Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
481482483484485486487488489490
7-37
Virtual Private Networks
IPsec VPNs
To complete the configuration, you must follow these steps as well:
i. Configure a user group or groups for the remote users. (Or you
can use groups that are already configured on the TMS zl Mod-
ule.) See “User Authentication” in Chapter 4: “Firewall.”
ii. Configure usernames and passwords for the remote users on
either an external RADIUS server or on the module itself. See
“User Authentication” in Chapter 4: “Firewall.”
iii. Remember when you are configuring firewall access policies to
configure policies in the remote user’s group or groups that allow
IKE messages and other traffic. See “Access Policies for an IPsec
Client-to-Site VPN with IKE” on page 7-118.
14. Click Finish.
The IKE policy is displayed in the VPN > IPsec > IKEv1 Policies window.
Figure 7-20. VPN > IPsec > IKEv1 Policies (Client-to-Site Policy Added)
Go to the next task:
If you selected DSA or RSA signatures for the authentication method, see
“Install Certificates for IKE” on page 7-37.
If you selected pre-shared key for the authentication method, see “Create
an IPsec Proposal” on page 7-53.
Install Certificates for IKE
If you selected DSA or RSA signatures for the authentication method in the
IKEv1 policy, you must install certificates on the TMS zl Module. The module
requires:
A CA root certificate for the CA that will sign the module’s IPsec certificate
A CA root certificate for the CA that will sign the remote endpoints’ IPsec
certificates (often the same CA as the previous certificate)
An IPsec certificate for the TMS zl Module