HP X Unified Security Platform manual 211

STEP 1

STEP 2

STEP 3

STEP 4

From the LSM menu, select VPN > IPSec Status. Then, select the IP Configuration tab.

On the IPSec Configuration page, click Create, or to edit an existing security association, click its Pencil icon.

On the Create/Edit IP Security Association page, type or edit the name for the security association in the Name field.

Choose a name that helps you identify the link for which you are creating the security association.

In the Peer IP Address field, type the public IP address of the terminating VPN X family or network device (the remote target of the VPN link).

STEP 5

STEP 6 STEP 7 STEP 8

STEP 9

Select the security zone on which to terminate the VPN from the Terminated Security Zone drop-down list.

If you want to enable NAT for the VPN tunnel, select a virtual security zone (such as the VPN default security zone) that contains no physical ports.

Check Enable Security Association to enable this security association.

For GRE and L2TP over IPSec VPN tunnels, check Support GRE and L2TP.

Select the method to obtain authentication keys from the Keying Mode drop-down list, either:

•IKE — automatically generates keys periodically which provides more security than manual keying

•Manual — uses the fixed keys configured for the SA. This method provides the lowest level of security and is not recommended.

Configure the key information based on the Keying Mode selected.

•For IKE Setup, select the IKE Proposal from the drop-down list of proposals currently configured and then:

o For IKE with PSK (Main Mode and Aggressive Mode), enter the Pre-shared Key (between 8 and 128 characters) used to validate access to the VPN in the Shared Secret field.