HP StorageWorks Enterprise File Services WAN Accelerator User Manual

60

2 C

ONFIGURING

THE

HP EFS WAN A

CCELERATOR

4. Use the controls to complete the configuration, as described in the following table.

Control

Description

Add New Peer

Peer IP. Type the IP address for the peer appliance for which you want to make a secure
connection.

Add Peer. To add the peer specified in the Peer IP text box, click Add Peer.

If IPsec is enabled on this appliance, then it must also be enabled on all appliances in the
IP security peers list; otherwise this appliance will not be able to make optimized
connections with those peers.

If a connection has not been established between the two HP EFS WAN Accelerators that
are configured to use IPsec security, the Peers list does not display the peer HP EFS WAN
Accelerator because a security association has not been established.

Remove Selected Peers. To remove a peer from the peer list, click the check box next to
the name and click Remove Selected Peers.

Authentication and Encryption
Settings

Check one or more of the following options:

• Enable Authentication and Encryption. Check this box to enable authentication

between appliances.

• Enable Perfect Forward Secrecy. Check this box if you want to provide additional

security by renegotiating keys at specified intervals. Perfect Forward Secrecy provides
additional security by renegotiating keys at specified intervals. With PFS, if one key is
compromised, subsequent keys are secure because they are not derived from previous
keys.

Encryption Policy. Select one of the following methods from the Method 1 drop-down
list:

• DES. Data Encryption Standard. DES is the default value.

• NULL. Specifies the null encryption algorithm.

Set encryption algorithms in order of priority. The algorithm is used to encrypt each
packet sent using IPsec.

Optionally, select DES, NULL, or None from the Method 2 drop-down list.

Authentication Policy. Select one of the following authentication methods from the
Method One drop-own list:

• MD5. Message-Digest algorithm. MD5 is a widely-used cryptographic hash function

with a 128-bit hash value. MD5 is the default value.

• SHA-1. Secure Hash Algorithm. SHA-1 is a set of related cryptographic hash

functions. SHA-1 is considered to be the successor to MD5.

Optionally, select MD5, SHA-1, or None from the Method Two drop-down list.

Time Between Key Renegotiations. Type a number to set the set number of minutes
between quick-mode renegotiation of keys using Internet Key Exchange (IKE). IKE uses
public key cryptography to provide the secure transmission of a secret key to a recipient
so that the encrypted data can be decrypted at the other end. The default value is 240
minutes.

Enter the Shared Secret/Confirm the Shared Secret. Type the shared secret in the text
boxes. All the appliances in a network for which you want to use IPsec must have the
same shared secret.

Update Settings. If you change any of the authentication and encryption Settings, click
Update Settings to apply your settings to the running configuration.