HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

281

282

283

284

285

286

287

288

289

290

4-112

Configuring a VPN on the HP TMS zl Module

Configuring an IPsec Site-to-Site VPN with IKE

Table 4-15. Settings for a Typical Setup

Complete the section for the combination of options that you desire:

■ “Typical Setup for a Two Site VPN” on page 4-112

■ “Custom Setup for a Two-Site VPN” on page 4-128

■ “Typical Setup for a Hub and Spoke (Three Module) VPN” on page 4-148

■ “Custom Setup for a Hub and Spoke (Three Module) VPN” on page 4-169

Typical Setup for a Two Site VPN. Follow these steps to complete the

wizard:

Parameter Setting

IKE Settings

Key exchange mode Main mode

Diffie Hellman group Group 1

Encryption algorithm DES

Authentication algorithm MD5

SA lifetime 28800 seconds

IPsec Proposal

Mode Tunnel

Protocol ESP

Encryption algorithm 3DES

Authentication algorithm MD5

IPsec Policy

PFS None

SA lifetime 28800 seconds; no kilobytes

setting

IP compression Disabled

Anti-replay window Always enabled—default

size, 32

Extended sequence number Disabled

Re-key on sequence number

overflow

Enabled

Persistent tunnel Disabled

Fragment before IPsec Enabled

Copy, set, or clear the DF bit Copy

Copy or set the DSCP Set to 0