Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
431432433434435436437438439440
C-98
Configure VPNs Using the HP ProCurve Threat Management Services zl Module
Configure a Client-to-Site IPsec VPN for HP ProCurve VPN Clients
6. Under Remote Party Identity and Addressing, specify the addresses in the internal network
that the remote client can reach. These settings must match the local addresses in the
traffic selector of the TMS zl Module’s IPsec policy:
a. For ID Type, select the type of value or object configured for the Local Address in the
module’s traffic selector. For this example, select IP Subnet.
b. Boxes are displayed depending on the ID Type that you selected. Type a string that
exactly matches the value in the Local Address of the module’s IPsec policy traffic
selector. For this example, type 192.168.4.0/24.
c. For Protocol, match the protocol selected in the module’s IPsec policy traffic selector.
For this example, leave the default All.
d. If you selected TCP or UDP for Protocol, for Port, select a service that matches the Local
Port in the TMS zl Module’s IPsec policy traffic selector.
You do not need to configure a port for this example.
7. Select the Connect Using Secure Gateway Tunnel check box.
8. For ID Type, select the local ID type in the modules IKE policy. Then type, in the box below,
the local ID value in the module’s IKE policy.
For this example, select IP Address and type 10.1.1.1.
Note If you select Distinguished Name, you must click Edit Name. Then select the Enter Subject
Name in LDAP format check box and type the name. For example, type CN=TMS.procur-
veu.edu.
9. If you selected Domain Name or Distinguished Name for the ID Type, type the TMS zl Module’s
public IP address under Gateway IP Address.
Typically, this IP address is the Local Gateway IP Address in the module’s IKE policy.
However, if another device performs NAT on this address, then you should type the
translated IP address.
For this example, you do not configure this setting because the client automatically uses
the IP address specified for the remote ID for the gateway IP address.
10. In the left navigation pane, expand the connection and click My Identity.