Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
411412413414415416417418419420
C-70
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients
You should also determine the zone for local endpoints to which the remote clients are allowed
access. The instructions below will refer to this zone as the “local zone.” If remote clients are
allowed to access multiple zones, you must create policies for each of these zones. In this
example, the single local zone is the Internal zone.
1. In the left navigation bar of the Web browser interface, click Firewall > Access Policies >
Unicast.
2. Click Add a Policy.
3. Allow IKE messages from the remote endpoints.
a. For Action, leave the default Permit Traffic.
b. For From, select the remote zone. For this example, select External.
c. For To, select Self.
d. For Service, select isakmp.
e. For Source, select the address or address group object that you created for remote
clients. For this example, select MacClients.
f. For Destination, leave Any Address or specify the IP address that you configured for the
local gateway. For this example, select LocalGateway.
Figure C-84. Add Policy Window
g. Click Apply.
4. Allow IKE messages to the remote endpoints.
a. For Action, leave the default Permit Traffic.
b. For From, select Self.
c. For To, select the remote zone. For this example, select External.
d. For Service, select isakmp.
e. For Source, leave Any Address or specify the IP address that you configured for the
local gateway. For this example, select LocalGateway.
f. For Destination, select the address or address group object that you created for remote
clients. For this example, select MacClients.
g. Click Apply.