Consult the table below for an alphabetical listing of each IPsec VPN parameter, a short description, and where to configure it.
To see equivalent names for the HP ProCurve Secure Router 7000dl series or the HP ProCurve VPN Client, click here.
Parameter
|
Description
|
Where to Configure
|
Action
|
How the TMS zl Module treats traffic that is selected for this policy
|
Add IPsec Policy
Step 1 of 4
|
AH Keys
|
SPI number and authentication keys for manually keyed IPsec SA s
|
Add IPsec Policy
Step 2 of 4
|
Anti-Replay Window Size
|
How far out of order the packets can arrive without being dropped
|
Add IPsec Policy
Step 4 of 4
|
Authentication Algorithm
|
MD5 or SHA -1 for the IKE SA
|
Add IKE Policy
Step 2 of 3
|
Authentication Algorithm
|
ESP or AH for the IPsec SA
|
Add IPsec
Proposal
|
Authentication Method
|
Preshared key or certificate (RSA signature or DSA signature) for the IKE SA
|
Add IKE Policy
Step 2 of 3
|
Copy DSCP Value
|
Whether to copy the DSCP value to the delivery header in tunnel mode
|
Add IPsec Policy
Step 4 of 4
|
DF Bit Handling
|
How to handle the Don't Fragment bit
|
Add IPsec Policy
Step 4 of 4
|
Diffie-Hellman Group
|
For secure key negotiation of the IKE SA
|
Add IKE Policy
Step 2 of 3
|
Diffie-Hellman Group
|
For PFS key renewal on the IPsec SA
|
Add IPsec Policy
Step 2 of 4
|
Direction
|
Apply an IPsec Bypass or Ignore policy to inbound or outbound traffic or both
|
Add IPsec Policy
Step 1 of 4
|
DNS Servers
|
IP addresses of DNS servers that the VPN client can access for IKE mode config
|
Add IPsec Policy
Step 3 of 4
|
DSCP Value
|
A value between 0 and 63 that can be used for QoS prioritization
|
Add IPsec Policy
Step 4 of 4
|
Encapsulation Mode
|
Tunnel or transport mode
|
Add IPsec
Proposal
|
Encryption Algorithm
|
The encryption algorithm for the IKE SA
|
Add IKE Policy
Step 2 of 3
|
Encryption Algorithm
|
The encryption algorithm for ESP
|
Add IPsec
Proposal
|
ESP Keys
|
SPI number, encryption keys, and authentication keys for manually keyed IPsec SAs
|
Add IPsec Policy
Step 2 of 4
|
Extended Sequence Number
|
Increase the sequence number from 32 bits to 64 bits
|
Add IPsec Policy
Step 4 of 4
|
|
Zone for the IKE mode config address ranges
|
Add IPsec Policy
Step 3 of 4
|
Fragment Before IPsec
|
Fragment IP packets before IPsec encryption
|
Add IPsec Policy
Step 4 of 4
|
IKE Mode Config
|
Virtual IP addresses for the remote VPN client to use on the private network
|
Add IPsec Policy
Step 3 of 4
|
IKEv1 Policy
|
Configured separately (Add IKE Policy), it contains the parameters for an IKE SA, which negotiates the encryption key for the IPsec SA.
|
Add IPsec Policy
Step 2 of 4
|
IKE Policy Type
|
The type of VPN connection: site-to-site or client-to-site
|
Add IKE Policy
Step 1 of 3
|
IP Compression
|
Compress IP packets before IPsec encryption
|
Add IPsec Policy
Step 4 of 4
|
IPsec Proposal
|
The encapsulation mode, security protocol, and security algorithms for the VPN policy, configured separately (Add IPsec Proposal) and later selected
|
Add IPsec Policy
Step 1 of 4
|
IRAS IP Address/Mask
|
IP address and mask of the IPsec remote access server for IKE Mode Config
|
Add IPsec Policy
Step 3 of 4
|
Key Exchange Method
|
IKEv1 or manual key exchange for the IPsec SA
|
Add IPsec Policy
Step 2 of 4
|
Key Exchange Mode
|
Main or aggressive
|
Add IKE Policy
Step 2 of 3
|
Local Address
|
Source IP address(es) of traffic to which the IPsec policy applies
|
Add IPsec Policy
Step 1 of 4
|
Local Gateway
|
IP address for the interface on which you want to receive IKE SA traffic
|
Add IKEv1 Policy
Step 1 of 3
|
Local Gateway
|
IP address for the interface on which you want to receive IPsec SA traffic
|
Add IPsec Policy
Step 2 of 4
|
Local ID
|
The name that the local device uses for authentication purposes.
|
Add IKE Policy
Step 1 of 3
|
Local Port
|
Source port of traffic to which the IPsec policy applies
|
Add IPsec Policy
Step 1 of 4
|
Persistent Tunnel
|
Maintain the SA after it expires
|
Add IPsec Policy
Step 4 of 4
|
|
The tunnel endpoints periodically generate new keys for the IPsec SA
|
Add IPsec Policy
Step 2 of 4
|
Position
|
Priority of the IPsec policy
|
Add IPsec Policy
Step 1 of 4
|
Pre-shared Key
|
Manually input key for IKE authentication
|
Add IKE Policy
Step 2 of 3
|
Primary DNS Server
|
IP address of a DNS server that VPN clients can access
|
Add IPsec Policy
Step 3 of 4
|
Primary WINS Server
|
IP address of a WINS server that VPN clients can access
|
Add IPsec Policy
Step 3 of 4
|
Protocol
|
Specifies which types of traffic can pass through the VPN tunnel that the IPsec policy creates; manual-keyed IPsec policies only
|
Add IPsec Policy
Step 1 of 4
|
Re-key on Sequence Number Overflow
|
Automatically renegotiate the SA before the last sequence number
|
Add IPsec Policy
Step 4 of 4
|
Remote Address
|
Destination IP address(es) of traffic to which the IPsec policy applies
|
Add IPsec Policy
Step 1 of 4
|
Remote Gateway
|
The IP address or FQDN of the interface that will receive VPN traffic on the remote VPN gateway
|
Add IKE Policy
Step 1 of 3
Add IPsec Policy
Step 2 of 4
|
Remote ID
|
The name that the remote device uses for authentication purposes
|
Add IKE Policy
Step 1 of 3
|
Remote Port
|
Destination port of traffic to which the IPsec policy applies
|
Add IPsec Policy
Step 1 of 4
|
SA Lifetime in Kilobytes
|
Duration of the IPsec SA in bandwidth
|
Add IPsec Policy
Step 2 of 4
|
SA Lifetime in Seconds
|
Duration of the IKE SA in seconds
|
Add IKE Policy
Step 2 of 3
|
SA Lifetime in Seconds
|
Duration of the IPsec SA in seconds
|
Add IPsec Policy
Step 2 of 4
|
SPI Number
|
Unique number that identifies a particular SA
|
Add IPsec Policy
Step 2 of 4
|
Traffic Selector
|
Specifies which traffic can use the IPsec VPN
|
Add IPsec Policy
Step 1 of 4
|
WINS Servers
|
IP addresses of WINS servers that VPN clients can access IKE Mode Config
|
Add IPsec Policy
Step 3 of 4
|
XAUTH Configuration
|
Optional layer of security for IKE
|
Add IKE Policy
Step 3 of 3
|