Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
341342343344345346347348349350
C-1
C
Configure VPNs Using the HP ProCurve Threat
Management Services zl Module
Contents
Configure a Site-to-Site IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4
Create Named Objects for the VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4
Create an IKE Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6
Install Certificates for IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10
Create an IPsec Proposal for a Site-to-Site IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17
Create an IPsec Policy for a Site-to-Site VPN That Uses IKE . . . . . . . . . . . . . . . . . . . . . . . C-19
Create Access Policies for an IPsec Site-to-Site VPN with IKE . . . . . . . . . . . . . . . . . . . . . . C-23
Verify Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27
Configure the Remote TMS zl Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27
Configure a Client-to-Site L2TP over IPsec VPN for Windows XP Clients . . . . . . . . . . . . . . . . C-29
Configure an L2TP over IPsec VPN on a TMS zl Module . . . . . . . . . . . . . . . . . . . . . . . . . . C-29
Create Named Objects for the L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . C-29
Create an IKE Policy for a Client-to-Site L2TP over IPsec VPN . . . . . . . . . . . . . . . . . C-31
Create an IPsec Proposal for an L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . C-34
Create an IPsec Policy for an L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . C-35
Configure a Group for the Remote Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-39
Create an L2TP Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-39
Add L2TP Dial-in Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-41
Access Policies for an L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-44
Verify Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-47
Configure a Windows XP SP2 Client for L2TP over IPsec . . . . . . . . . . . . . . . . . . . . . . . . . C-48
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients . . . . . . . . . . . . . . . . . . C-56
Configure a Client-to-Site IPsec VPN on the TMS zl Module . . . . . . . . . . . . . . . . . . . . . . . C-56
Create Named Objects for the IPsec Client-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . C-56
Create an IKE Policy for Connecting to IPSecuritas Clients . . . . . . . . . . . . . . . . . . . . . C-59
Create an IPsec Proposal for Connecting to IPSecuritas Clients . . . . . . . . . . . . . . . . . . C-62
Create an IPsec Policy for a Client-to-Site IPsec VPN with Macintosh
IPSecuritas Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-64
Access Policies for an IPsec Client-to-Site VPN for Macintosh IPSecuritas
Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-69
Verify Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-71
Configure the Macintosh IPSecuritas Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-72