TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

561

562

563

564

565

566

567

568

569

570

7-120

Virtual Private Networks

Configure Firewall Access Policies for Your VPN

f. For Destination, accept the default, Any Address.

If you know the public addresses of all of your remote endpoints, you

could create a named object with those addresses and specify that

object here. However, allowing any IP address is the easiest way to

set up the VPN.

g. Click Apply.

5. If you do not enforce XAUTH, move directly to step 6 on page 7-120.

However, if the remote users authenticate with XAUTH, you must con-

sider the user group in which you want to configure the remaining access

policies.

The TMS zl Module applies the access policies for the None user group to

all users. Therefore, you can configure access policies to control the

remote users’ traffic from the None user group. However, you might want

to create access policies that apply to specific groups. For example, you

might use XAUTH to divide remote users into groups that require different

levels of access. In that case, follow these steps, to select the correct user

group before configuring the remaining policies:

a. Click Close.

b. For User Group, select the group in which the remote users’ credentials

are configured.

c. Click Add a Policy.

d. Continue configuring the next policy for the remote users’ group.

6. Permit traffic from the remote endpoints to local endpoints:

a. For Action, leave the default, Permit Traffic.

b. For From, select the IKE mode config zone.

c. For To, select the local zone.

d. For Service, leave Any Service.

This is the most basic configuration. You could create access policies

that permit only certain types of traffic.

e. For Source, specify the IKE mode config addresses.

f. For Destination, specify the local addresses that the remote endpoints

are allowed to reach.

g. Click Apply.

7. If XAUTH divides remote users into multiple groups, repeat step 5 and

step 6 for each user group.

8. If necessary for your services, create access policies that permit local

endpoints to send traffic to remote endpoints (at their IKE mode config

addresses and zone).