Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
501502503504505506507508509510
7-55
Virtual Private Networks
IPsec VPNs
The number in parentheses after AES options indicates the key length for
the algorithm in bytes.
8. If you selected either ESP or AH, for Authentication Algorithm, select one of
the following:
•MD5
SHA-1
AES-XCBC
9. Click OK.
The IPsec proposal is displayed in the VPN > IPsec > IPsec Proposals window.
Figure 7-48. VPN > IPsec > IPsec Proposals Window (Proposal Added)
10. Click Save.
Create an IPsec Policy
The IPsec policy specifies the settings for an IPsec SA—that is, the actual VPN
connection. The TMS zl Module can establish the IPsec SA using IKE or using
keys that you specify manually. You must use IKE for a client-to-site VPN, and
IKE is also the preferred option for site-to-site VPNs.
Follow the steps in one of these sections:
“Create an IPsec Policy for a Site-to-Site VPN That Uses IKE on page 7-55
“Create an IPsec Policy That Uses Manual Keying” on page 7-64
“Create an IPsec Policy for a Client-to-Site IPsec VPN” on page 7-73
Create an IPsec Policy for a Site-to-Site VPN That Uses IKE. This
section explains how to configure an IPsec policy for an IPsec SA that is
established between two gateway devices using IKE. The IPsec policy
includes the settings that are negotiated during IKE phase 2 and also selects
traffic for the VPN connection.