Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
411412413414415416417418419420
4-242
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with Manual Keying
Next, you configure the VPN traffic selector, which determines which
traffic is selected by the policy. For example, the selector might specify
all IP traffic between 192.168.2.0/24 (a local network) and 192.168.3.0/24
(a remote network). For a policy with the Apply action, the selected traffic
is the traffic that is sent and received (and secured) on the IPsec SA.
Refer to Figure 4-165 for help in configuring the traffic selector.
Figure 4-165. Example IPsec Site-to-Site VPN
8. For Traffic Selector, configure these settings:
a. For Protocol, specify the protocol for traffic allowed over the VPN:
Any—Any IP protocol. Select this option when you want to select
all traffic between local and remote endpoints.
TCP or UDP—Select this option in conjunction with a remote port
to allow local traffic destined for specific services in the remote
network. Select this option in conjunction with a local port to
allow remote traffic destined for specific services in the local
network.
ICMP—Select this option when you want to allow only ICMP
traffic or ICMP traffic of a specific type.
IP Protocols—Select one of these Layer 3 protocols, which are
listed by their IANA IP Protocol numbers.
Service objects and service groups will not appear in this list.
b. For Local Address, specify the IP addresses of all local endpoints that
are allowed to send traffic over the VPN (indicated by 2 in the figure).
Do one of the following to specify addresses:
Select Any to permit any IP address.