HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

211

212

213

214

215

216

217

218

219

220

4-41

Configuring a VPN on the HP TMS zl Module

Configure an IPsec Client-to-Site VPN

3. You should also delete the IKEv1 policy and IPsec proposal that were

applied before the faulty IPsec policy was applied. Otherwise, if you try

to use the same deployment name when you run the wizard again, you

will receive an error.

Caution In general, take great care when specifying Any. Even if you do not select

management traffic, you might inadvertently block necessary traffic. For

example, if you select a local subnet for the local addresses, Any for the

protocol, and Any for the remote addresses, the TMS zl Module will no longer

allow endpoints on the local subnet to send any traffic except to remote VPN

clients. You might need to create Bypass policies. See “Bypass and Deny IPsec

Policies” on page 4-434.

4. For Remote ID, specify an ID that matches the ID that remote clients send

to authenticate themselves:

a. For Remote ID Type, select one of the following:

– IP Address

– Domain Name

– Email Address

– Distinguished Name

b. For Remote ID Value, type the correct value. The remote ID must be

unique to this policy.

If you want multiple clients to be able to connect using the policies

created by this wizard, you must use wildcards. Remember that each

remote ID must match only one IKE policy; so plan the wildcards

appropriately. Table 4-6 displays valid values and wildcards.

Table 4-6. Remote ID Values and Wildcards

Note When you are using wildcards to allow multiple clients to connect, you must

configure a unique ID on each client to allow clients to log in simultaneously.

Both clients cannot have the same ID because if one client is logged in and a

second client attempts to log in with the same ID, the first client is logged out.

Remote ID Type Remote ID Value Wildcard Example Example Wildcard

IP Address A.B.C.D 0.0.0.0 172.16.40.103 0.0.0.0

Domain Name <name.domainname> <domainname> user1.hp.com hp.com

Email Address <name>@<domainname>*@<domainname> user1@hp.com *@hp.com

Distinguished

Name

/CN=<commonname>•/CN=*

•/*

/CN=user1.hp.com • /CN=*.hp.com

•*