HP TMS zl Module Security Administrator's Guide
4-375
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
7. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 4-429.
8. Configure the remote GRE over IPsec gateway with compatible settings.
See you gateway device’s configuration guide for instructions.
Create Named Objects (Optional)
You might want to configure the named objects listed in Table 4-43.
For your reference, this table includes the location where you would specify
these named objects. However, configuration instructions will indicate when
you actually need to specify each object. The table also includes a reference
to numbers in Figure 4-277, which illustrates an example implementation of
GRE tunneling. The number indicates the IP address for that named object in
the example network.
If you are configuring multiple modules, remember to create the appropriate
objects on each.
For step-by-step instructions on configuring objects, see Chapter 6: “Config-
uring the TMS zl Module Firewall.”
After configuring the named objects you want to use, move to the next task:
“Configure a GRE Tunnel” on page 4-326.
Table 4-43. Possible Named Objects for a GRE over IPsec VPN
Example
Figure
Reference
Named Object Description Named Object Type Location Where the Named
Object is Specified
1 The TMS zl Module IP address
that acts as the local gateway for
the tunnel
Single-entry IP address object • Local Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit GRE and IKE traffic
2 The IP addresses of local
endpoints that use the tunnel
Single-entry or multiple-entry IP,
range, or network address
objects
Source or Destination for firewall
access policies that permit traffic
sent across the VPN
3 The remote tunnel gateway’s
external IP address
Single-entry IP, range, or network
address object
• Remote Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit GRE and IKE traffic