Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
4-215
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with IKE
Figure 4-144. Manage IPsec Wizard > Add IPsec Proposal Window
4. In the Add IPsec Proposal window, type a descriptive string of 1 to 32
alphanumeric characters for Proposal Name. The string must be unique to
this proposal.
Often, it is a good idea to indicate the algorithms that you will select in
the name—for example, ESP3desMD5.
5. For Encapsulation Mode, select one of the following:
Tunnel Mode—Select this mode for a site-to-site IPsec VPN. Tunnel
mode allows endpoints behind the TMS zl Module and the remote
gateway to forward traffic over the VPN.
Also select Tunnel Mode for a client-to-site IPsec VPN so that the
remote clients can reach services behind the TMS zl Module.
Transport Mode—In transport mode, the tunnel endpoints must origi-
nate all traffic sent on the VPN. In other words, the VPN only supports
traffic originated by the TMS zl Module itself or by the remote end-
point. This mode is typically used when you are creating a proposal
for GRE over IPsec site-to-site VPNs or L2TP over IPsec client-to-site
VPNs.