Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
521522523524525526527528529530
7-78
Virtual Private Networks
IPsec VPNs
If you will not use IKE mode config, you must match the exact value
that the remote clients send for their local IP address. Some clients
always send their actual IP address. In this case, you must specify this
single address and create a separate IPsec policy for each remote
client. Other clients (such as the Mac IPSecuritas) can send an entire
subnet. Do one of the following to specify addresses:
Manually type an IP address, IP address range, or network
address in CIDR format
Select a single-entry IP, range, or network address object.
Select Any to permit any IP address.
Warning Take great care when specifying Any. You might inadvertently
block necessary traffic. For example, if you select a local subnet
for the local addresses, Any for the protocol, and Any for the
remote addresses, the TMS zl Module will no longer allow end-
points on the local subnet to send any traffic except to remote
VPN clients. You might need to create Bypass policies. See “Con-
figure Bypass and Ignore IPsec Policies” on page 7-84.
e. For Remote Port, type a specific port number or leave the box empty
(which allows traffic to all ports). Typically, you should leave the box
empty.
f. If you selected ICMP for the protocol, for ICMP Type, leave Any.
Selecting a specific ICMP type requires you to use manual keying,
which is not an option for client-to-site VPNs.
9. For Proposal, select a previously-configured IPsec proposal.
The IPsec proposal specifies the IPsec mode, IPsec protocol, and the
authentication and encryption algorithms that secure the VPN connec-
tion. See “Create an IPsec Proposal” on page 7-53.
10. Click Next.