HP TMS zl Module Security Administrator's Guide
4-341
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
Table 4-39. IKE and IPsec Parameters in the Manage IPsec Wizard
Whether you are configuring one TMS zl Module or more, you must complete
these steps to establish the GRE over IPsec VPN:
1. Optionally, create named objects, which you can use in VPN and firewall
access policies related to the GRE tunnel.
Using named objects is best practice; however, you can specify IP
addresses manually. See “Create Named Objects (Optional)” on page
4-342.
2. On each TMS zl Module on which you want to configure a site-to-site VPN,
create a GRE tunnel for the traffic that you want to secure with GRE over
IPsec.
See “Configure a GRE Tunnel” on page 4-326.
3. Verify that there is a route to the remote tunnel gateway.
See “Verify That a Route to the Remote Tunnel Gateway Exists” on page
4-344.
4. Create an IKEv1 policy.
Policy or Proposal Parameter Module-Specific or Same
for Every Selected Module
IKEv1 policy IKEv1 Policy Name Same
Policy Type Same
Local Gateway Module specific
Local ID Type and Value Module specific
Remote ID Type and Value Module specific
Key Exchange Mode Same
Authentication Method Same
Diffie-Hellman (DH) Group Same
Encryption Algorithm Same
Authentication Algorithm Same
SA Lifetime in Seconds Same
XAUTH Configuration Same
IPsec Proposal Proposal Name Same
Encapsulation Mode Same
Security Protocol Same
Encryption Algorithm Same
Authentication Algorithm Same