Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
501502503504505506507508509510
7-58
Virtual Private Networks
IPsec VPNs
Note If your traffic selector will include management traffic, you must configure a
Bypass policy with top priority that selects the management traffic, or you will
be locked out of the Web browser interface. If you do lock yourself out, reboot
the module, but DO NOT SAVE the configuration.
See “Configure Bypass and Ignore IPsec Policies” on page 7-84.
If your traffic selector will include traffic that is also selected for NAT, you
must create a NAT exclusion policy. See “Exclusion NAT Policies” in
Chapter 5: “Network Address Translation.”
8. For Traffic Selector, configure these settings:
a. For Protocol, specify the protocol for traffic allowed on the VPN:
Any—Any IP protocol. Select this option when you want to allow
all traffic between local and remote endpoints.
TCP or UDP—Select this option in conjunction with a remote port
to allow local traffic destined for specific services in the remote
network. Select this option in conjunction with a local port to
allow remote traffic destined for specific services in the local
network.
ICMP—Select this option when you want to allow only ICMP
traffic.
IP Protocols—Select one of these Layer 3 protocols, which are
listed by their IANA IP Protocol numbers.
Service objects and service groups will not appear in this list.
b. For Local Address, specify the IP addresses of all local endpoints that
are allowed to send traffic over the VPN.
Do one of the following to specify addresses:
Select Any to permit any IP address. (Any is not valid for a
transport-mode VPN.)
Select a single-entry IP, range, or network address object. (An
address object is not valid for a transport-mode VPN.)
Manually type an IP address, an IP address range, or a network
address in CIDR format.