HP ProCurve Threat Management Solution Implementation Guide 2009-05
C-13
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Site-to-Site IPsec VPN
7. For Private Key Identifier, select the private key that you added in step 3 on page C-11. For
this example, select Key.
8. For Subject Name, type the FQDN of the TMS zl Module. Use the format
<name.domainname>. For this example, type TMSM.procurve.com.
The certificate request will store this name as a distinguished name, automatically adding
/CN= in front of the name that you type.
9. In the Subject Alternate Names section, you can specify other IDs with which the module
identifies itself. Specifying these IDs is optional:
a. Type an IP address in one or both IP Address boxes.
You should specify the IP address that this TMS zl Module uses as the local gateway
address.
b. Type an FQDN in one or both Domain Name boxes.
c. Type an email address in one or both Email ID boxes.
The email address must be entered in a valid format, but it does not actually have to
exist. It is simply an ID.
Note The subject name or one of the subject alternate names must match these settings:
• The local ID in your IKE policies that use this certificate
• The remote ID in IKE policies on remote tunnel endpoints that verify this certificate
The name must match in both type and value. For example, if you have typed TMSM.pro-
curve.com for Subject Name in the certificate request, the local ID on the module and the
remote ID on the remote tunnel endpoint must use these settings:
• Type = Distinguished Name
• Value = /CN=TMSM.procurve.com
If you added a subject alternate name, you could specify those settings instead—for
example, IP Address for Type and 10.1.1.1 for Value.
10. Click Apply.
The certificate request is displayed in the VPN > Certificates > IPsec Certificates window.
Figure C-11. VPN > Certificates > IPsec Certificates Window (Certificate Request Added)