Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
561562563564565566567568569570
4-392
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
Create Access Policies for a GRE over IPsec VPN
That Uses Manual Keying
To permit the VPN traffic, you must create firewall access policies on each
TMS zl Module on which you configured a GRE over IPsec VPN.
Before you begin configuring firewall access policies on a module, determine
the zone on which traffic from the remote tunnel gateway arrives. This is the
zone associated with the TMS VLAN on which the tunnel’s source IP address
is configured.
Also, determine the zone that you configured for the tunnel’s Firewall Zone
Association setting.
Determine the zone for local endpoints that are allowed to send traffic over
the tunnel. Figure 4-292 shows these zones in an example GRE over
IPsec VPN.
Figure 4-292. Example GRE over IPsec VPN (with Zones)
Table 4-44 lists the necessary access policies; the numbers in the Source and
Destination columns refer to the example figure above. (Note that all of these
policies are typically configured for the None User group. However, if local
users log in through the module, then the access policies with the local zone
as the source zone would use that user group.)