HP 5120 SI Series Security Configuration Manual page 11

Enabling the FIPS mode ······································································································································ 336
Triggering a self-test ············································································································································ 337
Displaying and maintaining FIPS ······························································································································· 337
FIPS configuration example········································································································································· 337
Network requirements ········································································································································· 337
Configuration procedure ···································································································································· 337
Verifying the configuration ································································································································· 338
Configuring IPsec ···················································································································································· 340
Overview ······································································································································································· 340
Basic concepts ····················································································································································· 340
Protocols and standards ····································································································································· 343
Configuring IPsec ························································································································································· 343
Implementing ACL-based IPsec ··································································································································· 343
Feature Restrictions ·············································································································································· 343
ACL-based IPsec configuration task list ············································································································· 343
Configuring ACLs ················································································································································ 344
Configuring an IPsec proposal ·························································································································· 345
Configuring an IPsec policy ······························································································································· 346
Applying an IPsec policy group to an interface ······························································································· 349
Configuring the IPsec session idle timeout ········································································································ 350
Enabling ACL checking of de-encapsulated IPsec packets ············································································· 350
Configuring the IPsec anti-replay function ········································································································ 351
Configuring packet information pre-extraction ································································································ 351
Displaying and maintaining IPsec ······························································································································ 352
IPsec configuration examples······································································································································ 352
IKE-based IPsec tunnel for IPv4 packets configuration example ····································································· 352
Configuring IKE ······················································································································································· 355
Overview ······································································································································································· 355
IKE security mechanism ······································································································································· 355
IKE operation ······················································································································································· 355
IKE functions ························································································································································· 356
Relationship between IKE and IPsec ·················································································································· 357
Protocols and standards ····································································································································· 357
IKE configuration task list ············································································································································ 357
Configuring a name for the local security gateway ································································································· 358
Configuring an IKE proposal ······································································································································ 358
Configuring an IKE peer ·············································································································································· 359
Setting keepalive timers ··············································································································································· 361
Setting the NAT keepalive timer ································································································································· 361
Configuring a DPD detector ········································································································································ 362
Disabling next payload field checking ······················································································································ 362
Displaying and maintaining IKE ································································································································· 363
IKE configuration example ·········································································································································· 363
Troubleshooting IKE ····················································································································································· 366
Invalid user ID ······················································································································································ 366
Proposal mismatch ·············································································································································· 366
Failing to establish an IPsec tunnel ···················································································································· 367
ACL configuration error ······································································································································ 367
Support and other resources ·································································································································· 368
Contacting HP ······························································································································································ 368
Subscription service ············································································································································ 368
Related information ······················································································································································ 368
Documents ···························································································································································· 368
ix