Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
781782783784785786787788789790
7-281
Virtual Private Networks
Configure a GRE over IPsec VPN with Manual Keying
8. If you selected either ESP or AH, for Authentication Algorithm, select one of
the following:
None
You must not select None if you selected AH for the Security Protocol
or if you selected NULL for the ESP Encryption Algorithm.
•MD5
SHA-1
•AES-XCBC
9. Click OK.
The IPsec proposal is displayed in the VPN > IPsec > IPsec Proposals window.
Figure 7-245. VPN > IPsec > IPsec Proposals Window (Proposal Added)
10. Click Save.
Create an IPsec Policy for a GRE over IPsec VPN That
Uses Manual Keying
This section explains how to configure an IPsec policy for an IPsec SA that is
established with manual keys.
The advantages and disadvantages of using manual keying are listed below:
Advantages
Manual keying does not depend on the IKE protocol, so less process-
ing is used initially to negotiate the SA.
You do not need to open UDP 500 (ISAKMP) in the firewall.
Manual keying is required for an IPsec VPN that is limited to ICMP
echo or timestamp traffic.