Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
7-62
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Figure 7-47. Add IPsec Policy Window—Step 2 of 4
11. For Key Exchange Method, keep the default, Auto (with IKEv1).
12. For IKEv1 Policy, select a previously configured IKEv1 policy.
You must select a policy of the client-to-site type.
13. Optionally, select the Enable PFS (Perfect Forward Secrecy) for keys check
box, which forces the tunnel endpoints to generate new keys for the IPsec
SA. In the list that is displayed, select one of the following:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated by
the exchange.