Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-35
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Select TMS acts as XAUTH Client:
i. For Authentication Type, select Generic or CHAP.
ii. For Username, type a username accepted by the remote gateways
authentication server.
iii. For Password, type the password associated with that username.
14. Click Finish.
The IKE policy is displayed in the VPN > IPsec > IKEv1 Policies window.
Figure 7-14. VPN > IPsec > IKEv1 Policies (Client-to-Site Policy Added)
Go to the next task:
If you selected DSA or RSA signatures for the authentication method, see
“Install Certificates for IKE” on page 7-35.
If you selected pre-shared key for the authentication method, see “Create
an IPsec Proposal” on page 7-53.
Install Certificates for IKE
If you selected DSA or RSA signatures for the authentication method in the
IKEv1 policy, you must install certificates on the TMS zl Module. The module
requires:
A CA root certificate for the CA that will sign the modules IPsec certificate
A CA root certificate for the CA that will sign the remote endpoints’ IPsec
certificates (often the same CA as the previous certificate)
An IPsec certificate for the TMS zl Module
You can install certificates manually or using SCEP (for the latter, the CA must
support SCEP as well). Read the appropriate section:
“Install Certificates Manually” on page 7-36
“Install Certificates Using SCEP” on page 7-46