Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
241242243244245246247248249250
4-63
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
Figure 4-34. Deploy IPsec Remote-Access VPN Wizard > Configure Advanced IKE
Settings
24. For Key Exchange Mode, select Main Mode or Aggressive Mode.
The mode must match that configured on remote endpoints. See “IKE
modes” on page 4-18 for guidelines.
25. Under Security Parameters Proposal, configure the security settings pro-
posed by the TMS zl Module for the IKE SA (the IKE policy on remote
endpoints must match):
a. For Diffie-Hellman (DH) Group, select the group for the Diffie-Hellman
key exchange:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated
by the exchange.
b. For Encryption Algorithm, select one of these protocols, listed from
least secure (and least processor-intensive) to most:
–DES
AES-128 (16)