Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
621622623624625626627628629630
7-105
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with IKE
Figure 7-90. Add IPsec Proposal Window
4. For Proposal Name, type a descriptive string of 1 to 32 alphanumeric
characters. The string must be unique to this proposal.
Often, it is a good idea to indicate the algorithms that you will select in
the name—for example, ESP3desMD5.
5. For Encapsulation Mode, select one of the following:
Tunnel Mode—Select this mode for a site-to-site IPsec VPN. Tunnel
mode allows endpoints behind the TMS zl Module and the remote
gateway to forward traffic over the VPN.
Also select Tunnel Mode for a client-to-site IPsec VPN so that the
remote clients can reach services behind the TMS zl Module.
Transport Mode—In transport mode, the tunnel endpoints must origi-
nate all traffic sent on the VPN. In other words, the VPN only supports
traffic originated by the TMS zl Module itself or by the remote end-
point. This mode is typically used when you are creating a proposal
for GRE over IPsec site-to-site VPNs or L2TP over IPsec client-to-site
VPNs.
6. For Security Protocol, select AH or ESP.
7. If you selected ESP in the previous step, select one of the following for
Encryption Algorithm:
•NULL
If you select this option, VPN traffic will not be encrypted.