Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
501502503504505506507508509510
7-54
Virtual Private Networks
IPsec VPNs
Figure 7-47. Add IPsec Proposal Window
4. For Proposal Name, type a descriptive string of 1 to 10 alphanumeric
characters. The string must be unique to this proposal.
Often, it is a good idea to indicate the algorithms that you will select in
the name—for example, ESP3desMD5.
5. For Encapsulation Mode, select one of the following:
Tunnel Mode—Select this mode for a site-to-site IPsec VPN. Tunnel
mode allows endpoints behind the TMS zl Module and the remote
gateway to forward traffic over the VPN.
Also select Tunnel Mode for a client-to-site IPsec VPN so that the
remote clients can reach services behind the TMS zl Module.
Transport Mode—In transport mode, the tunnel endpoints must origi-
nate all traffic sent on the VPN. In other words, the VPN only supports
traffic originated by the TMS zl Module itself or by the remote end-
point. This mode is typically used when you are creating a proposal
for GRE over IPsec site-to-site VPNs or L2TP over IPsec client-to-site
VPNs.
6. For Security Protocol, select AH or ESP.
7. If you selected ESP in the previous step, select one of the following for
Encryption Algorithm:
•DES
•3DES
AES-128 (16)
AES-192 (24)
AES-256 (32)