Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
4-107
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
Configuring an IPsec Site-to-Site VPN Between TMS zl
Modules—Deploy IPsec Site-to-Site VPN Wizard
The Deploy IPsec Site-to-Site VPN wizard can be used to create three types of
VPNs:
Simple site-to-site VPN between two TMS zl Modules
Hub and spoke VPN between three TMS zl Modules
You can also replace another IPsec-compliant device for one of the modules
in either deployment. Remember, however, that you must then configure
compatible settings on that device separately.
You will follow a similar process to configure either type of deployment; the
instructions will clearly point out the differences. For either type, you must
complete these tasks:
1. Optionally, create named objects, which you can use in VPN policies as
well as corresponding firewall access policies.
Using named objects is best practice; however, you can specify IP
addresses manually. See “Create Named Objects for the VPN (Optional)”
on page 4-108.
2. Run the Deploy IPsec Site-to-Site VPN wizard.
See “Run the Deploy IPsec Site-to-Site Wizard” on page 4-111.
3. Create necessary firewall access policies.
See “Create Access Policies for the TMS zl Modules in the IPsec Site-to-
Site VPN” on page 4-194.
4. Verify that necessary routes are in place.
See “Verify Routes for TMS zl Modules in the IPsec Site-to-Site VPN” on
page 4-196.
5. Only, if you are using certificates (instead of preshared key authentica-
tion), install the correct certificates on the TMS zl Modules.
See “Manage Certificates” on page 4-394.
6. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 4-429.