Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-84
Virtual Private Networks
IPsec VPNs
b. For Anti-Replay Window Size, type a value between 32 and 1024.
This setting determines how far out of order a packet can arrive and
still be accepted. See “Advanced IPsec Features” on page 7-16 for
more information.
c. When you select the Enable Copy DSCP value from data packet check
box, the TMS zl Module assigns each IPsec packet the DSCP value
assigned to the original IP packet. If you do not select this check box,
you can assign the same DSCP value to all IPsec packets in this VPN.
Type a value between 0 and 63 for DSCP Value.
d. For DF Bit Handling, select one of these options:
Copy DF bit from clear packet
The TMS zl Module copies the DF bit setting for the IPsec packet
from the inner IP packet.
Set DF bit
The module sets the DF bit for all IPsec packets.
Clear DF bit
The module clears the DF bit for all IPsec packets.
See “Advanced IPsec Features” on page 7-16 for more information.
20. Click Finish.
The IPsec policy is displayed in the VPN > IPsec > IPsec Policies window.
Figure 7-67. VPN > IPsec > IPsec Policies Window (Policy Added)
Move to the next task: “Access Policies for an IPsec Client-to-Site VPN with
IKE” on page 7-118.
Configure Bypass and Ignore IPsec Policies
Bypass and Ignore IPsec policies allow the TMS zl Module to select a subset
of the traffic in a VPN for different handling.