Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
441442443444445446447448449450
4-266
Configuring a VPN on the HP TMS zl Module
L2TP over IPsec VPNs
Table 4-32. IKE Security Settings Proposed by Windows XP Clients
Note You could configure other settings. However, in that case, you could not use
the New Connection Wizard to set up the VPN connection on the Windows
client; instead, you would have to configure the IPsec settings for the connec-
tion manually and make sure to match the settings configured here.
a. For Diffie-Hellman (DH) Group, select the group for the Diffie-Hellman
key exchange:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated
by the exchange.
b. For Encryption Algorithm, select one of these protocols, listed from
least secure (and least processor-intensive) to most:
–DES
AES-128 (16)
–3DES
AES-192 (24)
AES-256 (32)
The number in parentheses after AES options indicates the key length
for the algorithm in bytes.
c. For Authentication Algorithm, select one of these protocols, listed from
least secure (and least processor-intensive) to most:
–MD5
–SHA-1
d. For SA Lifetime in Seconds, leave the default, 28800.
Remember that this setting applies to the IKE SA, which is a tempo-
rary tunnel used only to establish the IPsec SA.
Proposal Encryption Algorithm Authentication Algorithm Diffie-Hellman Group SA Lifetime in Seconds
1 3DES SHA-1 2 28800
2 3DES MD5 2 28800
3 DES SHA-1 1 28800
4 DES MD5 1 28800