Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
361362363364365366367368369370
4-192
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
This setting is enabled by default.
For information and guidelines on these settings, see “Advanced IPsec
Features” on page 4-21.
25. For Anti-Replay Window Size, type a value between 32 and 1024.
This setting determines how far out of order a packet can arrive and still
be accepted. See “Anti-Replay Window” on page 4-22 for more informa-
tion.
26. For DF Bit Handling, select one of these options:
Copy DF bit from clear packet
The TMS zl Module copies the don’t fragment (DF) bit setting for the
IPsec packet from the inner IP packet.
•Set DF bit
The module sets the DF bit for all IPsec packets.
Clear DF bit
The module clears the DF bit for all IPsec packets.
See “The Copying of Values from the Original IP Header” on page 4-23 for
more information.
27. Under DSCP Options, choose how the TMS zl Module assigns DSCP values
to IPsec packets. Either:
•Select Copy DSCP value from clear packet.
The TMS zl Module assigns each IPsec packet the DSCP value
assigned to the original IP packet.
•Select Set DSCP value and type a value between 0 and 63 in the box.
The TMS zl Module assigns every IPsec packet in this SA the DSCP
that you configure. 0 is the default value and requests normal handling
for the packet.
See “The Copying of Values from the Original IP Header” on page 4-23 for
more information.
28. Click Next.