Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
581582583584585586587588589590
7-138
Virtual Private Networks
Verify Routes for the VPN
Verify that the following routes exist for a client-to-site VPN:
A route to the remote endpoints
The route’s forwarding interface must be the interface with the IP address
that you specified as the local gateway address as the local gateway
address in the IKE policy.
This can be a default route.
For a client-to-site IPsec VPN, a route to irstXXX (automatically configured
when you create the IP address pool in the IPsec policy)
In Figure 7-103, two VPNs are shown: one site-to-site and one client-to-site.
For the site-to-site VPN, the IKE policy specifies 172.17.1.99 as the local
gateway and the remote gateway as 192.168.1.99. Because the default gateway
(0.0.0.0) is the next-hop router on the VPN path, you probably would not need
to add another static route. However, if you have trouble with the VPN, you
might need to add a route to 10.1.55.0/24 through 172.17.1.1.
For the client-to-site VPN, the IKE policy specifies 172.17.1.99 as the local
gateway and the remote clients are on the subnet 172.22.3.0/24. Again, the
default gateway should be sufficient, but if it is not, you might need to add a
static route to 172.22.3.0/24.
See Chapter 9: “Routing” for instructions on setting up routes.