Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
541542543544545546547548549550
4-366
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
Figure 4-273. Manage IPsec Wizard > Add IPsec Policy (step 2) Window
6. For Key Exchange Method, keep the default, Auto (with IKEv1).
7. For IKEv1 Policy, select the IKEv1 policy that specifies the remote tunnel
endpoint as the remote gateway.
8. Optionally, select the Enable PFS (Perfect Forward Secrecy) for keys check
box, which forces the tunnel endpoints to generate new keys for the IPsec
SA. In the list that is displayed, select one of the following:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated by
the exchange. You must match the settings on the remote tunnel endpoint.
9. For SA Lifetime in seconds, type a value between 300 (5 minutes) and 86400
(24 hours). Or type 0 if you do not want to specify a lifetime in seconds
(in this case, you must specify a lifetime in kilobytes). You must match
the settings on the remote tunnel endpoint.