HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

271

272

273

274

275

276

277

278

279

280

4-94

Configuring a VPN on the HP TMS zl Module

Configure an IPsec Client-to-Site VPN

a separate IPsec policy for each remote client. Other clients (such as

the Mac IPSecuritas) can send an entire subnet. Do one of the follow-

ing to specify addresses:

– Manually type an IP address, IP address range, or network

address in CIDR format

– Select a single-entry IP, range, or network address object.

– Select Any to permit any IP address.

Caution If your traffic selector will include management traffic to a TMS zl Module,

you first must configure Bypass policy on that module with top priority that

selects the management traffic. Otherwise, NIM will lose contact with the

module, and you will be locked out of the Web browser interface.

If you do cause NIM to lose contact with the TMS zl Module, follow this

procedure:

1. Access the module and delete the IPsec policy:

• If the module has multiple IP addresses in its management-access

zone, you might be able to contact the module’s Web browser inter-

face at one of the other addresses. You can then delete the faulty IPsec

policy from the VPN > IPsec > IPsec Policies window (the policy will

be labeled with the name that you specified in the wizard).

• If you cannot reach the module’s Web browser interface, you can use

the CLI to delete the faulty IPsec policy. Access the host switch CLI

and enter these commands:

hostswitch(config)# services <slot ID> name tms-module

hostswitch(tms-module-<slot ID>)# config

hostswitch(tms-module-<slot ID>:config) no ipsec policy

Replace <slot ID> with the ID of the slot in which the TMS zl

Module is installed. Replace <policy name> with the name that you

specified in the wizard. (You can also use the show ipsec policy

command to view the name.)

2. NIM should now be able to contact the TMS zl Module. It is best practice

to synchronize the TMS properties before you continue configuring.

Caution Typically, the local addresses are internal addresses on the site’s private

network while the local gateway address (which you configured in previous

window) is the TMS zl Module’s public or external address. If, however, for

whatever reason the set of local addresses specified here includes the local