Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
551552553554555556557558559560
7-102
Virtual Private Networks
Layer 2 Tunneling Protocol (L2TP) over IPsec
The TMS zl Module checks an IPsec SA for inactivity when the SA has
transmitted and received 80 percent of the allowed bandwidth in kilo-
bytes. If the SA is active, the module renegotiates it, deleting the old SA
when the new one is established. The module deletes an inactive SA if it
is still inactive when the total lifetime in kilobytes is reached.
Note If you specify the SA lifetime both in seconds and in kilobytes, the SA is
evaluated when the first limit is reached.
11. Optionally, select the Enable PFS (Perfect Forward Secrecy for keys) check
box, which forces the tunnel endpoints to generate new keys for the L2TP
over IPsec connection. In the Diffie-Hellman (DH) Group list that is dis-
played, select one of the following:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
(Group 5 is not supported by Windows VPN clients.)
12. Optionally, select the Enable IP Compression check box; the TMS zl Module
compresses IP packets before encryption, which can help to increase
network performance.
13. Click Finish.
The L2TP policy is displayed in the VPN > IPsec > L2TP Remote Access window.
Figure 7-78. VPN > IPsec > L2TP Remote Access Window
Add L2TP Dial-in Users
You must configure one L2TP dial-in user for each remote VPN client. Follow
these steps:
1. In the left navigation bar of the Web browser interface, click VPN > IPsec.
2. Click the L2TP Remote Access tab.