Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
311312313314315316317318319320
4-137
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
3. You should also delete any objects that were applied to your modules
before the faulty IPsec policy was applied. Otherwise, if you try to use the
same deployment name when you run the wizard again, you will receive
an error.
Caution Typically, the local addresses are internal addresses on the site’s private
network while the local gateway address (which you configured in previous
window) is the TMS zl Module’s public or external address. If, however, for
whatever reason the set of local addresses specified here includes the local
gateway address, you must create a Bypass IPsec policy to exclude IKE traffic
to and from the module from the VPN. Otherwise the VPN cannot be estab-
lished.
Caution Also take great care when specifying Any for either local network. You might
inadvertently block necessary traffic. For example, if you select a Site1 subnet
for the Site1 local addresses, Any for the protocol, and Any for the Site2 local
addresses, the TMS zl Module will no longer allow endpoints on the Site2
subnet to send any traffic except over the VPN. You might need to create
Bypass policies.
Note Finally, if the local traffic that will be sent over the VPN is also selected for
NAT, you must create NAT exclusion policies on each module.