Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
201202203204205206207208209210
4-28
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
Using named objects is best practice; however, you can specify IP
addresses manually.
2. Create the IKE policy, IPsec proposal, and IPsec policy using one of the
wizards:
Use the Deploy IPsec Remote-Access VPN wizard to be guided
through configuring all of the settings at once. See “Configure IKE and
IPsec Settings Using the Deploy IPsec Remote-Access VPN Wizard”
on page 4-30.
Use the Manage IPsec wizard to configure each component sepa-
rately. See “Configure IKE and IPsec Setting Using the Manage IPsec
Wizard” on page 4-68.
3. Create necessary firewall access policies.
See “Create Access Policies for IPsec Client-to-Site VPNs” on page 4-102.
4. Create static routes to the remote endpoints, if necessary.
See “Verify Routes for a Client-to-Site VPN” on page 4-104.
5. Only if you are using certificates for IKE authentication, install the correct
certificates on the TMS zl Module.
See “Manage Certificates” on page 4-394.
6. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 4-429.
7. Configure the clients with compatible settings.
Refer to your clients’ documentation. (The HP Threat Management Ser-
vices zl Module Management and Configuration Guide also gives some
guidelines and example configurations.)
Create Named Objects for the VPN (Optional)
You might want to configure the named objects indicated in Table 4-3. When
configuring multiple TMS zl Modules, you must configure the objects on each
one.
For your reference, this table includes the location where you would specify
these named objects. However, later configuration instructions will indicate
when you actually need to specify each object. The table also includes a
reference to numbers in Figure 4-12. The number indicates the IP address for
that named object in an example network. (For step-by-step instructions for
configuring objects, see Chapter 6: “Configuring the TMS zl Module Firewall.”)