Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
561562563564565566567568569570
7-111
Virtual Private Networks
Generic Routing Encapsulation (GRE)
3. Create an IPsec proposal.
The mode is typically transport mode because the TMS zl Module gener-
ates the GRE packets, but you can also use tunnel mode. You can configure
other settings as you choose, making sure to match them on the remote
tunnel endpoint.
See “Create an IPsec Proposal” on page 7-53.
If you have an appropriate proposal, you can use the existing proposal.
4. Create an IPsec policy. Use these settings:
For the traffic selector:
Protocol = (47) GRE under IP Protocols
Local Address = IP address that you configured as the local IP
address for the tunnel (not the tunnel interface IP address)
Remote Address = accessible IP address on the remote tunnel
endpoint (not the remote device’s tunnel interface address)
Proposal = the IPsec proposal that you created in step 2.
If you are using manual keying, also configure these settings:
Local Gateway Address = same IP address as the traffic selector’s local
address
Remote Gateway Address = same IP address as the traffic selector’s
remote address
Configure other settings as you choose. See “Create an IPsec Policy for a
Site-to-Site VPN That Uses IKE” on page 7-55 or “Create an IPsec Policy
That Uses Manual Keying” on page 7-64.
5. Configure firewall access policies to allow the traffic.
See “Access Policies for a GRE Tunnel over IPsec” on page 7-131.