Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
331332333334335336337338339340
4-157
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
gateway address, you must create a Bypass IPsec policy to exclude IKE traffic
to and from the module from the VPN. Otherwise the VPN cannot be estab-
lished.
Caution Also take great care when specifying Any for either local network. You might
inadvertently block necessary traffic. For example, if you select a Hub subnet
for the Hub local addresses, Any for the protocol, and Any for the Spoke 1 local
addresses, the TMS zl Module will no longer allow endpoints on the Spoke 1
subnet to send any traffic except over the VPN. You might need to create
Bypass policies.
Note Finally, if the local traffic that will be sent over the VPN is also selected for
NAT, you must create NAT exclusion policies on each module.