Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
4-105
Configuring a VPN on the HP TMS zl Module
Configure an IPsec Client-to-Site VPN
Also note that, when you set up IKE mode config, a route to irstXXX is
automatically added to the route table. This route is to the network that you
configured for IKE mode config in the IPsec policy. In this example, the IRAS
IP address and mask were configured as 10.1.100.1/24, so the network in the
route is 10.1.100.0/24 and the gateway is 10.1.100.1.
Figure 4-64. Routes for an IPsec Client-to-Site VPN
Figure 4-64 shows a IPsec client-to-site VPN in which the remote clients are
on the subnets 172.22.3.0/24 and 10.78.15.0/24. For this VPN, a default route
through 192.168.115.1 would work. However, to better illustrate the necessary
routes, the figure shows two specific routes: one to each remote subnet. For
both routes, the gateway is 192.168.115.1. Whether a default route or specific
routes are used for this example, the public interface IP address is
192.168.115.71 (the IKE policy specifies 192.168.115.71).
For more information about configuring routing on the TMS zl Module, see
the HP Threat Management Services zl Module Management and Configu-
ration Guide.