HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

641

642

643

644

645

646

647

648

649

650

4-467

Configuring a VPN on the HP TMS zl Module

Managing VPNs

Traffic that is received on the tunnel has this zone as its source zone.

Traffic that is routed across the tunnel has this zone as its destination

zone.

• Source IP Address—the TMS zl Module IP address that acts as the local

gateway for the tunnel; the remote tunnel gateway sends GRE traffic

to this address.

• Destination IP Address—a reachable IP address on the remote tunnel

gateway; the TMS zl Module sends GRE traffic to this address.

• Status

Tunnels that do not use keepalives can have one of two statuses:

– Enabled—The tunnel is enabled, and the TMS zl Module will send

traffic across the tunnel (as specified by routes in the routing

table). However, the remote tunnel gateway may or may not be

able to actually receive this traffic.

– Disabled—The tunnel is disabled. The TMS zl Module does not

send traffic across it, and routes that use this tunnel as the

forwarding interface are removed from the routing table.

Tunnels that use keepalives can have one of three statuses:

– Enabled/Up—The tunnel is enabled, and the remote tunnel gate-

way is responding to keepalives. The TMS zl Module will send

traffic across the tunnel (as specified by routes in the routing

table).

Note When you first configure a tunnel that uses keepalives, the tunnel is

considered up even though it has not yet received any responses to

keepalives.

–Enabled/Down—The tunnel is enabled; however, the TMS zl Mod-

ule has failed to receive a response to its keepalives. (The number

of keepalives that must fail in a row is specified by the Retries

setting in the tunnel configuration.) The module does not send

traffic across this tunnel, and routes that use this tunnel as the

forwarding interface are removed from the routing table. How-

ever, the module does continue to send keepalives on the tunnel;

if it later receives a response to a keepalive, the tunnel comes

back up, and any routes removed from the routing table when the

tunnel went down are added once again.

– Disabled—The tunnel is disabled. The TMS zl Module does not

send any traffic (including keepalives) across it, and routes that

use this tunnel as the forwarding interface are removed from the

routing table.