HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

341

342

343

344

345

346

347

348

349

350

C-8

Configure VPNs Using the HP ProCurve Threat Management Services zl Module

Configure a Site-to-Site IPsec VPN

8. For Local ID, configure the ID that the TMS zl Module sends to authenticate itself. This ID

must match exactly, in both type and value, the remote ID specified on the remote endpoint.

In addition, it must match exactly one of the subject names in the certificate that you will

install on the module.

a. For Type , select the ID type:

– IP Address

– Domain Name

– Email Address

– Distinguished Name

For this example, select Distinguished Name.

Note If another device performs NAT on the TMS zl Module’s IP address, then the remote

module will direct its traffic toward the translated IP address and will expect the

translated IP address for the local module’s ID. However, the local module must send

its non-translated IP address for its ID. Therefore, in this case, you cannot select IP

Address for the Local ID Type but must instead select one of the other three types.

b. For Value, type the correct value. For this example, type /CN=TMSM.procurve.com.

If you select IP Address for Type, the address that you specify in the Value box must match

the IP address that you specified for the local gateway.

Table C-1 shows the format for each ID type.

Table C-1. Local ID Values

9. For Remote ID, specify an ID that matches exactly, in both type and value, a subject name

in the remote module’s certificate:

a. For Type , select the ID type:

– IP Address

– Domain Name

– Email Address

– Distinguished Name

For this example, select Distinguished Name.

b. For Value, type the correct value. For this example, type /CN=TMSB.procurve.com.

If you select the IP Address for Type, the IP address that you type in the Value box must

match the address in the Remote Gateway IP Address (Peer ID) box (if configured).

10. Click Next.

Local ID Type Remote ID Value Examples

IP Address A.B.C.D 172.16.40.103

Domain Name <domainname> TMS.procurve.com

Email Address <name>@<domainname> tms@procurve.com

Distinguished Name /CN=<commonname> /CN=TMSA.procurve.com