HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

4-155

Configuring a VPN on the HP TMS zl Module

Configuring an IPsec Site-to-Site VPN with IKE

Do one of the following to specify addresses:

•Select Single/Range and then Any to permit any IP address.

Take care when specifying Any; you might accidentally select traffic

for the VPN that should not be sent over the VPN.

• Click the arrow for Single/Range and select a single item from the list.

The list includes all subnets that are configured on the Hub TMS zl

Module. It also includes the module’s single-entry IP, range, or net-

work address objects, so you can select an object that you configured

for the Hub endpoints earlier.

• Click within the Single/Range field and type a value. You can type an

IP address, range of IP addresses (first IP address-last IP address), or

subnet (network address/prefix length).

•Select Multiple and select multiple subnets or objects. After you select

each subnet or object, click the arrow button to move it to the right

pane (which displays all subnets and objects selected for the VPN).

15. Under Local Network Address on Hub, the Local Port setting is available if

you selected TCP or UDP for Protocol. Type a specific port for the service

to which endpoints at Spoke 1 are allowed access. Alternatively, leave the

field blank, which allows traffic to any port.

16. Under Local Network Address on Spoke 1, specify the addresses for all

Spoke 1 endpoints allowed to send and receive traffic over the VPN

(indicated by 4 in the figure).

Do one of the following to specify addresses:

•For Local Network Address, select Any to permit any IP address.

Again, make sure that you really want to select all traffic for the VPN.

• Click the arrow for Local Network Address and select an item from the

list. The list includes all subnets that are configured on the Spoke 1

TMS zl Module. It also includes the module’s single-entry IP, range, or

network address objects, so you can select an object that you config-

ured for the Spoke 1 endpoints earlier.

• Click within the Local Network Address field and type a value. You can

type an IP address, range of IP addresses (first IP address-last IP

address), or subnet (network address/prefix length).

17. If the Local Port setting is available, you can type a specific port for a

service to which endpoints at the hub are allowed access. Or you can leave

the field blank (which allows traffic to any port).