HP ProCurve Threat Management Solution Implementation Guide 2009-05
C-85
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients
c. For Authentication Algorithm, select one of these protocols, listed from least secure (and
least processor-intensive) to most:
– MD5
– SHA-1
For this example, leave the default MD5.
d. For SA Lifetime in Seconds, type the number of seconds that the IKE SA is kept open.
Valid values are between 300 seconds and 86400 seconds (1 day).
For this example, leave the default 28800.
12. Click Next.
13. In this example, the TMS zl Module enforces XAUTH:
a. Under XAUTH Configuration (Optional), click Enable XAUTH Server.
b. Select Generic.
14. Click Finish.
The IKE policy is displayed in the VPN > IPsec > IKEv1 Policies window.
Figure C-102. VPN > IPsec > IKEv1 Policies (Client-to-Site Policy Added)
Create an IPsec Proposal for Connecting to HP ProCurve VPN Clients
Follow these steps to configure an IPsec proposal for a client-to-site IPsec VPN:
1. In the left navigation bar of the Web browser interface, click VPN > IPsec.
2. Click the IPsec Proposals tab.
Figure C-103. VPN > IPsec > IPsec Proposals Window
3. Click Add IPsec Proposal. The Add IPsec Proposal window is displayed.