HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

361

362

363

364

365

366

367

368

369

370

C-27

Configure VPNs Using the HP ProCurve Threat Management Services zl Module

Configure a Site-to-Site IPsec VPN

f. For Destination, leave Any Address or specify the local gateway IP address.

For this example, select the LocalGateway address object.

g. Click Apply.

h. For From, select Self.

i. For To, select the remote zone. For this example, type External.

j. For Service, select ipsec-nat-t-udp.

k. For Source, leave Any Address or specify the local gateway IP address.

For this example, select the LocalGateway address object.

l. For Destination, specify the remote gateway IP address.

For this example, select the RemoteGateway address object. (You can also click Options,

select Enter custom IP, IP/mask or IP-Range, and type the IP address of the remote

module.)

m. Click Apply.

10. In the Add Policy window, click Close.

Verify Routes

Verify that the following routes exist for a site-to-site VPN:

■ A route to the remote TMS zl Module

The route’s forwarding interface must be the interface with the IP address that you

specified as the local gateway address in the IKE policy.

■ A route to the remote endpoints for which the next hop is the same as in the route to the

remote gateway

In this example, the TMS zl Module reaches the remote module on its default route, which

applies to the remote endpoints as well.

Configure the Remote TMS zl Module

Follow the same steps to configure the other TMS zl Module in the site-to-site VPN. Use the

same settings, but alter the IP addresses and IDs as necessary. Table C-2 displays the settings

on the local and remote module.

Table C-2. Settings for the Remote TMS zl Module

Setting Local Module Remote Module

Address Objects

1 Name = LocalGateway

Type = IP

Value = 10.1.1.1

Name = LocalGateway

Type = IP

Value = 10.2.1.2

2 Name = RemoteGateway

Type = IP

Value = 10.2.1.2

Name = RemoteGateway

Type = IP

Value = 10.1.1.1

3 Name = LocalEndpoints

Type = IP Network/Mask

Value = 192.168.4.0/22

Name = LocalEndpoints

Type = IP Network/Mask

Value = 192.168.32.0/22

4 Name = RemoteEndpoints

Type = IP Network/Mask

Value = 192.168.32.0/22

Name = RemoteEndpoints

Type = IP Network/Mask

Value = 192.168.4.0/22