Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
551552553554555556557558559560
4-377
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
add it to its routing table. This causes causing recursive routing, which shuts
the tunnel down. Therefore, if you plan to use dynamic routing on the tunnel,
it is best practice to add a specific static route to the tunnel destination address
through the proper gateway. (Make sure to give this route an administrative
distance lower than the routing protocol.)
Figure 4-278. Example GRE VPN
For step-by-step instructions on configuring static routes or dynamic routing
protocols on the TMS zl Module, see Chapter 9: Routing in the HP Threat
Management Services zl Module Management and Configuration Guide.)
Create an IPsec Proposal for a GRE over IPsec VPN
that Uses Manual Keying
Each IPsec proposal specifies the following:
IPsec mode (tunnel or transport)
IPsec security protocol:
AH and a single authentication algorithm
ESP, a single authentication algorithm, and a single encryption algo-
rithm
You can configure multiple IPsec proposals. In a later task, you will specify a
proposal in an IPsec policy. The algorithm or algorithms in that proposal will
secure traffic that is part of IPsec tunnels (VPN connections) that are estab-
lished with that policy.