HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

4-199

Configuring a VPN on the HP TMS zl Module

Configuring an IPsec Site-to-Site VPN with IKE

See “Configure Global IPsec Settings” on page 4-429.

9. Configure the remote VPN gateway with compatible settings.

Refer to the documentation for the remote gateway. (The HP Threat

Management Services zl Module Management and Configuration Guide

also gives some guidelines and example configurations.)

Create Named Objects for the VPN (Optional)

You might want to configure the named objects indicated in Table 4-22. (You

can, of course, configure other objects that are appropriate for your environ-

ment.) For your reference, this table includes the location where you would

specify these named objects. However, the configuration instructions will

indicate when you actually need to specify each object. The table also includes

a reference to numbers in Figure 4-129. The number indicates the IP address

for that named object in an example network. (See Chapter 6: “Configuring

the TMS zl Module Firewall” for step-by-step instructions for configuring

objects.)

If you are configuring multiple TMS zl Modules, configure the appropriate

objects on each module.

Table 4-22. Possible Named Objects for an IPsec Site-to-Site VPN

Example

Figure

Reference

Named Object Type Named Object Description Location Where the Named

Object is Specified

1 Single-entry IP address object The TMS zl Module IP address

that will be the local VPN gateway

Source or Destination for firewall

access policies that permit IKE

traffic

2 Single-entry IP, range, or network

address objects

The IP addresses of local

endpoints that are allowed to send

traffic over the VPN

• Local Address in the IPsec

policy traffic selector

• Source or Destination for

firewall access policies that

permit traffic sent across the

VPN

3 Single-entry IP address object The IP address of the remote VPN

gateway

Source or Destination for firewall

access policies that permit IKE

traffic

4 Single-entry IP, range, or network

address objects

The IP addresses of endpoints

behind the remote VPN gateway

• Remote Address in the IPsec

policy traffic selector

• Source or Destination for

firewall access policies that

permit traffic sent across the

VPN