Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
871872873874875876877878879880
7-356
Virtual Private Networks
Manage VPN Connections and GRE Tunnels
Figure 7-304. Status (<IKE Policy> - <SA Number>) Window
These details are displayed:
Peer Addressthe IP address of the remote tunnel endpoint or client with
which the module has established the SA
State—the current state of the IKE SA
The state for an active IKE SA is SA_Mature.
Lifetime in Seconds—the remaining number of seconds before the SA times
out or is renegotiated
Lifetime in KB—the remaining number of kilobytes that the IKE SA can
carry before the SA times out or is renegotiated
However, if the security settings did not specify a lifetime in kilobytes, the
value always displays as 0.
New Group Mode Exchange Descriptor
In the IPsec VPN Tunnels section, the VPN > IPsec > VPN Connections window
displays information about IPsec SAs. Each VPN connection between the
TMS zl Module and a remote gateway or endpoint entails two IPsec SAs—one
for inbound traffic and one for outbound traffic.
Note IPsec VPN tunnels may not appear in the window until traffic passes through
the tunnel. Click View status for the tunnels IKE SA. If the IKE SA state is
SA_Mature, the tunnel is open and ready for traffic.
The window shows this information for each IPsec tunnel (you can see more
tunnels by clicking the navigation buttons):
Policy Name—the IPsec policy used to establish the VPN tunnel
SA Number—a number that the TMS zl Module assigns to the SA
Local Gateway—the local IP addresses in the traffic selector for this policy