HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

4-233

Configuring a VPN on the HP TMS zl Module

Configuring an IPsec Site-to-Site VPN with Manual Keying

Table 4-26. Possible Named Objects for an IPsec Site-to-Site VPN with Manual

Keying

Figure 4-155. Example IPsec Site-to-Site VPN

Create an IPsec Proposal

Each IPsec proposal specifies the following:

■ IPsec mode (tunnel or transport)

■ IPsec security protocol:

• AH and a single authentication algorithm

• ESP, a single authentication algorithm, and a single encryption algo-

rithm

Figure

Reference

Named Object Type Named Object Description Location Where the Named

Object is Specified

2 Single-entry IP, range, or network

address objects

The IP addresses of local

endpoints that are allowed to send

traffic over the VPN

• Local Address in the IPsec

policy traffic selector

• Source or Destination for

firewall access policies that

permit traffic sent across the

VPN

4 Single-entry or multiple-entry IP,

range, or network address objects

The IP addresses of endpoints

behind the remote VPN gateway

• Remote Address in the IPsec

policy traffic selector

• Source or Destination for

firewall access policies that

permit traffic sent across the

VPN