Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1331133213331334133513361337133813391340
A-82
Command-Line Reference
Global Configuration Context
IPsec policy context—the commands in this context enable you to specify
the settings for an IPsec SA (the actual VPN connection). (See “IPsec
Policy Context” on page A-131.) Within this context there are three
additional contexts:
Auto Key Exchange context—from this context, you select the IKEv1
policy that this IPsec policy will use as well as the SA lifetime and the
tunnel’s Perfect Forward Secrecy settings. (See “IPsec Auto Keys
Context on page A-142.)
Manual Key Exchange context—from this context, you set the local
and remote gateway addresses and ESP keys. (See “IPsec Manual
Keys Context” on page A-145.)
IRAS context—from this context, you configure the IP addresses and
other settings assigned to remote endpoints through IKE mode config.
(See “IPsec IRAS Context” on page A-149.)
ipsec enable
To enable (or disable) IPsec globally, enter the following command.
Syntax: [no] ipsec enable
ipsec icmp
ICMP error messages may not be allowed by the traffic selectors that select
traffic for the VPN tunnel. However, these error messages are often necessary
for a session. When you enable the TMS zl Module to send ICMP messages, it
will return an ICMP error message when it receives bad or inconsistent data.
When you enable the module to handle ICMP messages the module will accept
incoming ICMP error messages.
Both of these functions are enabled by default.
To enable (or disable) the TMS zl Module to send or handle (accept) ICMP
error messages, enter the following command.
Syntax: [no] ipsec icmp < send | handle > enable
ipsec ikev1
To create or edit (or delete) an IKEv1 policy and enter the IKEv1 context, enter
the following:
Syntax: [no] ipsec ikev1 <policy name>