Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
vi
Contents
Configure a GRE Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-326
Create Named Objects (Optional) . . . . . . . . . . . . . . . . . . . . . . . . 4-327
Create a GRE Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-328
Create Access Policies for a GRE Tunnel . . . . . . . . . . . . . . . . . . 4-337
Verify that a Route to the Remote Tunnel Gateway Exists . . . 4-339
Configure a GRE over IPsec VPN with IKE . . . . . . . . . . . . . . . . . . . . 4-340
Create Named Objects (Optional) . . . . . . . . . . . . . . . . . . . . . . . . 4-342
Verify That a Route to the Remote Tunnel Gateway Exists . . . 4-344
Create an IKE Policy for a GRE over IPsec VPN . . . . . . . . . . . . 4-345
Create an IPsec Proposal for a GRE over IPsec VPN . . . . . . . . 4-355
Create an IPsec Policy for a GRE over IPsec VPN
That Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-360
Create Access Policies for a GRE over IPsec VPN
That Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-371
Configure a GRE over IPsec VPN with Manual Keying . . . . . . . . . . 4-373
Create Named Objects (Optional) . . . . . . . . . . . . . . . . . . . . . . . . 4-375
Verify That a Route to the Remote Tunnel Gateway Exists . . . 4-376
Create an IPsec Proposal for a GRE over IPsec VPN
that Uses Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-377
Create an IPsec Policy for a GRE over IPsec VPN
That Uses Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-382
Create Access Policies for a GRE over IPsec VPN
That Uses Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-392
Manage Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-394
Install Certificates Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-394
Generate or Install a Private Key . . . . . . . . . . . . . . . . . . . . . . . . . 4-394
Create a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-403
Install the CA Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-409
Install the IPsec Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-412
Install the CRL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-415
Install Certificates Using SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-418
Configure SCEP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-419
Retrieve the CA Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-422
Retrieve the CRL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-424
Retrieve the IPsec Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-427
Configure Global IPsec Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-429
Bypass and Deny IPsec Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-434
Bypass Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-434
Deny Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-434
Configuring Bypass and Ignore Policies . . . . . . . . . . . . . . . . . . . . . . . 4-434
Managing VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-439