Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
371372373374375376377378379380
4-198
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
Whether you are configuring one module or multiple modules, complete the
following tasks:
1. Optionally, create named objects, which you can use in IPsec policies as
well as corresponding firewall access policies.
Using named objects is best practice; however, you can specify IP
addresses manually. See “Create Named Objects for the VPN (Optional)”
on page 4-199.
2. Create an IKE policy.
See “Create an IKE Policy for a Site-to-Site IPsec VPN” on page 4-200.
3. Create an IPsec proposal.
See “Create an IPsec Proposal for an IPsec Site-to-Site VPN” on page 4-211.
4. Create an IPsec policy.
See “Create an IPsec Policy for an IPsec Site-to-Site VPN That Uses IKE”
on page 4-217.
5. Create necessary firewall access policies.
See “Create Access Policies for an IPsec Site-to-Site VPN that Uses IKE”
on page 4-228.
6. Create a static route, if necessary.
See “Verify Routes for an IPsec Site-to-Site VPN That Uses IKE” on page
4-229.
7. If you are using certificates, install the correct certificates on the TMS zl
Module.
Do not complete this step if your IKE policy specifies preshared key
authentication.
See “Install Certificates Manually” on page 4-394 or “Install Certificates
Using SCEP” on page 4-418.
8. Configure global IPsec settings (optional).
IPsec Proposal Proposal Name Same
Encapsulation Mode Same
Security Protocol Same
Encryption Algorithm Same
Authentication Algorithm Same
Policy or Proposal Parameter Module-Specific or Same
for Every Selected Module