Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
1-66
Overview
Virtual Private Network (VPN)
The two gateways secure traffic and forward it over the tunnel on behalf of
the endpoints that are behind each gateway. The traffic is only protected
between the two gateways, not between an endpoint and its own gateway.
Most commonly, a site-to-site VPN connects two sites (such as a main office
and a branch office) through a public, untrusted network such as the Internet.
The Internal zone traffic at each site is assumed not to require encryption.
The TMS zl Module supports a hub-and-spoke topology, in which VPN gate-
ways at multiple sites connect to a hub gateway at a central site.
Client-to-Site VPNs
A client-to-site VPN is a set of tunnels between individual endpoints and the
TMS zl Module, each endpoint having its own tunnel to the module. The TMS zl
module can support a VPN tunnel to any IPsec and IKE v1-compliant endpoint.
A client-to-site VPN can be used to:
Allow users to access the private network through their own Internet
connection
Implement encryption throughout the private network
Remote Access. A client-to-site VPN allows remote users to connect to the
private network through a public network such as the Internet. Each remote
user establishes a VPN connection with the TMS zl Module. On the module,
you create policies that allow the VPN connection and that select the local
addresses that the remote users are allowed to reach.
VPNs for Implementing Encryption Throughout the Network. You
can require endpoints to encrypt inter-VLAN traffic that they send within the
private network.
You would configure the TMS zl Module as endpoints’ default gateway, as
always when the module operates in routing mode. You would then configure
VPN policies that select the traffic that requires extra security. The traffic is
secured between the endpoints that initiate tunnels and the TMS zl Module.
Therefore, you must configure a VPN client on both the source and destination
for high-security traffic. For example, if you want to secure traffic between
the Faculty VLAN and the DataCenter VLAN, install and configure VPN clients
on faculty workstations and on Data Center servers.