HP ProCurve Threat Management Solution Implementation Guide 2009-05
C-90
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients
Figure C-109. Add IPsec Policy Window—Step 3 of 4
17. Configure the IP addresses and other settings assigned to remote endpoints through IKE
mode config:
a. The Enable IP Address Pool for IRAS (Mode Config) check box should be selected.
b. For IRAS IP Address/Mask, type the IP address that the TMS zl Module will use to route
traffic from the remote clients. Include a subnet mask. For example type, 172.16.100.1/24.
Select a subnet that you can reserve for the remote clients; this subnet cannot be
configured on a TMS VLAN. This address will be the clients’ remote gateway while
visiting the local network.
c. For Firewall Zone, select the zone for remote clients after they establish the VPN
connection.When you configure firewall access policies for the IKE mode config
addresses, use this zone. For this example, select Zone1.
d. For IP Address Ranges, type one or more ranges of IP addresses in the same subnet as
the IRAS. Type each range on its own line, using this format: <first address>-<last
address>. For example, type 172.16.100.10-172.16.100.254.
Each remote client will be assigned an address from this pool while visiting your
private network.
You can view these addresses in the VPN > IPsec > IP Address Pool window.
e. For Primary DNS Server, type the IP address of a DNS server that the remote client is
allowed to access. For this example, type 192.168.4.12.
f. For Secondary DNS Server, type the IP address of a secondary DNS server that the
remote client is allowed to access, if applicable.
g. For Primary WINS Server, type the IP address of a primary WINS server that the remote
client is allowed to access, if applicable.
h. For Secondary WINS Server, type the IP address of a secondary WINS server that the
remote client is allowed to access, if applicable.