Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
4-244
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with Manual Keying
hostswitch(config)# services <slot ID> name tms-module
hostswitch(tms-module-<slot ID>)# config
hostswitch(tms-module-<slot ID>:config) no ipsec policy
<policy name>
Replace <slot ID> with the ID of the slot in which the TMS zl
Module is installed. Replace <policy name> with the name that you
specified in the wizard. (You can also use the show ipsec policy
command to view the name.)
2. NIM should now be able to contact the TMS zl Module. It is best practice
to synchronize the TMS properties before you continue configuring.
Caution Also take great care when specifying Any. You might inadvertently block
necessary traffic. For example, if you select a subnet for the local addresses,
Any for the protocol, and Any for the remote addresses, the TMS zl Module will
no longer allow those local endpoints to send any traffic except over the VPN.
You might need to create Bypass policies.
Note Finally, if the local traffic that will be sent over the VPN is also selected for
NAT, you must create a NAT exclusion policy.
3. For Proposal, select a previously configured IPsec proposal.
The IPsec proposal specifies the IPsec mode, IPsec protocol, and the
authentication and encryption algorithms that secure the VPN connec-
tion.
4. Click Next.
5. For Key Exchange Method, select Manual.