TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1271

A-79

Command-Line Reference

Global Configuration Context

ipsec

The ipsec command includes many options. It contains all of the commands

you need to create an IPsec VPN, including the IKEv1 policy, the IPsec

proposal, and the IPsec policy itself.

For this reason, documentation of this command will be separated into several

sections.

■ Global IPsec—these commands control whether IPsec is enabled, how

ICMP error messages are handled, the number of SAs allowed per policy,

whether SAs are automatically revalidated when policies change, and the

minimum packet size for IP compression. (See “ipsec enable” on page

A-79, “ipsec icmp” on page A-80, “ipsec sa” on page A-82, and “ipsec ip-

compression” on page A-80.)

■ IKEv1—this command creates (or deletes) an IKEv1 policy and enables

you to enter the IKEv1 context. (See “ipsec ikev1” on page A-80.)

■ IKEv1 context—using the commands in this context, you can create and

edit an IKEv1 policy. (See “IKEv1 Context” on page A-118.)

■ IPsec proposal—this command creates (or deletes) an IPsec proposal,

which sets the IPsec mode (tunnel or transport) and IPsec security

protocol for the tunnel. (See “ipsec proposal” on page A-81.)

■ IPsec policy—this command creates (or deletes) an IPsec policy and

enables you to enter the IPsec policy context. (See “ipsec policy” on page

A-82.)

■ IPsec policy context—the commands in this context enable you to specify

the settings for an IPsec SA (the actual VPN connection). (See “IPsec

Policy Context” on page A-127.) Within this context there are three

additional contexts:

• Auto Key Exchange context—from this context, you select the IKEv1

policy that this IPsec policy will use as well as the SA lifetime and the

tunnel’s Perfect Forward Secrecy settings. (See “IPsec Auto Keys

Context” on page A-138.)

• Manual Key Exchange context—from this context, you set the local

and remote gateway addresses and ESP keys. (See “IPsec Manual

Keys Context” on page A-141.)

• IRAS context—from this context, you configure the IP addresses and

other settings assigned to remote endpoints through IKE mode config.

(See “IPsec IRAS Context” on page A-144.)

ipsec enable

To enable (or disable) IPsec globally, enter the following command.