HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

281

282

283

284

285

286

287

288

289

290

4-109

Configuring a VPN on the HP TMS zl Module

Configuring an IPsec Site-to-Site VPN with IKE

Figure 4-65. Example IPsec Site-to-Site VPN

Table 4-14. Possible Named Objects for an IPsec Hub and Spokes VPN (Three

Modules)

Example

Figure

Reference

Named Object Type Named Object Description Location Where the Named

Object is Specified

1 Single-entry IP address object The IP address for the VPN

gateway on the Hub module

Firewall access policies on all

modules—Source or

Destination for policies that

permit IKE traffic

2 Single-entry IP, range, or

network address objects

The IP addresses of Hub

endpoints that are allowed to

send traffic over the VPN

• Local Network Address on

Hub in the Deploy IPsec

Site-to-Site VPN wizard

• Firewall access policies on

all modules—Source or

Destination for policies that

permit traffic sent across

the VPN

3 Single-entry IP address object The IP address for the VPN

gateway on the Spoke 1

module

Firewall access policies on the

Hub and Spoke 1 modules—

Source or Destination for

policies that permit IKE traffic

4 Single-entry IP, range, or

network address objects

The IP addresses of Spoke 1

endpoints that are allowed to

send traffic over the VPN

• Local Network Address on

Spoke 1 in the Deploy IPsec

Site-to-Site VPN wizard

• Firewall access policies on

Hub and Spoke 1

modules—Source or

Destination for policies that

permit traffic sent across

the VPN