Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
361362363364365366367368369370
C-23
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Site-to-Site IPsec VPN
Figure C-29. Add IPsec Policy Window—Step 4 of 4
19. If desired, configure settings in the Advanced Settings (Optional) section. For this example,
leave the default settings.
Note For more information on advanced settings, see the HP ProCurve Threat Management
Services zl Module Management and Configuration Guide.
20. Click Finish.
The IPsec policy is displayed in the VPN > IPsec > IPsec Policies window.
Create Access Policies for an IPsec Site-to-Site VPN with IKE
You must create firewall access policies to permit IKE traffic between the local and remote
TMS zl Modules. You must also permit the inner traffic that is sent and received on the VPN
connection.
Before you begin configuring firewall access policies, determine the zone on which traffic from
the remote TMS zl Module arrives. In this example, this is the External zone, but it could be a
different zone in your setup. The instructions below will refer to this zone as theremote zone.
You should also determine the zone for local endpoints allowed on the VPN. The instructions
below will refer to this zone as the “local zone.” Note that, if multiple zones are allowed to
access the VPN, you must create policies for each of these zones. In this example, the Internal
zone is the only local zone.
Follow these steps to create the access policies:
1. In the left navigation bar of the Web browser interface, select Firewall > Access Policies.
2. Click the Unicast tab.