Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
541542543544545546547548549550
4-371
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
Create Access Policies for a GRE over IPsec VPN
That Uses IKE
To permit the VPN traffic, you must create firewall access policies on each
TMS zl Module that supports a GRE over IPsec tunnel.
Before you begin configuring firewall access policies on a module, determine
the zone on which traffic from the remote tunnel gateway arrives. This is the
zone associated with the TMS VLAN on which the tunnel’s source IP address
is configured. The instructions below will refer to this zone as the “remote
zone.”
Also, determine the zone that you configured for the tunnel’s Firewall Zone
Association setting. The instructions below will refer to this zone as the “tunnel
zone.”
Determine the zone for local endpoints that are allowed to send traffic over
the tunnel. The instructions below will refer to this zone as the “local zone.”
Figure 4-276 shows these zones in the example figure for a GRE over
IPsec VPN.
Figure 4-276. Example GRE over IPsec VPN (with Zones)
Table 4-42 lists the necessary access policies; the numbers in the Source and
Destination columns refer to the example figure above. (Note that all of these
policies are typically configured for the None User group. However, if local
users log in through the module, then the access policies with the local zone
as the source zone would use that user group.)