Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
541542543544545546547548549550
7-21
Virtual Private Networks
IPsec Concepts
Advanced IPsec Features
The TMS zl Module supports these advanced features:
IP compression
Customizable anti-replay window size
Extended sequence number
Re-key on sequence number overflow
Persistent tunnels
Fragmentation before IPsec
The copying of values from the original IP header
The section below describes these features. Table 7-3 indicates which features
are enabled by default and other default settings.
Table 7-3. Advanced IPsec Features
IP Compression
Various Data-Link Layer protocols compress packets to decrease the amount
of bandwidth that they require. IPsec packets cannot be compressed because
such compression would interfere with encryption and with integrity checks.
IP compression allows the TMS zl Module to compress IP packets before
encryption, which can help to increase network performance.
Anti-Replay Window
The TMS zl Module checks the sequence number for IPsec packets within an
SA. It drops out-of-order packets to protect against replay attacks (in which
hackers snoop legitimate packets and resend them for their own purposes).
However, because packets might arrive slightly out of order, the TMS zl
Module accepts packets that arrive within the anti-replay window.
Feature Default Setting
IP compression Disabled
Anti-replay window Always enabled—default size, 32
Extended sequence number Disabled
Re-key on sequence number overflow Enabled
Persistent tunnel Disabled
Fragment before IPsec Enabled
Copy, set, or clear the DF bit Copy
Copy or set the DSCP Set to 0