HP ProCurve Threat Management Solution Implementation Guide 2009-05
C-74
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for Macintosh IPSecuritas Clients
8. Click the Add Connections icon.
9. Specify a significant name for the connection, such as Main Campus.
Figure C-90. IPSecuritas—Connections > General Tab
10. Click the General tab.
11. For Remote IPSec Device, type the IP address at which the client reaches the TMS zl Module.
12. Configure the following settings, which correspond to the traffic selector in the TMS zl
Module’s IPsec policy:
a. For Local Side, select the Endpoint Mode:
– Host — Specifies the IP address of the client. You can specify an IP address in the
box that is displayed. If you do not, the client’s IP address will be used automati-
cally.
– Network — Specifies the subnet on which the client resides.
For Network Address, type the address of the subnet. For Network Mask (CIDR), type
the number of bits in the network mask.
These settings must match the Remote Address in the module’s traffic selector exactly.
When the module’s traffic selector indicates an entire subnet, you must select Network
on the IPSecuritas client. When you have created multiple IPsec policies on the
module, each of which specifies a single remote address, you must select Host.
b. For Remote Side, select the Endpoint Mode:
– Host — Specifies one IP address on the internal network that the client is permitted
to access. Type the address in the IP Address field.
– Network — Specifies the internal subnet that the client is permitted to access.
For Network Address, type the address of the subnet. For Network Mask (CIDR), type
the number of bits in the network mask.
These settings must match the Local Address in the module’s traffic selector exactly.
For this example, select Network, type 192.168.4.0 for Network Address, and 24 for
Network Mask (CIDR).