HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

201

202

203

204

205

206

207

208

209

210

4-31

Configuring a VPN on the HP TMS zl Module

Configure an IPsec Client-to-Site VPN

■ Custom setup—Custom setup that lets you choose your own settings for

the parameters shown in Table 4-4

For example, if you want to use AES encryption and allow only UDP traffic

on the VPN tunnel, you should select the Custom setup, rather than the

Typical setup.

See “Custom Setup” on page 4-48.

Table 4-4. Settings for a Typical Setup

Parameter Setting

IKE Settings

Key exchange mode Main mode

Diffie Hellman group Group 1

Encryption algorithm DES

Authentication algorithm MD5

SA lifetime 28800 seconds

IPsec Proposal

Mode Tunnel

Protocol ESP

Encryption algorithm 3DES

Authentication algorithm MD5

IPsec Policy

Protocol for the traffic selector Any

PFS None

SA lifetime 28800 seconds; no kilobytes

setting

IP compression Disabled

Anti-replay window Always enabled—default

size, 32

Extended sequence number Disabled

Re-key on sequence number

overflow

Enabled

Persistent tunnel Disabled

Fragment before IPsec Enabled

Copy, set, or clear the DF bit Copy

Copy or set the DSCP Set to 0