HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

409

Item Descri

tion

Authentication Algorithms

Select authentication and encryption algorithms for VAM

protocol packets.

With the selected authentication and encryption algorithms, the

VAM server negotiates with a client to determine the packet

integrity authentication and encryption algorithms to be used

for VAM protocol packets between them.

• Available authentication algorithms include SHA1 and

MD5, in descending order of priority.

• Available encryption algorithms include AES-256, AES-128,

3DES, and DES, in descending order of priority.

Encryption Algorithms

Pre-Shared Key

Enter a pre-shared key for the VAM server, and enter the same

pre-shared key to confirm it.

The pre-shared key is used to generate the keys for securing the

channels between the VAM server and a client. In the

connection initialization process, the pre-shared key is used to

generate the initial key for validating and encrypting

connection requests and connection responses. If encryption

and authentication is needed for subsequent packets, the

pre-shared key is also used to generate the connection key for

validating and encrypting the subsequent packets.

Confirm Pre-Shared Key

Keepalive Settings

Keepalive Interval

Set the interval and the maximum number of attempts for a VAM

client to send keepalive packets to the VAM server.

After a client successfully registers with the server, the server

sends the keepalive settings in a registration response to the

client. The client then sends keepalive packets periodically to

the server. After the server receives the keepalive packets, it

sends responses to the clients. If the server does not receive any

keepalive packet from the client within a specific period

(keepalive interval × keepalive retries), the server deletes the

client's information and logs off the client.

IMPORTANT:

In a VPN domain, all clients use the same keepalive settings. If

you change the keepalive settings of the server, the new settings

are sent to only clients that register later. All clients registering

before use the old settings.

Keepalive Retries

Hub Settings

Hub 1 Pirate IP

Configure IP addresses for Hubs. You can configure up to two

Hubs in a VPN domain.

IMPORTANT:

The public IP address is optional. When a Hub registers, the VAM

server gets the public address of the Hub and then sends the

public-private address mapping to other clients. If you specify

both the private and public addresses of a Hub on the server, the

server considers a client a valid Hub only when both the public

and private addresses that the client registers with the server

match those specified on the server.

Hub 1 Public IP

Hub 2 Pirate IP

Hub 2 Public IP