Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
371372373374375376377378379380
C-29
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site L2TP over IPsec VPN for Windows XP Clients
Configure a Client-to-Site L2TP over IPsec VPN for
Windows XP Clients
This section provides instructions for configuring the TMS zl Module as the gateway for a client-
to-site VPN for Window XP clients. The VPN will use L2TP over IPsec, which is supported by
these clients. This section also provides instructions for configuring a Windows XP client to
participate in the VPN.
Configure an L2TP over IPsec VPN on a TMS zl Module
You must complete these tasks to configure a TMS zl Module as the gateway for an L2TP over
IPsec client-to-site VPN:
1. Create named objects.
See “Create Named Objects for the L2TP over IPsec VPN” on page C-29. (Using named
objects is best practice; however, you can specify IP addresses manually.)
2. Create an IKE policy.
See “Create an IKE Policy for a Client-to-Site L2TP over IPsec VPN” on page C-31.
3. Create an IPsec proposal.
See “Create an IPsec Proposal for an L2TP over IPsec VPN” on page C-34.
4. Create an IPsec policy.
See “Create an IPsec Policy for an L2TP over IPsec VPN” on page C-35.
5. Create a group or groups to which remote users authenticate.
See “Configure a Group for the Remote Users” on page C-39.
6. Create an L2TP policy.
See “Create an L2TP Policy” on page C-39.
7. Create dial-in user accounts.
See “Add L2TP Dial-in Users” on page C-41.
8. Create the necessary firewall access policies.
See “Access Policies for an L2TP over IPsec VPN” on page C-44.
9. Create a static route, if necessary.
See “Verify Routes” on page C-47.
Create Named Objects for the L2TP over IPsec VPN
You can specify named objects in the IPsec policy traffic selector and in corresponding firewall
access policies. Note that an IPsec policy requires single-entry address objects, so you should
create objects of this type.
For this VPN configuration, create three address objects:
1. Click Firewall > Access Policies and then click the Addresses tab.
2. Click Add an Address.