HP TMS zl Module Security Administrator's Guide
4-343
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
After you create the named objects you want to use, configure the GRE tunnel,
as outlined in “Configure a GRE Tunnel” on page 4-326.
Table 4-40. Possible Named Objects for a GRE over IPsec VPN
Figure 4-252. Example GRE over IPsec VPN
Example
Figure
Reference
Named Object Description Named Object Type Location Where the Named
Object is Specified
1 The TMS zl Module IP address
that acts as the local gateway for
the tunnel
Single-entry IP address object • Local Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit GRE and IKE traffic
2 The IP addresses of local
endpoints that use the tunnel
Single-entry or multiple-entry IP,
range, or network address
objects
Source or Destination for firewall
access policies that permit traffic
sent across the VPN
3 The remote tunnel gateway’s
actual IP address
Single-entry IP, range, or network
address object
• Remote Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit GRE and IKE traffic
4 The IP addresses of endpoints
behind the remote tunnel
gateway
Single-entry or multiple-entry IP,
range, or network address
objects
Source or Destination for firewall
access policies that permit traffic
sent across the VPN