Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
511512513514515516517518519520
4-340
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
it is best practice to add a specific static route to the tunnel destination address
through the proper gateway. (Make sure to give this route an administrative
distance lower than the routing protocol.)
Figure 4-251. Example GRE over IPsec VPN (with tunnel interface)
For more information about configuring routing on the TMS zl Module, see
Chapter 7: Routing in the HP Threat Management Services zl Module Man-
agement and Configuration Guide. For guidelines in configuring routing for
VPNs, see Chapter 7: Virtual Private Networks in the same guide.
Configure a GRE over IPsec VPN with IKE
You can secure a GRE tunnel using IPsec with IKE or IPsec with manual
keying. This section outlines the main tasks you must complete to configure
a GRE over IPsec VPN with IKE. (If you want to use IPsec with manual keying,
see “Configuring an IPsec Site-to-Site VPN with Manual Keying” on page 4-
230.)
You will use the Manage IPsec wizard to create IKEv1 policies, IPsec propos-
als, and IPsec policies for this type of VPN. Using NIM and the IPsec Manage
wizard, you can even configure a set of similar GRE over IPsec VPNs between
multiple TMS zl Modules and a remote gateway. When you use the Manage
IPsec wizard to create VPN policies on multiple modules at once, it configures
the same settings for most parameters on each module. However, you can
configure individuals settings for a few. (Note that you must configure IPsec
policies on individual modules.)