HP X Unified Security Platform 199

About VPN

•Authentication establishes the identity of a remote user or device to verify that they have permission to access network resources. The X family provides two types of authentication methods:

oUser Authentication — username/password verification methods to ensure that only authorized users may access client-to-site VPNs. Access privileges are used to control what network services are available to each user. On the X family device, user accounts are configured from the Authentication menu page. L2TP over IPSec and PPTP VPN protocols use user authentication.

oPacket Authentication — provides data integrity and origin authentication while also providing protection against replay attacks. The X family device supports PKI (Public Key Infrastructure) for IPSec with X.509 certificates.

•Encryption is applied to the tunneled connection to scramble data, thus making data legible only to recipients with the correct key. Using cryptographic algorithms, information is scrambled (encrypted) by the initiator and then unscrambled (decrypted) when it reaches the recipient. Recipients of encrypted data must have access privileges and hold specific keys in order to read the data.

Note This user guide describes the LSM menu pages and parameters available for VPN configuration and management. It also provides procedures to configure tunneling protocols and IKE proposals. For a more detailed explanation of VPN Configuration along with deployment scenarios, see the Concepts Guide, available from the X family product documentation section of the TMC website.

For additional information, see the following topics:

•“VPN Configuration Overview” on page 183

•“IKE Proposal” on page 198

•“IPSec Configuration” on page 184

•“L2TP Configuration” on page 208

•“PPTP Configuration” on page 212

VPN Configuration Overview

Note This user guide describes the LSM menu pages and parameters available for VPN configuration and management. It also provides procedures to configure tunneling protocols and IKE proposals. For a broader explanation of VPN Configuration along with deployment scenarios, see the Concepts Guide.

Use the following overview to guide the VPN Setup process for the X family device:

STEP 1

STEP 2

Install the high-encryption service pack on the device.

By default all new X family devices are supplied with 56-bit DES encryption only. To enable the strong encryption functionality (3DES, 128-AES, 192-AES, 256-AES) required to create secure VPN connections, install the correct Strong Encryption Service Pack for your device available from the TMC Web site.

Decide whether you require a site-to-site or client-to-site VPN connection.

X Family LSM User’s Guide V 2.5.1	183