HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

171

172

173

174

175

176

177

178

179

180

4-2

Configuring a VPN on the HP TMS zl Module

Configure IKE and IPsec Settings Using the Deploy

IPsec Remote-Access VPN Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30

Typical Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

Custom Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48

Configure IKE and IPsec Setting Using the Manage IPsec Wizard . . 4-68

Create an IKE Policy for a Client-to-Site VPN . . . . . . . . . . . . . . . 4-69

Create an IPsec Proposal for a Client-to-Site VPN . . . . . . . . . . . 4-82

Create an IPsec Policy for a Client-to-Site VPN . . . . . . . . . . . . . . 4-88

Create Access Policies for IPsec Client-to-Site VPNs . . . . . . . . . . . . 4-102

Verify Routes for a Client-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . 4-104

Configuring an IPsec Site-to-Site VPN with IKE . . . . . . . . . . . . . . . 4-106

Configuring an IPsec Site-to-Site VPN Between TMS zl

Modules—Deploy IPsec Site-to-Site VPN Wizard . . . . . . . . . . . . . . . 4-107

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . 4-108

Run the Deploy IPsec Site-to-Site Wizard . . . . . . . . . . . . . . . . . . 4-111

Create Access Policies for the TMS zl Modules in the IPsec

Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-194

Verify Routes for TMS zl Modules in the IPsec

Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-196

Configuring an IPsec Site-to-Site VPN Between a TMS

zl Module and Non-TMS Gateway—Manage IPsec Wizard . . . . . . . 4-197

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . 4-199

Create an IKE Policy for a Site-to-Site IPsec VPN . . . . . . . . . . . 4-200

Create an IPsec Proposal for an IPsec Site-to-Site VPN . . . . . . 4-211

Create an IPsec Policy for an IPsec Site-to-Site VPN

That Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-217

Create Access Policies for an IPsec Site-to-Site VPN

that Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-228

Verify Routes for an IPsec Site-to-Site VPN That Uses IKE . . . . . . . 4-229

Configuring an IPsec Site-to-Site VPN with Manual Keying . . . . 4-230

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . 4-232

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233

Create an IPsec Policy That Uses Manual Keying . . . . . . . . . . . . . . . 4-238

Create Access Policies for an IPsec Site-to-Site VPN

with Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-249

Verify Routes for an IPsec Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . 4-251

L2TP over IPsec VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-252

Configure an L2TP over IPsec Client-to-Site VPN . . . . . . . . . . . . . . . 4-253

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . 4-254

Create an IKE Policy for an L2TP over IPsec VPN . . . . . . . . . . 4-256

Create an IPsec Proposal for an L2TP over IPsec VPN . . . . . . . 4-269

Create an IPsec Policy for an L2TP over IPsec VPN . . . . . . . . . 4-276