Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
451452453454455456457458459460
448
Ste
p
Command
Remarks
3. Specify the algorithms for
protocol packet
authentication and their
priorities.
authentication-algorithm { none |
{ md5 | sha-1 } * }
Optional.
By default, SHA-1 is used for
protocol packet authentication.
4. Specify the algorithms for
protocol packet encryption
and their priorities.
encryption-algorithm { { 3des |
aes-256 | aes-128 | des } * |
none }
Optional.
By default, four encryption
algorithms are available and
preferred in this order: AES-128,
AES-256, 3DES, and DES.
Specifying the client authentication mode
A VAM server supports only PAP and CHAP authentication.
To configure the client authentication mode:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VPN domain view.
vam server vpn vpn-name N/A
3. Specify the client
authentication mode.
authentication-method { none |
{ chap | pap } [ domain
name-string ] }
Optional.
By default, a VAM server performs
CHAP authentication of clients,
using the default domain
configured for the system.
Specifying a hub
On a server, you can configure a hub by specifying its private IP address and public IP address. In a VPN
domain, you can configure up to two hubs, and the total number of spokes and hubs can be 5000 at
most.
The public IP address is optional. When a hub registers, the VAM server gets the public address of the
hub and then sends the public-private address mapping to other clients.
If you specify both the private and public addresses of a hub on the server, the server considers a client
a valid hub only when both the public and private addresses that the client registers with the server match
those specified on the server.
To specify a hub:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter VPN domain view.
vam server vpn vpn-name N/A
3. Specify the private IP address
and public IP address of a
hub.
hub private-ip private-ip-address
[ public-ip public-ip-address ]
No hub is specified by default.
Configuring the pre-shared key of the VAM server
The pre-shared key is used to generate the keys for securing the channels between the server and a client.