Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
641642643644645646647648649650
7-127
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with Manual Keying
10. Click Save.
Create an IPsec Policy That Uses Manual Keying
This section explains how to configure an IPsec policy for an IPsec SA that is
established with manual keys.
The advantages and disadvantages of using manual keying are listed below:
Advantages
Manual keying does not depend on the IKE protocol, so less process-
ing is used initially to negotiate the SA.
You do not need to open UDP 500 (ISAKMP) in the firewall.
Manual keying is required for an IPsec VPN that is limited to ICMP
echo or timestamp traffic.
Disadvantages
Keys can be leaked, and overall the tunnel is less secure.
Lengthy keys can be mistyped.
Keys can be difficult to manage with multiple remote sites.
Manual keying cannot be used to create a site-to-site IPsec VPN with
the HP ProCurve Secure Router 7000dl series.
Manual keying cannot be used to configure a client-to-site VPN or with
IKE mode config.
Follow these steps to create the IPsec policy:
1. In the left navigation bar of the Web browser interface, click VPN > IPsec.
2. Click the IPsec Policies tab.
Figure 7-108. VPN > IPsec > IPsec Policies Window
3. Click Add IPsec Policy.