HP TMS zl Module Security Administrator's Guide
4-101
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
c. For DF Bit Handling, select one of these options:
– Copy DF bit from clear packet
The TMS zl Module copies the don’t fragment (DF) bit setting for
the IPsec packet from the inner IP packet.
– Set DF bit
The module sets the DF bit for all IPsec packets.
– Clear DF bit
The module clears the DF bit for all IPsec packets.
(See “The Copying of Values from the Original IP Header” on page
4-23 for more information.)
d. Under DSCP Options, choose how the TMS zl Module assigns DSCP
values to IPsec packets. Either:
– Select Copy DSCP value from clear packet.
The TMS zl Module assigns each IPsec packet the DSCP value
assigned to the original IP packet.
– Select Set DSCP value and type a value between 0 and 63 in the box.
The TMS zl Module assigns every IPsec packet in this SA the
DSCP that you configure. 0 is the default value and requests
normal handling for the packet.
(See “The Copying of Values from the Original IP Header” on page
4-23 for more information.)
14. Review the configuration settings you have selected. If you want to save
the changes as well as apply them, select the Save Configuration check box.
If the TMS zl Module is a master in a cluster and you want to immediately
synchronize the changes, select the Synchronize changes to Participant
check box.Note that this will cause the participant to reboot.
If you need to change any settings, click Back until you reach the appro-
priate window and can select a different setting.
When you are ready to apply the configuration, click Next in the Configu-
ration Preview window.
15. A window is displayed, showing the setting being applied to the TMS zl
Module. When you see that they have been applied successfully, click
Close.
The IPsec policy is displayed in the TMS-VPN > IPsec > IPsec Policy
window.
Move to the next task: configuring access policies.