Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
521522523524525526527528529530
7-73
Virtual Private Networks
IPsec VPNs
c. When you select the Enable Copy DSCP value from data packet check
box, the TMS zl Module assigns each IPsec packet the DSCP value
assigned to the original IP packet. If you do not select this check box,
you can assign the same DSCP value to all IPsec packets in this VPN.
Type a value between 0 and 63 for DSCP Value.
d. For DF Bit Handling, select one of these options:
Copy DF bit from clear packet
The TMS zl Module copies the DF bit setting for the IPsec packet
from the inner IP packet.
Set DF bit
The module sets the DF bit for all IPsec packets.
Clear DF bit
The module clears the DF bit for all IPsec packets.
See “Advanced IPsec Features” on page 7-16 for more information.
18. Click Finish.
The IPsec policy is displayed in the VPN > IPsec > IPsec Policies window.
Figure 7-61. VPN > IPsec > IPsec Policies Window (Policy Added)
Move to the next task: “Access Policies for an IPsec Site-to-Site VPN with
Manual Keying” on page 7-116.
Create an IPsec Policy for a Client-to-Site IPsec VPN. This section
explains how to configure an IPsec policy for a client-to-site VPN. The IPsec
policy selects traffic between local IP addresses that are accessible to the
remote users and the remote users. It includes settings that will be negotiated
during IKE phase 2.
For client-to-site IPsec VPNs, it is generally recommended that you use IKE
mode config. However, some IPsec clients (such as IPSecuritas VPN clients)
do not support the TMS zl Module implementation of IKE mode config. Decide
now whether you will use IKE mode config. Various settings depend on
whether you will use this feature.