HP ProCurve Threat Management Solution Implementation Guide 2009-05
C-3
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Overview
Overview
In routing mode, the HP ProCurve Threat Management Services (TMS) zl Module provides
virtual private network (VPN) capabilities, allowing you to protect confidential communica-
tions transmitted across less secure networks. Typically, VPNs are used to secure communi-
cations across the Internet, but with the composition of today’s networks, some organizations
need to use VPNs to strengthen security across their own network. For example, a large
university can span several buildings and serve thousands of users—some of whom may try to
hack into systems. Corporations might encounter similar problems in ensuring that their
internal communications are protected as they open up their networks to guests and temporary
workers and expand their networks to provide remote access from any location.
This appendix provides step-by-step instructions for configuring the TMS zl Module as the
gateway for the following types of VPNs:
■ Site-to-site VPN between two TMS zl Modules
• IP Security (IPsec) VPN
• Certificate authentication for Internet Key Exchange (IKE)
See “Configure a Site-to-Site IPsec VPN” on page C-4.
■ Client-to-site VPNs with the following clients:
• Microsoft Windows XP client
– Layer 2 Tunneling Protocol (L2TP) over IPsec VPN
– Preshared key authentication for IKE
See “Configure a Client-to-Site L2TP over IPsec VPN for Windows XP Clients” on
page C-29.
• MAC IPSecuritas client:
– IPsec VPN
– Preshared key authentication for IKE
See “Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients” on page
C-56.
• HP ProCurve VPN Client
– IPsec VPN
– Preshared key authentication for IKE
– XAUTH
See “Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients” on page C-79.
Note The TMS zl Module supports other options for VPNs. See the HP ProCurve TMS zl Module
Management and Configuration Guide for comprehensive instructions.
To configure VPNs, you must use the TMS zl Module’s Web browser interface. NIM 2.0 does
not support configuration or management of the TMS zl Module’s VPN capabilities. (In addition,
you cannot configure VPNs through the TMS zl Module’s command-line interface CLI with the
TMS OS version ST.1.0.0901160.)