Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
511512513514515516517518519520
7-65
Virtual Private Networks
IPsec VPNs
The advantages and disadvantages of using manual keying are listed below:
Advantages
Manual keying does not depend on the IKE protocol, so less process-
ing is used initially to negotiate the SA.
You do not need to open UDP 500 (ISAKMP) in the firewall.
Manual keying is required for an IPsec VPN that is limited to ICMP
echo or timestamp traffic.
Disadvantages
Keys can be leaked, and overall the tunnel is less secure.
Lengthy keys can be mistyped.
Keys can be difficult to manage with multiple remote sites.
Manual keying cannot be used to create a site-to-site IPsec VPN with
the HP ProCurve Secure Router 7000dl series.
Manual keying cannot be used to configure a client-to-site VPN or with
IKE mode config.
Follow these steps to create the IPsec policy:
1. In the left navigation bar of the Web browser interface, select VPN > IPsec.
2. Click the IPsec Policies tab.
Figure 7-55. VPN > IPsec > IPsec Policies Window
3. Click Add IPsec Policy.