Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
511512513514515516517518519520
4-342
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
See “Create an IKE Policy for a GRE over IPsec VPN” on page 4-345.
5. Install certificates for IKE (optional).
See “Install Certificates Manually” on page 4-394 or “Install Certificates
Using SCEP” on page 4-418.
6. Create an IPsec proposal.
The mode is typically transport mode because the TMS zl Module gener-
ates the GRE packets, but you can also use tunnel mode. You can configure
other settings as you choose, making sure to match them on the remote
tunnel endpoint.
If you have an appropriate proposal, you can use the existing proposal.
See “Create an IPsec Proposal for a GRE over IPsec VPN” on page 4-355
to learn how to create a new proposal.
7. Create an IPsec policy.
See “Create an IPsec Policy for a GRE over IPsec VPN That Uses IKE” on
page 4-360.
8. Configure firewall access policies to allow the traffic.
See “Create Access Policies for a GRE over IPsec VPN That Uses IKE” on
page 4-371
9. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 4-429.
10. Configure the remote GRE over IPsec gateway with compatible settings.
See your gateway device’s configuration guide for instructions.
Create Named Objects (Optional)
You might want to configure the named objects indicated in Table 4-40.
For your reference, this table includes the location where you would specify
these named objects. However, configuration instructions will indicate when
you actually need to specify each object. The table also includes a reference
to numbers in Figure 4-252, which illustrates an example implementation of
GRE tunneling. The number indicates the IP address for that named object in
the example network.
For step-by-step instructions for configuring objects, see Chapter 6: “Config-
uring the TMS zl Module Firewall.”