HP 7102dl - ProCurve Secure Router Configuration Manual page 539

Parameter
hash and encryption
algorithms (contained in a
transform set)
Traffic Carried over the VPN Tunnel. To specify which traffic will be car-
ried over the VPN tunnel (in other words which networks make up the VPN),
you must match the crypto map entry to an extended ACL:
Syntax: match address <listname>
For example:
ProCurve(config-crypto-map)# match address VPNTraffic
The extended ACL selects packets according to their source and destination
IP address. You configure the ACL to permit traffic between the local and
remote networks included in the VPN. The local networks should all connect
to the local ProCurve Secure Router and the remote networks should all
connect to the remote gateway device.
You cannot attempt to add entries to the ACL and connect to more than one
site through the same crypto map entry. If you are configuring a VPN that
connects to more than two sites, you should configure a new crypto map entry
to establish an IPSec SA with each gateway device. These map entries should
have the same map name but different index numbers.
(Configuring an ACL is described in "Defining Traffic Allowed over the VPN
Tunnel" on page 10-35.)
Table 10-15. Crypto Map Entry Settings: Match Peer's Settings
Options (From Most to Least Secure)
up to six transform sets
each set contains up to three
algorithms, one each of:
• AH hash algorithm:
– SHA
– MD5
• ESP encryption algorithm:
– DES
– 3DES
– AES (192-bit)
– AES (128-bit)
– AES (256-bit)
• ESP hash algorithm
– SHA
– MD5
Virtual Private Networks
Configuring a VPN Using IPSec
Default Command Syntax
no default set transform-set
<setname1> [<setname2>]
[<setname3>] [<setname4>]
[<setname5>] [<setname6>]
10-45