Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
471472473474475476477478479480
7-22
Virtual Private Networks
IPsec VPNs
6. Create necessary firewall access policies.
See “Configure Firewall Access Policies for Your VPN” on page 7-112.
7. Create a static route, if necessary.
See “Verify Routes for the VPN” on page 7-137.
Create Named Objects for the VPN (Optional)
You might want to configure named objects that you can use for the VPN. See
“Named Objects” in Chapter 4: “Firewall” for instructions about configuring
the objects.
IPsec Policy Traffic Selector. For the IPsec policy traffic selector, you can
configure named objects for the following:
Local Address—Single-entry IP, range, or network address object (You
cannot select an address object for this field if you will be configuring IKE
mode config.)
Remote Address—Single-entry IP, range, or network address object
Firewall Access Policies. For the VPN firewall access policies, you can
configure the following:
Service—Service object or service group
Source—Any kind of address object or address group
Destination—Any kind of address object or address group
Create an IKE Policy
You can create two types of IKE policies: one type for site-to-site VPNs and
one type for client-to-site VPNs (remote access for individual endpoints). Read
the appropriate section:
“Create an IKE Policy for a Site-to-Site IPsec VPN” on page 7-22
“Create an IKE Policy for a Client-to-Site IPsec VPN” on page 7-31
Create an IKE Policy for a Site-to-Site IPsec VPN. Follow these steps
to create an IKE policy that the TMS zl Module can use to negotiate a site-to-
site VPN:
1. In the left navigation bar of the Web browser interface, select VPN > IPsec.
2. Click the IKEv1 Policies tab.