Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
4-103
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
Figure 4-63. Example IPsec Client-to-Site VPN (with Zones)
Table 4-12 lists the necessary access policies you would make for the VPNs
shown in Figure 4-63; the numbers in the Source and Destination columns refer
to the example figure above.
For access policies that permit the traffic sent over the tunnel, you should
consider setting the TCP MSS to a value lower than the typical MSS used in
your system—particularly, if IPsec fragmentation is disabled. (The remote
client will set the MSS correctly on its own; however, your local devices, which
are unaware of the VPN, might not.) Otherwise, the addition of the IPsec and
IP delivery headers might make the packets too large to be transmitted.
Table 4-12 suggests a conservative value for the TCP MSS when the MTU is
1500.
Note The value for TCP MSS in the table is only a suggestion. You should determine
the best setting for your environment.