Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
1-59
Overview
Virtual Private Network (VPN)
Client-to-Site VPNs
A client-to-site VPN is a set of tunnels between individual endpoints and the
TMS zl Module, each endpoint having its own tunnel to the module. The TMS zl
module can support a VPN tunnel to any IPsec with IKE v1-compliant end-
point.
A client-to-site VPN can be used to:
Allow users to access the private network through their own Internet
connection
Implement encryption throughout the private network
Client-to-Site VPNs. A client-to-site VPN allows remote users to connect to
the private network through a public network such as the Internet. Each
remote user establishes a VPN connection with the TMS zl Module. On the
module, you create policies that allow the VPN connection and that select the
local addresses that the remote users are allowed to reach.
VPNs for Implementing Encryption Throughout the Network. You
can require endpoints to encrypt inter-VLAN traffic that they send within the
private network.
You would configure the TMS zl Module as endpoints’ default gateway, as
always when the module operates in routing mode. You would then configure
VPN policies that select the traffic that requires extra security. The traffic is
secured between the endpoints that initiate tunnels and the TMS zl Module.
Therefore, you must configure a VPN client on both the source and destination
for high-security traffic. For example, if you want to secure traffic between
the Faculty VLAN and the DataCenter VLAN, install and configure VPN clients
on faculty workstations and on Data Center servers.