Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering IPSec/9000 > Chapter 1 Installing and Configuring IPSec/9000

Step 6D: Configuring an IPSec/9000 Policy: Tunnel
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

  1. If your IPSec traffic needs to go through a specific gateway, you will need to configure a tunnel.

    The Tunnel checkbox is disabled if the Transform List is set to discard.

    1. To configure a tunnel, click the Tunnel checkbox.

    2. Enter a Tunnel Endpoint (the IP address for the gateway). This address can be in IPv4 or IPv6 format.

    3. Select the transform that will be used between the local host and the tunnel node. This transform cannot be discard or pass.

    NOTE: The tunnel endpoint cannot be the same address as the Remote IP Address of the IPSec policy, or any IP address on the local host.

  2. If necessary, edit the IPSec/9000 Tunnel Transform List.

    1. Click on a transform in the Transform box to select it.

    2. Click Add to move the transform to the Transform List box.

    3. If you want to select both an AH and an ESP transform, <CTRL> + click to select both transforms in the Transform box.

    4. Click Add to move the transforms to the Transform List box. Only one AH and ESP combination is allowed.

    5. You can choose multiple AH transforms (up to 2) or multiple ESP transforms (up to 8). Use the procedure in steps C and D to add multiple AH or ESP transforms to the Transform List box.

      The order in which you add transforms to the Transform List is the order used for preference by the IPSec policy. The first selected transforms will have the highest preference, the second selected transform will have the second highest preference, and so on.

    The Tunnel Transform List subarea is disabled if the Tunnel checkbox is not selected.

  3. If you added an item to the Transform List, you can click Edit Lifetimes to modify the lifetimes of the transform. After modifying the lifetime(s), click OK to return to the Edit Transform List screen. Click OK again to return to the Create IPSec Policy screen.

  4. Configure a Tunnel ISAKMP Policy following the steps described previously in "Step 6C: Configuring an IPSec/9000 Policy: ISAKMP." This policy will be used to establish an SA between the local system and the tunnel endpoint.

  5. Click OK to save the IPSec/9000 Policy.

  6. Continue to "Step 7A, Configuring an Entrust Certificate," "Step 7B, Configuring a VeriSign Certificate," or "7C, Configuring a Preshared Key," or Exit IPSec/9000 Manager. You do not have to go to the ISAKMP policy if you have already defined the ISAKMP policy in this phase.



Step 6C: Configuring an IPSec/9000 Policy: ISAKMP Policy
  		 


Step 7A: Configuring an Entrust Certificate  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001 Hewlett-Packard Development Company, L.P.