Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1391139213931394139513961397139813991400
A-144
Command-Line Reference
IPsec Policy Context
apply. Once you have configured all parts of the IPsec policy, you must apply
the policy. The apply command verifies that all required settings are config-
ured and then adds or edits the IPsec policy. (If the requirements are not met,
the command does not take effect, and an error message indicates which
settings are missing.) Enter the following command:
Syntax: apply
This command is also available from the IPsec policy, IPsec policy apply, IPsec
policy bypass, IPsec policy deny, IPsec manual keys, and IPsec IRAS contexts.
ikev1. This command sets a previously-configured IKEv1 policy for this
IPsec policy:
Syntax: ikev1 <policy name>
Replace <policy name> with the name of the appropriate IKEv1 policy for
this connection. For example, for a site-to-site VPN, the remote gateway that
is specified in the IKEv1 policy must be the gateway for the remote IP
addresses in this policy’s traffic selector.
preview. Before you apply the IPsec policy, you should preview it to make
sure that everything is correct. To preview your policy, enter the following
command from any IPsec policy context:
Syntax: preview
The command is also available from other contexts accessed through the
IPsec policy context.
pfs. Using PFS (Perfect Forward Secrecy) for keys forces the tunnel end-
points to generate new keys for the IPsec SA.
To enable PFS, enter the following command:
Syntax: pfs enable dh-group <group1-768 | group2-1024 | group5-1536>
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated by the
exchange.
To disable PFS, enter the following command:
Syntax: no pfs enable
sa-lifetime. The SA lifetime values command determines how long the IPsec
SA remains open.