Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
7-73
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
9. If the IPsec tunnel uses NAT-T (because NAT is performed on traffic
somewhere between the remote endpoints and the module), you must
create two access policies to allow the NAT-T traffic:
a. For Action, accept the default: Permit Traffic.
b. For From, select the remote zone.
c. For To, select Self.
d. For Service, select ipsec-nat-t-udp.
e. For Source, specify Any Address.
If you know the public addresses of all of your remote endpoints and
have created a named object with those addresses, you can specify
that object here.
f. For Destination, specify the module’s local VPN gateway address.
g. Optionally, select the Enable logging on this Policy check box if you
want to view log messages for this policy.
Note It is not recommended that you enable logging permanently, because
policy logging is processor-intensive. Use policy logging for troubleshoot-
ing and testing only.
h. Click Apply.
i. For From, select Self.
j. For To, select the remote zone.
k. For Service, select ipsec-nat-t-udp.
l. For Source, specify the module’s local VP N gateway address.
m. For Destination, specify Any Address.
If you know the public addresses of all of your remote endpoints and
have created a named object with those addresses, you can specify
that object here.
n. Click Apply.
10. In the Add Policy window, click Close.
11. Click Save.