Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
231232233234235236237238239240
4-54
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
12. For Local Network Address, specify the IP addresses for all local endpoints
to which remote users are allowed access.
Do one of the following to specify addresses:
Typically, manually type an IP address, IP address range, or network
address in CIDR format.
The local addresses should be internal addresses on your private
network.
Select a subnet.
The wizard automatically includes the subnets configured on TMS
VLANs.
Select the single-entry IP, range, or network address object that you
created earlier for local endpoints.
An address object is not valid if you plan to configure IKE mode
config.
•Select Any to permit any IP address.
Any is not valid if you plan to configure IKE mode config.
Caution Typically, the local addresses are internal addresses on your private network
while the public interface address (which you configured in the previous
window) is the TMS zl Module’s public or external address. If, however, for
whatever reason the set of local addresses specified here includes the public
interface address, the VPN will fail to be established. You must create a Bypass
policy to exclude IKE traffic to and from the module from the VPN. See
“Bypass and Deny IPsec Policies” on page 4-434.
Also take care when specifying Any for the local network. You might inadver-
tently select traffic for the VPN that should not be selected.
Finally, if the local traffic that will be sent over the VPN is also selected for
NAT, you must create a NAT exclusion policy.
13. Click Next.