Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
551552553554555556557558559560
4-376
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
Figure 4-277. Example GRE over IPsec VPN
Verify That a Route to the Remote Tunnel Gateway Exists
After configuring the GRE tunnel (as outlined in “Configure a GRE Tunnel” on
page 4-326), you must ensure that each TMS zl Module has a route to the
remote tunnel’s destination address (indicated by 3 in the example figure).
Without this route, the TMS zl Module cannot establish the GRE tunnel.
The route can be to the specific address or any network that includes that
address. The route can be a static route or a route discovered with a routing
protocol. It can even be a default route, if the default gateway knows how to
reach the remote tunnel gateway. The forwarding interface for the route to
the tunnel destination must never be the tunnel interface (if it is, recursive
routing will shut the tunnel down).
In theFigure 4-278, the forwarding interface would be the gateway VLAN, and
the gateway for the route would be a router in this VLAN.
Caution Dynamic routing can introduce an issue. The remote tunnel gateway might
advertise a route to the tunnel destination address through the tunnel itself.
If this is the best, most specific route to the destination, then the module will
4 The IP addresses of endpoints
behind the remote tunnel
gateway
Single-entry or multiple-entry IP,
range, or network address
objects
Source or Destination for firewall
access policies that permit traffic
sent across the VPN
Example
Figure
Reference
Named Object Description Named Object Type Location Where the Named
Object is Specified