HP TMS zl Module Security Administrator's Guide
4-360
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
• AES-192 (24)
• AES-256 (32)
The number in parentheses after AES options indicates the key length for
the algorithm in bytes.
8. If you selected either ESP or AH, for Authentication Algorithm, select one of
the following:
•None
You must not select None if you selected AH for the Security Protocol
or if you selected NULL for the ESP Encryption Algorithm.
•MD5
•SHA-1
• AES-XCBC
9. Click Next.
10. Review the configuration settings you have selected. If you want to save
the changes as well as apply them, select the Save Configuration check box.
If any of the TMS zl Modules is a master in a cluster and you want to
immediately synchronize the changes, select the Synchronize changes to
participant check box.Note that this will cause the participant to reboot.
If you need to change any settings, click Back until you reach the appro-
priate window and can select a different setting.
When you are ready to apply the configuration, click Next.
11. A window is displayed, showing the setting being applied to the TMS zl
Module. When you see that they have been applied successfully, click
Close.
The IPsec proposal is displayed in the TMS-VPN > IPsec > IPsec Proposal
window.
Move to the next task: configuring an IPsec policy.
Create an IPsec Policy for a GRE over IPsec VPN
That Uses IKE
This section explains how to configure an IPsec policy for an IPsec SA that is
established for a GRE tunnel using IKE. The IPsec policy includes the settings
that are negotiated during IKE phase 2 and also selects traffic for the VPN
connection.
You must configure the IPsec policy on each TMS zl Module individually.
Repeat these steps for each module: