
permit <remote zone> Self isakmp RemoteGateway
LocalGateway
permit <local zone> <remote zone> LocalEndpoints
RemoteEndpoints
permit <remote zone> <local zone> LocalEndpoints
RemoteEndpoints
permit Self <remote zone> isakmp LocalGateway
RemoteGateway
permit <remote zone> Self isakmp RemoteGateway
LocalGateway
permit <local zone> <remote zone> LocalEndpoints
RemoteEndpoints
permit <remote zone> <local zone> LocalEndpoints
RemoteEndpoints
Setting Local Module Remote Module