Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
211212213214215216217218219220
4-38
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
•Select Any to permit any IP address.
Any is not valid if you plan to configure IKE mode config.
Caution Typically, the local addresses are internal addresses on your private network
while the public interface address (which you configured in the previous
window) is the TMS zl Module’s public or external address. If, however, for
whatever reason the set of local addresses specified here includes the public
interface address, the VPN will fail to be established. You must create a Bypass
policy to exclude IKE traffic to and from the module from the VPN. See
“Bypass and Deny IPsec Policies” on page 4-434.
Also take care when specifying Any for the local network. You might inadver-
tently select traffic for the VPN that should not be selected.
Finally, if the local traffic that will be sent over the VPN is also selected for
NAT, you must create a NAT exclusion policy.
12. Click Next.