Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
191192193194195196197198199200
4-19
Configuring a VPN on the HP TMS zl Module
IPsec VPNs
Figure 4-10. IKE Phase 2: Security Proposal
When negotiating the IPsec SA, IKE follows much the same process it did in
IKE phase 1. The initiator sends IKE packets (now secured by the IKE SA),
proposing security parameters:
IPsec SA lifetime—the time in seconds or amount of data in kilobytes
before the SA must be renegotiated
Perfect forward secrecy (PFS) group—an optional setting, required if you
want the endpoints to use a new Diffie-Hellman value and exchange to
generate keys
One or more IPsec proposals. Each proposal includes:
An authentication algorithm
An encryption algorithm (if using ESP)
Traffic selectors—the traffic that is allowed over the IPsec SA (VPN
tunnel)