Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
641642643644645646647648649650
7-126
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with Manual Keying
5. For Encapsulation Mode, typically select Tunnel Mode.
Tunnel mode allows endpoints behind the TMS zl Module and the remote
gateway to forward traffic over the VPN. In transport mode, traffic must
be originated by the TMS zl Module itself or by the remote gateway. This
mode is typically used when you are creating a proposal for GRE over
IPsec site-to-site VPNs or L2TP over IPsec client-to-site VPNs.
6. For Security Protocol, select AH or ESP.
7. If you selected ESP in the previous step, select one of the following for
Encryption Algorithm:
•NULL
If you select this option, VPN traffic will not be encrypted.
•DES
•3DES
AES-128 (16)
AES-192 (24)
AES-256 (32)
The number in parentheses after AES options indicates the key length for
the algorithm in bytes.
8. If you selected either ESP or AH, for Authentication Algorithm, select one of
the following:
None
You must not select None if you selected AH for the Security Protocol
or if you selected NULL for the ESP Encryption Algorithm.
•MD5
SHA-1
•AES-XCBC
9. Click OK.
The IPsec proposal is displayed in the VPN > IPsec > IPsec Proposals window.
Figure 7-107. VPN > IPsec > IPsec Proposals Window (Proposal Added)