HP ProCurve Threat Management Solution Implementation Guide 2009-05
C-96
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients
t. Click Apply.
u. Then permit the remote users in this group to access other local servers. For Action,
select Permit Traffic.
v. For From, select the IKE mode config zone. For this example, select Zone1.
w. For To, select the local zone. For this example, select Internal.
x. For Service, leave Any Service.
This is the most basic configuration. You could create access policies that deny only
certain types of traffic.
y. For Source, specify the virtual addresses assigned to remote clients. For this example,
select the ModeConfigAdds address object. (You could also specify the addresses
manually.)
z. For Destination, specify the local addresses that the remote endpoints are allowed to
reach. For this example, select LocalEndpoints.
aa. Click Apply.
7. If necessary for your services, create access policies that permit local endpoints to send
traffic to remote clients. (Typically, these policies would be configured for the None user
group.)
8. In the Add Policy window, click Close.
Verify Routes
The TMS zl Module requires a route to the remote clients. You can view routes in the Network
> Routing > View Routes window. In this example, the module’s default gateway routes traffic
to these clients.
Configure the HP ProCurve VPN
This section includes step-by-step instructions for configuring a ProCurve VPN Client to
establish an IPsec connection to the TMS zl Module.
Follow these steps:
1. If necessary, install the client on the endpoint.
2. After installing the client, open the Security Policy Editor using one of these methods:
•In the Start menu, click Programs > ProCurve VPN Client > Security Policy Editor.
• Right-click the ProCurve VPN Client icon in the system tray and click Security Policy
Editor.