Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
C-66
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients
b. For Local Address, specify the IP addresses of all local endpoints that the remote clients
are allowed to access.
For this example, select the LocalEndpoints address object that you created earlier. (You
could also manually type an IP address, an IP address range, or a network address in
CIDR format.)
c. Local Port is present if you selected TCP or UDP for Protocol. Type a specific port for the
service to which remote clients are allowed access or leave the field blank (which
allows traffic to any port in the specified protocol).
In this example, you do not configure this setting because you selected Any for the
protocol.
d. For Remote Address, specify the IP address of the remote client or clients allowed on
the VPN. If all remote clients are on the same subnet, you can select the address object
that you created for that subnet (or manually type the subnet address in CIDR format).
Otherwise, you must specify the IP address of a single client (select one of the address
objects that you created) and configure a separate IPsec policy for each remote client.
e. Remote Port is present if you selected TCP or UDP for Service. Typically, leave the field
blank (which allows traffic to any port in the specified protocol).
In this example, you do not configure this setting because you selected Any for the
protocol.
f. If you selected ICMP for the protocol, for ICMP Type, select Any.
Note Recheck the traffic selector settings and verify that the following traffic is not selected:
Management traffic from your management station to the TMS zl Module
Traffic between the local and remote modules’ gateway addresses
If this traffic is included within the traffic selector, you must either change the traffic selector
or configure Bypass policies to exclude management and IKE traffic. See the HP ProCurve
Threat Management Services zl Module Management and Configuration Guide.
9. For Proposal, select the IPsec proposal that you just configured. For this example, select
Esp3desMd5.
10. Click Next.