Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
321322323324325326327328329330
4-144
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
Figure 4-90. Deploy IPsec Site-to-Site VPN > Configure Advanced IPsec Settings
13. For Encapsulation Mode, typically select Tunnel Mode.
Tunnel mode allows endpoints at each site to reach services behind the
TMS zl Modules. In transport mode, the VPN only supports traffic origi-
nated by the TMS zl Modules themselves.
14. For IPsec Security Protocol/Encryption/Authentication Algorithm, select one
of the options.
The first part of each option is the security protocol, ESP or AH (AH does
not provide encryption.) The next part is the encryption algorithm. If you
select NULL, VPN traffic will not be encrypted. The final part of each option
is the authentication algorithm. These three settings must match the
settings on remote endpoints exactly.
15. Optionally, select the Enable PFS check box, which forces the remote
endpoints to generate new keys for the IPsec SA (instead of using the keys
generated during IKE). In the list that is displayed, select one of the
following:
Group 1 (768)
Group 2 (1024)