TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

501

502

503

504

505

506

507

508

509

510

7-2

Virtual Private Networks

Contents

Configure an IPsec Client-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27

Create an IKE Policy for a Client-to-Site VPN . . . . . . . . . . . . . . . . . . . 7-28

Install Certificates for IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-35

Install Certificates Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-36

Install Certificates Using SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . . 7-51

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-53

Create an IPsec Policy for a Client-to-Site VPN . . . . . . . . . . . . . . . . . 7-55

Create Access Policies for an IPsec Client-to-Site VPN . . . . . . . . . . . 7-67

Verify Routes for the IPsec Client-to-Site VPN . . . . . . . . . . . . . . . . . . 7-74

Configure an IPsec Site-to-Site VPN with IKE . . . . . . . . . . . . . . . . . . . . . . 7-76

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . . 7-77

Create an IKE Policy for a Site-to-Site IPsec VPN . . . . . . . . . . . . . . . 7-78

Install Certificates for IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-87

Install Certificates Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-87

Install Certificates Using SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-97

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-102

Create an IPsec Policy for a Site-to-Site VPN that

Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-105

Create Access Policies for an IPsec Site-to-Site VPN that

Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-115

Verify Routes for an IPsec Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . 7-121

Configure an IPsec Site-to-Site VPN with Manual Keying . . . . . . . . . . . . 7-122

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . 7-122

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-123

Create an IPsec Policy That Uses Manual Keying . . . . . . . . . . . . . . . 7-126

Create Access Policies for an IPsec Site-to-Site VPN with

Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-136

Verify Routes for an IPsec Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . 7-139

Layer 2 Tunneling Protocol (L2TP) over IPsec Concepts . . . . . . . . . . . . 7-141

Configure an L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-142

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . 7-143

Create an IKE Policy for an L2TP over IPsec VPN . . . . . . . . . . . . . . 7-144

Create an IPsec Proposal for an L2TP over IPsec VPN . . . . . . . . . . 7-151

Create an IPsec Policy for an L2TP over IPsec VPN . . . . . . . . . . . . 7-153