Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
551552553554555556557558559560
7-101
Virtual Private Networks
Layer 2 Tunneling Protocol (L2TP) over IPsec
Figure 7-77. Add L2TP Policy—Step 2 of 2
8. For Proposal, select the IPsec proposal that you configured for the L2TP
connection.
You must select a transport-mode proposal that uses the ESP protocol.
9. For SA Lifetime in seconds, type a value between 300 (5 minutes) and 86400
(24 hours). Or type 0 if you do not want to specify a lifetime in seconds
(in this case, you must specify a lifetime in kilobytes).
This setting determines how long the IPsec SA remains open. When the
lifetime of the SA reaches 80 percent of the total lifetime, the TMS zl
Module checks whether the SA has experienced any activity. If it has, the
module negotiates a new SA and then deletes the old SA. If the SA is
inactive, the module waits for the complete lifetime to expire. Then, if the
SA is still inactive, the module deletes the SA.
The default value is 28800 (8 hours).
10. For SA Lifetime in Kilobytes, type a value between 2560 and 4194304. Or
leave the default 0 if you do not want to specify a lifetime in kilobytes (in
this case, you must specify a lifetime in seconds).
This setting determines when an SA expires based on the amount of data
passed over it, rather than by time. (The more traffic sent over a connec-
tion, the better chance a hacker has at cracking a key.)