Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering IPSec/9000 > Chapter 1 Installing and Configuring IPSec/9000

Step 6B: Configuring an IPSec/9000 Policy: Transform List
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

  1. Continue to the IPSec Transform List in the Create IPSec Policy screen and click Edit to modify the list.

  2. Add or remove selection(s) on the Transform List.

    IPSec/9000 applies the transforms you select to the packets that use this IPSec policy. Transforms perform actions such as encryption and authentication of packets. Some available transforms are Authenticated ESP. Authenticated ESP transforms are indicated as ESP transforms with both an encryption algorithm and an authentication algorithm, such as ESP-3DES-HMAC-MD5.

    For more information about the function of a specific transform, see "Configuration Reference" at the end of this chapter, or access the Online Help.

    1. Click on a transform in the Transform box to select it.

    2. Click Add to move the transform to the Transform List box.

    3. If you want to create a nested AH and an ESP transform, use <CTRL> + click to select an AH transform and an ESP transform in the Transform box. Use this procedure to create a nested AH and ESP transform configuration. Click Add to move the transforms to the Transform List box.

    4. You can configure multiple AH transforms (up to 2), multiple ESP transforms (up to 8), or a single nested AH and ESP transform. Use the procedure in steps C and D to add multiple AH or ESP transforms to the Transform List box.

      The order in which you add transforms to the Transform List is the order used for preference by the IPSec policy. The first selected transforms will have the highest preference, the second selected transform will have the second highest preference, and so on.

    3DES-CBC is the most secure form of encryption. For added security, use 3DES-CBC in an authenticated ESP transform, such as ESP-3DES-HMAC-SHA1.

  3. If you add an item to the Transform List, you can select Edit Lifetimes on the Edit Transform List window to modify the lifetimes of the item. Otherwise, IPSec/9000 will use the system's default lifetimes (28,000 seconds). This value must fall within the following range: 300 second minimum to 28,800 second (8 hour) maximum. After modifying the lifetime(s), click OK to return to the Edit Transform List screen. Click OK again to return to the Create IPSec Policy screen.

  4. Go on to "Step 6C, Configuring an IPSec/9000 Policy: ISAKMP."



Step 6A: Configuring an IPSec/9000 Policy: Filter
  		 


Step 6C: Configuring an IPSec/9000 Policy: ISAKMP Policy  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001 Hewlett-Packard Development Company, L.P.