Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
161162163164165166167168169170
161
Configuring Device B
The configuration steps on Device B are similar to those on Device A. The configuration pages are not
shown.
1. Assign IP addresses to the interfaces, and add them to the target zones. (Details not shown.)
2. Define an ACL to permit traffic from subnet 10.1.2.0/24 to subnet 10.1.1.0/24:
a. From the navigation tree, select Firewall > ACL.
b. Click Add.
c. On the page that appears, enter the ACL number 3101, select the match order Config, and
click Apply.
d. From the ACL list, select ACL 3101 and click the icon.
e. Click Add.
f. On the page that appears, select Permit from the Operation list, select Source IP Address and
enter 10.1.2.0 and 0.0.0.255 respectively in the following fields, select Destination IP Address
and enter 10.1.1.0 and 0.0.0.255 respectively in the following fields, and click Apply.
3. Configure a static route to Host A:
a. From the navigation tree, select Network > Routing Management > Static Routing.
b. Click Add.
c. On the page that appears, enter the destination IP address 10.1.1.0 and mask 255.255.255.0,
select the outbound interface GigabitEthernet0/1, and click Apply.
4. Configure an IPsec proposal named tran1:
a. From the navigation tree, select VPN > IP
Sec > Proposal.
b. Click Add.
c. From the IPSec Propos
al Configuration Wizard page, select Custom mode.
d. On the page that appears, enter the IPsec proposal name tran1, select the packet
encapsulation mode Tunnel, security protocol ESP, authentication algorithm SHA1, and
encryption algorithm DES, and click Apply.
5. Configure IKE peer peer:
a. From the navigation tree, select VPN > IKE > Peer.
b. Click Add.
c. Enter the peer name peer.
d. Select the negotiation mode Main.
e. Enter the remote gateway IP address 2.2.2.1.
f. Select the Pre-Shared Key box and then enter abcde for both the Key and Confirm Key fields.
g. Click Apply.
6. Configure IPsec policy map1:
a. From the navigation tree, select VPN > IPSec > Policy.
b. Click Add.
c. Enter the policy name map1.
d. Enter the seq
uence number 10.
e. Select the IKE peer peer.
f. Sele
ct the IPsec proposal tran1 and click <<.