TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

961

962

963

964

965

966

967

968

969

970

7-447

Virtual Private Networks

Configure a Windows XP SP2 Client for L2TP over IPsec

Table 7-39. Settings for an L2TP over IPsec Connection on the TMS zl Module

Parameter Valid Settings Configuration

Window

Matching Setting on the

Windows XP Client (Manual

Method)

IKE policy

Policy Type Client-to-Site (Responder) Add IKE Policy—Step

1 of 3

Local Gateway TMS zl Module’s IP address or VLAN that the

remote clients can reach

• Destination address in the

IP filter (step 27 on page 7-

420)

• Hostname or IP address in

the New Connection Wizard

(step 78 on page 7-440)

Local ID Type IP Address

Local ID Value Same IP address configured for the Local

Gateway

Remote ID Type • With preshared keys, IP Address

• With digital certificates, the type for the

subject name in the certificate (typically,

Distinguished Name or Domain Name)

Remote ID Value • With preshared keys, 0.0.0.0

• With digital certificates, a value or

wildcard that matches the certificate

subject name

Key Exchange

Mode

Main Mode Add IKE Policy—Step

2 of 3

Authentication

Method

•Preshared Key

• RSA Signature

• DSA Signature

Setting in the Edit

Authentication Methods

window (step 53 on page 7-432)

Preshared Key Matches the string configured on the remote

client

String in the Edit

Authentication Methods

window (step 53 on page 7-432)

Security

Parameters

Proposal

1. SA Lifetime—300 to 86400 seconds

2. DH Group:

• Group 1 (760)

• Group 2 (1024)

3. Encryption Algorithm:

•DES

•3DES

4. Authentication Algorithm:

•MD5

• SHA-1

1. Key Exchange Settings

(step 59 on page 7-435)

2. IKE Security Methods (step

63 on page 7-436):

– Diffie-Hellman group

– Encryption algorithm

– Integrity algorithm

XAUTH

Configuration

Disable XAUTH Add IKE Policy—Step

3 of 3