Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
191192193194195196197198199200
4-15
Configuring a VPN on the HP TMS zl Module
IPsec VPNs
SA lifetime in seconds
Other parameters such as whether XAUTH is required or NAT-T is sup-
ported
You will specify these proposals in an IKE policy.
Figure 4-6. IKE Phase 1: Security Parameters Exchange
The remote endpoint searches its IKE policies for one that specifies the other
endpoint and that includes an identical security proposal. When it finds a
match, the remote endpoint returns these security parameters to the original
endpoint.
If the remote endpoint cannot find a match, the VPN connection fails. It is very
important that you match IKE policies at both ends of the connection.
Exchange 2: Key generation. As mentioned earlier, an SA specifies
authentication and encryption keys for transforming traffic. When you use
IKE, you only need to configure algorithms, which IKE negotiates in the first
exchange. Using the Diffie-Hellman Key Agreement Protocol, IKE generates