Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
161162163164165166167168169170
157
Network requirements
As shown in Figure 119, an enterprise branch accesses the headquarters through IPsec VPN. Configure
the IPsec VPN as follows:
Configure an IPsec tunnel between Device A and Device B to protect traffic between the
headquarters subnet 10.1.1.0/24 and the branch subnet 10.1.2.0/24.
Configure the tunnel to use the security protocol ESP, encryption algorithm DES, and authentication
algorithm SHA-1.
Enable IPsec RRI on Device A, so Device A can automatically create a static route from the
headquarters to the branch when the IPsec SA is established. Specify the next hop as 2.2.3.1.
Figure 119 Network diagram
Configuring Device A
1. Assign IP addresses to the interfaces, and add them to target zones. (Details not shown.)
2. Define ACL 3101 to permit packets from subnet 10.1.1.0/24 to subnet 10.1.2.0/24:
a. From the navigation tree, select Firewall > ACL.
b. Click Add.
c. On the page that appears, enter the ACL number 3101, select the match order Config, and
click Apply.
Figure 120 Creating ACL 3101
d. From the ACL list, select ACL 3101 and click the icon.
e. Click Add.
Headquarter
Branch
Internet
Device A Device B
GE0/1
2.2.2.1/24
GE0/1
2.2.3.1/24
GEth0/0
10.1.1.1/24
GE0/0
10.1.2.1/24
Host A
10.1.1.2/24
Host B
10.1.2.2/24