Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
4-230
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with Manual Keying
routes. However, to better illustrate the necessary routes, the figure shows
two specific routes. Note that, no matter how you set up the routes, the local
VPN gateway configured in the IKE policy must be 192.168.115.71, which is
the module IP address on the forwarding VLAN for these routes. (For more
information about configuring routing on the TMS zl Module, see the HP
Threat Management Services zl Module Management and Configuration
Guide.)
Figure 4-154. VPN Routes for an IPsec Site-to-Site VPN
If you selected RSA or DSA signatures for the authentication method when
you created the IKE policy, you must install certificates on the TMS zl Module.
See “Manage Certificates” on page 4-394.
Otherwise, you are finished configuring the VPN (on the module side). How-
ever, you can configure global settings if you want. See “Configure Global
IPsec Settings” on page 4-429.
Configuring an IPsec Site-to-Site VPN
with Manual Keying
You can configure a site-to-site VPN that uses manually specified keys for
encryption and authentication (instead of using IKE to generate the keys
dynamically, which as the more secure option, is typical).
The advantages and disadvantages of using manual keying are listed below: