Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
231232233234235236237238239240
4-60
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
Note It is generally recommended that you use IKE mode config. However, if your
clients do not support this feature, clear the Enable IP Address Pool for IRAS
(Mode Config) check box and move to step 19 on 4-61.
11. Select the Enable IP Address Pool for IRAS (Mode Config) check box.
12. For IRAS IP Address/Mask, type the IP address that the TMS zl Module will
use to route traffic from the remote clients. Include a subnet mask. For
example, type 172.16.100.1/24.
Select a subnet that you can reserve for the remote clients; this subnet
cannot be configured on a TMS VLAN. This address will be the clients’
remote gateway while visiting the local network.
13. For Firewall Zone, select the zone for remote clients after they establish
the VPN connection.
When you set up firewall access policies to permit traffic between the
remote endpoints and the private network, select this zone as the source
zone.
14. For IP Address Ranges, type one or more ranges of IP addresses in the same
subnet as the IRAS. Type each range on its own line, using this format:
<first address>-<last address>. For example, type 172.16.100.2-172.16.100.254.
Each remote client will be assigned an address from this pool while
visiting your private network. (You can view clients’ addresses in the TMS
- VPN > Connections > IP Address Pool window.)
Remember that you should have specified this same range for the Remote
Address of this policy’s traffic selector.
15. For Primary DNS Server, type the IP address of a DNS server that the remote
client is allowed to access.
16. For Secondary DNS Server, type the IP address of a secondary DNS server
that the remote client is allowed to access, if applicable.
17. For Primary WINS Server, type the IP address of a primary WINS server
that the remote client is allowed to access, if applicable.
18. For Secondary WINS Server, type the IP address of a secondary WINS
server that the remote client is allowed to access, if applicable.