HP TMS zl Module Security Administrator's Guide
4-3
Configuring a VPN on the HP TMS zl Module
L2TP User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-286
Configure Local L2TP Authentication . . . . . . . . . . . . . . . . . . . . . 4-287
Configure L2TP Authentication to an External
RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-301
Create Access Policies for an L2TP over IPsec VPN . . . . . . . . . . . . 4-319
Verify Routes for the L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . 4-322
GRE Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-323
GRE Tunnel Keepalives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-324
Redundant GRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-325
Floating Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-326
Maximum Segment Size (MSS) for TCP Connections . . . . . . . . . . . 4-326
Configure a GRE Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-326
Create Named Objects (Optional) . . . . . . . . . . . . . . . . . . . . . . . . 4-327
Create a GRE Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-328
Create Access Policies for a GRE Tunnel . . . . . . . . . . . . . . . . . . 4-337
Verify that a Route to the Remote Tunnel Gateway Exists . . . 4-339
Configure a GRE over IPsec VPN with IKE . . . . . . . . . . . . . . . . . . . . 4-340
Create Named Objects (Optional) . . . . . . . . . . . . . . . . . . . . . . . . 4-342
Verify That a Route to the Remote Tunnel Gateway Exists . . . 4-344
Create an IKE Policy for a GRE over IPsec VPN . . . . . . . . . . . . 4-345
Create an IPsec Proposal for a GRE over IPsec VPN . . . . . . . . 4-355
Create an IPsec Policy for a GRE over IPsec VPN
That Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-360
Create Access Policies for a GRE over IPsec VPN
That Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-371
Configure a GRE over IPsec VPN with Manual Keying . . . . . . . . . . 4-373
Create Named Objects (Optional) . . . . . . . . . . . . . . . . . . . . . . . . 4-375
Verify That a Route to the Remote Tunnel Gateway Exists . . . 4-376
Create an IPsec Proposal for a GRE over IPsec VPN
that Uses Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-377
Create an IPsec Policy for a GRE over IPsec VPN
That Uses Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-382
Create Access Policies for a GRE over IPsec VPN
That Uses Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-392
Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-394
Install Certificates Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-394
Generate or Install a Private Key . . . . . . . . . . . . . . . . . . . . . . . . . 4-394
Create a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-403
Install the CA Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-409
Install the IPsec Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-412
Install the CRL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-415