Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
251252253254255256257258259260
4-78
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
c. For Authentication Algorithm, select one of these protocols, listed from
least secure (and least processor-intensive) to most:
–MD5
–SHA-1
d. For SA Lifetime in Seconds, type the number of seconds that the IKE
SA is kept open.
Valid values are between 300 seconds and 86400 seconds (1 day).
Remember that this setting applies to IKE SA, which is a temporary
tunnel used only to establish the IPsec SA.
15. Click Next.
Figure 4-45. Manage IPsec Wizard > Add IKEv1 Policy (step 3) Window
16. If you want, configure XAUTH, which is an optional additional layer of
security. Otherwise, leave Disable XAUTH selected and move to step 17.
You can configure the TMS zl Module to act either as a client (authenticate
itself) or as a server (authenticate the remote clients). However, config-
uring the module as an XAUTH server is typical:
•Select Enable XAUTH Server.
i. For Authentication Type, select Generic or CHAP.
To complete the configuration, you must follow these steps as well: