HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

651

652

653

654

655

656

657

658

659

660

4-475

Configuring a VPN on the HP TMS zl Module

Managing VPNs

1. In the PCM+ navigation tree, locate and select the TMS zl Module that has

the active IPsec VPN tunnels that you want to monitor.

2. In the main configuration window, click the TMS - VPN tab, the Connections

tab, and then the IPsec VPN Tunnels tab.

3. Select the IPsec VPN Tunnel that you want to view.

4. Move the bottom section of the window up or down as needed to view the

IPsec VPN tunnel information.

The IPsec VPN Tunnels window displays information about IPsec SAs.

Each VPN connection between the TMS zl Module and a remote gateway

or endpoint entails two IPsec SAs—one for inbound traffic and one for

outbound traffic.

Note IPsec VPN tunnels may not appear in the window until traffic passes through

the tunnel. Click View status for the tunnel’s IKE SA. If the IKE SA state is

SA_Mature, the tunnel is open and ready for traffic.

The window shows this information for each IPsec VPN tunnel (you can

see more tunnels by clicking the navigation buttons):

• Policy Name—the IPsec policy used to establish the VPN tunnel

• SA Number—a number that the TMS zl Module assigns to the SA

• Local Gateway—the local IP addresses in the traffic selector for this

policy

• Remote Gateway—the remote IP addresses in the traffic selector for

this policy

• Status—click the View status link to see more details. The Status

window for that SA is displayed.

This window displays this information about the IPsec tunnel:

■ Destination IP Address—the remote gateway IP address (for a site-to-site

VPN) or the remote client IP address (for a client-to-site VPN)

■ Encapsulation Mode—the IPsec mode (Transport or Tunnel)

■ Direction—the direction for traffic secured by this SA (Inbound to the

module or Outbound to the remote gateway or remote client)

Inbound SAs decrypt and de-encapsulate traffic that is inbound to the TMS

zl Module. Outbound SAs encrypt and encapsulate traffic that the module

is forwarding.

■ Security Protocol—the IPsec protocol selected for this SA by the IPsec

proposal (ESP or AH)

■ HardLife Time In Seconds—the number of seconds before the SA expires