TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
50
Known Issues
Release ST.1.1.100430
■ PR_55116 — Shrew Soft VPN client cannot establish the tunnel when RSA is being used for
IPsec authentication.
■ PR_55129 — Shrew Soft VPN client can establish the tunnel 'Enable extended sequence
number' option is selected, but no traffic flows.
■ PR_55485 — There have been extremely rare occurrences where after an upgrade and
subsequent reboot, a GRE tunnel could come back with a large value for number of days up
(for example, 14715). A workaround is to manually delete the tunnel and recreate it to get
the appropriate days up value.
■ PR_55548 — When specifying an IP Pool Range in the Web browser interface, the first range
value is allowed to be a higher range IP address than the second range value.
■ PR_55806 — In the Command Line Interface, when setting IKEv1 identities for local and
remote ID, the domain name, email address, distinguished name and IP address accepts
invalid values.
Steps:
1. Open CLI session
2. Set and IKEv1 policy
5406-06(tms-module-C:config)# ipsec ikev1 siteike <cr>
5406-06(tms-module-C:ikev1)#
3. Select the type
5406-06(tms-module-C:ikev1)# type site-to-site local-gateway vlan 100
remote-gateway 10.10.100.234
Success: Policy type and local and remote gateway were set successfully.
4. Set the identities
(for example, set invalid local id domain name and invalid remote id email address)
5406-06(tms-module-C:ikev1)# identities local type domain-name a2.1 remote type
email-addrress a.23
Success: Local and remote identities were set.
(for example, set invalid local id ip-addr and invalid remote id distinguished name
5406-06(tms-module-C:ikev1)# identities local type ip-addr 239.1.1.1 remote type
distinguished-name a
Success: Local and remote identities were set.
Note: for ip-addr no mcast ip should be accepted and for distinguished name the valid value
should be something like /CN=example.local