HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

531

532

533

534

535

536

537

538

539

540

4-353

Configuring a VPN on the HP TMS zl Module

GRE Tunnels

c. If you selected Preshared Key, type a string of 12 to 49 alphanumeric

or special characters in the Preshared Key box. Type the same string

in the Confirm Preshared Key box.

The string (which is case-sensitive) must match that configured on

the remote gateway.

14. Under Security Parameters Proposal, configure the security settings pro-

posed by the TMS zl Module for the IKE SA:

a. For Diffie-Hellman (DH) Group, select the group for the Diffie-Hellman

exchange:

– Group 1 (768)

– Group 2 (1024)

– Group 5 (1536)

The group determines the length of the prime number used during the

exchange. The larger the number, the more secure the key generated

by the exchange.

b. For Encryption Algorithm, select one of these protocols, listed from

least secure (and least processor-intensive) to most:

–DES

– AES128 (16)

–3DES

– AES192 (24)

– AES256 (32)

The number in parentheses after AES options indicates the key length

for the algorithm in bytes.

c. For Authentication Algorithm, select one of these protocols, listed from

least secure (and least processor-intensive) to most:

–MD5

–SHA-1

d. For SA Lifetime in Seconds, type the number of seconds that the IKE

SA is kept open.

Valid values are between 300 seconds and 86400 seconds (1 day). The

default value is 28800 (8 hours).

Remember that this setting applies to the IKE SA, which is a tempo-

rary tunnel used only to establish the IPsec SA.

15. Click Next.