Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
411412413414415416417418419420
C-69
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients
Figure C-83. Add IPsec Policy Window—Step 4 of 4
19. If desired, configure settings in the Advanced Settings (Optional) section. For this example,
leave the default settings.
Note For more information on advanced settings, see the HP ProCurve Threat Management
Services zl Module Management and Configuration Guide.
20. Click Finish. The IPsec policy is displayed in the VPN > IPsec > IPsec Policies window.
Access Policies for an IPsec Client-to-Site VPN for Macintosh IPSecuritas
Clients
You must create firewall access policies to permit the remote clients to exchange IKE messages
with the TMS zl Module. Other policies must permit the remote clients to access local services.
Before you begin configuring firewall access policies, determine the zone on which traffic from
the remote clients arrives. This is the zone of the TMS VLAN on which remote clients reach
the module and on which the local VPN gateway address is configured. The instructions below
will refer to this zone as the “remote zone.” In this example, it is the External zone.
Also, determine the zone on which traffic from remote endpoints arrives after the endpoints
have been assigned IKE mode config addresses (you selected this zone when you created the
IPsec policy). The instructions will refer to this zone as the “IKE mode config zone.” In this
example, this is Zone1.