Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
4-251
Configuring a VPN on the HP TMS zl Module
Configuring an IPsec Site-to-Site VPN with Manual Keying
Table 4-27. Checklist for Access Policies for an IPsec Site-to-Site VPN That Uses
Manual Keying
Verify Routes for an IPsec Site-to-Site VPN
Verify that the following routes exist on each TMS zl Module on which you
configure a site-to-site VPN. These routes can be static routes or routes
discovered through a dynamic routing protocol:
A route to the remote VPN gateway
The route’s forwarding interface must be the interface with the IP address
that you specified as the local gateway address in the IKE policy.
This can be a default route.
A route to the remote endpoints for which the next hop is the same as in
the route to the remote gateway
If the route to the remote gateway is the default route, a separate route is
not required.
Figure 4-171. VPN Routes for an IPsec Site-to-Site VPN
When
Required
From Zone To Zone Service Source Destination TCP MSS Number
of
policies
Always Remote Local Any you choose 4 2 1356 As many
as you
choose
Always Local Remote Any you choose 2 4 1356 As many
as you
choose