HP X Unified Security Platform manual 83

configure

key

selects and configures the keying mode. Some options are only valid on the High Encryption agent, which can be downloaded from the TMC.

manual incoming-spi spi outgoing-spi spi encryption

<des-cbc 3des-cbc aes-cbc-128 aes-cbc-192 aes-cbc-256 > authentication <esp-sha1-hmac esp-md5-hmac ah-md5 ah-sha1> encryption-key key auth-key key

configures manual mode.

ike proposal proposal-name[shared-secret secret] [ peer-id id]

configures IKE proposal. If included, the shared secret must be at least 8 characters long.

negotiate

starts negotiation of the tunnel.

peer ip

configures the IP address of the terminating VPN unit or network device (the remote target of the VPN link).

transport < enable disable >

enables or disables transport mode. Use this if you are using L2TP or if you are configuring a Security Association to use with a GRE interface.

tunnel

controls tunneling.

disable

disables tunneling.

enable

enables tunneling.

local < default-route dhcp group group-name subnet ip netmask netmask range ip1 ip2 >

select the source IP addresses that are allowed to use this IPSec tunnel by specifying an IP address group, subnet, or range. You should use an IP address group that contains all the source IP addresses of devices that can use the IPSec tunnel.

Choose default-routeif the remote IPSec peer uses this IPSec tunnel as its default route. Choose dhcp if the local network devices receive IP addresses by DHCP over this IPSec tunnel. DHCP relay must first be configured to use this tunnel before selecting this option.

nat < disable ip >

enables or disables NAT tunneling.