Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
iv
IPsec with IPsec tunnel interfaces configuration example················································································ 187
IPsec for RIPng configuration example ·············································································································· 191
IPsec RRI configuration example ························································································································ 195
IPsec stateful failover configuration example ··································································································· 197
Using a wizard to configure an IPsec VPN ··········································································································· 206
Configuring a center node ·········································································································································· 206
Configuring a branch node ········································································································································ 210
Configuring a peer node ············································································································································ 213
Configuring L2TP ····················································································································································· 218
Overview ······································································································································································· 218
Typical L2TP networking application ················································································································· 218
L2TP message types and encapsulation structure ···························································································· 219
L2TP tunnel and session ······································································································································ 220
L2TP tunneling modes and tunnel establishment process ················································································ 220
L2TP features ························································································································································ 223
Protocols and standards ····································································································································· 223
Configuring L2TP in the Web interface ····················································································································· 223
Recommended L2TP configuration procedure ·································································································· 223
Enabling L2TP ······················································································································································ 224
Adding an L2TP group ········································································································································ 224
Configuring an ISP domain ································································································································ 229
Specifying an IP address pool ··························································································································· 231
Displaying L2TP tunnel information ··················································································································· 231
Client-initiated VPN configuration example ····································································································· 232
Configuring L2TP at the CLI ········································································································································· 235
L2TP configuration task list ································································································································· 235
Configuring basic L2TP capability ····················································································································· 237
Configuring an LAC ············································································································································ 237
Configuring an LNS ············································································································································ 240
Configuring L2TP connection parameters ········································································································· 244
Displaying and maintaining L2TP ······················································································································ 245
Configuration example for NAS-initiated VPN ································································································ 246
Configuration example for client-initiated VPN ································································································ 248
Configuration example for LAC-auto-initiated VPN ························································································· 249
Configuration example for L2TP multi-domain application ············································································· 252
Complicated network application ····················································································································· 255
Troubleshooting L2TP ··················································································································································· 255
Managing certificates ············································································································································· 257
Overview ······································································································································································· 257
PKI terms ······························································································································································· 257
PKI architecture ···················································································································································· 258
PKI operation ······················································································································································· 259
PKI applications ··················································································································································· 259
PKI configuration guidelines ······································································································································· 259
Configuring PKI in the Web interface ························································································································ 260
Recommended configuration procedure ··········································································································· 260
Creating a PKI entity ··········································································································································· 262
Creating a PKI domain ······································································································································· 264
Generating an RSA key pair ······························································································································ 267
Requesting a local certificate ····························································································································· 267
Destroying the RSA key pair ······························································································································ 268
Retrieving and displaying a certificate ············································································································· 269
Retrieving and displaying a CRL ························································································································ 270