Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
261262263264265266267268269270
4-92
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
The position determines the order in which the TMS zl Module processes
IPsec policies. The module processes the policy with the lowest value first
(for example, position 1 before position 2). The position matters most
when policies have overlapping traffic selectors. In this case, assign the
highest position (lowest value) to the IPsec policy with the most specific
traffic selector.
A default IPsec policy prevents all traffic from being encrypted by the VPN
engine; therefore, all IPsec policies that you configure must have a higher
priority than this default policy.
Next, you configure the VPN traffic selector, which determines which
traffic is selected by the policy. For example, the selector might specify
all IP traffic between 192.168.2.0/24 (a local subnet) and 192.168.3.0/24 (a
remote subnet). For a policy with the Apply action, the selected traffic is
the traffic that is sent, received, and secured on the IPsec SA.
Refer to Figure 4-59 for help while you configure the traffic selector.
Figure 4-59. Example IPsec Client-to-Site VPN
8. For Traffic Selector, configure these settings:
a. For Protocol, specify the protocol for traffic allowed over the VPN: