HP TMS zl Module Security Administrator's Guide
4-197
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
If you selected RSA or DSA signatures for the authentication method when
you ran the wizard, you must install certificates on each TMS zl Module. See
“Manage Certificates” on page 4-394.
Otherwise, you are finished configuring the VPN. However, you can configure
global settings if you want. See “Configure Global IPsec Settings” on page 4-
429.
Configuring an IPsec Site-to-Site VPN Between a TMS
zl Module and Non-TMS Gateway—Manage IPsec
Wizard
You can configure an IPsec with IKE site-to-site VPN between a TMS zl Module
and another type of device as long as that device supports IKEv1 and IPsec.
For this type of deployment, you must use the Manage IPsec wizard to
configure IKEv1 policies, IPsec proposals, and IPsec policies.
Using NIM and the IPsec Manage wizard, you can even configure a set of
similar site-to-site VPNs between multiple TMS zl Modules and a remote VPN
gateway. When you use the Manage IPsec wizard to create VPN policies on
multiple modules at once, it configures the same settings for most parameters
on each module. However, you can configure individuals settings for a few.
Note that you must configure the IPsec policies on each module individually.
Table 4-21. IKE and IPsec Parameters in the Manage IPsec Wizard
Policy or Proposal Parameter Module-Specific or Same
for Every Selected Module
IKEv1 policy IKEv1 Policy Name Same
Policy Type Same
Local Gateway Module specific
Local ID Type and Value Module specific
Remote ID Type and Value Module specific
Remote Gateway Module specific
Key Exchange Mode Same
Authentication Method Same
Diffie-Hellman (DH) Group Same
Encryption Algorithm Same
Authentication Algorithm Same
SA Lifetime in Seconds Same
XAUTH Configuration Same