Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
1-74
Overview
Feature Interaction
Figure 1-22. Simplified Packet Flow through the TMS zl Module in Routing Mode
The complete process is as follows:
1. The TMS zl Module receives a packet on a VLAN that is tagged on its
internal port 1.
Remember how the packet is passed to the module:
a. When an endpoint needs to send a packet to another subnet, it
addresses the encapsulating frame to the MAC address of its default
router, the TMS zl Module.
Or a router routes a packet, and the TMS zl Module is the next-hop
router.
b. The TMS zl Modules switch receives the frame and forwards it to the
module on the VLAN on which it received it.
2. If the packet is an IPsec packet, the TMS zl Module looks up the SA by
its SPI:
If the SA exists, the module uses the SAs parameters to decrypt the
packet. It forwards the decrypted and decapsulated packet to the
firewall. See step 3.
If the SA does not exist or if the packet fails VPN checks, the module
drops the packet.
3. The modules firewall checks the packet for attacks. If the packet was
received on a VPN tunnel, the packet is also sent back to the VPN for more
VPN checks.