HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

291

292

293

294

295

296

297

298

299

300

4-121

Configuring a VPN on the HP TMS zl Module

Configuring an IPsec Site-to-Site VPN with IKE

19. Under Local Network Address on Site 1, specify the IP addresses of all Site

1 endpoints that are allowed to send traffic over the VPN (indicated by 2

in the figure).

Do one of the following to specify addresses:

•Select Single/Range and then Any to permit any IP address.

Take care when specifying Any; you might accidently select traffic for

the VPN that should not be sent over the VPN.

• Click the arrow for Single/Range and select a single item from the list.

The list includes all subnets that are configured on the Site 1 TMS zl

Module. It also includes the module’s single-entry IP, range, or net-

work address objects, so you can select an object that you configured

for the Site 1 endpoints earlier.

• Click within the Single/Range field and type a value. You can type an

IP address, range of IP addresses (first IP address-last IP address), or

subnet (network address/prefix length).

•Select Multiple and select multiple subnets or objects. After you select

each subnet or object, click the arrow button to move it to the right

pane (which displays all subnets and objects selected for the VPN).

20. Under Local Network Address on Site 1, the Local Port setting is available if

you selected TCP or UDP for Protocol. Type a specific port for the service

to which endpoints at Site 2 are allowed access. Alternatively, leave the

field blank, which allows traffic to any port.

21. Under Local Network Address on Site 2, specify the addresses for all Site 2

endpoints allowed to send and receive traffic over the VPN (indicated by

4 in the figure).

Note If you are only configuring one module, the section is called Remote Network

Address on Site 1, and the other fields also replace Local with Remote. Use these

fields as described below but specify the remote devices that are allowed to

send and receive traffic over the VPN.

Do one of the following to specify addresses:

•For Local Network Address, select Any to permit any IP address.

Again, make sure that you really want to select all traffic for the VPN.

• Click the arrow for Local Network Address and select an item from the

list. The list includes all subnets that are configured on the Site 2 TMS

zl Module. It also includes the module’s single-entry IP, range, or

network address objects, so you can select an object that you config-

ured for the Site 2 endpoints earlier.