Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
C-60
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients
Click Use VLAN IP Address and select a VLAN from the list. Select the TMS VLAN on
which remote clients contact the module.
7. For Local ID, configure the ID that the TMS zl Module sends to authenticate itself.
a. For Type , select the ID type:
IP Address
Domain Name
Email Address
Distinguished Name
For this example, select IP Address.
b. For Value, type the correct value.
If you select IP Address for Typ e, the address that you specify in the Value box must
match the IP address that you specified for the local gateway.
Table C-6 shows the format for each ID type.
For this example, type 10.1.1.1.
Table C-6. Local ID Values
8. For Remote ID, specify an ID that matches the ID that remote clients send to authenticate
themselves:
a. For Type , select the ID type:
IP Address
Domain Name
Email Address
Distinguished Name
For this example, select Domain Name.
b. For Value, type the correct value.
Use wildcards to accommodate multiple user IDs. In this way, you can create a single
IKE policy to accommodate all remote users, which simplifies configuration. (In fact,
when you use main mode and preshared keys, only one client-to-site IKE policy is
supported.) Table C-7 displays valid values and wildcards.
For this example, type procurvelabs.com.
Table C-7. Remote ID Values and Wildcards
9. Click Next.
Local ID Type Remote ID Value Examples
IP Address A.B.C.D 10.1.1.1
Domain Name <domainname> TMS.procurve.com
Email Address <name>@<domainname> tms@procurve.com
Distinguished Name /CN=<commonname> /CN=TMS.procurve.com
Remote ID Type Remote ID Value Wildcard Example Example Wildcard
IP Address A.B.C.D 0.0.0.0 172.16.40.103 0.0.0.0
Domain Name <name.domainname> <domainname> user1.procurve.com procurve.com
Email Address <name>@<domainname>*@<domainname> user1@procurve.com *@procurve.com
Distinguished
Name
/CN=<commonname>•/CN=*
•/*
/CN=TMS.procurve.com /CN=*.procurve.com
•*