Ipsec Settings (Custom Setup Only) - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
C a u t i o n
Using the Web Browser Interface for Advanced Configuration Tasks
Figure 14-51. Establishing Security Parameters for the IPSec SA
IPSec Settings (Custom Setup Only)
In this window, you can alter the settings IKE proposes for the IKE SA,
including:
PFS Diffie-Hellman group—If you specify a perfect forward secrecy (PFS)
group, IKE uses the Diffie-Hellman protocol to generate entirely new keys
for the IPSec SA. You can select group 1 or group 2. By default, IKE does
not use a PFS. (See Chapter 8: Virtual Private Networks for more
information on PFS.)
Encryption/hash algorithm—You can select any combination of ESP
encryption and/or hash algorithm, AH hash algorithm, or AH hash and ESP
encryption and/or hash algorithm from the Encryption Algorithm pull-
down menu.
IPSec SA lifetime—You can specify a setting in kilobytes, in seconds, or
in both. The router terminates the tunnel when the first limit is reached.
Table 14-4 displays settings available for these parameters.
Take care when altering default security settings. Security parameters for both
the IKE and the IPSec SA must match those proposed by the peer.
Setting Up Virtual Private Networks
14-69
Advertisement
Chapters
Table of Contents
Troubleshooting
