Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
431432433434435436437438439440
C-89
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients
9. For Proposal, select the IPsec proposal that you just configured. For this example, select
Esp3desMd5.
10. Click Next.
Figure C-108. Add IPsec Policy Window—Step 2 of 4
11. For Key Exchange Method, keep the default, Auto (with IKEv1).
12. For IKEv1 Policy, select the IKEv1 policy that you just configured. For this example, select
MacClients.
13. Optionally, select the Enable PFS (Perfect Forward Secrecy) for keys check box, which forces
the tunnel endpoints to generate new keys for the IPsec SA. In the list that is displayed,
select one of the following:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
For this example, select the check box and select Group 2 (1024).
14. For SA Lifetime in seconds, type a value between 300 (5 minutes) and 86400 (24 hours).
For this example, leave the default value 28800.
15. For SA Lifetime in Kilobytes, type a value between 2560 and 4194304. Or leave the default 0
if you do not want to specify a lifetime in kilobytes (in this case, you must specify a lifetime
in seconds).
For this example, type 4000000.
16. Click Next.