HP TMS zl Module Security Administrator's Guide
4-57
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
allow endpoints on the local subnet to send any traffic except to remote VPN
clients. You might need to create Bypass policies. See “Bypass and Deny IPsec
Policies” on page 4-434.
4. For Remote ID, specify an ID that matches the ID that remote clients send
to authenticate themselves:
a. For Remote ID Type, select one of the following:
– IP Address
– Domain Name
– Email Address
– Distinguished Name
b. For Remote ID Value, type the correct value. The remote ID must be
unique to this policy.
If you want multiple clients to be able to connect using the policies
created by this wizard, you must use wildcards. Remember that each
remote ID must match only one IKE policy; so plan the wildcards
appropriately. Table 4-8 displays valid values and wildcards.
Table 4-8. Remote ID Values and Wildcards
Note When you are using wildcards to allow multiple clients to connect, you must
configure a unique ID on each client to allow clients to log in simultaneously.
Both clients cannot have the same ID because if one client is logged in and a
second client attempts to log in with the same ID, the first client is logged out.
Each client’s unique ID must match the wildcard in the module’s remote ID.
For example, if the remote ID type and value on the module are Domain Name
and hp.com, then one client can have user1.hp.com as its ID and another client
can have user2.hp.com.
5. Click Next.
Remote ID Type Remote ID Value Wildcard Example Example Wildcard
IP Address A.B.C.D 0.0.0.0 172.16.40.103 0.0.0.0
Domain Name <name.domainname> <domainname> user1.hp.com hp.com
Email Address <name>@<domainname>*@<domainname> user1@hp.com *@hp.com
Distinguished
Name
/CN=<commonname>•/CN=*
•/*
/CN=user1.hp.com • /CN=*.hp.com
•*