Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
451452453454455456457458459460
7-5
Virtual Private Networks
IPsec VPNs
IPsec VPNs
IPsec, which supports a variety of industry-standard authentication and
encryption protocols, is a flexible, highly secure method of establishing a VPN.
The TMS zl Module acts as the gateway device for the IPsec VPN—that is, the
tunnel endpoint. The other end of the tunnel can be another VPN gateway (in
a site-to-site VPN) or a remote endpoint (in a client-to-site VPN).
Overview of IPsec VPNs
An IPsec VPN is created with one or more elements of the IPsec protocol suite:
Authentication Header (AH)
Encapsulation Security Payload (ESP)
IKE
This section describes how these protocols interact to establish the secure
tunnel or security association (SA). A solid understanding of IPsec will help
you to configure your VPN correctly. If you already understand IPsec, move
directly to “Configure an IPsec VPN Connection” on page 7-21.
IPsec Headers
Operating on the Network Level of the Open Systems Interconnection (OSI)
model, IPsec secures IP packets by encapsulating them with an IPsec header,
which is either an AH or ESP header.
As explained in the next section, the placement of the header depends on the
mode.
IPsec Modes
The TMS zl Module supports both tunnel mode and transport mode.
Tunnel Mode. In tunnel mode, the TMS zl Module secures traffic on behalf
of endpoints within the private network.
The module receives a packet already encapsulated with an IP header. If the
packet is selected for the IPsec tunnel, the module encapsulates the IP packet
with an IPsec header, as well as a new delivery IP header that directs the
packet to the remote tunnel endpoint.