Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
581582583584585586587588589590
7-137
Virtual Private Networks
Verify Routes for the VPN
12. If the IPsec tunnel uses NAT-T (because NAT is performed on traffic
somewhere between the gateways), you must create access policies to
allow the NAT-T traffic between the remote gateway and the module and
vice versa:
a. For Action, accept the default: Permit Traffic.
b. For From, select the remote zone.
c. For To, select Self.
d. For Service, select ipsec-nat-t-udp.
e. For Source, specify the remote gateway’s address.
f. For Destination, leave Any Address or specify the local gateway IP
address.
g. Click Apply.
h. For From, select Self.
i. For To, select the remote zone.
j. For Service, select ipsec-nat-t-udp.
k. For Source, leave Any Address or specify the local gateway IP address.
l. For Destination, specify the remote gateway IP address.
m. Click Apply.
13. In the Add Policy window, click Close.
14. Click Save.
Verify Routes for the VPN
You must check your routes in the Network > Routing > View Routes window.
Verify that the following routes exist for a site-to-site VPN:
A route to the remote gateway
The route’s forwarding interface must be the interface with the IP address
that you specified as the local gateway address in the IKE policy.
This can be a default route.
A route to the remote endpoints for which the next hop is the same as in
the route to the remote gateway
If the route to the remote gateway is the default route, a separate route is
not required.