TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

451

452

453

454

455

456

457

458

459

460

7-3

Virtual Private Networks

Overview

The Threat Management Services (TMS) zl Module supports virtual private

networks (VPNs), which are tunnels that connect two trusted endpoints

through an untrusted network. The tunnel typically provides data integrity and

data privacy for traffic transmitted over the tunnel.

The TMS zl Module supports these options for VPNs:

■ IP security (IPsec):

• Site-to-site VPNs:

– With Internet Key Exchange (IKE) version 1

– With manual keying

• Client-to-site VPNs with IKE v1

■ L2TP and L2TP over IPsec—client-to-site VPNs

■ Generic Routing Encapsulation (GRE) tunneling—site-to-site VPNs

■ GRE over IPsec—GRE does not offer robust security on its own. GRE

over IPsec is a secure tunnel.

Table 7-1 displays the type of VPN that you should configure based on your

remote VPN gateway or your VPN clients. The table includes all gateways and

clients supported by the TMS zl Module.

Table 7-1. Selecting a VPN Type

Remote VPN Gateway or

Clients

VPN Type Configuration Guidelines

HP ProCurve VPN Client

v10.7.7 (for Windows XP or

2000)

IPsec with IKE v1 client-to-site VPN • See “Configure an IPsec VPN Connection” on

page 7-21 for a list of steps.

• When configuring the IKE policy, IPsec policy,

and firewall access policies, follow the

instructions in the client-to-site sections.

• Windows XP SP2 clients

• Windows Vista SP1

clients

L2TP over IPsec client-to-site VPN • See “Configuring L2TP over IPsec” on page 7-96

for a list of steps.

• When configuring the IKE policy, IPsec proposal,

and IPsec policy, use the settings indicated in

“Configuring L2TP over IPsec” on page 7-96.

• When configuring the IKE policy and IPsec

policy, follow the instructions in the client-to-site

sections.