HP StorageWorks Enterprise File Services WAN Accelerator User Manual

72

C

ONFIGURING

THE

HP EFS WAN A

CCELERATOR

4. Use the controls to complete the configuration, as described in the following table.

5. Click Save to save your settings permanently or click Reset to return the settings

to their previous values.

Control

Description

General

Check one or more of the following options:

• Enable Authentication and Encryption. Specify this option to enable authentication

between appliances.

• Enable Perfect Forward Secrecy. Specify this option if you want to provide

additional security by renegotiating keys at specified intervals. Perfect Forward

Secrecy provides additional security by renegotiating keys at specified intervals. If one

key is compromised, subsequent keys are secure because they are not derived from

previous keys.

Encryption Policy. Select one of the following methods from the Method 1 drop-down
list:

• DES. Data Encryption Standard. DES is the default value.
• NULL. Specifies the null encryption algorithm.
Set encryption algorithms in order of priority. The algorithm is used to encrypt each
packet sent using IPsec.

Optionally, select DES, NULL, or None from the Method 2 drop-down list.

Authentication Policy. Select one of the following authentication methods from the
Method One drop-own list:

• MD5. Message-Digest algorithm. MD5 is a widely-used cryptographic hash function

with a 128-bit hash value. MD5 is the default value.

• SHA-1. Secure Hash Algorithm. SHA-1 is a set of related cryptographic hash

functions. SHA-1 is considered to be the successor to MD5.

Optionally, select MD5, SHA-1, or None from the Method Two drop-down list.

Time Between Key Renegotiations. Specify the number of minutes between quick-
mode renegotiation of keys using Internet Key Exchange (IKE). IKE uses public key
cryptography to provide the secure transmission of a secret key to a recipient so that the
encrypted data can be decrypted at the other end. The default value is 240 minutes.

Enter the Shared Secret/Confirm the Shared Secret. Specify the shared secret. All the
HP EFS WAN Accelerators in a network for which you want to use IPsec must have the
same shared secret.

Apply. Click Apply to apply your settings to the running configuration.

Add New Peer

Peer IP. Specify the IP address for the peer HP EFS WAN Accelerator for which you
want to make a secure connection.

Add Peer. Click Add Peer to add the peer specified in the Peer IP text box.

If IPsec is enabled on this HP EFS WAN Accelerator, then it must also be enabled on all
appliances in the IP security peers list; otherwise this HP EFS WAN Accelerator will not
be able to make optimized connections with those peers.

If a connection has not been established between the two HP EFS WAN Accelerators that
are configured to use IPsec security, the Peers list does not display the peer HP EFS WAN
Accelerator because a security association has not been established.

Remove Selected Peers. To remove an entry, click the check box next to the name and
click Remove Selected Peers.