HP ProCurve Threat Management Solution Implementation Guide 2009-05

C-101

Configure VPNs Using the HP ProCurve Threat Management Services zl Module

Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients

16. In the right pane, configure security settings to match those in the TMS zl Module’s IKE

policy:

a. For Encrypt Alg, select the encryption algorithm specified on the module. For this

example, select 3DES.

b. For Hash Alg, select the authentication algorithm specified on the module. For this

example, select MD5.

c. For SA Life, select Seconds. Then type the number of seconds configured on the module.

For this example, type 28800.

d. For Key Group, select the DH group configured on the module. For this example, select

Diffie-Hellman Group 1.

17. For this configuration, you enabled the XAUTH server in the module’s IKE policy. For

Authentication, select Preshared Key; Extended Authentication.

18. In the left navigation pane, expand Key Exchange (Phase 2) and click Proposal 1.

Figure C-121. ProCurve VPN Client—Security Policy Editor—Key Exchange Proposal Window

19. In the right pane, configure security settings to match those in the TMS zl Module’s IPsec

proposal and IPsec policy:

a. For SA Life, match the SA lifetime settings in the module’s IPsec policy:

– If the setting for seconds on the module is 0, select KBytes. In the KBytes box, type

the number of kilobytes configured on the module.

– If the setting for kilobytes on the module is 0, select Seconds. In the Seconds box,

type the number of seconds configured on the module.

– If the module has a non-zero setting for both seconds and kilobytes, select Both.

Match the seconds and kilobytes settings on the module in the Seconds and KBytes

boxes.

For this example, select Both and type 28800 in the Seconds box and 4000000 in the

KBytes box.