Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
431432433434435436437438439440
C-94
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients
f. For Destination, leave Any Address or specify the IP address configured for the local
gateway in the IKE policy.
For this example, select the LocalGateway address object.
Figure C-114. Add Policy Window
g. Click Apply.
4. Allow IKE messages to the remote endpoints.
a. For Action, leave the default, Permit Traffic.
b. For From, select Self.
c. For To, select the remote zone. For this example, select External.
d. For Service, select isakmp.
e. For Source, leave Any Address or specify the local gateway IP address.
For this example, select the LocalGateway address object.
f. For Destination, type Any Address.
If you know the public addresses of all of your remote endpoints, you could create a
named object with those addresses and specify that object here.
5. If the IPsec tunnel uses NAT-T (because NAT is performed on traffic somewhere between
the remote clients and the module), you must create two access policies to allow the NAT-
T traffic:
a. Verify that for User Group, None is selected.
b. For Action, accept the default: Permit Traffic.
c. For From, select the remote zone. For this example, select External.
d. For To, select Self.
e. For Service, select ipsec-nat-t-udp.
f. For Source, specify Any Address.
If you know the public addresses of all of your remote endpoints, you could create a
named object with those addresses and specify that object here.