Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1331133213331334133513361337133813391340
A-139
Command-Line Reference
IPsec Policy Context
To enter the IPsec auto keys context, enter the following command from the
IPsec policy apply context:
Syntax: key-exchange-method auto
To verify your location in the CLI, check the prompt. In the Manual Key
Exchange context, the prompt is ProCurve(tms-module-<slot
ID>:ipsec:apply:auto)#.
To exit the IPsec auto keys context, enter the following:
Syntax: exit
If you have not set all of the necessary configurations, you will be prompted
to do so and asked whether you actually want to exit.
From the IPsec auto keys context, you can:
Set the IKEv1 policy (page A-139)
Enable (or disable) PFS (Perfect Forward Secrecy) for keys (page A-140)
Set the SA lifetime values (page A-140)
apply. Once you have configured all parts of the IPsec policy, you must apply
the policy. The apply command verifies that all required settings are config-
ured and then adds or edits the IPsec policy. (If the requirements are not met,
the command does not take effect, and an error message indicates which
settings are missing.) Enter the following command:
Syntax: apply
This command is also available from the IPsec policy, IPsec policy apply, IPsec
policy bypass, IPsec policy deny, IPsec manual keys, and IPsec IRAS contexts.
ikev1. This command sets a previously-configured IKEv1 policy for this
IPsec policy:
Syntax: ikev1 <policy name>
Replace <policy name> with the name of the appropriate IKEv1 policy for
this connection. For example, for a site-to-site VPN, the remote gateway that
is specified in the IKEv1 policy must be the gateway for the remote IP
addresses in this policy’s traffic selector.