TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

911

912

913

914

915

916

917

918

919

920

7-394

Virtual Private Networks

Configure IPSecuritas (Macintosh VPN Client)

IPsec policy

Action Apply Add IPsec Policy—Step 1 of 4

Position Any but last

Protocol Any

Local Address Matches the setting configured in step 13b on page 7-386

Remote Address Matches the setting configured in step 13a on page 7-385

Proposal The IPsec proposal that you configured for the Macintosh clients

IKEv1 Policy The client-to-site IKE policy that you configured for the

Macintosh clients

Add IPsec Policy—Step 2 of 4

Enable PFS (Perfect

Forward Secrecy) for

keys

Matches the setting configured in step 16b on page 7-387

Diffie-Hellman (DH)

Group (if you enabled

PFS)

Matches the setting configured in step 16b on page 7-387

SA Lifetime in

Seconds

Matches the setting configured in step 16a on page 7-387

SA Lifetime in

Kilobytes

Matches the setting configured in step 16a on page 7-387

Enable IP Address

Pool for IRAS (Mode

Config)

Check box is cleared. IPSecuritas does not support the TMS zl

Module’s implementation of IKE mode config.

Add IPsec Policy—Step 3 of 4

Advanced Settings

(Optional)

Default settings Add IPsec Policy—Step 4 of 4

Firewall access

policies

User Group None • Permit SELF EXTERNAL isakmp Any Any

• Permit EXTERNAL SELF isakmp Any Any

• Permit EXTERNAL [local endpoints’ zone] Any Any Any

• Permit [local endpoints’ zone] EXTERNAL Any Any Any

Add Policy

Parameter Valid Settings Configuration Window