Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
1-70
Overview
Feature Interaction
session specifies the source and destination addresses and ports both
before and after NAT has been applied. This session fills one of the
maximum number of connections that are allowed on the TMS zl
Module. The module then proceeds to step 12.
If a NAT-capable ALG does not apply to the packet, the module simply
creates the session and proceeds to step 12.
12. The TMS zl Module determines whether the packet is part of a GRE or
L2TP tunnel.
If the packet is part of such a tunnel (its next-hop is the L2TP server
or the GRE tunnel interface), the module establishes the tunnel (if it
has not yet been established).
If the tunnel cannot be established, the module drops the packet.
Otherwise, the module encapsulates the packet with a GRE or L2TP
header. It then determines whether the packet must be sent over an
IPSec tunnel as well. See step 13.
If the packet is not part of such a tunnel, the module proceeds to
step 13.
13. The module determines whether the packet must be sent over an IPsec
tunnel:
If the packet matches the traffic selector in a current SA, the module
uses the SAs parameters to encrypt and encapsulate the packet with
IPsec and delivery IP headers. The packet is ready for forwarding. See
step 14.
If the packet does not belong to a current SA, the module matches the
packet header to the traffic selectors in IPsec policies. It begins with
the policy that has the highest position (lowest numerical value).
If the packet matches the traffic selector for an Allow policy, the
module establishes an SA using either manual keying or the IKE
policy that is specified in the IPsec policy. The module then uses
the new SA to encrypt and encapsulate the packet with IPsec
and delivery IP headers. The packet is ready for forwarding.
See step 14.
If the packet matches the traffic selector for an Ignore policy, the
module drops the packet.
If the packet matches the traffic selector for a Bypass policy, the
packet is ready for forwarding. By default, the TMS zl Module has
a Bypass policy that selects all traffic not selected by other
policies. See step 14.