Manualshelf

ProCurve VPN Client and ProCurve Secure Router 7000dl Series - Application Note

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
Configuring IKE client configuration pool
a) The IKE client configuration pool contains the options to be passed to the client during
IKE negotiation. Each pool must be given a label so that it may be referenced later in
the IKE policy. The example below creates a configuration pool called “vpn_users”.
Figure 3
b) Once a pool is created, enter the properties of that pool. The command ip-range is
used to specify a block of address that will be assigned to remote clients when they
negotiate a VPN connection. The command dns-server will set the IP address of the
DNS server for remote clients. The command netbios-name-server is used to set the
IP address of the Windows Internet Naming Service (WINS) server. If you wish to
configure a secondary DNS or WINS server, the secondary address may be added
directly after the primary address. The example below shows a DNS entry with both a
primary and secondary server specified and a single WINS server configured.
Figure 4
2. Configuring IKE policy
In order to use IKE negotiation, an IKE policy must be created. Within the system, a list of
IKE policies is maintained. Each IKE policy is given a priority number in the system. That
priority number defines the position of that IKE policy within the system list. When IKE
negotiation is needed, the system searches through the list, starting with the policy with the
lowest priority, looking for a match to the peer IP address.
SecureSiteRouter(config)# crypto ike client configuration pool vpn_users
SecureSiteRouter
(
config
-
ike
-
client
-
pool)#
ip
-
range 192.168.4.1 192.168.4.5
SecureSiteRouter(config-ike-client-pool)# dns-server 192.168.100.2 192.168.100.3
SecureSiteRouter(config-ike-client-pool)# netbois-name-server 192.168.100.4