Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
C-67
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients
Figure C-81. Add IPsec Policy Window—Step 2 of 4
11. For Key Exchange Method, keep the default, Auto (with IKEv1).
12. For IKEv1 Policy, select the IKEv1 policy that you just configured. For this example, select
MacClients.
13. Optionally, select the Enable PFS (Perfect Forward Secrecy) for keys check box, which forces
the tunnel endpoints to generate new keys for the IPsec SA. In the list that is displayed,
select one of the following:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
For this example, select the check box and select Group 2 (1024).
14. For SA Lifetime in seconds, type a value between 300 (5 minutes) and 86400 (24 hours).
For this example, leave the default value 28800.
15. For SA Lifetime in Kilobytes, leave the default 0.
The IPSecuritas client does not support specifying the SA lifetime in kilobytes.
16. Click Next.