Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
671672673674675676677678679680
7-151
Virtual Private Networks
Configure an L2TP over IPsec VPN
b. For Authentication Method, select Preshared Key.
c. Type a string of 12 to 49 alphanumeric or special characters in the
Preshared Key box. Type the same string in the Confirm Preshared
Key box.
The string (which is case-sensitive) must match the string that is
configured on the remote endpoints.
11. Under Security Parameters Proposal, configure the security settings pro-
posed by the TMS zl Module for the IKE SA.
A Windows XP client sends five IKE security proposals, four of which are
compatible with the TMS zl Module. See Table 7-16 for a list of these
proposals; you must configure the Security Parameters Proposal to match
one. (Note that Windows Vista clients only support proposal 1.)
Table 7-16. IKE Security Settings Proposed by Windows XP Clients
Note You could configure other settings. However, in that case, you could not
use the New Connection Wizard to set up the VPN connection on the
Windows client; instead, you would have to configure the IPsec settings
for the connection manually and make sure to match the settings config-
ured here.
a. For Diffie-Hellman (DH) Group, select the group for the Diffie-Hellman
key exchange:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated
by the exchange.
Proposal Encryption Algorithm Authentication Algorithm Diffie-Hellman Group SA Lifetime in Seconds
1 3DES SHA-1 2 28800
2 3DES MD5 2 28800
3 DES SHA-1 1 28800
4 DES MD5 1 28800