HP 10500 Series Configuration Manual page 349

functions, 316
identity authentication, 315
identity protection, 315
maintaining, 323
operation, 315
PFS feature, 315
protocols and standards, 317
relationship between IKE and IPsec, 317
SA, 300
security mechanism, 315
troubleshooting, 326
troubleshooting ACL configuration error, 327
troubleshooting invalid user ID, 326
troubleshooting IPsec tunnel establish failure, 327
troubleshooting proposal mismatch, 326
IKE data authentication
identity authentication, 315
identity protection, 315
IKE negotiation
data authentication, 315
identity exchange, 315
key exchange, 315
SA exchange, 315
IMC PLAT 5.0 configuration, 143, 158
implementing
ACL-based IPsec, 302
implementing EAD fast deployment, 106
importing
public key from public key file, 197
SSH client public key from file, 206
information synchronization (portal), 140, 157
initiating
access device as authentication initiator (802.1X),
75
authentication (802.1X), 75
client as authentication initiator (802.1X), 75
interactive mode
local user password, 291
Internet Key Exchange. Use IKE
intrusion protection (port security), 166, 172
invalid SPI recovery
enabling, 31 1
IP
ARP attack protection unresolvable IP attack
defense configuration, 253
EAD free IP, 106
source guard. See IP source guard
specifying source address/interface for SSH SFTP
client, 212
specifying source address/interface for SSH
Stelnet client, 209
IP address
configuring ARP packet validity check, 258
configuring RADIUS security policy server, 29
IPv6 ND attack defense configuration, 266
RADIUS security policy server, 29
specifying MFF server IP address, 276
specifying outgoing packet source IP address, 138
specifying
HWTACACS packets, 36
specifying source address for outgoing RADIUS
packets, 27
IP source guard
configuration, 236, 243
IPv4 dynamic binding entries, 237
IPv6 dynamic binding entries, 237
static binding entries, 236
troubleshooting, 250
IPsec
applying IPsec policy, 309
authentication, 301
authentication and encryption algorithms, 301
basic concepts, 299
configuration, 299, 302
configuring ACL, 303
configuring anti-replay, 310
configuring IKE NAT keepalive timer, 321
configuring IKE peer, 319
configuring IPsec session idle timeout, 309
configuring manual policy, 305
configuring packet information pre-extraction, 31 1
configuring policy using IKE, 307
configuring transform set, 304
configuring tunnel using IKE, 312
displaying, 312
enabling ACL checking for de-encapsulated IPsec
packets, 310
enabling invalid SPI recovery, 31 1
encapsulation modes, 300
encryption, 301
FIPS compliance, 302
IKE configuration, 315
IKE functions, 316
IKE operation, 315
IKE PFS feature, 315
implementing ACL-based IPsec, 302
maintaining, 312
protocols and standards, 302
relationship between IKE and IPsec, 317
SA, 300
SA setup modes, 301
security protocols, 299
339
source address for outgoing