TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

941

942

943

944

945

946

947

948

949

950

7-444

Virtual Private Networks

Configure a Windows XP SP2 Client for L2TP over IPsec

Table 7-39. Settings for an L2TP over IPsec Connection on the TMS zl Module

Parameter Valid Settings Configuration

Window

Matching Setting on the

Windows XP Client

(Manual Method)

IKE policy

Policy Type Client-to-Site (Responder) Add IKE Policy—Step

1 of 3

Local Gateway TMS zl Module’s IP address or VLAN that the

remote clients can reach

• Destination address

in the IP filter (step 27

on page 7-418)

• Hostname or IP

address in the New

Connection Wizard

(step 78 on page 7-

437)

Local ID Type IP Address

Local ID Value Same IP address configured for the Local

Gateway

Remote ID Type • With preshared keys, IP Address

• With digital certificates, the type for the subject

name in the certificate (typically, Distinguished

Name or Domain Name)

Remote ID Value • With preshared keys, 0.0.0.0

• With digital certificates, a value or wildcard

that matches the certificate subject name

Key Exchange

Mode

Main Mode Add IKE Policy—Step

2 of 3

Authentication

Method

•Preshared Key

• RSA Signature

• DSA Signature

Setting in the Edit

Authentication Methods

window (step 53 on

page 7-430)

Preshared Key Matches the string configured on the remote

client

String in the Edit

Authentication Methods

window (step 53 on

page 7-430)

Security

Parameters

Proposal

1. SA Lifetime—300 to 86400 seconds

2. DH Group:

• Group 1 (760)

• Group 2 (1024)

3. Encryption Algorithm:

•DES

•3DES

4. Authentication Algorithm:

•MD5

• SHA-1

1. Key Exchange

Settings (step 59 on

page 7-432)

2. IKE Security Methods

(step 63 on page 7-

433):

– Diffie-Hellman

group

– Encryption

algorithm

– Integrity algorithm