Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
181182183184185186187188189190
4-5
Configuring a VPN on the HP TMS zl Module
VPNs
VPNs
In addition to providing a firewall and an Intrusion Detection System/Intrusion
Prevention System (IDS/IPS), the HP Threat Management Services (TMS) zl
Module supports virtual private networks (VPNs). Using the TMS manage-
ment capabilities of HP Network Immunity Manager (NIM), you can configure
a VPN on one or more TMS zl Modules to connect two trusted endpoints over
an untrusted network. The two endpoints are connected through a tunnel,
which typically provides both data integrity and data privacy for the transmit-
ted traffic.
The TMS zl Module supports the following types of site-to-site VPNs and client-
to-site VPNs:
IP security (IPsec):
Client-to-site VPNs with Internet Key Exchange (IKE) version 1
Site-to-site VPNs:
–With IKE v1
With manual keying
L2TP and L2TP over IPsec—client-to-site VPNs
Generic Routing Encapsulation (GRE) tunnels and GRE over IPsec—site-
to-site VPNs
L2TP and GRE do not provide data integrity and data privacy on their own,
but they can be combined with IPsec, which secures the tunnel.
Each TMS zl Module supports:
4800 IPsec VPN connections
100 L2TP over IPsec connections
240 GRE connections
For client-to-site VPNs, the following VPN clients have been tested for use
with the TMS zl Module:
IPsec VPNs
Openswan for Linux
IPSecuritas for Macintosh OS X
Shrew Soft VPN Client
•HP VPN Client
L2TP over IPsec VPNs